Analysis
-
max time kernel
7s -
max time network
134s -
platform
android_x64 -
resource
android-x64-arm64-20240624-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system -
submitted
01-12-2024 22:25
Static task
static1
Behavioral task
behavioral1
Sample
eccd4ba9bdfb75b251a1aa4806cdbf8fe0b7cdc5484fb947cef9a27babcd394e.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
eccd4ba9bdfb75b251a1aa4806cdbf8fe0b7cdc5484fb947cef9a27babcd394e.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
eccd4ba9bdfb75b251a1aa4806cdbf8fe0b7cdc5484fb947cef9a27babcd394e.apk
Resource
android-x64-arm64-20240624-en
Behavioral task
behavioral4
Sample
base.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral5
Sample
base.apk
Resource
android-33-x64-arm64-20240910-en
General
-
Target
eccd4ba9bdfb75b251a1aa4806cdbf8fe0b7cdc5484fb947cef9a27babcd394e.apk
-
Size
8.8MB
-
MD5
5f6bd5fbcd6bf1e40d7df98bfd428e7e
-
SHA1
fe12a4a9945e869388750467d21c66047f21741d
-
SHA256
eccd4ba9bdfb75b251a1aa4806cdbf8fe0b7cdc5484fb947cef9a27babcd394e
-
SHA512
47b0f6d38ca15a175fc9a028d9acdab6a9e9585e74ace39774482bcb93cc5ea6f6ba8ea2003827daa0260f35b4d38020afc409da7edff021e465b7e34bfadb86
-
SSDEEP
196608:0zXjz/jP+0Z38dVT2GbTuX6prCDPZcMqovic58Vjmdqie3K5X:aXrPLBGbqSuDBv/vj1dbec
Malware Config
Signatures
-
TangleBot
TangleBot is an Android SMS malware first seen in September 2021.
-
TangleBot payload 1 IoCs
resource yara_rule behavioral3/memory/4494-0.dex family_tanglebot3 -
Tanglebot family
-
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.garbage.inherit/app_tornado/qZcLxZD.json 4494 com.garbage.inherit
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.8MB
MD54d70feb32b5bbf143ddd39c7c8a0efdb
SHA1c20702a647334aef05cad75abcdef5846b9292aa
SHA256058ff9770a529bf7bd560bc4c217d4c08dea6b9ac37ee499a655fdf427306672
SHA512eaab1b973dcbb1c60dab586693ad4805117245f95bf0a91513b3011bbb2afe90fb9f51cc767e8b7bc242173df70dd64ad8da7ee4f3c021f153cc781180091045
-
Filesize
1.8MB
MD599e1109681dc4321fa9eb13576bd6bc0
SHA104d25ddf66b00f8d45149c3865c00fb02ac205a7
SHA2567b47bd9137f4bf20e77d5ac099ea2efae5e0894e399905f6d20992a2dd56fe6d
SHA5125fd282cedb6f22eb5dd21fc7307710fb5e9398a7ee5c166dd4346f7f6f5bdf7bef3578c2c7986b20a3d9c638531353bd3d0013b6d8d8b13388750cc1bc4509d4
-
Filesize
4.4MB
MD50610b84a58fc2d5eb4c541be2923ede7
SHA118249092023b856856dd49bf8ca98fb654494781
SHA256bc0093b9f95aa2d0bad8721c66b1d458d99a9971b70cfdd64a3ff4693b16a9b7
SHA5121ada5721b886e027fb290980bb4371da49c6cbf46cf5c255a6d08c37db1bb472bd100416b6349650261ab7b218d6d9d67fcf96f0a18bcb624c9cbd2c8759a8e8