tanglebot | 0deb21fdba5fc32e6186bc6593f904490fdf65dbacb014077f1286f050a3b946

Analysis

max time kernel
7s
max time network
135s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
16-12-2024 03:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0deb21fdba5fc32e6186bc6593f904490fdf65dbacb014077f1286f050a3b946.apk
Size

8.7MB
MD5

34f2f1ca57fec362ec5ecff9632882d9
SHA1

084bc677dde1f2e4ca5b68cfbc3e000573d0a9d2
SHA256

0deb21fdba5fc32e6186bc6593f904490fdf65dbacb014077f1286f050a3b946
SHA512

bcb022f51b152688986a70aee5c56127ff6233d254cb33eb9034226088ea61f2283691b66b1fdec81aaaf0b16c71e9151ffa840983f68bd9459ff2b81e2e927a
SSDEEP

196608:okxcQ/tVmsqcwknnjWuIvPG2frzz/v5mloU0dpe4Ot:jxfjVqYnjuGKr3/sVuat

Score

10^/10

tanglebot evasion infostealer spyware trojan

Malware Config

Signatures

TangleBot
TangleBot is an Android SMS malware first seen in September 2021.
trojan infostealer spyware tanglebot

TangleBot payload 1 IoCs

resource	yara_rule
behavioral3/memory/4498-0.dex	family_tanglebot3

Tanglebot family
tanglebot

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.trip.trick/app_response/ASyJY.json	4498	com.trip.trick

com.trip.trick
1⤵
- Loads dropped Dex/Jar
PID:4498

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.trip.trick/app_response/ASyJY.json

Filesize
1.8MB

MD5
4879f45ac93ed7789ee071bf4682d838

SHA1
2ebd8bf4cd7085bf45315ff6df2ac7ddc65a8518

SHA256
4353a1843289a26976487583addf841e18be3812040de0b6461526d14bea5127

SHA512
c14f3ff691ce46db8f53249005500b169bc47aee8f5045153283be744576384bea503442145afbfb0a2816137380244e023246e53147a26f3bbb702d658f85e5

Download Submit
/data/data/com.trip.trick/app_response/ASyJY.json

Filesize
1.8MB

MD5
95382e095bf92c283068fe3184318554

SHA1
95bf3d22edc1ea3df88609c93a07df264ad3a922

SHA256
3c66f60e5c2254bb7090662e3d2fa153993373b8bdd2993bc5b99bbb2e140093

SHA512
1c52da9b6908dccdc90ae651fa973100f625b3ae45f8ae8809cc271f474dac363cb49b82dabb802e2a59a963a29e2b9aa4bf0a0db0bd9e7975d2b958f5a1b790

Download Submit
/data/user/0/com.trip.trick/app_response/ASyJY.json

Filesize
4.4MB

MD5
d6eccd94d0407a36bdd0fd4a683344ef

SHA1
27f0777b88857978119c95e8f60f5f880bceb652

SHA256
c6118098b9506dcf425318cfec525111b44251660dac7d697903509f3a05a58a

SHA512
55a7e33e6b8418f6dfe761cc01e921c8aaaf05ac84acc8c273bbf8a58333d7a20e0aea63ea1c27ba0b76a5f6234e15e32ecf7aaac702c183459ba8ddd5283158

Download Submit