Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
5s -
max time network
30s -
platform
android-9_x86 -
resource
android-x86-arm-20240910-en -
resource tags
arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system -
submitted
21/03/2025, 18:08
Static task
static1
Behavioral task
behavioral1
Sample
92efae55f6758e458e254cf55f977a091a9f00d2de29356affcabd7d66cc3936.apk
Resource
android-33-x64-arm64-20240910-en
Behavioral task
behavioral2
Sample
92efae55f6758e458e254cf55f977a091a9f00d2de29356affcabd7d66cc3936.apk
Resource
android-x86-arm-20240910-en
Behavioral task
behavioral3
Sample
base.apk
Resource
android-33-x64-arm64-20240910-en
Behavioral task
behavioral4
Sample
base.apk
Resource
android-x86-arm-20240910-en
General
-
Target
92efae55f6758e458e254cf55f977a091a9f00d2de29356affcabd7d66cc3936.apk
-
Size
6.5MB
-
MD5
e544a93c836980e4290a3ef62e1caf90
-
SHA1
4bbd0e41c7d47f49b2350af1404644a79c0da18c
-
SHA256
92efae55f6758e458e254cf55f977a091a9f00d2de29356affcabd7d66cc3936
-
SHA512
a6b84622a6f86d1c0f8a8671c51253bae948142ab8af25767df679aef5ce18a56bde1a35baf56f0a65eebc24b6328bc3ff592229fa1a644c9a035e182ec5d442
-
SSDEEP
98304:5UoaVqR/lDIGNCwd2ZrWXeLAa5eJvG2WkSCCvjOiG55dZFDz4j2uBuCFU3q9Y05n:wadDWA3WDCCvjOiI1oRBX9O03R
Malware Config
Signatures
-
TangleBot
TangleBot is an Android SMS malware first seen in September 2021.
-
TangleBot payload 1 IoCs
resource yara_rule behavioral2/memory/4403-0.dex family_tanglebot3 -
Tanglebot family
-
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.hub.grant/app_DynamicOptDex/AA.json 4403 /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.hub.grant/app_DynamicOptDex/AA.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.hub.grant/app_DynamicOptDex/oat/x86/AA.odex --compiler-filter=quicken --class-loader-context=& /data/user/0/com.hub.grant/app_DynamicOptDex/AA.json 4377 com.hub.grant
Processes
-
com.hub.grant1⤵
- Loads dropped Dex/Jar
PID:4377 -
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.hub.grant/app_DynamicOptDex/AA.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.hub.grant/app_DynamicOptDex/oat/x86/AA.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
PID:4403
-
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.8MB
MD51f69bd21f4a127f8b6e2b8a5fb308000
SHA1443d3b4099caa5f2be2cc6cc8ec66d9963a9fcd0
SHA25642494d385125de0787c57ecdde2dd2f2702518550bbbbb6446b45c36beabf8c0
SHA512af3ca83ffb23078f4a40a417505e0596872b5aabdf93c88339200f2d112301331b3e637c7e96e6a3f40925aa42f2dae55e8e65bb654b765f1c89c03fd407d23b
-
Filesize
1.8MB
MD5bc7334cd7cf15d52fc8f41f12be8627a
SHA19601819d8e58c8fe23f1f0289e63394d004ffd4b
SHA25623e3bbba4d34c9c97c16e86ecfa7d77d0bfecf8613e433090d24199089111fac
SHA5126debaa5393db050d51f5e88199b3d6df490813a60a58bb554e663dd318b83773b54661cb5427344f7eccb271195247e83c351676de88cd27c00d9ae34739cafa
-
Filesize
4.4MB
MD5a37a491b038b1150ee39fdf0a0506e0f
SHA1512a91dcf372f8f6afb5e8f6756fabd08337e735
SHA25685be4f1747a207cd486689f95917f46eaa2890360c7733946c2e3edcccb7222e
SHA5121f9950383f5f69c9f5c31fd638887f313d6c72fd1b494ad907a827d5789c419e6d85fb04fcfd14c1347cc44431f67d8f65642fac4fae287cd236289b4edd62b3
-
Filesize
4.4MB
MD53ef3adab2ac70dfa27f8f5ed2f1f13b6
SHA15ce30a5285d7602c84aee2d7c8f079679c25eed4
SHA256eaf5fb46d0467280bb61c609983aea5ce2718b3c7ed8fa886c89998046e8856d
SHA512f0b19f0336542e5b02ebaee1d386fbf37c106130928ba7d6c46e0ae7f2d9783704cebfbc1abc9e0769be29efada06e00e7d39b7799a24008fc104e1707a01a62