Analysis

  • max time kernel
    123s
  • max time network
    151s
  • platform
    android-10_x64
  • resource
    android-x64-20240910-en
  • resource tags

    arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system
  • submitted
    12-12-2024 22:06

General

  • Target

    674cc3ce29a739e42e84453cfc5a56131af7729999f89bd695cf144a649caa48.apk

  • Size

    2.7MB

  • MD5

    1f959e7e73080b227b4c372b64c94909

  • SHA1

    818c17459f847245b7fec9ffba8cb6cd484fd350

  • SHA256

    674cc3ce29a739e42e84453cfc5a56131af7729999f89bd695cf144a649caa48

  • SHA512

    ef364dc04a8f7b831153f5fe971aa929e5fde889d7639d63d499ff15c81b6cf7b242ee1065a5f1017a50077a3d9e17dc82388bfc96058fa5915926d59d122b82

  • SSDEEP

    49152:kTSkq2uw1WTAZoaN7lJ3GpBmEAU7CsTMY9Jl7kx84mZ9aNq1vT1c3kpob4:kgwWT6v2poTEFMIlguRbm8vT63bc

Malware Config

Extracted

Family

tanglebot

C2

https://icq.im/AoLH58pXY8ejJTQiWg8

https://t.me/pempeppepepep

https://t.me/xpembeppep2p2

Signatures

Processes

  • hiddentest.roott.apptst
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Performs UI accessibility actions on behalf of the user
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks CPU information
    • Checks memory information
    PID:5106

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/hiddentest.roott.apptst/code_cache/secondary-dexes/tmp-base.apk.classes9191101690849792191.zip

    Filesize

    455KB

    MD5

    4a93f71cdd3a5c29874fd7923e2ffd5e

    SHA1

    26a59d0ce3b4d4709ec28f9163acc0321c825a36

    SHA256

    516c22c6d5412cfa5e4fdbd9b5330316dcf4850facb173457b36d25e0dc5fe7a

    SHA512

    08143e63fe57255c2dff703841753b0cc564bd99bc6d1e498ee17936094d6071875cce1622d7b9ad7bf35c7fd061352eb9fc86c84ed992aec620ef3d457eada0

  • /data/user/0/hiddentest.roott.apptst/code_cache/secondary-dexes/base.apk.classes1.zip

    Filesize

    949KB

    MD5

    a2e605d08c47f2381d933eeaa84ee1f9

    SHA1

    00cd60f5a352821c5e446bcd2409625a0740700e

    SHA256

    9a61f121838b1a395885f4ea653554c5111f4b656ea8f92048ecc9275dde6342

    SHA512

    51999b86f297b7d5bc8e9bb25ab6421f1a94598b04d27df8fd5337e481206345622579b519a3d77f078d640c0f8e0a92c739939f057ad0066c5830e0aa4d491c