Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
0d76a35c2701b2d6d49631cdd3f9e2972c2c020c60400aff1f7bf59d40493d83.bin
-
Size
1.0MB
-
Sample
250115-12vcmswrez
-
MD5
9604082a03dcbac0d45fbe86cf1285f8
-
SHA1
11c5812b86bfc1d11bd809d25cc032365865f510
-
SHA256
0d76a35c2701b2d6d49631cdd3f9e2972c2c020c60400aff1f7bf59d40493d83
-
SHA512
01cfe43f07f4086ac45b8927f800de516855effdfcde3ebeaec9b7a463951c5853fdae3330f28b269c341e18a3508d4109e99f1b7090e0c2f94932b2818b9571
-
SSDEEP
24576:vVLTchSsugwcBuHFJ3HAstOVhrmSVNUktLxTRw:9LT7qi7gGOVQS/nTRw
Static task
static1
Behavioral task
behavioral1
Sample
0d76a35c2701b2d6d49631cdd3f9e2972c2c020c60400aff1f7bf59d40493d83.apk
Resource
android-x86-arm-20240910-en
Behavioral task
behavioral2
Sample
0d76a35c2701b2d6d49631cdd3f9e2972c2c020c60400aff1f7bf59d40493d83.apk
Resource
android-x64-20240910-en
Behavioral task
behavioral3
Sample
0d76a35c2701b2d6d49631cdd3f9e2972c2c020c60400aff1f7bf59d40493d83.apk
Resource
android-x64-arm64-20240910-en
Malware Config
Extracted
tanglebot
https://icq.im/AoLH58pXY8ejJTQiWg8
https://t.me/pempeppepepep
https://t.me/xpembeppep2p2
Targets
-
-
Target
0d76a35c2701b2d6d49631cdd3f9e2972c2c020c60400aff1f7bf59d40493d83.bin
-
Size
1.0MB
-
MD5
9604082a03dcbac0d45fbe86cf1285f8
-
SHA1
11c5812b86bfc1d11bd809d25cc032365865f510
-
SHA256
0d76a35c2701b2d6d49631cdd3f9e2972c2c020c60400aff1f7bf59d40493d83
-
SHA512
01cfe43f07f4086ac45b8927f800de516855effdfcde3ebeaec9b7a463951c5853fdae3330f28b269c341e18a3508d4109e99f1b7090e0c2f94932b2818b9571
-
SSDEEP
24576:vVLTchSsugwcBuHFJ3HAstOVhrmSVNUktLxTRw:9LT7qi7gGOVQS/nTRw
-
TangleBot
TangleBot is an Android SMS malware first seen in September 2021.
-
TangleBot payload
-
Tanglebot family
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Obtains sensitive information copied to the device clipboard
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Performs UI accessibility actions on behalf of the user
Application may abuse the accessibility service to prevent their removal.
-
Queries the mobile country code (MCC)
-
Reads information about phone network operator.
-
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Impair Defenses
1Prevent Application Removal
1Input Injection
1Virtualization/Sandbox Evasion
2System Checks
2Credential Access
Clipboard Data
1Input Capture
2GUI Input Capture
1Keylogging
1Discovery
Software Discovery
1Security Software Discovery
1System Information Discovery
2System Network Configuration Discovery
2