Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
26f9d006961132dcc7d45af6ab2deeb857155d53acb005971d5de9abfc64b99c.bin
-
Size
4.6MB
-
Sample
250129-1wm2dazrhv
-
MD5
7fcf49ac27d4d26d009e59e40c6ef42c
-
SHA1
6f95724243e934c2588e1bca18d3aad5552ed788
-
SHA256
26f9d006961132dcc7d45af6ab2deeb857155d53acb005971d5de9abfc64b99c
-
SHA512
ed2198e767dad277d44f2e0ece220e85220a2375c6210a6adbd0b62abcaacac5620fc1f45849cd320e5b833cceb61f50475b73cf51713c4b6dfe665f56e3683d
-
SSDEEP
98304:GutqxFjyktx8EqiRa9ChUN7mUaHOlsH9SZIf1qaXcC:pQjykcNn9CuMUU9SCdqasC
Static task
static1
Behavioral task
behavioral1
Sample
26f9d006961132dcc7d45af6ab2deeb857155d53acb005971d5de9abfc64b99c.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
26f9d006961132dcc7d45af6ab2deeb857155d53acb005971d5de9abfc64b99c.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
26f9d006961132dcc7d45af6ab2deeb857155d53acb005971d5de9abfc64b99c.apk
Resource
android-x64-arm64-20240910-en
Malware Config
Extracted
tanglebot
https://t.me/+ZJAj-vCkxkE4N2E0
https://t.me/+jz7SONzTmCI0YmM0
https://t.me/+saoiPgiTyD1iZDBk
Targets
-
-
Target
26f9d006961132dcc7d45af6ab2deeb857155d53acb005971d5de9abfc64b99c.bin
-
Size
4.6MB
-
MD5
7fcf49ac27d4d26d009e59e40c6ef42c
-
SHA1
6f95724243e934c2588e1bca18d3aad5552ed788
-
SHA256
26f9d006961132dcc7d45af6ab2deeb857155d53acb005971d5de9abfc64b99c
-
SHA512
ed2198e767dad277d44f2e0ece220e85220a2375c6210a6adbd0b62abcaacac5620fc1f45849cd320e5b833cceb61f50475b73cf51713c4b6dfe665f56e3683d
-
SSDEEP
98304:GutqxFjyktx8EqiRa9ChUN7mUaHOlsH9SZIf1qaXcC:pQjykcNn9CuMUU9SCdqasC
-
TangleBot
TangleBot is an Android SMS malware first seen in September 2021.
-
TangleBot payload
-
Tanglebot family
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Obtains sensitive information copied to the device clipboard
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Performs UI accessibility actions on behalf of the user
Application may abuse the accessibility service to prevent their removal.
-
Queries the mobile country code (MCC)
-
Reads information about phone network operator.
-
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Impair Defenses
1Prevent Application Removal
1Input Injection
1Virtualization/Sandbox Evasion
2System Checks
2Credential Access
Clipboard Data
1Input Capture
2GUI Input Capture
1Keylogging
1Discovery
Software Discovery
1Security Software Discovery
1System Information Discovery
2System Network Configuration Discovery
2