tanglebot | 1fc6c7f55ac3ccee96713dcc3cbd38760a3a6ccfa692d5e6effcf0bc567c8602

Analysis

max time kernel
6s
max time network
24s
platform
android-13_x64
resource
android-33-x64-arm64-20240910-en
resource tags

arch:arm64arch:x64arch:x86image:android-33-x64-arm64-20240910-enlocale:en-usos:android-13-x64system
submitted
21/03/2025, 17:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1fc6c7f55ac3ccee96713dcc3cbd38760a3a6ccfa692d5e6effcf0bc567c8602.apk
Size

9.3MB
MD5

13067d771e306d0918894e3e1aeb32b6
SHA1

7c923df60cbe659d6d3c9ef02cf6a76abe731c3e
SHA256

1fc6c7f55ac3ccee96713dcc3cbd38760a3a6ccfa692d5e6effcf0bc567c8602
SHA512

07659b9d3ce91f318c38f68d102e29b7cec7fc8b2c402dc9b2dde626a09640b50788f7bbe24bbb47ff6e2e9e05166e71f5bd79628559e9d1a17beb9dbc4fa6e0
SSDEEP

196608:2uKK5F7JTUKRzHBmH4AGK+8ZWFNp8hJHVuW:D5JFRLBmH9GqcFsjVj

Score

10^/10

tanglebot evasion infostealer spyware trojan

Malware Config

Signatures

TangleBot
TangleBot is an Android SMS malware first seen in September 2021.
trojan infostealer spyware tanglebot

TangleBot payload 1 IoCs

resource	yara_rule
behavioral1/memory/4510-0.dex	family_tanglebot3

Tanglebot family
tanglebot

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.transfer.move/app_kiss/siJNCu.json	4510	com.transfer.move

com.transfer.move
1⤵
- Loads dropped Dex/Jar
PID:4510

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.transfer.move/app_kiss/oat/x86_64/siJNCu.vdex

Filesize
65KB

MD5
f0b40cb3c256fb5a3bc63b32f70aae51

SHA1
d16d2fe8da7581ee2b453bd9c57843644a3a472d

SHA256
c4bcd0f038134b732403a22ec6127635050ec2217549f2094f9fd65306105a24

SHA512
bf5482cc317543e1e034c5813cfd8272454bfd6e70fcc03192d73f661deda7452417ac7a58d74824c2ca4271ee177b63d57ae9f7edc36404360cbcbcb4bb0481

Download Submit
/data/data/com.transfer.move/app_kiss/siJNCu.json

Filesize
1.8MB

MD5
b16e868299725c4fe152547b932d8224

SHA1
7a02706fd4bcc60876c3819a9c4449e1dc76413c

SHA256
5ecd80c08fafe5b155c85a0cce17cb6902aced724e15f23c8ddfcb924a423583

SHA512
6a8d808a4d6031bb7a1e99bf5ee63a8b67b355a82875c7ab6b5c59dce7e1fc6ffd833e665540271de759f696a78d0e623bab5811391a669d7443baae6c144102

Download Submit
/data/data/com.transfer.move/app_kiss/siJNCu.json

Filesize
1.8MB

MD5
ebdeec475bc649421b699cc831d33a24

SHA1
d61b56058c02eac6f62ce24afcef2cc52e4a5be5

SHA256
94887668103c87566b0c9f94e34e331f6e5f610687ea6592a6a57771596fc153

SHA512
28d1bbbee8a8c71598900462a51b3484800280c8798cec9160033dcf617feb32603be353d4122ccc7386b126bbdbb588555ddf6dd22f5c776f08dfe0a4c523f7

Download Submit
/data/user/0/com.transfer.move/app_kiss/siJNCu.json

Filesize
4.4MB

MD5
1d1b1d4d1d27ae7893395cc250d7865b

SHA1
d23a8bac31b41c3b7c3471141e29319ea0ccca77

SHA256
533013bc6e7f445c4bd8a8b03096dbca69f784f715938b284f878e7007a53e70

SHA512
4363933f22e08ef19db97940090dfc3be23745e53c99eb68bd270760826837d3a7532501a0e0e4916caec9089e410944d43a4dfda61d5bfc5b3642563cd2d809

Download Submit