Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

6

5ed0ef191a...83.apk

android-9-x86

10

5ed0ef191a...83.apk

android-10-x64

10

5ed0ef191a...83.apk

android-11-x64

10

Analysis

  • max time kernel
    113s
  • max time network
    149s
  • platform
    android-9_x86
  • resource
    android-x86-arm-20240910-en
  • resource tags

    arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
  • submitted
    12/01/2025, 22:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5ed0ef191a28db3cd6a949a954f4ce86a764f8a1e94178a3c35b70f955683983.apk

  • Size

    2.5MB

  • MD5

    49fb98fd47f9278d440174ce34b56595

  • SHA1

    6bd28b45e0f4d1c92bf5e89aaa569af8f16f4c85

  • SHA256

    5ed0ef191a28db3cd6a949a954f4ce86a764f8a1e94178a3c35b70f955683983

  • SHA512

    1fc8a30c1d9323d877e8b508b1d6881f8ae84288ce4f904da37986680c92606dbd87766b845da1cea381a1a975d47fb4f60704a9e09acfe61a12bf968926291e

  • SSDEEP

    49152:ggpUSMoVDd2DmxHt3qc4XCavKg3fcGomJi38CiqlvNVPmSkh:gWUdoV86d3qKggmJi3WwVPU

Score
10/10
tanglebotbankercollectioncredential_accessdiscoveryevasioninfostealerpersistencespywaretrojan

Malware Config

Extracted

Family

tanglebot

C2

https://icq.im/AoLH58xYS0_leBOpXFI

https://t.me/unk22k2k2k2

https://t.me/unkppapeppappe

Signatures

  • TangleBot

    TangleBot is an Android SMS malware first seen in September 2021.

    trojaninfostealerspywaretanglebot
  • TangleBot payload 2 IoCs
  • Tanglebot family
    tanglebot
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Performs UI accessibility actions on behalf of the user 1 TTPs 1 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.olqoiyegqqjlqc.ftduknecm
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Performs UI accessibility actions on behalf of the user
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks CPU information
    • Checks memory information
    PID:4371
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.olqoiyegqqjlqc.ftduknecm/code_cache/secondary-dexes/base.apk.classes1.zip --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/com.olqoiyegqqjlqc.ftduknecm/code_cache/secondary-dexes/oat/x86/base.apk.classes1.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4399

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.olqoiyegqqjlqc.ftduknecm/code_cache/secondary-dexes/tmp-base.apk.classes7487199633308724496.zip
    Filesize

    455KB

    MD5

    ce8f56802d4f041c0b6aaa0c6591c7dd

    SHA1

    0d71ae5faedc6c1c53188cb4fc3a26d684127351

    SHA256

    9d8e9927d2ab3027bbe96423b9b23aa6f0fb5cbc0cf07b87459b5fb2e5a781ea

    SHA512

    3f0ec5b98f11ae2a517657ebacde1e2af809242310bcc587b5dea208dbbd3fb189e592b023009e2441df1946cd04d2177bfdde2339526e01c68ac122d2ebe63d

    Download Submit

  • /data/user/0/com.olqoiyegqqjlqc.ftduknecm/code_cache/secondary-dexes/base.apk.classes1.zip
    Filesize

    949KB

    MD5

    7a420ce0aeeabb76951bc35cb5338d2a

    SHA1

    c5315347c9fdfe539cbd26f72e2fc4c0bc779205

    SHA256

    b346e54e5fe63957c8e4b9f86d05a98763eed6a4f3a4c6d5184b0b7c93ea1982

    SHA512

    7894ceccbd2a39b2ea1a51cd688b24c6b4016d8f9a3b4f92599c2564298c803c6e91da665c2f4382e0a33229b2d46a97f05b244bdd05010ebf9e41ad1f832f2a

    Download Submit

  • /data/user/0/com.olqoiyegqqjlqc.ftduknecm/code_cache/secondary-dexes/base.apk.classes1.zip
    Filesize

    949KB

    MD5

    81b888a194d11f4bce291b43f3e0ebef

    SHA1

    b930d0a5e261b8d5de002e9c5b75dd442fbe1085

    SHA256

    10cc067d279d0005ed9d0af08d607ac9f76c329f2c9f173a29e0dfa5d931b2f6

    SHA512

    196e354d919a87d45c4a21a1b4439a519b68dbbeda94b9f3abfe729c0c58c5c44edca2163e56bef365f5761f167406448fdeed9de6593301f87ed789e8d978cf

    Download Submit