tanglebot | 9ddccad77e4a2349dd1fcc787e35fd3ea523984dc7b1ddbe4ffb7420d7f1dad7

Analysis

max time kernel
6s
max time network
24s
platform
android-13_x64
resource
android-33-x64-arm64-20240910-en
resource tags

arch:arm64arch:x64arch:x86image:android-33-x64-arm64-20240910-enlocale:en-usos:android-13-x64system
submitted
21/03/2025, 17:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9ddccad77e4a2349dd1fcc787e35fd3ea523984dc7b1ddbe4ffb7420d7f1dad7.apk
Size

10.3MB
MD5

6d45d090374e57e0f6705471a6eb336e
SHA1

fc14293dad5f531219edba843c73694f8bd22518
SHA256

9ddccad77e4a2349dd1fcc787e35fd3ea523984dc7b1ddbe4ffb7420d7f1dad7
SHA512

22ed8603c4c5c789e3be662c6aca49b835eec633ec83d23b6a37b8fa1b64e7df85cbb857946f6dfd0e34a0d4d82e17cf2cc66de5dcbb241f988349df660c77f6
SSDEEP

196608:TiGHgbudJvjeM+U+aUt72Lfx/TMh3hGy/Hs05cl3:TfNqMrOCx/ohxGyvL5cl3

Score

10^/10

tanglebot evasion infostealer spyware trojan

Malware Config

Signatures

TangleBot
TangleBot is an Android SMS malware first seen in September 2021.
trojan infostealer spyware tanglebot

TangleBot payload 1 IoCs

resource	yara_rule
behavioral1/memory/4439-0.dex	family_tanglebot3

Tanglebot family
tanglebot

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.sock.coyote/app_indicate/dMG.json	4439	com.sock.coyote

com.sock.coyote
1⤵
- Loads dropped Dex/Jar
PID:4439

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.sock.coyote/app_indicate/dMG.json

Filesize
1.8MB

MD5
da5eeaae8d1219134676f8036c7a02ee

SHA1
089ac3fe8492148cc52a4fdc0710529b783e36e9

SHA256
484ac60a640d47c92bdc92346488e2b4c1a095187cac679b15d38fca239ba139

SHA512
bba42e76ed91975474c979fb24e84587b17f9f98db069bd39043283d5f1aef2ad874c914958169cc57d46d80965aff8e0b84984dd8602b27acb5f3fc48648204

Download Submit
/data/data/com.sock.coyote/app_indicate/dMG.json

Filesize
1.8MB

MD5
25ad7bd96b7dbf087f19ac67ec31d71e

SHA1
c4a5cf93808ad54188801d8b298a8610b6543137

SHA256
a98c4268927b4d1a96bdc82c8c8d41dae40335fa4141023fc0b9c86c83fe7c74

SHA512
fc9e2693dc02269fa4336b0e98ba5eb95926ef838dc7d3182ec4739d75857ca094e78bfaadfaad6c7066b3381561cab50302592d9b586780a102719625713281

Download Submit
/data/data/com.sock.coyote/app_indicate/oat/x86_64/dMG.vdex

Filesize
65KB

MD5
ae895c112f835e722ca448bdcb525d04

SHA1
10e80c5fd055dc1f24a7fba2784a69ec33ab05fb

SHA256
31520ffd9505a15b424cc003692752d1317bbd50c00979ce7919b768126fa98c

SHA512
06778855ef8edeeeab60c87f58d9b70dacbeb84c91c869e3c0caf4df3c91c49070b35ee52266d491a2651e69073a79463913a188e3fdf422b25c187ec1205c40

Download Submit
/data/user/0/com.sock.coyote/app_indicate/dMG.json

Filesize
4.4MB

MD5
e67e52868f446723a0dd9dc5b68c7687

SHA1
37253b2b0cc74c3f3dfbcfbed4175fd75eaa5c57

SHA256
1bd7912f4a8991fa302d0730057b31b272edad1a59b0c7ff13bf7f6dff65b75e

SHA512
9ad0b2f4ee2272b9030ed1481208a831b40e3fd11a1f0a03c63d85ed1e144cd8229105cf333342c2d39b993934f03b0fce08de412f9fe2fc5f91a8b33338ac6d

Download Submit