Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
144s -
max time network
154s -
platform
android-11_x64 -
resource
android-x64-arm64-20240910-en -
resource tags
arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system -
submitted
20/12/2024, 22:00
Static task
static1
Behavioral task
behavioral1
Sample
2024d43e0c9f64c4b19db4813506a7a8f3b97fe2568f6dc41022e8955745f186.apk
Resource
android-x86-arm-20240910-en
Behavioral task
behavioral2
Sample
2024d43e0c9f64c4b19db4813506a7a8f3b97fe2568f6dc41022e8955745f186.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
2024d43e0c9f64c4b19db4813506a7a8f3b97fe2568f6dc41022e8955745f186.apk
Resource
android-x64-arm64-20240910-en
General
-
Target
2024d43e0c9f64c4b19db4813506a7a8f3b97fe2568f6dc41022e8955745f186.apk
-
Size
1.8MB
-
MD5
65e90a78ebe6ac108d5cdc39094c08d0
-
SHA1
ac9b7d55913bb44bdb4ddba3e4ee5550f62f83ff
-
SHA256
2024d43e0c9f64c4b19db4813506a7a8f3b97fe2568f6dc41022e8955745f186
-
SHA512
92cf4e6b0101681eb184566422422353fe6663a4b8cf7fa7fa34f5a181186af055b5de728ce94c100bd1f7b390dcbef2b8f1ed4a96518a9357dfb1c76e7521fc
-
SSDEEP
24576:aSkHeuJgMiBvHIIJlAXA4+T2hosWAP7rTmxHV01zzZ6X2+HtfsT/9YkgjgQ7hMzh:aSkOMyoIH2DmxH8ZjXT/VgjbhG/+m
Malware Config
Extracted
tanglebot
https://icq.im/AoLH58xYS0_leBOpXFI
https://t.me/unk22k2k2k2
https://t.me/unkppapeppappe
Signatures
-
TangleBot
TangleBot is an Android SMS malware first seen in September 2021.
-
TangleBot payload 1 IoCs
resource yara_rule behavioral3/memory/4786-0.dex family_tanglebot2 -
Tanglebot family
-
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.rdyxvyhyuiynu.ncggqrmsikupzntz/code_cache/secondary-dexes/base.apk.classes1.zip 4786 com.rdyxvyhyuiynu.ncggqrmsikupzntz -
Makes use of the framework's Accessibility service 4 TTPs 1 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
description ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId com.rdyxvyhyuiynu.ncggqrmsikupzntz -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
description ioc Process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.rdyxvyhyuiynu.ncggqrmsikupzntz -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Performs UI accessibility actions on behalf of the user 1 TTPs 1 IoCs
Application may abuse the accessibility service to prevent their removal.
ioc Process android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.rdyxvyhyuiynu.ncggqrmsikupzntz -
Reads information about phone network operator. 1 TTPs
-
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo com.rdyxvyhyuiynu.ncggqrmsikupzntz -
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo com.rdyxvyhyuiynu.ncggqrmsikupzntz
Processes
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Impair Defenses
1Prevent Application Removal
1Input Injection
1Virtualization/Sandbox Evasion
2System Checks
2Credential Access
Clipboard Data
1Input Capture
2GUI Input Capture
1Keylogging
1Discovery
Software Discovery
1Security Software Discovery
1System Information Discovery
2System Network Configuration Discovery
1Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.rdyxvyhyuiynu.ncggqrmsikupzntz/code_cache/secondary-dexes/tmp-base.apk.classes376444873772319023.zip
Filesize455KB
MD5bf1bee6ed3f78ab2fdc24246e8dcfcdb
SHA10a7e2e1c34a19bc2ca62a97f0717311da17f0268
SHA256e02a0ae5b9a13be91c4e82f1d722b9de56f8c9ed2f65ccdd2db4b23e72ad94b0
SHA512b76fa6bd56397f89b8ac050ca8ef53e8a045167e16b67c4c4df2196d29f1054befc9ed175e61804ab0f11ba8d9113db60f2fd14221cae59e63b1c98ece4b2466
-
Filesize
949KB
MD54482f2fcb8cd383f0757bdd933c150c7
SHA170892375a28d89430cf3f2b6f681fed3e74bd554
SHA25611e34879facb696c5516fa8878a0dd14b57478f047472b859dcf908192fd2e8c
SHA5122796ffe6bd6ce9d4cfcf123286b8613c89a7e59041b2a30593313764978e2dac030a2f17042236df319fbbb9155bf3593b84458185f1ed230471952ee803289e