tanglebot | 92efae55f6758e458e254cf55f977a091a9f00d2de29356affcabd7d66cc3936

Analysis

max time kernel
6s
max time network
25s
platform
android-13_x64
resource
android-33-x64-arm64-20240910-en
resource tags

arch:arm64arch:x64arch:x86image:android-33-x64-arm64-20240910-enlocale:en-usos:android-13-x64system
submitted
21/03/2025, 18:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

92efae55f6758e458e254cf55f977a091a9f00d2de29356affcabd7d66cc3936.apk
Size

6.5MB
MD5

e544a93c836980e4290a3ef62e1caf90
SHA1

4bbd0e41c7d47f49b2350af1404644a79c0da18c
SHA256

92efae55f6758e458e254cf55f977a091a9f00d2de29356affcabd7d66cc3936
SHA512

a6b84622a6f86d1c0f8a8671c51253bae948142ab8af25767df679aef5ce18a56bde1a35baf56f0a65eebc24b6328bc3ff592229fa1a644c9a035e182ec5d442
SSDEEP

98304:5UoaVqR/lDIGNCwd2ZrWXeLAa5eJvG2WkSCCvjOiG55dZFDz4j2uBuCFU3q9Y05n:wadDWA3WDCCvjOiI1oRBX9O03R

Score

10^/10

tanglebot evasion infostealer spyware trojan

Malware Config

Signatures

TangleBot
TangleBot is an Android SMS malware first seen in September 2021.
trojan infostealer spyware tanglebot

TangleBot payload 1 IoCs

resource	yara_rule
behavioral1/memory/4495-0.dex	family_tanglebot3

Tanglebot family
tanglebot

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.hub.grant/app_DynamicOptDex/AA.json	4495	com.hub.grant

com.hub.grant
1⤵
- Loads dropped Dex/Jar
PID:4495

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.hub.grant/app_DynamicOptDex/AA.json

Filesize
1.8MB

MD5
1f69bd21f4a127f8b6e2b8a5fb308000

SHA1
443d3b4099caa5f2be2cc6cc8ec66d9963a9fcd0

SHA256
42494d385125de0787c57ecdde2dd2f2702518550bbbbb6446b45c36beabf8c0

SHA512
af3ca83ffb23078f4a40a417505e0596872b5aabdf93c88339200f2d112301331b3e637c7e96e6a3f40925aa42f2dae55e8e65bb654b765f1c89c03fd407d23b

Download Submit
/data/data/com.hub.grant/app_DynamicOptDex/AA.json

Filesize
1.8MB

MD5
bc7334cd7cf15d52fc8f41f12be8627a

SHA1
9601819d8e58c8fe23f1f0289e63394d004ffd4b

SHA256
23e3bbba4d34c9c97c16e86ecfa7d77d0bfecf8613e433090d24199089111fac

SHA512
6debaa5393db050d51f5e88199b3d6df490813a60a58bb554e663dd318b83773b54661cb5427344f7eccb271195247e83c351676de88cd27c00d9ae34739cafa

Download Submit
/data/data/com.hub.grant/app_DynamicOptDex/oat/x86_64/AA.vdex

Filesize
65KB

MD5
6e1f4a9c2a3e0be9b72b8b2f032dd57e

SHA1
7dca7d9d4b79f5969e1b6471493eb3cd67a3dc68

SHA256
71b8159e2f44e0c48fcc963feb27fd51731ae8c8b95720b85c8db9b223023252

SHA512
f576a9583f3604ca147cef345846670b0a7570126941ef9421fbdd4eb248b2429816bbb6fa86b4bef830c3ffc2322152083945af4e83880fb4da44de0e20b90e

Download Submit
/data/user/0/com.hub.grant/app_DynamicOptDex/AA.json

Filesize
4.4MB

MD5
3ef3adab2ac70dfa27f8f5ed2f1f13b6

SHA1
5ce30a5285d7602c84aee2d7c8f079679c25eed4

SHA256
eaf5fb46d0467280bb61c609983aea5ce2718b3c7ed8fa886c89998046e8856d

SHA512
f0b19f0336542e5b02ebaee1d386fbf37c106130928ba7d6c46e0ae7f2d9783704cebfbc1abc9e0769be29efada06e00e7d39b7799a24008fc104e1707a01a62

Download Submit