tanglebot | 82756f8f6c01472bbf899fe06059fc11f847801f80539e73ba20ed04722f0bea

Analysis

max time kernel
5s
max time network
26s
platform
android-13_x64
resource
android-33-x64-arm64-20240910-en
resource tags

arch:arm64arch:x64arch:x86image:android-33-x64-arm64-20240910-enlocale:en-usos:android-13-x64system
submitted
21/03/2025, 18:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

82756f8f6c01472bbf899fe06059fc11f847801f80539e73ba20ed04722f0bea.apk
Size

6.7MB
MD5

14b46f1edcf05bc4af5727e60b18a3c7
SHA1

5f0b671697616636d167503df11d491725dd7dff
SHA256

82756f8f6c01472bbf899fe06059fc11f847801f80539e73ba20ed04722f0bea
SHA512

9a65bce3d9e585f7c9bfa04ba7d0e095ae2918ad3a71af200b61fcbc82f96fa5794216613af9e9cb6c2b24326252b1eeaff419ada14046e4aa49ca82a32d75b7
SSDEEP

98304:x7d2ZrWkxy8rfyMbAmq22dSu1TCi/OdKOwqunN6vJY66cLqW1JVLCaQkoD46XI2L:mkD22dSCTx/e6na+wTNCacDH7

Score

10^/10

tanglebot evasion infostealer spyware trojan

Malware Config

Signatures

TangleBot
TangleBot is an Android SMS malware first seen in September 2021.
trojan infostealer spyware tanglebot

TangleBot payload 1 IoCs

resource	yara_rule
behavioral1/memory/4476-0.dex	family_tanglebot3

Tanglebot family
tanglebot

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.hurry.couple/app_DynamicOptDex/PWQPYXj.json	4476	com.hurry.couple

com.hurry.couple
1⤵
- Loads dropped Dex/Jar
PID:4476

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.hurry.couple/app_DynamicOptDex/PWQPYXj.json

Filesize
1.8MB

MD5
3feb00408bfabecca689a993ca777097

SHA1
f84d7f183f79571214498d8a522bc4b24c98954b

SHA256
5b3442a2183469c25440fe75d04b5ae7b0b6cc7b9bd7beba540f60c458869601

SHA512
9a721b760154a08ed30c7374150ee3f27ba38161d2ff8d3d02ed45ce143560d97096d5c930627b40d884c7148a8259355b730162a048933dec2c0f23229b0d42

Download Submit
/data/data/com.hurry.couple/app_DynamicOptDex/PWQPYXj.json

Filesize
1.8MB

MD5
afeb7b02a3f6fe70301a9b74fa5a7cfd

SHA1
8ac77e1cd0c95573ad5bef1c3a0b5ceb13a9c58a

SHA256
9eaa9d7d7dcd18755c42deb466aacf6160db1d802aa510028aa8cb1aed2cb5a5

SHA512
f0594a13d4b2daaac122f8ad6c3a3350d88043ddf5d992888a39c6c031872a5f61ee23341ed6be71b3b373219a16dd7d5ffde4e9b35d3bf6d738e4144010f56c

Download Submit
/data/data/com.hurry.couple/app_DynamicOptDex/oat/x86_64/PWQPYXj.vdex

Filesize
65KB

MD5
bca86e5908f345c8a073caa1b6482b5d

SHA1
feb7a432a36bd9d12c4a4d1d9fd0f951ea75f363

SHA256
0f8e13119c30d22a612e29a136ffe41df9482d8d44021f52231697f8a448bd04

SHA512
23c97bb17fb51973098252e9a7591222de06c2844299144394632ea17cb84dd81f0a2389d6bc6435d1f425c1308ccfeecae77047d5c36ad77c33df134c5116a1

Download Submit
/data/user/0/com.hurry.couple/app_DynamicOptDex/PWQPYXj.json

Filesize
4.4MB

MD5
dae70994c5e4bebf0cbe276586cad230

SHA1
b294bdba96cda0cc4c65a2a7e6a10d24596d7c7a

SHA256
b98aae5fc5a57910a3a766c407260ed5e45c32973f4f166bbc64128bc2ebc4d3

SHA512
e944073fdf007d467556b45330347814d822fbc7f9510ca0be86933e27d4c48d9c8b2edb2830c6432713d0b1317546a6733f4338c33e1df1fedb0af625d74685

Download Submit