Overview

overview

10

Static

static

6

92efae55f6...36.apk

android-13-x64

10

92efae55f6...36.apk

android-9-x86

10

base.apk

android-13-x64

10

base.apk

android-9-x86

10

Analysis

  • max time kernel
    5s
  • max time network
    30s
  • platform
    android-9_x86
  • resource
    android-x86-arm-20240910-en
  • resource tags

    arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
  • submitted
    21/03/2025, 18:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    92efae55f6758e458e254cf55f977a091a9f00d2de29356affcabd7d66cc3936.apk

  • Size

    6.5MB

  • MD5

    e544a93c836980e4290a3ef62e1caf90

  • SHA1

    4bbd0e41c7d47f49b2350af1404644a79c0da18c

  • SHA256

    92efae55f6758e458e254cf55f977a091a9f00d2de29356affcabd7d66cc3936

  • SHA512

    a6b84622a6f86d1c0f8a8671c51253bae948142ab8af25767df679aef5ce18a56bde1a35baf56f0a65eebc24b6328bc3ff592229fa1a644c9a035e182ec5d442

  • SSDEEP

    98304:5UoaVqR/lDIGNCwd2ZrWXeLAa5eJvG2WkSCCvjOiG55dZFDz4j2uBuCFU3q9Y05n:wadDWA3WDCCvjOiI1oRBX9O03R

Score
10/10
tanglebotevasioninfostealerspywaretrojan

Malware Config

Signatures

  • TangleBot

    TangleBot is an Android SMS malware first seen in September 2021.

    trojaninfostealerspywaretanglebot
  • TangleBot payload 1 IoCs
  • Tanglebot family
    tanglebot
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion

Processes

  • com.hub.grant
    1⤵
    • Loads dropped Dex/Jar
    PID:4377
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.hub.grant/app_DynamicOptDex/AA.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.hub.grant/app_DynamicOptDex/oat/x86/AA.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4403

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.hub.grant/app_DynamicOptDex/AA.json
    Filesize

    1.8MB

    MD5

    1f69bd21f4a127f8b6e2b8a5fb308000

    SHA1

    443d3b4099caa5f2be2cc6cc8ec66d9963a9fcd0

    SHA256

    42494d385125de0787c57ecdde2dd2f2702518550bbbbb6446b45c36beabf8c0

    SHA512

    af3ca83ffb23078f4a40a417505e0596872b5aabdf93c88339200f2d112301331b3e637c7e96e6a3f40925aa42f2dae55e8e65bb654b765f1c89c03fd407d23b

    Download Submit

  • /data/data/com.hub.grant/app_DynamicOptDex/AA.json
    Filesize

    1.8MB

    MD5

    bc7334cd7cf15d52fc8f41f12be8627a

    SHA1

    9601819d8e58c8fe23f1f0289e63394d004ffd4b

    SHA256

    23e3bbba4d34c9c97c16e86ecfa7d77d0bfecf8613e433090d24199089111fac

    SHA512

    6debaa5393db050d51f5e88199b3d6df490813a60a58bb554e663dd318b83773b54661cb5427344f7eccb271195247e83c351676de88cd27c00d9ae34739cafa

    Download Submit

  • /data/user/0/com.hub.grant/app_DynamicOptDex/AA.json
    Filesize

    4.4MB

    MD5

    a37a491b038b1150ee39fdf0a0506e0f

    SHA1

    512a91dcf372f8f6afb5e8f6756fabd08337e735

    SHA256

    85be4f1747a207cd486689f95917f46eaa2890360c7733946c2e3edcccb7222e

    SHA512

    1f9950383f5f69c9f5c31fd638887f313d6c72fd1b494ad907a827d5789c419e6d85fb04fcfd14c1347cc44431f67d8f65642fac4fae287cd236289b4edd62b3

    Download Submit

  • /data/user/0/com.hub.grant/app_DynamicOptDex/AA.json
    Filesize

    4.4MB

    MD5

    3ef3adab2ac70dfa27f8f5ed2f1f13b6

    SHA1

    5ce30a5285d7602c84aee2d7c8f079679c25eed4

    SHA256

    eaf5fb46d0467280bb61c609983aea5ce2718b3c7ed8fa886c89998046e8856d

    SHA512

    f0b19f0336542e5b02ebaee1d386fbf37c106130928ba7d6c46e0ae7f2d9783704cebfbc1abc9e0769be29efada06e00e7d39b7799a24008fc104e1707a01a62

    Download Submit