Overview

overview

10

Static

static

6

1fc6c7f55a...02.apk

android-13-x64

10

1fc6c7f55a...02.apk

android-9-x86

10

base.apk

android-13-x64

10

base.apk

android-9-x86

10

Analysis

  • max time kernel
    5s
  • max time network
    28s
  • platform
    android-9_x86
  • resource
    android-x86-arm-20240910-en
  • resource tags

    arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
  • submitted
    21/03/2025, 17:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1fc6c7f55ac3ccee96713dcc3cbd38760a3a6ccfa692d5e6effcf0bc567c8602.apk

  • Size

    9.3MB

  • MD5

    13067d771e306d0918894e3e1aeb32b6

  • SHA1

    7c923df60cbe659d6d3c9ef02cf6a76abe731c3e

  • SHA256

    1fc6c7f55ac3ccee96713dcc3cbd38760a3a6ccfa692d5e6effcf0bc567c8602

  • SHA512

    07659b9d3ce91f318c38f68d102e29b7cec7fc8b2c402dc9b2dde626a09640b50788f7bbe24bbb47ff6e2e9e05166e71f5bd79628559e9d1a17beb9dbc4fa6e0

  • SSDEEP

    196608:2uKK5F7JTUKRzHBmH4AGK+8ZWFNp8hJHVuW:D5JFRLBmH9GqcFsjVj

Score
10/10
tanglebotevasioninfostealerspywaretrojan

Malware Config

Signatures

  • TangleBot

    TangleBot is an Android SMS malware first seen in September 2021.

    trojaninfostealerspywaretanglebot
  • TangleBot payload 1 IoCs
  • Tanglebot family
    tanglebot
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion

Processes

  • com.transfer.move
    1⤵
    • Loads dropped Dex/Jar
    PID:4412
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.transfer.move/app_kiss/siJNCu.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.transfer.move/app_kiss/oat/x86/siJNCu.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4438

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.transfer.move/app_kiss/siJNCu.json
    Filesize

    1.8MB

    MD5

    b16e868299725c4fe152547b932d8224

    SHA1

    7a02706fd4bcc60876c3819a9c4449e1dc76413c

    SHA256

    5ecd80c08fafe5b155c85a0cce17cb6902aced724e15f23c8ddfcb924a423583

    SHA512

    6a8d808a4d6031bb7a1e99bf5ee63a8b67b355a82875c7ab6b5c59dce7e1fc6ffd833e665540271de759f696a78d0e623bab5811391a669d7443baae6c144102

    Download Submit

  • /data/data/com.transfer.move/app_kiss/siJNCu.json
    Filesize

    1.8MB

    MD5

    ebdeec475bc649421b699cc831d33a24

    SHA1

    d61b56058c02eac6f62ce24afcef2cc52e4a5be5

    SHA256

    94887668103c87566b0c9f94e34e331f6e5f610687ea6592a6a57771596fc153

    SHA512

    28d1bbbee8a8c71598900462a51b3484800280c8798cec9160033dcf617feb32603be353d4122ccc7386b126bbdbb588555ddf6dd22f5c776f08dfe0a4c523f7

    Download Submit

  • /data/user/0/com.transfer.move/app_kiss/siJNCu.json
    Filesize

    4.4MB

    MD5

    babf96c89d8dc64404d1cd2f689ab14c

    SHA1

    b54e50df01cddc62c15a939eb6310fb61ce67c92

    SHA256

    8608c08343553f3851f92d4c33ad0a239fda75560d412b02a869ff86bae64718

    SHA512

    53b0d52f28c3e339913802eb083d29d9137e02e1378cc4452338a44e79f708d684319e41bad1be1d45e95af64cfb00b26447f70e0e0bc13f272415a8fc115bc5

    Download Submit

  • /data/user/0/com.transfer.move/app_kiss/siJNCu.json
    Filesize

    4.4MB

    MD5

    1d1b1d4d1d27ae7893395cc250d7865b

    SHA1

    d23a8bac31b41c3b7c3471141e29319ea0ccca77

    SHA256

    533013bc6e7f445c4bd8a8b03096dbca69f784f715938b284f878e7007a53e70

    SHA512

    4363933f22e08ef19db97940090dfc3be23745e53c99eb68bd270760826837d3a7532501a0e0e4916caec9089e410944d43a4dfda61d5bfc5b3642563cd2d809

    Download Submit