Analysis

  • max time kernel
    129s
  • max time network
    152s
  • platform
    android-10_x64
  • resource
    android-x64-20240910-en
  • resource tags

    arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system
  • submitted
    12-12-2024 22:01

General

  • Target

    d94e6221cfb814ec23d677f61df40f8cacd68c246594b0662c8ca6412c604a01.apk

  • Size

    1.7MB

  • MD5

    f6947ec051621da5713a91d922aa226d

  • SHA1

    20420c883e19db131b10dea5b7bfa8cb26b1ea80

  • SHA256

    d94e6221cfb814ec23d677f61df40f8cacd68c246594b0662c8ca6412c604a01

  • SHA512

    3ee576a53ea8c7f5c927f89e864e12ac880998e04ce53a43f1a867f59af65071928922f7b2a1b82f163240f0e1f6ec3e89a4d4bff809d2053d23505f2aca83ee

  • SSDEEP

    49152:IrLTXbMfBZcGSjjx1Il4UwKb8zks5ICsFn:IjbMvcGijDUwhzkMan

Malware Config

Extracted

Family

tanglebot

C2

https://t.me/+ZJAj-vCkxkE4N2E0

https://t.me/+jz7SONzTmCI0YmM0

https://t.me/+saoiPgiTyD1iZDBk

Signatures

Processes

  • cxye.cyport.pgori
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Performs UI accessibility actions on behalf of the user
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks CPU information
    • Checks memory information
    PID:5075

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/cxye.cyport.pgori/code_cache/secondary-dexes/tmp-base.apk.classes6206210091998102615.zip

    Filesize

    455KB

    MD5

    054919c4aa6b93f9e83392366a39a720

    SHA1

    bd07afba70fe22f23ceafd7332351fe62dd8d1f4

    SHA256

    8841a9ec7d24c371bd7b0422bd2bd874395b34d54cbbd9e34cd876d0a9286f8b

    SHA512

    bef45c4c3db3b8b7fa42e8def1ba9bd7907815a47b9c7cefe467cda787f92bd27991a11065ac4c0ada370cf5e9dfd34de194dc519c447ea458cb038143f78d5e

  • /data/user/0/cxye.cyport.pgori/code_cache/secondary-dexes/base.apk.classes1.zip

    Filesize

    949KB

    MD5

    1fe4e294272cdc83ad29f15e7240ac8f

    SHA1

    ac9c7b776fb81fce3d8748a9720ebd2be0f6e50f

    SHA256

    e7593e2c72d53f99acc04980841d63566cb77bed2b25ae6afe4003e70a0e9cc3

    SHA512

    9ed5e653283d4789f418338a1e34f6c0371f416934908c2fb27bca075eb21c62ef9999455cadb6507c4f3543b97cd2a64d03f2e9d31934810b4d42131ed5bef5