Overview

overview

10

Static

static

6

0deb21fdba...46.apk

android-9-x86

10

0deb21fdba...46.apk

android-10-x64

10

0deb21fdba...46.apk

android-11-x64

10

base.apk

android-9-x86

10

base.apk

android-11-x64

10

Analysis

  • max time kernel
    8s
  • max time network
    138s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    16-12-2024 03:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0deb21fdba5fc32e6186bc6593f904490fdf65dbacb014077f1286f050a3b946.apk

  • Size

    8.7MB

  • MD5

    34f2f1ca57fec362ec5ecff9632882d9

  • SHA1

    084bc677dde1f2e4ca5b68cfbc3e000573d0a9d2

  • SHA256

    0deb21fdba5fc32e6186bc6593f904490fdf65dbacb014077f1286f050a3b946

  • SHA512

    bcb022f51b152688986a70aee5c56127ff6233d254cb33eb9034226088ea61f2283691b66b1fdec81aaaf0b16c71e9151ffa840983f68bd9459ff2b81e2e927a

  • SSDEEP

    196608:okxcQ/tVmsqcwknnjWuIvPG2frzz/v5mloU0dpe4Ot:jxfjVqYnjuGKr3/sVuat

Score
10/10
tanglebotevasioninfostealerspywaretrojan

Malware Config

Signatures

  • TangleBot

    TangleBot is an Android SMS malware first seen in September 2021.

    trojaninfostealerspywaretanglebot
  • TangleBot payload 1 IoCs
  • Tanglebot family
    tanglebot
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion

Processes

  • com.trip.trick
    1⤵
    • Loads dropped Dex/Jar
    PID:4220
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.trip.trick/app_response/ASyJY.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.trip.trick/app_response/oat/x86/ASyJY.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4248

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.trip.trick/app_response/ASyJY.json
    Filesize

    1.8MB

    MD5

    4879f45ac93ed7789ee071bf4682d838

    SHA1

    2ebd8bf4cd7085bf45315ff6df2ac7ddc65a8518

    SHA256

    4353a1843289a26976487583addf841e18be3812040de0b6461526d14bea5127

    SHA512

    c14f3ff691ce46db8f53249005500b169bc47aee8f5045153283be744576384bea503442145afbfb0a2816137380244e023246e53147a26f3bbb702d658f85e5

    Download Submit

  • /data/data/com.trip.trick/app_response/ASyJY.json
    Filesize

    1.8MB

    MD5

    95382e095bf92c283068fe3184318554

    SHA1

    95bf3d22edc1ea3df88609c93a07df264ad3a922

    SHA256

    3c66f60e5c2254bb7090662e3d2fa153993373b8bdd2993bc5b99bbb2e140093

    SHA512

    1c52da9b6908dccdc90ae651fa973100f625b3ae45f8ae8809cc271f474dac363cb49b82dabb802e2a59a963a29e2b9aa4bf0a0db0bd9e7975d2b958f5a1b790

    Download Submit

  • /data/user/0/com.trip.trick/app_response/ASyJY.json
    Filesize

    4.4MB

    MD5

    38f3d479c4f09cffbcaf460c5ae7de29

    SHA1

    0f4c75ec23b1666f0ce8f5090c88a477c21e94b2

    SHA256

    f61d9620d6cf3e5b1cbde7d78ee1b5cd2142b1636cc6ad6fa4ef304a636c7a0a

    SHA512

    e2eccff59959169b4e7f620a617f4233c0f8fd977c373a8fb9acb485a3d283b28e34eb192337b8ef2f78129795f2ed812abdf8bc2c8575b2da81dc91e212bd17

    Download Submit

  • /data/user/0/com.trip.trick/app_response/ASyJY.json
    Filesize

    4.4MB

    MD5

    d6eccd94d0407a36bdd0fd4a683344ef

    SHA1

    27f0777b88857978119c95e8f60f5f880bceb652

    SHA256

    c6118098b9506dcf425318cfec525111b44251660dac7d697903509f3a05a58a

    SHA512

    55a7e33e6b8418f6dfe761cc01e921c8aaaf05ac84acc8c273bbf8a58333d7a20e0aea63ea1c27ba0b76a5f6234e15e32ecf7aaac702c183459ba8ddd5283158

    Download Submit