tanglebot | a0a10db94a34a035b8812c95a677141e7db7feae8b4e9db8a9d0ef47cdcca378

Analysis

max time kernel
6s
max time network
25s
platform
android-13_x64
resource
android-33-x64-arm64-20240910-en
resource tags

arch:arm64arch:x64arch:x86image:android-33-x64-arm64-20240910-enlocale:en-usos:android-13-x64system
submitted
21/03/2025, 18:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a0a10db94a34a035b8812c95a677141e7db7feae8b4e9db8a9d0ef47cdcca378.apk
Size

9.2MB
MD5

05bdb147a1b6a4d6473f9de62b534e04
SHA1

afd4d7d0be26f6d4a8a956d11b42f2018eb3ac65
SHA256

a0a10db94a34a035b8812c95a677141e7db7feae8b4e9db8a9d0ef47cdcca378
SHA512

0fefc40e0b35c22ba18e050721908b28c997879385234a71250c093099a5f8fc18affa467ff00b97fa7375ce4ed8905ddc38b33cd33463751909c611f980ab3a
SSDEEP

196608:6cvuh8L64V2/b5OEyxRI06GupgGMJ97M4hWN/G9iNsnl:6c254g/b5O100rupg/m4hI/k7nl

Score

10^/10

tanglebot evasion infostealer spyware trojan

Malware Config

Signatures

TangleBot
TangleBot is an Android SMS malware first seen in September 2021.
trojan infostealer spyware tanglebot

TangleBot payload 1 IoCs

resource	yara_rule
behavioral1/memory/4512-0.dex	family_tanglebot3

Tanglebot family
tanglebot

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.slow.label/app_critic/ktgaMQc.json	4512	com.slow.label

com.slow.label
1⤵
- Loads dropped Dex/Jar
PID:4512

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.slow.label/app_critic/ktgaMQc.json

Filesize
1.8MB

MD5
fc4eaa53600c9e41ff56092a90c9bba7

SHA1
0a29729fb8dff7104df6c08a26a60f94e74f6a73

SHA256
114c0c21d76919ee0eeb60ca89f0dedbb15a8840ec1890645d92eac8523dd456

SHA512
0af34ac9922f6f147acef26b17414f23042d098417e5d9d99aea2e40fb5b897800b3aabfa932b6cc9e9618043a9a2e92e57231b22ee791aa11a7385f24fdd400

Download Submit
/data/data/com.slow.label/app_critic/ktgaMQc.json

Filesize
1.8MB

MD5
e0d92d0434f61df71b1a0915ca8d33c5

SHA1
e96d22e25d97973584037442fbc5f95eca52d558

SHA256
e5c3629dd7150b911abc656ff2e21fe30fb09f50ee9c1f17c79a9bc248e69fd5

SHA512
bb11e0ddbbb4a803d632243f164e5c2229ff73048199a76a332d0504508244d78f421a40d3caaf60b5cc296b6f71e4e84f0b3f86ee239f3440366c073eead0a9

Download Submit
/data/data/com.slow.label/app_critic/oat/x86_64/ktgaMQc.vdex

Filesize
65KB

MD5
a82e29c81fde7f3b5d74dbeb6fddb980

SHA1
6398e19db7321c4162688481e6becf6dfa0a8571

SHA256
6d00d28bc842889d21d3c14d14d0bf73da458c3f67fa8279f7b357fccb1bcb4d

SHA512
4b743777eefafe5b40455596f22e12c073976eace1ddfc12786985fafc6b657375141ba52ffafadaa1d1f5dcf65183162636a1e3955465d635534e6529383a7b

Download Submit
/data/user/0/com.slow.label/app_critic/ktgaMQc.json

Filesize
4.4MB

MD5
94d10bc97a1dd23230da5b5dd7610aec

SHA1
7325659acd2552b3825aee6e1be04384fb1ee8c6

SHA256
857f6c5ec73345986ddd432493bf84cfb15b5b8c841ad238f97456c0b3d7153b

SHA512
6558070f99157474076ffe2a9b606986d6343b9869833dc0f0e8bf54c953b0d20a1b563eabca73e4278e0d7f98cb70cfd9aa6bab0e71d31a45ef102cb457f8d8

Download Submit