Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    5s
  • max time network
    28s
  • platform
    android-9_x86
  • resource
    android-x86-arm-20240910-en
  • resource tags

    arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
  • submitted
    21/03/2025, 18:16

General

  • Target

    82756f8f6c01472bbf899fe06059fc11f847801f80539e73ba20ed04722f0bea.apk

  • Size

    6.7MB

  • MD5

    14b46f1edcf05bc4af5727e60b18a3c7

  • SHA1

    5f0b671697616636d167503df11d491725dd7dff

  • SHA256

    82756f8f6c01472bbf899fe06059fc11f847801f80539e73ba20ed04722f0bea

  • SHA512

    9a65bce3d9e585f7c9bfa04ba7d0e095ae2918ad3a71af200b61fcbc82f96fa5794216613af9e9cb6c2b24326252b1eeaff419ada14046e4aa49ca82a32d75b7

  • SSDEEP

    98304:x7d2ZrWkxy8rfyMbAmq22dSu1TCi/OdKOwqunN6vJY66cLqW1JVLCaQkoD46XI2L:mkD22dSCTx/e6na+wTNCacDH7

Malware Config

Signatures

  • TangleBot

    TangleBot is an Android SMS malware first seen in September 2021.

  • TangleBot payload 1 IoCs
  • Tanglebot family
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

Processes

  • com.hurry.couple
    1⤵
    • Loads dropped Dex/Jar
    PID:4304
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.hurry.couple/app_DynamicOptDex/PWQPYXj.json --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.hurry.couple/app_DynamicOptDex/oat/x86/PWQPYXj.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4330

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.hurry.couple/app_DynamicOptDex/PWQPYXj.json

    Filesize

    1.8MB

    MD5

    3feb00408bfabecca689a993ca777097

    SHA1

    f84d7f183f79571214498d8a522bc4b24c98954b

    SHA256

    5b3442a2183469c25440fe75d04b5ae7b0b6cc7b9bd7beba540f60c458869601

    SHA512

    9a721b760154a08ed30c7374150ee3f27ba38161d2ff8d3d02ed45ce143560d97096d5c930627b40d884c7148a8259355b730162a048933dec2c0f23229b0d42

  • /data/data/com.hurry.couple/app_DynamicOptDex/PWQPYXj.json

    Filesize

    1.8MB

    MD5

    afeb7b02a3f6fe70301a9b74fa5a7cfd

    SHA1

    8ac77e1cd0c95573ad5bef1c3a0b5ceb13a9c58a

    SHA256

    9eaa9d7d7dcd18755c42deb466aacf6160db1d802aa510028aa8cb1aed2cb5a5

    SHA512

    f0594a13d4b2daaac122f8ad6c3a3350d88043ddf5d992888a39c6c031872a5f61ee23341ed6be71b3b373219a16dd7d5ffde4e9b35d3bf6d738e4144010f56c

  • /data/user/0/com.hurry.couple/app_DynamicOptDex/PWQPYXj.json

    Filesize

    4.4MB

    MD5

    f44c776a321d667e5fd88bb3d2fec909

    SHA1

    9d93f58a7de02a99402e31ae9e7783fdc692f097

    SHA256

    246cd9b0b122c604c32d0ab90c4e5c8b2b511e69517e9cee238d0d5d5d56167c

    SHA512

    201b87cad7afc0052e7c81d1b79db46b3b9929f6e85b3cb2591b8d5356a41a302aede72d2bd5805c395473a5f7941fe014e42162f0bf8f61f908d6bede569137

  • /data/user/0/com.hurry.couple/app_DynamicOptDex/PWQPYXj.json

    Filesize

    4.4MB

    MD5

    dae70994c5e4bebf0cbe276586cad230

    SHA1

    b294bdba96cda0cc4c65a2a7e6a10d24596d7c7a

    SHA256

    b98aae5fc5a57910a3a766c407260ed5e45c32973f4f166bbc64128bc2ebc4d3

    SHA512

    e944073fdf007d467556b45330347814d822fbc7f9510ca0be86933e27d4c48d9c8b2edb2830c6432713d0b1317546a6733f4338c33e1df1fedb0af625d74685