tanglebot | 7e792ff22711078c41f2623730a69ad6818b87764f712c7841984794604069a7

Analysis

max time kernel
7s
max time network
134s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
01-12-2024 22:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7e792ff22711078c41f2623730a69ad6818b87764f712c7841984794604069a7.apk
Size

9.2MB
MD5

701224ab054633f0d7cc5a177b0ef411
SHA1

a669694c71bae67cd6b4fb9e4c09445b2631176a
SHA256

7e792ff22711078c41f2623730a69ad6818b87764f712c7841984794604069a7
SHA512

d52c95f097e6cdbbe25b3206ebd36edb3cb5c8755c1f5926f601b107ccd6e2832ee1d7b6126f66f9f66b57802119dac2da324f9cfeae92c51148caf966ab4d4e
SSDEEP

196608:UHCbuN232dRfTDWPH52kCgldaURD0JkBlgRLS046Wb3aF7hm8sLr4KHzeuf:YCyNA2kH5MgloURD0GBAe046WTaF7SL1

Score

10^/10

tanglebot evasion infostealer spyware trojan

Malware Config

Signatures

TangleBot
TangleBot is an Android SMS malware first seen in September 2021.
trojan infostealer spyware tanglebot

TangleBot payload 1 IoCs

resource	yara_rule
behavioral3/memory/4484-0.dex	family_tanglebot3

Tanglebot family
tanglebot

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.book.present/app_subject/ey.json	4484	com.book.present

com.book.present
1⤵
- Loads dropped Dex/Jar
PID:4484

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.book.present/app_subject/ey.json

Filesize
1.8MB

MD5
2bb0481569721e1462f93d3b8b24259a

SHA1
5374aa5b409c89dc41f4f1a1e6f17cadafce818a

SHA256
372faccc66c3d64706600f91641f4dd75f49886bb387c2a37399f4d68196d738

SHA512
cd6235164831a433507c64f63c4e536f0892d0d6773a29c8225336cb727a60b97a00734942b1b6b3b44c3c6538066e6175a8853179e34a57d0e3372de3bc53ec

Download Submit
/data/data/com.book.present/app_subject/ey.json

Filesize
1.8MB

MD5
4afc235db7f581f134b778546c579409

SHA1
4d835b73441165bd6ab93b7b846698489457cefc

SHA256
4d19f78042e6642df1915d8197771cb80f8d6e30eb675b65c53af2fa68cf3880

SHA512
f98ac3d79fba1d025c9a622a370540b37fdbd0de35399882a1d4b3212494341189a3c9b900338f66a8b402725c062ffe23bd51b8fb1fa733af4ea160e067b552

Download Submit
/data/user/0/com.book.present/app_subject/ey.json

Filesize
4.4MB

MD5
e74d826e0437470ffa0ba67318ab3aec

SHA1
3b4a101b79279b00427420c0b3c6b744e5320d57

SHA256
df12eaf75223c9830ca572608b91f0f17ad3533fab30ee39125a57406adc6b39

SHA512
9785fe65d9b97f00e8ccf0c671b38bfa3887297f419aa9e28e47f539769a357ff7274e9e855cd4cebbf218f77462b88dd5a891bb7bc3d5ac2933e987a18de04c

Download Submit