Overview

overview

10

Static

static

6

5ed0ef191a...83.apk

android-9-x86

10

5ed0ef191a...83.apk

android-10-x64

10

5ed0ef191a...83.apk

android-11-x64

10

Analysis

  • max time kernel
    115s
  • max time network
    150s
  • platform
    android-10_x64
  • resource
    android-x64-20240910-en
  • resource tags

    arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system
  • submitted
    12-01-2025 22:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5ed0ef191a28db3cd6a949a954f4ce86a764f8a1e94178a3c35b70f955683983.apk

  • Size

    2.5MB

  • MD5

    49fb98fd47f9278d440174ce34b56595

  • SHA1

    6bd28b45e0f4d1c92bf5e89aaa569af8f16f4c85

  • SHA256

    5ed0ef191a28db3cd6a949a954f4ce86a764f8a1e94178a3c35b70f955683983

  • SHA512

    1fc8a30c1d9323d877e8b508b1d6881f8ae84288ce4f904da37986680c92606dbd87766b845da1cea381a1a975d47fb4f60704a9e09acfe61a12bf968926291e

  • SSDEEP

    49152:ggpUSMoVDd2DmxHt3qc4XCavKg3fcGomJi38CiqlvNVPmSkh:gWUdoV86d3qKggmJi3WwVPU

Score
10/10
tanglebotbankercollectioncredential_accessdiscoveryevasionimpactinfostealerpersistencespywaretrojan

Malware Config

Extracted

Family

tanglebot

C2

https://icq.im/AoLH58xYS0_leBOpXFI

https://t.me/unk22k2k2k2

https://t.me/unkppapeppappe

Signatures

Processes

  • com.olqoiyegqqjlqc.ftduknecm
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Performs UI accessibility actions on behalf of the user
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks CPU information
    • Checks memory information
    PID:5071

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

1
T1624

Broadcast Receivers

1
T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1
T1407

Impair Defenses

1
T1629

Prevent Application Removal

1
T1629.001

Input Injection

1
T1516

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Information Discovery

2
T1426

System Network Configuration Discovery

2
T1422

Lateral Movement

Collection

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Data Manipulation

1
T1641

Transmitted Data Manipulation

1
T1641.001

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.olqoiyegqqjlqc.ftduknecm/code_cache/secondary-dexes/tmp-base.apk.classes4724246479537117644.zip
    Filesize

    455KB

    MD5

    ce8f56802d4f041c0b6aaa0c6591c7dd

    SHA1

    0d71ae5faedc6c1c53188cb4fc3a26d684127351

    SHA256

    9d8e9927d2ab3027bbe96423b9b23aa6f0fb5cbc0cf07b87459b5fb2e5a781ea

    SHA512

    3f0ec5b98f11ae2a517657ebacde1e2af809242310bcc587b5dea208dbbd3fb189e592b023009e2441df1946cd04d2177bfdde2339526e01c68ac122d2ebe63d

    Download Submit

  • /data/user/0/com.olqoiyegqqjlqc.ftduknecm/code_cache/secondary-dexes/base.apk.classes1.zip
    Filesize

    949KB

    MD5

    81b888a194d11f4bce291b43f3e0ebef

    SHA1

    b930d0a5e261b8d5de002e9c5b75dd442fbe1085

    SHA256

    10cc067d279d0005ed9d0af08d607ac9f76c329f2c9f173a29e0dfa5d931b2f6

    SHA512

    196e354d919a87d45c4a21a1b4439a519b68dbbeda94b9f3abfe729c0c58c5c44edca2163e56bef365f5761f167406448fdeed9de6593301f87ed789e8d978cf

    Download Submit