tanglebot | 6df98f4c4b1a9c147a996854b9624d51828585fdabb6be0b56014d874d9f24d8

Analysis

max time kernel
6s
max time network
21s
platform
android-13_x64
resource
android-33-x64-arm64-20240910-en
resource tags

arch:arm64arch:x64arch:x86image:android-33-x64-arm64-20240910-enlocale:en-usos:android-13-x64system
submitted
21/03/2025, 17:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6df98f4c4b1a9c147a996854b9624d51828585fdabb6be0b56014d874d9f24d8.apk
Size

6.9MB
MD5

6f60dce97fd9ec8b39dae1e662fc2918
SHA1

3285afaff80673b937235e026492796cc6b36afe
SHA256

6df98f4c4b1a9c147a996854b9624d51828585fdabb6be0b56014d874d9f24d8
SHA512

de0be2b2792ec19f4c68e44435cba426b6a58844fbed9f4b7876f5ba0286359a7ca28dcb7310948346087226b7f267c5b6f21be4d7a8a52cee26ff7339c6780a
SSDEEP

98304:uDd2ZrWHFb3eMkRbAYMl6oUAuxDCWrauCY53h6bnl2C4mbgjFfyZGHsaGsiLQNNt:Q3AR/oUASWY53kaXiLqNkmrt

Score

10^/10

tanglebot evasion infostealer spyware trojan

Malware Config

Signatures

TangleBot
TangleBot is an Android SMS malware first seen in September 2021.
trojan infostealer spyware tanglebot

TangleBot payload 1 IoCs

resource	yara_rule
behavioral1/memory/4495-0.dex	family_tanglebot3

Tanglebot family
tanglebot

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.person.bar/app_DynamicOptDex/etr.json	4495	com.person.bar

com.person.bar
1⤵
- Loads dropped Dex/Jar
PID:4495

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.person.bar/app_DynamicOptDex/etr.json

Filesize
1.8MB

MD5
0714d8e43f0895b0e272d7c5fd619917

SHA1
3617c51e66309e59a882c9d4741836e25c4c0ca4

SHA256
931a6b1a7441862f09292edd61f5f8c20c19d2187079680089852c919d467424

SHA512
4abc3b710e5d5c73e96c369344cb02943a440c1a8827c3620f338c3a4175e3682c55022722bcafd5b5e91fc0ada019d0705ca73ce711459002cfe3795f56b6b9

Download Submit
/data/data/com.person.bar/app_DynamicOptDex/etr.json

Filesize
1.8MB

MD5
65c94b8629a9875899398fae8df316cf

SHA1
74753ad794a58982907b8b667ff8581836f9a0f9

SHA256
d4b6e69b6a3185ad41f58fee3f9afd68c48c1c988bb85900c999aee55d80e0b0

SHA512
50105fb08693607ee0e894f8abb5c79c21de88676f80576f5410da1258ab92f241d703501dfc02c37f024e97497918f8a7327e26237fa53ec68f99974ef57436

Download Submit
/data/data/com.person.bar/app_DynamicOptDex/oat/x86_64/etr.vdex

Filesize
65KB

MD5
bca86e5908f345c8a073caa1b6482b5d

SHA1
feb7a432a36bd9d12c4a4d1d9fd0f951ea75f363

SHA256
0f8e13119c30d22a612e29a136ffe41df9482d8d44021f52231697f8a448bd04

SHA512
23c97bb17fb51973098252e9a7591222de06c2844299144394632ea17cb84dd81f0a2389d6bc6435d1f425c1308ccfeecae77047d5c36ad77c33df134c5116a1

Download Submit
/data/user/0/com.person.bar/app_DynamicOptDex/etr.json

Filesize
4.4MB

MD5
dae70994c5e4bebf0cbe276586cad230

SHA1
b294bdba96cda0cc4c65a2a7e6a10d24596d7c7a

SHA256
b98aae5fc5a57910a3a766c407260ed5e45c32973f4f166bbc64128bc2ebc4d3

SHA512
e944073fdf007d467556b45330347814d822fbc7f9510ca0be86933e27d4c48d9c8b2edb2830c6432713d0b1317546a6733f4338c33e1df1fedb0af625d74685

Download Submit