Overview

overview

10

Static

static

6

88f64544e1...a7.apk

android-9-x86

10

base.apk

android-9-x86

10

Analysis

  • max time kernel
    5s
  • max time network
    28s
  • platform
    android-9_x86
  • resource
    android-x86-arm-20240910-en
  • resource tags

    arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
  • submitted
    16-12-2024 03:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    88f64544e19aecb9061fadb810a11581f359a9273e9a4d135f0897fdd8deb3a7.apk

  • Size

    9.5MB

  • MD5

    54f848f11037b685d15dd3bee422ebd4

  • SHA1

    fc46991898f962423c1c75aee5edd8bc85e4620f

  • SHA256

    88f64544e19aecb9061fadb810a11581f359a9273e9a4d135f0897fdd8deb3a7

  • SHA512

    b0395e7569720aa52156eca66f054ebdbfdc845d452d5d300082ea765053ec09ff9d173b9507e4eb0e9f41a5921157df84b5ed22b65c5714cab1793b794743fa

  • SSDEEP

    196608:A9ME3r+G97KD/6gTGEVTQSXP+wWwZNt7t26vzFx3pXeAflf:iTSG97KDyapnRPFRx3n

Score
10/10
tanglebotevasioninfostealerspywaretrojan

Malware Config

Signatures

  • TangleBot

    TangleBot is an Android SMS malware first seen in September 2021.

    trojaninfostealerspywaretanglebot
  • TangleBot payload 1 IoCs
  • Tanglebot family
    tanglebot
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion

Processes

  • com.wealth.put
    1⤵
    • Loads dropped Dex/Jar
    PID:4333
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.wealth.put/app_true/EgAmr.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.wealth.put/app_true/oat/x86/EgAmr.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4359

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.wealth.put/app_true/EgAmr.json
    Filesize

    1.8MB

    MD5

    7bb5eb7866f5de804a9e0a13e366ab2b

    SHA1

    371421613c8e98afcbe0628095e77bd0452230a8

    SHA256

    ee0a4460dcaf5f03f2cfcb7dbbc1b318d551cfdab11144fbe3d1d85b5f1e64bb

    SHA512

    54d88db5d653813884291ed204b38c7ae21502086ddd36a7e20e5d747c3ec38d0be9f2eb8dcfa304ed3a9cdf1dc7dc70f66c4e4a49d9fc897804cfb9ba8a1360

    Download Submit

  • /data/data/com.wealth.put/app_true/EgAmr.json
    Filesize

    1.8MB

    MD5

    87015a7a7d4ae0406ab3b6ee45dd9b50

    SHA1

    37c396622364585da12c345b19cd961e028a5838

    SHA256

    37902ae6e25a9f89563289f89dca991364f5c54b69008e21cc9cefb920eb1772

    SHA512

    70098a690bcde7ef1572034ce7b29cbe68c1b5fdc453698d3a2ce9264d2ac1be4a66b6d2343a0a3dd58243e9433174ca3113ef8c8d771d92d28d3588b0f346bd

    Download Submit

  • /data/user/0/com.wealth.put/app_true/EgAmr.json
    Filesize

    4.4MB

    MD5

    b60238d5cc9aa97b848101511d8ca5fb

    SHA1

    ccf1950a42c9388c00ceaa5438b078e6100cb016

    SHA256

    773742b3792d4b76c20125c978964ac214d08b3735a64032e66261c2d2bf2ef6

    SHA512

    e81d4d156384501c971d905d26ff5d6edad611513c7d12b262bcdff5500d21d116bb949060d6c1633c3b3ecd7a1ba330214507c46811fa1ce2438c63d972221e

    Download Submit

  • /data/user/0/com.wealth.put/app_true/EgAmr.json
    Filesize

    4.4MB

    MD5

    919e1865ed74ada5944e4a1e6bb4aaaa

    SHA1

    0351d8cbe6244fc28e390fb24cd13a1d25cab414

    SHA256

    14140cd2c697dbb662f501269495e705ac05fc66f9f0824eb8013ffaa1cabd46

    SHA512

    9f1af0bba0dc254f1701b5d79ae886301f164f759b66ec0d421fbb499963366fc9f92b4c886d64ab104e63c608bc9e9505310c756481030d0463a4f3b329e978

    Download Submit