Overview

overview

10

Static

static

6

02a7b6c674...1b.apk

android-9-x86

10

base.apk

android-9-x86

10

Analysis

  • max time kernel
    6s
  • max time network
    42s
  • platform
    android-9_x86
  • resource
    android-x86-arm-20240910-en
  • resource tags

    arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
  • submitted
    16-12-2024 02:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    02a7b6c674daf7257c2ea95e4f5a96f675febb4a53f5e29c7ccbf5fe2dc3f81b.apk

  • Size

    9.7MB

  • MD5

    6c40d0ce4ba4c7b795b7241d07941af9

  • SHA1

    7802246571b7ee84a0b50724f4846e8ef5efdd98

  • SHA256

    02a7b6c674daf7257c2ea95e4f5a96f675febb4a53f5e29c7ccbf5fe2dc3f81b

  • SHA512

    6629d7a851fbb8bca27127223a44ae0e7094260efb527e6affdcc0ba79632491f21e98662491441275e202f3e4701044b5c072cbf6cd8ae164361d4aeebb3c03

  • SSDEEP

    196608:pEz5iAMm3qMslK6Q3fyPx1OjMSbxRa0VHcTc9cqQpMe8BJBojA9:pENS/MsvQ3faxMFbG0GTEconBJB9

Score
10/10
tanglebotevasioninfostealerspywaretrojan

Malware Config

Signatures

  • TangleBot

    TangleBot is an Android SMS malware first seen in September 2021.

    trojaninfostealerspywaretanglebot
  • TangleBot payload 1 IoCs
  • Tanglebot family
    tanglebot
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion

Processes

  • com.child.chest
    1⤵
    • Loads dropped Dex/Jar
    PID:4218
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.child.chest/app_tenant/Gs.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.child.chest/app_tenant/oat/x86/Gs.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4242

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.child.chest/app_tenant/Gs.json
    Filesize

    1.8MB

    MD5

    9c680b795c14555711230c1a16d36bd3

    SHA1

    3e2235051efd35a97c54bc690b9b798f9f143c13

    SHA256

    1c0c9ef5e508ae2ebae38167bb4f063610230914ebf2a0d24d473aff448d8967

    SHA512

    8191c80eb4abab1df7583c9fd03aea60a29a6e39a01a1de2e264a847eb9030143ee83b3d39a68f7144abe43892a4ab9cebbae0060518efc45b50c9d14893bb76

    Download Submit

  • /data/data/com.child.chest/app_tenant/Gs.json
    Filesize

    1.8MB

    MD5

    6781ddc4337c3f3989ee979c5d3b1465

    SHA1

    ffcee22654ac45676781681a840417963434cb15

    SHA256

    e74a36b086f559a10925b70f9a81320491ed60bd334ddcffd483b1fade8f7066

    SHA512

    6837ea85b34ceda5e68f49fe0a8257a8571bbaa13533f437024aac58dd8dc9ece9e75db2b3267d90262d1b35de96d574f26d9926efc1b79d2b10cf1e9ed01125

    Download Submit

  • /data/user/0/com.child.chest/app_tenant/Gs.json
    Filesize

    4.4MB

    MD5

    78194b1fb998e34891d2f36c126d0750

    SHA1

    ff8ae4b31e81fc2b704bb1212b21efc2556a2810

    SHA256

    7b04f5df12f5c48b7dd2ec27681d0917617f12a725facb513cf542c17825e2f6

    SHA512

    d1341bce229caa523a10c0e2bfc26e461e1d0aa87721393ba1dc40bbf81261be1a4863fadf361646b202d6dfbb7eeb947bbadc91397746e2384920dda9e041d7

    Download Submit

  • /data/user/0/com.child.chest/app_tenant/Gs.json
    Filesize

    4.4MB

    MD5

    533f7243f1aba70f8fa0fcdd683ea7f0

    SHA1

    781be274c451bb53889a6c67a0581aa3e6140318

    SHA256

    23c2580e3e722969fce0456aa9ceb79279c90db4572e3e55baa0accf1b0c29a2

    SHA512

    7d72b1ee0b02ddc1c364b5efb9ca71a21236dd9de84061b397929f777b53dec6e04dff002c759654b1e165c466268956dcebae133deee96bca49a3eb15f20dda

    Download Submit