Extracted

Extracted

• • Target

    82756f8f6c01472bbf899fe06059fc11f847801f80539e73ba20ed04722f0bea

  • Size

    6.7MB

  • MD5

    14b46f1edcf05bc4af5727e60b18a3c7

  • SHA1

    5f0b671697616636d167503df11d491725dd7dff

  • SHA256

    82756f8f6c01472bbf899fe06059fc11f847801f80539e73ba20ed04722f0bea

  • SHA512

    9a65bce3d9e585f7c9bfa04ba7d0e095ae2918ad3a71af200b61fcbc82f96fa5794216613af9e9cb6c2b24326252b1eeaff419ada14046e4aa49ca82a32d75b7

  • SSDEEP

    98304:x7d2ZrWkxy8rfyMbAmq22dSu1TCi/OdKOwqunN6vJY66cLqW1JVLCaQkoD46XI2L:mkD22dSCTx/e6na+wTNCacDH7

  Score

  10^/10

  tanglebotevasioninfostealerspywaretrojan

  • TangleBot

    TangleBot is an Android SMS malware first seen in September 2021.

    trojaninfostealerspywaretanglebot

  • TangleBot payload

  • Tanglebot family

    tanglebot

  • Loads dropped Dex/Jar

    Runs executable file dropped to the device during analysis.

    evasion
  behavioral1behavioral2

• • Target

    base.apk

  • Size

    2.6MB

  • MD5

    ec0442fd2e2cad475a7d411a0a81ba9b

  • SHA1

    70c9c18ed6e38b8358ad2cfa3f6d525fa7fb4b5c

  • SHA256

    cc813b2f353e5468f44cad22e3bd270d200caf4da00286e0d1c2caa36f3bfcfe

  • SHA512

    53a2a37169c233ee775372faf197689cdeb051081e0ede69a7bf627f6f523c075cc6f86a26dd95b0056cac284edb578ccd2d747cb65332685ad4e48e9610899c

  • SSDEEP

    49152:FqHibwL29bGAg7FQJKJukhcbvMgE2mjFwJBMWdxMoeBK8KO43AF8m5uSGs:hcL29brk2JKngrmjFOOWj0pKO4Fs

  Score

  10^/10

  ermachookbankercollectioncredential_accessdefense_evasiondiscoveryevasionexecutionimpactinfostealerpersistencerattrojanstealth

  • Ermac

    An Android banking trojan first seen in July 2021.

    bankertrojaninfostealerermac

  • Ermac family

    ermac

  • Ermac2 payload

  • Hook

    Hook is an Android malware that is based on Ermac with RAT capabilities.

    rattrojaninfostealerhook

  • Hook family

    hook

  • Removes its main activity from the application launcher

    stealthtrojanevasion

  • Loads dropped Dex/Jar

    Runs executable file dropped to the device during analysis.

    evasion

  • Makes use of the framework's Accessibility service

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectiondefense_evasioncredential_access

  • Obtains sensitive information copied to the device clipboard

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    collectioncredential_accessimpact

  • Queries information about running processes on the device

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery

  • Queries the phone number (MSISDN for GSM devices)

    discovery

  • Acquires the wake lock

  • Makes use of the framework's foreground persistence service

    Application may abuse the framework's foreground service to continue running in the foreground.

    defense_evasionpersistence

  • Queries information about the current Wi-Fi connection

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery

  • Queries the mobile country code (MCC)

    discovery

  • Reads information about phone network operator.

    discovery

  • Requests disabling of battery optimizations (often used to enable hiding in the background).

    defense_evasion
  behavioral3behavioral4