Analysis
-
max time kernel
9s -
max time network
133s -
platform
android_x86 -
resource
android-x86-arm-20240624-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system -
submitted
01-12-2024 22:25
Static task
static1
Behavioral task
behavioral1
Sample
eccd4ba9bdfb75b251a1aa4806cdbf8fe0b7cdc5484fb947cef9a27babcd394e.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
eccd4ba9bdfb75b251a1aa4806cdbf8fe0b7cdc5484fb947cef9a27babcd394e.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
eccd4ba9bdfb75b251a1aa4806cdbf8fe0b7cdc5484fb947cef9a27babcd394e.apk
Resource
android-x64-arm64-20240624-en
Behavioral task
behavioral4
Sample
base.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral5
Sample
base.apk
Resource
android-33-x64-arm64-20240910-en
General
-
Target
eccd4ba9bdfb75b251a1aa4806cdbf8fe0b7cdc5484fb947cef9a27babcd394e.apk
-
Size
8.8MB
-
MD5
5f6bd5fbcd6bf1e40d7df98bfd428e7e
-
SHA1
fe12a4a9945e869388750467d21c66047f21741d
-
SHA256
eccd4ba9bdfb75b251a1aa4806cdbf8fe0b7cdc5484fb947cef9a27babcd394e
-
SHA512
47b0f6d38ca15a175fc9a028d9acdab6a9e9585e74ace39774482bcb93cc5ea6f6ba8ea2003827daa0260f35b4d38020afc409da7edff021e465b7e34bfadb86
-
SSDEEP
196608:0zXjz/jP+0Z38dVT2GbTuX6prCDPZcMqovic58Vjmdqie3K5X:aXrPLBGbqSuDBv/vj1dbec
Malware Config
Signatures
-
TangleBot
TangleBot is an Android SMS malware first seen in September 2021.
-
TangleBot payload 1 IoCs
resource yara_rule behavioral1/memory/4269-0.dex family_tanglebot3 -
Tanglebot family
-
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.garbage.inherit/app_tornado/qZcLxZD.json 4269 /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.garbage.inherit/app_tornado/qZcLxZD.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.garbage.inherit/app_tornado/oat/x86/qZcLxZD.odex --compiler-filter=quicken --class-loader-context=& /data/user/0/com.garbage.inherit/app_tornado/qZcLxZD.json 4243 com.garbage.inherit
Processes
-
com.garbage.inherit1⤵
- Loads dropped Dex/Jar
PID:4243 -
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.garbage.inherit/app_tornado/qZcLxZD.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.garbage.inherit/app_tornado/oat/x86/qZcLxZD.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
PID:4269
-
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.8MB
MD54d70feb32b5bbf143ddd39c7c8a0efdb
SHA1c20702a647334aef05cad75abcdef5846b9292aa
SHA256058ff9770a529bf7bd560bc4c217d4c08dea6b9ac37ee499a655fdf427306672
SHA512eaab1b973dcbb1c60dab586693ad4805117245f95bf0a91513b3011bbb2afe90fb9f51cc767e8b7bc242173df70dd64ad8da7ee4f3c021f153cc781180091045
-
Filesize
1.8MB
MD599e1109681dc4321fa9eb13576bd6bc0
SHA104d25ddf66b00f8d45149c3865c00fb02ac205a7
SHA2567b47bd9137f4bf20e77d5ac099ea2efae5e0894e399905f6d20992a2dd56fe6d
SHA5125fd282cedb6f22eb5dd21fc7307710fb5e9398a7ee5c166dd4346f7f6f5bdf7bef3578c2c7986b20a3d9c638531353bd3d0013b6d8d8b13388750cc1bc4509d4
-
Filesize
4.4MB
MD5fdf92db1dd23cb6f8894f6354456f0f8
SHA1c78d1505bf6218a4899390e81853e12f7a6f9fba
SHA2564ca8ec22ea81be30d0ee1b1be939d380e630487dbe5c6e054060d8bda4f8199e
SHA51298389fe86999a0d7bf333ba7529edf9de9f93786cee6e381f50d00fa881b42a85e3244744e476a927a5a6471c752cea9c74736c51c03779cf29a9794c6a072dd
-
Filesize
4.4MB
MD50610b84a58fc2d5eb4c541be2923ede7
SHA118249092023b856856dd49bf8ca98fb654494781
SHA256bc0093b9f95aa2d0bad8721c66b1d458d99a9971b70cfdd64a3ff4693b16a9b7
SHA5121ada5721b886e027fb290980bb4371da49c6cbf46cf5c255a6d08c37db1bb472bd100416b6349650261ab7b218d6d9d67fcf96f0a18bcb624c9cbd2c8759a8e8