Extracted

Extracted

• • Target

    5ba71e64d182319471a8a727af92f473628136682315e430dd5061bbea11d070

  • Size

    7.5MB

  • MD5

    9b69cee561196cefc709d453a7211e41

  • SHA1

    92889ede639b3b532a96e187880b02bd4ee2b304

  • SHA256

    5ba71e64d182319471a8a727af92f473628136682315e430dd5061bbea11d070

  • SHA512

    f02d45eeb75d3eccd9d849dcf4b744f6a2aef122658a4b426e213f6ad3553da54a1aeddbead277b0de320544cfe10df99db6ba96dd701d04ba04be8fa0c07525

  • SSDEEP

    196608:TYFDACgLMtclqXP9dC9DZDGOSUr6i080blAGe:aDACyfwP9dC9DZCIuLuN

  Score

  10^/10

  tanglebotevasioninfostealerspywaretrojan

  • TangleBot

    TangleBot is an Android SMS malware first seen in September 2021.

    trojaninfostealerspywaretanglebot

  • TangleBot payload

  • Tanglebot family

    tanglebot

  • Loads dropped Dex/Jar

    Runs executable file dropped to the device during analysis.

    evasion
  behavioral1

• • Target

    base.apk

  • Size

    3.5MB

  • MD5

    42305a4586640e91c21dd72bdff55bb5

  • SHA1

    c462208e1117e88e41d5e4d71509f0ffaf6ed6df

  • SHA256

    370c44d79a503fcfc41060a6cc567d1e93c419c41fc04b8169516204578b96e7

  • SHA512

    ca2cdb1087ca6d53c3a0b669fa28534411e9d054d8a659ccb90e37450435430dce928a51da716888fe1994cb4599df8ff9094d6be13bb7ba1564d19692863666

  • SSDEEP

    98304:gukWXLjQGrAmA9tnkgjOfd8kWG89oiEKQqBNvxjTPPJ:F8I3WGcoNKQIPJ

  Score

  10^/10

  octobankercollectioncredential_accessdiscoveryevasionimpactinfostealerpersistencerattrojan

  • Octo

    Octo is a banking malware with remote access capabilities first seen in April 2022.

    bankertrojaninfostealerratocto

  • Octo family

    octo

  • Octo payload

  • Loads dropped Dex/Jar

    Runs executable file dropped to the device during analysis.

    evasion

  • Makes use of the framework's Accessibility service

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    bankerdiscovery

  • Queries the phone number (MSISDN for GSM devices)

    discovery

  • Acquires the wake lock

  • Makes use of the framework's foreground persistence service

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence

  • Performs UI accessibility actions on behalf of the user

    Application may abuse the accessibility service to prevent their removal.

    evasion

  • Queries the mobile country code (MCC)

    discovery

  • Queries the unique device ID (IMEI, MEID, IMSI)

    discovery

  • Requests accessing notifications (often used to intercept notifications before users become aware).

    collectioncredential_access

  • Requests disabling of battery optimizations (often used to enable hiding in the background).

    evasion
  behavioral2