Overview

overview

10

Static

static

6

a545afe266...34.apk

android-9-x86

10

a545afe266...34.apk

android-10-x64

10

a545afe266...34.apk

android-11-x64

10

Analysis

  • max time kernel
    113s
  • max time network
    153s
  • platform
    android-11_x64
  • resource
    android-x64-arm64-20240910-en
  • resource tags

    arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
  • submitted
    08-01-2025 22:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a545afe266de5b69aabe3ffe1f5da9ef9e487bf05fe5cdfec378c72973e2c934.apk

  • Size

    4.3MB

  • MD5

    96fa190b398f0f9389ffbe2476f77c04

  • SHA1

    9fe9d132020f8e86910d91e5897ae37dabd60bcf

  • SHA256

    a545afe266de5b69aabe3ffe1f5da9ef9e487bf05fe5cdfec378c72973e2c934

  • SHA512

    09291eaaa4373827c9a59490998535538c2f43ceddccb4e7c67995ac1d2432e879bc81d329060e6d7fc889b978e56aec25b21c59a9e1627c74c8f48386bc55c1

  • SSDEEP

    98304:xWtMjzfr2oDxg5hn2H9gvcWPSn7xFsYqzq:+MzDehn2H9gvcWoVOrm

Score
10/10
tanglebotbankercollectioncredential_accessdiscoveryevasionimpactinfostealerspywaretrojan

Malware Config

Extracted

Family

tanglebot

C2

https://icq.im/AoLH5bRXfAE6eCtbw1I

https://t.me/zedezededeed

https://twitter.com/doplghas

Signatures

Processes

  • com.wflhmajccyc.oydwpatgwx
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Performs UI accessibility actions on behalf of the user
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Checks CPU information
    • Checks memory information
    PID:4578

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1
T1407

Hide Artifacts

1
T1628

User Evasion

1
T1628.002

Impair Defenses

1
T1629

Prevent Application Removal

1
T1629.001

Input Injection

1
T1516

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Information Discovery

2
T1426

System Network Configuration Discovery

1
T1422

Lateral Movement

Collection

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Data Manipulation

1
T1641

Transmitted Data Manipulation

1
T1641.001

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.wflhmajccyc.oydwpatgwx/app_DynamicOptDex/CaY.json
    Filesize

    706KB

    MD5

    6b9d2943156ebbd189313e0abdab0d81

    SHA1

    a09360b8444794405aacb9d6dbc9f796566611a5

    SHA256

    73e050261be1cd333f3944d85af640a5e3a53838cdaf3426742a23e71df26e61

    SHA512

    38246b12330dfe13e382b6a3f9ececdc768711e807c709ee5cd87e5ca7d2b6493b8b055ddc7cbf9ca853add37eeebf21b9967f07d30883aafa64548cf28cde95

    Download Submit

  • /data/user/0/com.wflhmajccyc.oydwpatgwx/app_DynamicOptDex/CaY.json
    Filesize

    706KB

    MD5

    b7a93a5d858b4c318e1ec0ed5a909a1c

    SHA1

    115fed8c4ec1b2b8ce785e5f2bb0d7d11ec940dd

    SHA256

    ff894bb9173dccaafadd31e6b9a8c2b5f4d289310740e490e2e24af03555d7c6

    SHA512

    8b734fb9ffbbc1226b1dc4f5d362c4d52408496981aab8635b4c86aa78f933c629c72b92855f8ec876918e43699b279747cb6ceee0d969bbc29b5c2f472a62ad

    Download Submit

  • /data/user/0/com.wflhmajccyc.oydwpatgwx/app_DynamicOptDex/CaY.json
    Filesize

    1.5MB

    MD5

    49ceeaca9c0208edf17133c9a58df8fa

    SHA1

    43b0837f725e117f8a81e104c1799d5e71a49086

    SHA256

    4fed5aaa42724ece2a7ed351a2b17972c7e35f0469d6d8410447643ae3e709fc

    SHA512

    874960a369ea940953b7095229e8a2153b0b95d29cbcd046f07be5d3bce85066c27a788ff8adfa9bcc5c7322025cf7c7f9f47b9772037ef0cf93c68a43090989

    Download Submit