Extracted

• • Target

    9ddccad77e4a2349dd1fcc787e35fd3ea523984dc7b1ddbe4ffb7420d7f1dad7

  • Size

    10.3MB

  • MD5

    6d45d090374e57e0f6705471a6eb336e

  • SHA1

    fc14293dad5f531219edba843c73694f8bd22518

  • SHA256

    9ddccad77e4a2349dd1fcc787e35fd3ea523984dc7b1ddbe4ffb7420d7f1dad7

  • SHA512

    22ed8603c4c5c789e3be662c6aca49b835eec633ec83d23b6a37b8fa1b64e7df85cbb857946f6dfd0e34a0d4d82e17cf2cc66de5dcbb241f988349df660c77f6

  • SSDEEP

    196608:TiGHgbudJvjeM+U+aUt72Lfx/TMh3hGy/Hs05cl3:TfNqMrOCx/ohxGyvL5cl3

  Score

  10^/10

  tanglebotevasioninfostealerspywaretrojan

  • TangleBot

    TangleBot is an Android SMS malware first seen in September 2021.

    trojaninfostealerspywaretanglebot

  • TangleBot payload

  • Tanglebot family

    tanglebot

  • Loads dropped Dex/Jar

    Runs executable file dropped to the device during analysis.

    evasion
  behavioral1behavioral2

• • Target

    base.apk

  • Size

    9.0MB

  • MD5

    bdd117a48d51d7356cd5d91b768472cf

  • SHA1

    1d4dc8529f7044157239c0b5949101a18a8d61a8

  • SHA256

    89f0d93978492d024f2cff9df586f5c045500e38c817de5c8aec7e4d1d91bc34

  • SHA512

    23de39d2295c873fcc68fad150d7edf92bdb7fc1b2f50b62603f2734783a0669c0aff56e4981ebf0d1c8a0becb1c4a0f060f65d39400fc3b946c074dc4c0b5b1

  • SSDEEP

    98304:9d/eDaoqGDHSVKsvRLe3XRRsJm5iSRGEUUH9eTvJByT6FEn6wEa50CxPfz9QskEP:0yUSRy3XRRXrEyAEn6wdKgP

  Score

  10^/10

  octobankercollectioncredential_accessdefense_evasiondiscoveryevasionimpactinfostealerpersistencerattrojanstealth

  • Octo

    Octo is a banking malware with remote access capabilities first seen in April 2022.

    bankertrojaninfostealerratocto

  • Octo family

    octo

  • Octo payload

  • Removes its main activity from the application launcher

    stealthtrojanevasion

  • Loads dropped Dex/Jar

    Runs executable file dropped to the device during analysis.

    evasion

  • Makes use of the framework's Accessibility service

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectiondefense_evasioncredential_access

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    bankerdiscovery

  • Queries the phone number (MSISDN for GSM devices)

    discovery

  • Acquires the wake lock

  • Makes use of the framework's foreground persistence service

    Application may abuse the framework's foreground service to continue running in the foreground.

    defense_evasionpersistence

  • Queries the mobile country code (MCC)

    discovery

  • Queries the unique device ID (IMEI, MEID, IMSI)

    discovery

  • Reads information about phone network operator.

    discovery

  • Requests enabling of the accessibility settings.

  behavioral3behavioral4