Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

be512e871f...fc.apk

android-9-x86

7

be512e871f...fc.apk

android-10-x64

7

be512e871f...fc.apk

android-11-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    be512e871fc1871314794ea0e83f70ebe6cd9e537883aca6ca41440b3032dbfc.apk

  • Size

    2.1MB

  • Sample

    250110-egkrta1lhv

  • MD5

    546f45d13c9fec7c6f868758f698de38

  • SHA1

    8e7667971fd60f3973713f14ad12d809dbeb718f

  • SHA256

    be512e871fc1871314794ea0e83f70ebe6cd9e537883aca6ca41440b3032dbfc

  • SHA512

    1df39b5a44e7ba8f4c3adf75c399752d9d4e533d3d1dac7039b45bd48230c39f4e1024d4b356e1b05d8b901467690adb10582b740e7821eaad49b51bbeb480d9

  • SSDEEP

    49152:HVcdmzfrsVxjjx1Il4UwIfoCW6Zg28g00AD3Lt5nTKE0C:HJzfrsfjDUwIvW6l0tbtjl

Score
10/10
tanglebotandroidbankercollectioncredential_accessdiscoveryevasionimpactpersistence

Malware Config

Extracted

Family

tanglebot

C2

https://t.me/anbsh26

https://t.me/anbshaa

https://t.me/anbshbb

Targets

    • Target

      be512e871fc1871314794ea0e83f70ebe6cd9e537883aca6ca41440b3032dbfc.apk

    • Size

      2.1MB

    • MD5

      546f45d13c9fec7c6f868758f698de38

    • SHA1

      8e7667971fd60f3973713f14ad12d809dbeb718f

    • SHA256

      be512e871fc1871314794ea0e83f70ebe6cd9e537883aca6ca41440b3032dbfc

    • SHA512

      1df39b5a44e7ba8f4c3adf75c399752d9d4e533d3d1dac7039b45bd48230c39f4e1024d4b356e1b05d8b901467690adb10582b740e7821eaad49b51bbeb480d9

    • SSDEEP

      49152:HVcdmzfrsVxjjx1Il4UwIfoCW6Zg28g00AD3Lt5nTKE0C:HJzfrsfjDUwIvW6l0tbtjl

    Score
    7/10
    bankercollectioncredential_accessdiscoveryevasionpersistenceimpact

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

      collectionevasioncredential_access

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

      collectioncredential_accessimpact

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Performs UI accessibility actions on behalf of the user

      Application may abuse the accessibility service to prevent their removal.

      evasion

    • Queries the mobile country code (MCC)

      discovery

    • Reads information about phone network operator.

      discovery

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

      evasion
    behavioral1behavioral2behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

1
T1624

Broadcast Receivers

1
T1624.001

Privilege Escalation

Defense Evasion

Hide Artifacts

1
T1628

User Evasion

1
T1628.002

Impair Defenses

1
T1629

Prevent Application Removal

1
T1629.001

Input Injection

1
T1516

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Information Discovery

2
T1426

System Network Configuration Discovery

2
T1422

Lateral Movement

Collection

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Data Manipulation

1
T1641

Transmitted Data Manipulation

1
T1641.001

Input Injection

1
T1516

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.