tanglebot | base[.]apk

General

Target

base.apk
Size

1.7MB
MD5

511a806ca330acfd1b017840c2ef2490
SHA1

76ddca680c45d4a24799733b7ec760a175a6f409
SHA256

7badeb43e25c4bc7772b4e62d97a7bffc84a02b8f50ea83e8ab8acb598a20bad
SHA512

1e8447dc3d9aff9ad141d68e855c18883e04550cc44894f701ddc9285433d4877133b9a8625f2a6e692d0e0eef64b7ce63c3caa2623d1ade2964a32f38ad6869
SSDEEP

24576:Fbw9zfr2b+z//r1Jo/KVRymSwPA3pkyN1goJ7a8H2GYofB0VbYSJKA:Fbw9zfr28D3RVA3pZJ7ae2kfudYSJKA

Score

10^/10

tanglebot

Malware Config

Extracted

Family

tanglebot

C2

https://icq.im/AoLH58pXY8ejJTQiWg8

https://t.me/pempeppepepep

https://t.me/xpembeppep2p2

Signatures

TangleBot payload 1 IoCs

resource	yara_rule
sample	family_tanglebot2

Tanglebot family
tanglebot
Attempts to obfuscate APK file format
Applies obfuscation techniques to the APK format in order to hinder analysis

Declares services with permission to bind to the system 1 IoCs

description	ioc
Required by accessibility services to bind with the system. Allows apps to access accessibility features.	android.permission.BIND_ACCESSIBILITY_SERVICE

Requests dangerous framework permissions 5 IoCs

description	ioc
Allows an app to post notifications.	android.permission.POST_NOTIFICATIONS
Allows an application to record audio.	android.permission.RECORD_AUDIO
Required to be able to access the camera device.	android.permission.CAMERA
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps.	android.permission.SYSTEM_ALERT_WINDOW
Allows an application to read or write the system settings.	android.permission.WRITE_SETTINGS

Files

base.apk
.apk android

tnt.tntn.tntnn

tnt.tntn.tntnn.MainActivity

Activities

tnt.tntn.tntnn.MainActivity

android.intent.action.MAIN

Permissions

android.permission.INTERNET
android.permission.POST_NOTIFICATIONS
android.permission.QUERY_ALL_PACKAGES
android.permission.REQUEST_DELETE_PACKAGES
android.permission.FOREGROUND_SERVICE
android.permission.RECORD_AUDIO
android.permission.CAMERA
android.permission.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS
android.permission.WAKE_LOCK
android.permission.SYSTEM_ALERT_WINDOW
android.permission.WRITE_SETTINGS

Receivers

tnt.tntn.tntnn.Receiver.ScreenReceiver

android.intent.action.USER_PRESENT
android.intent.action.SCREEN_ON
android.intent.action.SCREEN_OFF

tnt.tntn.tntnn.Service.InstallerRestarterService

restartinstallerservice

Services

tnt.tntn.tntnn.Service.AccessibilityControllerService

android.accessibilityservice.AccessibilityService

Android Permissions

base.apk

Permissions

android.permission.INTERNET

android.permission.POST_NOTIFICATIONS

android.permission.QUERY_ALL_PACKAGES

android.permission.REQUEST_DELETE_PACKAGES

android.permission.FOREGROUND_SERVICE

android.permission.RECORD_AUDIO

android.permission.CAMERA

android.permission.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS

android.permission.WAKE_LOCK

android.permission.SYSTEM_ALERT_WINDOW

android.permission.WRITE_SETTINGS

Sharing

General

Malware Config

Extracted

Signatures

Files

tnt.tntn.tntnn

tnt.tntn.tntnn.MainActivity

Activities

tnt.tntn.tntnn.MainActivity

Permissions

Receivers

tnt.tntn.tntnn.Receiver.ScreenReceiver

tnt.tntn.tntnn.Service.InstallerRestarterService

Services

tnt.tntn.tntnn.Service.AccessibilityControllerService

Android Permissions

base.apk