tanglebot | 02a7b6c674daf7257c2ea95e4f5a96f675febb4a53f5e29c7ccbf5fe2dc3f81b

Analysis

max time kernel
5s
max time network
152s
platform
android-10_x64
resource
android-x64-20240910-en
resource tags

arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system
submitted
16-12-2024 03:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

02a7b6c674daf7257c2ea95e4f5a96f675febb4a53f5e29c7ccbf5fe2dc3f81b.apk
Size

9.7MB
MD5

6c40d0ce4ba4c7b795b7241d07941af9
SHA1

7802246571b7ee84a0b50724f4846e8ef5efdd98
SHA256

02a7b6c674daf7257c2ea95e4f5a96f675febb4a53f5e29c7ccbf5fe2dc3f81b
SHA512

6629d7a851fbb8bca27127223a44ae0e7094260efb527e6affdcc0ba79632491f21e98662491441275e202f3e4701044b5c072cbf6cd8ae164361d4aeebb3c03
SSDEEP

196608:pEz5iAMm3qMslK6Q3fyPx1OjMSbxRa0VHcTc9cqQpMe8BJBojA9:pENS/MsvQ3faxMFbG0GTEconBJB9

Score

10^/10

tanglebot evasion infostealer spyware trojan

Malware Config

Signatures

TangleBot
TangleBot is an Android SMS malware first seen in September 2021.
trojan infostealer spyware tanglebot

TangleBot payload 1 IoCs

resource	yara_rule
behavioral2/memory/5072-0.dex	family_tanglebot3

Tanglebot family
tanglebot

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.child.chest/app_tenant/Gs.json	5072	com.child.chest

com.child.chest
1⤵
- Loads dropped Dex/Jar
PID:5072

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.child.chest/app_tenant/Gs.json

Filesize
1.8MB

MD5
9c680b795c14555711230c1a16d36bd3

SHA1
3e2235051efd35a97c54bc690b9b798f9f143c13

SHA256
1c0c9ef5e508ae2ebae38167bb4f063610230914ebf2a0d24d473aff448d8967

SHA512
8191c80eb4abab1df7583c9fd03aea60a29a6e39a01a1de2e264a847eb9030143ee83b3d39a68f7144abe43892a4ab9cebbae0060518efc45b50c9d14893bb76

Download Submit
/data/data/com.child.chest/app_tenant/Gs.json

Filesize
1.8MB

MD5
6781ddc4337c3f3989ee979c5d3b1465

SHA1
ffcee22654ac45676781681a840417963434cb15

SHA256
e74a36b086f559a10925b70f9a81320491ed60bd334ddcffd483b1fade8f7066

SHA512
6837ea85b34ceda5e68f49fe0a8257a8571bbaa13533f437024aac58dd8dc9ece9e75db2b3267d90262d1b35de96d574f26d9926efc1b79d2b10cf1e9ed01125

Download Submit
/data/user/0/com.child.chest/app_tenant/Gs.json

Filesize
4.4MB

MD5
533f7243f1aba70f8fa0fcdd683ea7f0

SHA1
781be274c451bb53889a6c67a0581aa3e6140318

SHA256
23c2580e3e722969fce0456aa9ceb79279c90db4572e3e55baa0accf1b0c29a2

SHA512
7d72b1ee0b02ddc1c364b5efb9ca71a21236dd9de84061b397929f777b53dec6e04dff002c759654b1e165c466268956dcebae133deee96bca49a3eb15f20dda

Download Submit