Overview

overview

10

Static

static

6

7f420bd86a...c5.apk

android-9-x86

10

base.apk

android-9-x86

10

Analysis

  • max time kernel
    6s
  • max time network
    39s
  • platform
    android-9_x86
  • resource
    android-x86-arm-20240910-en
  • resource tags

    arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
  • submitted
    16-12-2024 03:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7f420bd86a916991cf76f89256da0dec18aadd2586f70fcaea583e0c18337ac5.apk

  • Size

    9.6MB

  • MD5

    e307d91f3e0effe5c2ec8a8d665ec5ad

  • SHA1

    a68513bf36da7cd8681399e09765bee474c51c60

  • SHA256

    7f420bd86a916991cf76f89256da0dec18aadd2586f70fcaea583e0c18337ac5

  • SHA512

    1bd850d0b5ba87ee6f18c5134a590460edf9f3a595a39a13c9f5440c4270349fbbd57a6e55d95d3e98abbe370c6a0605ddaa720171e0e144fce634cc9927b550

  • SSDEEP

    196608:VbHkvEAQ5iAeKQEx+/tCj/xQVTvv95Gq0xRq7tc1lM12:5HkvEhzeKQ/tCFQVTH90q0xRnD

Score
10/10
tanglebotevasioninfostealerspywaretrojan

Malware Config

Signatures

  • TangleBot

    TangleBot is an Android SMS malware first seen in September 2021.

    trojaninfostealerspywaretanglebot
  • TangleBot payload 1 IoCs
  • Tanglebot family
    tanglebot
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion

Processes

  • com.will.music
    1⤵
    • Loads dropped Dex/Jar
    PID:4344
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.will.music/app_zero/DXkuQ.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.will.music/app_zero/oat/x86/DXkuQ.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4371

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.will.music/app_zero/DXkuQ.json
    Filesize

    1.8MB

    MD5

    419c86bcce02e4e7087b2577853cd98a

    SHA1

    cfa2be8484acb9238f23c25d2e319798847c4a33

    SHA256

    d7ee2ef306b1623635cd53c2ebd88637ed9a6469a60bffd4b1df08166ecd787b

    SHA512

    f66423e8085d1d3e85921e9f0196d8fcba06e26edc4a02a888540e8f0d8d2967fcba2d03fe72cd74b1e544cc9a7a769990c8ce8e0880c182854aac31a5bf1bdd

    Download Submit

  • /data/data/com.will.music/app_zero/DXkuQ.json
    Filesize

    1.8MB

    MD5

    5ca119bd57909673a4c77f4763c082e5

    SHA1

    336818d81fc9689c5a49b344f4031dd97b8497bc

    SHA256

    9fa20d094e7b3ae87e0f9600bfd1577ac9f186aa26ad4fe612c21e2b6e5c28fb

    SHA512

    1ced2ef35d27fd2d372c49c639a071ab0e5546ad50d39fc0143be02fb06826036004815eedea3fb49b7ea1075ab7cf7f0b6c0bfbbf2dcd054b978aa504b8d2cf

    Download Submit

  • /data/user/0/com.will.music/app_zero/DXkuQ.json
    Filesize

    4.4MB

    MD5

    5362c130beb83bab73238dfa74c912cc

    SHA1

    88729364b9dffd83b9dfa379245bfb15bc6b6e49

    SHA256

    1d70ca385767cd4df53530041dd2f4b306062435dcfc32a651874acb8a56502f

    SHA512

    94eef5cb8e7d131fa4ebfbcb121a5125bba380e3aab1bc08ed056c9fbedfd3ae8024f94d0712990853c10166348f5962479ee216d2ec60c59322099952858f5d

    Download Submit

  • /data/user/0/com.will.music/app_zero/DXkuQ.json
    Filesize

    4.4MB

    MD5

    25a0d3e9451ca485c9a30192dd73da3f

    SHA1

    f52b4c19523ab0d230ed9a1a6ac98ffbab839084

    SHA256

    c0849d52afdf8b6f2937dda7289b0d11289e54c3aa36fba96e598ef871b483dc

    SHA512

    05955a674e6e4dee9ba753ffa795401f4b2d70d2b06890f76840121f28dc8800c404aed3be7134055a773930effb6fdf091e94a69a1842b09c1552dbb3037bb1

    Download Submit