Overview

overview

10

Static

static

10

a0a10db94a...78.apk

android-13-x64

10

a0a10db94a...78.apk

android-9-x86

10

base.apk

android-13-x64

10

base.apk

android-9-x86

10

Analysis

  • max time kernel
    6s
  • max time network
    29s
  • platform
    android-9_x86
  • resource
    android-x86-arm-20240910-en
  • resource tags

    arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
  • submitted
    21/03/2025, 18:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a0a10db94a34a035b8812c95a677141e7db7feae8b4e9db8a9d0ef47cdcca378.apk

  • Size

    9.2MB

  • MD5

    05bdb147a1b6a4d6473f9de62b534e04

  • SHA1

    afd4d7d0be26f6d4a8a956d11b42f2018eb3ac65

  • SHA256

    a0a10db94a34a035b8812c95a677141e7db7feae8b4e9db8a9d0ef47cdcca378

  • SHA512

    0fefc40e0b35c22ba18e050721908b28c997879385234a71250c093099a5f8fc18affa467ff00b97fa7375ce4ed8905ddc38b33cd33463751909c611f980ab3a

  • SSDEEP

    196608:6cvuh8L64V2/b5OEyxRI06GupgGMJ97M4hWN/G9iNsnl:6c254g/b5O100rupg/m4hI/k7nl

Score
10/10
tanglebotevasioninfostealerspywaretrojan

Malware Config

Signatures

  • TangleBot

    TangleBot is an Android SMS malware first seen in September 2021.

    trojaninfostealerspywaretanglebot
  • TangleBot payload 1 IoCs
  • Tanglebot family
    tanglebot
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion

Processes

  • com.slow.label
    1⤵
    • Loads dropped Dex/Jar
    PID:4395
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.slow.label/app_critic/ktgaMQc.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.slow.label/app_critic/oat/x86/ktgaMQc.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4420

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.slow.label/app_critic/ktgaMQc.json
    Filesize

    1.8MB

    MD5

    fc4eaa53600c9e41ff56092a90c9bba7

    SHA1

    0a29729fb8dff7104df6c08a26a60f94e74f6a73

    SHA256

    114c0c21d76919ee0eeb60ca89f0dedbb15a8840ec1890645d92eac8523dd456

    SHA512

    0af34ac9922f6f147acef26b17414f23042d098417e5d9d99aea2e40fb5b897800b3aabfa932b6cc9e9618043a9a2e92e57231b22ee791aa11a7385f24fdd400

    Download Submit

  • /data/data/com.slow.label/app_critic/ktgaMQc.json
    Filesize

    1.8MB

    MD5

    e0d92d0434f61df71b1a0915ca8d33c5

    SHA1

    e96d22e25d97973584037442fbc5f95eca52d558

    SHA256

    e5c3629dd7150b911abc656ff2e21fe30fb09f50ee9c1f17c79a9bc248e69fd5

    SHA512

    bb11e0ddbbb4a803d632243f164e5c2229ff73048199a76a332d0504508244d78f421a40d3caaf60b5cc296b6f71e4e84f0b3f86ee239f3440366c073eead0a9

    Download Submit

  • /data/user/0/com.slow.label/app_critic/ktgaMQc.json
    Filesize

    4.4MB

    MD5

    d186185c78c3435b7553285eae1383db

    SHA1

    831d5f8ad0b701be5efe3668c7580a10d54ae418

    SHA256

    283c0bc78d4893bd04e26981cf9a82446ab0089185a2d97a01939dfe0308950b

    SHA512

    beb67655e3c647213f70ee0bcaa8981c0daa6bb38eb3e161b2928483b047d446f0d42e8c7751bacd21d6baff6ddde68f62bb5083284b7e11384ffff0334306c5

    Download Submit

  • /data/user/0/com.slow.label/app_critic/ktgaMQc.json
    Filesize

    4.4MB

    MD5

    94d10bc97a1dd23230da5b5dd7610aec

    SHA1

    7325659acd2552b3825aee6e1be04384fb1ee8c6

    SHA256

    857f6c5ec73345986ddd432493bf84cfb15b5b8c841ad238f97456c0b3d7153b

    SHA512

    6558070f99157474076ffe2a9b606986d6343b9869833dc0f0e8bf54c953b0d20a1b563eabca73e4278e0d7f98cb70cfd9aa6bab0e71d31a45ef102cb457f8d8

    Download Submit