Overview

overview

10

Static

static

6

12979c926e...f7.apk

android-9-x86

10

12979c926e...f7.apk

android-10-x64

10

12979c926e...f7.apk

android-11-x64

10

base.apk

android-9-x86

10

base.apk

android-10-x64

7

Analysis

  • max time kernel
    5s
  • max time network
    150s
  • platform
    android-9_x86
  • resource
    android-x86-arm-20240910-en
  • resource tags

    arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
  • submitted
    21/03/2025, 18:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    12979c926e3c3759cab084ca371d996384422b7932ccf7289408228150f552f7.apk

  • Size

    11.4MB

  • MD5

    2ad0c28f8ac131bfc51615f26186f222

  • SHA1

    5a37f988169f1c9fbe82acfd3a156f3df17a8ef2

  • SHA256

    12979c926e3c3759cab084ca371d996384422b7932ccf7289408228150f552f7

  • SHA512

    cc496b1adbaa0f0578e63336b484cb0afea9ab1b00f5e0c08c2575601a729c493a8c258e49f2c94571db1d028289ad6621b196b52b5d501ccd6be1d863f4a0ca

  • SSDEEP

    196608:Rq2sniu16IfwWqBEN8K3K+c3VpHvW/ao+O9Aend7DmrZLlswmPN6N9:R+iuPfwWqBENJ3OTHvWiChdDmr4wm1Y

Score
10/10
tanglebotevasioninfostealerspywaretrojan

Malware Config

Signatures

  • TangleBot

    TangleBot is an Android SMS malware first seen in September 2021.

    trojaninfostealerspywaretanglebot
  • TangleBot payload 1 IoCs
  • Tanglebot family
    tanglebot
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion

Processes

  • com.retire.sniff
    1⤵
    • Loads dropped Dex/Jar
    PID:4252
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.retire.sniff/app_find/HxFj.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.retire.sniff/app_find/oat/x86/HxFj.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4279

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.retire.sniff/app_find/HxFj.json
    Filesize

    1.8MB

    MD5

    a3fcb68f93fd982ee36755723eeeb8e7

    SHA1

    d436555df5e5e877750361f29b4f668f17688670

    SHA256

    cc636643b3f7a3366422502c0a5d033bbd99a1ba5787d9f2482a518739c24b3d

    SHA512

    a6ecde6ff8a9533aba68a2c65b6a51c90d498fe3c850377889ef60d62018b4536cc972eac3fe9eece78260b51b6546abb3570753845f93a8139021a4a83ac3d1

    Download Submit

  • /data/data/com.retire.sniff/app_find/HxFj.json
    Filesize

    1.8MB

    MD5

    28ac7edb17b630560a717bf792ca0b2b

    SHA1

    55b483d1b26a319f2eabf4e06d5b0dcf085b4565

    SHA256

    d002d36cbfebc8c48011467624ca1bb4044ae1de1823d357f9eb105e0ea757b6

    SHA512

    0e95e01206ec96343243970ddea224831e6c250b4cef883f791fe013ee1a8653f93a9eb6b12c9e7e25d5c4a3893ae5fb6f5fe17bc795f0224dc0ee3c623149fb

    Download Submit

  • /data/user/0/com.retire.sniff/app_find/HxFj.json
    Filesize

    4.4MB

    MD5

    5130c8d618b212fdfa42b0cdd185b262

    SHA1

    d24a64344e27a0927f5779f32feeb3520d6b0065

    SHA256

    2e3868127ca76263579b748f3d9616f07014c3fca1d22af53c4c62e3407a899a

    SHA512

    0c4737ffdbca6ebcd0ea8b1949079777b895227f0ce5711f4db78f217a53e9ddc15db556b2f7a61126a1abd6b9cafd08743e89f89fa56822ee9848376102e1e5

    Download Submit

  • /data/user/0/com.retire.sniff/app_find/HxFj.json
    Filesize

    4.4MB

    MD5

    5a6c049dd4f0973b4f03322b0e4c41dc

    SHA1

    1a3704721a3ca3b2554769106c4840bfc7d3a85d

    SHA256

    406b9c572803d4adcd262b65c6ab3e9d2c7afb485ed4e7e16c597be6e107c748

    SHA512

    4d34397efe22bc2c1404378beca31e617c4468a00d38f9b1083901f6427179eb3e03044105f8ace9da6482fd0fe935cf593da6ea3968ab8ce1424a92306abe2b

    Download Submit