Analysis

  • max time kernel
    9s
  • max time network
    133s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    01-12-2024 22:25

General

  • Target

    eccd4ba9bdfb75b251a1aa4806cdbf8fe0b7cdc5484fb947cef9a27babcd394e.apk

  • Size

    8.8MB

  • MD5

    5f6bd5fbcd6bf1e40d7df98bfd428e7e

  • SHA1

    fe12a4a9945e869388750467d21c66047f21741d

  • SHA256

    eccd4ba9bdfb75b251a1aa4806cdbf8fe0b7cdc5484fb947cef9a27babcd394e

  • SHA512

    47b0f6d38ca15a175fc9a028d9acdab6a9e9585e74ace39774482bcb93cc5ea6f6ba8ea2003827daa0260f35b4d38020afc409da7edff021e465b7e34bfadb86

  • SSDEEP

    196608:0zXjz/jP+0Z38dVT2GbTuX6prCDPZcMqovic58Vjmdqie3K5X:aXrPLBGbqSuDBv/vj1dbec

Malware Config

Signatures

  • TangleBot

    TangleBot is an Android SMS malware first seen in September 2021.

  • TangleBot payload 1 IoCs
  • Tanglebot family
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

Processes

  • com.garbage.inherit
    1⤵
    • Loads dropped Dex/Jar
    PID:4243
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.garbage.inherit/app_tornado/qZcLxZD.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.garbage.inherit/app_tornado/oat/x86/qZcLxZD.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4269

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.garbage.inherit/app_tornado/qZcLxZD.json

    Filesize

    1.8MB

    MD5

    4d70feb32b5bbf143ddd39c7c8a0efdb

    SHA1

    c20702a647334aef05cad75abcdef5846b9292aa

    SHA256

    058ff9770a529bf7bd560bc4c217d4c08dea6b9ac37ee499a655fdf427306672

    SHA512

    eaab1b973dcbb1c60dab586693ad4805117245f95bf0a91513b3011bbb2afe90fb9f51cc767e8b7bc242173df70dd64ad8da7ee4f3c021f153cc781180091045

  • /data/data/com.garbage.inherit/app_tornado/qZcLxZD.json

    Filesize

    1.8MB

    MD5

    99e1109681dc4321fa9eb13576bd6bc0

    SHA1

    04d25ddf66b00f8d45149c3865c00fb02ac205a7

    SHA256

    7b47bd9137f4bf20e77d5ac099ea2efae5e0894e399905f6d20992a2dd56fe6d

    SHA512

    5fd282cedb6f22eb5dd21fc7307710fb5e9398a7ee5c166dd4346f7f6f5bdf7bef3578c2c7986b20a3d9c638531353bd3d0013b6d8d8b13388750cc1bc4509d4

  • /data/user/0/com.garbage.inherit/app_tornado/qZcLxZD.json

    Filesize

    4.4MB

    MD5

    fdf92db1dd23cb6f8894f6354456f0f8

    SHA1

    c78d1505bf6218a4899390e81853e12f7a6f9fba

    SHA256

    4ca8ec22ea81be30d0ee1b1be939d380e630487dbe5c6e054060d8bda4f8199e

    SHA512

    98389fe86999a0d7bf333ba7529edf9de9f93786cee6e381f50d00fa881b42a85e3244744e476a927a5a6471c752cea9c74736c51c03779cf29a9794c6a072dd

  • /data/user/0/com.garbage.inherit/app_tornado/qZcLxZD.json

    Filesize

    4.4MB

    MD5

    0610b84a58fc2d5eb4c541be2923ede7

    SHA1

    18249092023b856856dd49bf8ca98fb654494781

    SHA256

    bc0093b9f95aa2d0bad8721c66b1d458d99a9971b70cfdd64a3ff4693b16a9b7

    SHA512

    1ada5721b886e027fb290980bb4371da49c6cbf46cf5c255a6d08c37db1bb472bd100416b6349650261ab7b218d6d9d67fcf96f0a18bcb624c9cbd2c8759a8e8