Extracted

• • Target

    cbf2b3250d5228c6006c5edd0d42fff890f24b80d54525b5cba5e5dfc1e4de5b.bin

  • Size

    4.2MB

  • MD5

    f159d49f84925f204549ffd7f742955c

  • SHA1

    e536079d38b426dc9abb34ff2aa7fbfd8297a093

  • SHA256

    cbf2b3250d5228c6006c5edd0d42fff890f24b80d54525b5cba5e5dfc1e4de5b

  • SHA512

    258ef43c7e0ab8482a8f37c79fb59788b57facf4fa4eeb7aadf9d0803bd306c0f773478cf6fd559f04959a4254379465a1b4b1901203a75c434de8c989edad1b

  • SSDEEP

    49152:7Ygrkl7d9SbMbwUzfr2+63lRWY5dO3hrXFTUgoxYkAn9tTQ:9rkl7dJzfr2+eF5cRrVYUnTQ

  Score

  10^/10

  tanglebotbankercollectioncredential_accessdiscoveryevasioninfostealerpersistencespywaretrojanimpact

  • TangleBot

    TangleBot is an Android SMS malware first seen in September 2021.

    trojaninfostealerspywaretanglebot

  • TangleBot payload

  • Tanglebot family

    tanglebot

  • Loads dropped Dex/Jar

    Runs executable file dropped to the device during analysis.

    evasion

  • Makes use of the framework's Accessibility service

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access

  • Obtains sensitive information copied to the device clipboard

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    collectioncredential_accessimpact

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    bankerdiscovery

  • Performs UI accessibility actions on behalf of the user

    Application may abuse the accessibility service to prevent their removal.

    evasion

  • Queries the mobile country code (MCC)

    discovery

  • Reads information about phone network operator.

    discovery

  • Requests disabling of battery optimizations (often used to enable hiding in the background).

    evasion
  behavioral1behavioral2behavioral3