tanglebot | 12979c926e3c3759cab084ca371d996384422b7932ccf7289408228150f552f7

Analysis

max time kernel
5s
max time network
151s
platform
android-10_x64
resource
android-x64-20240910-en
resource tags

arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system
submitted
21/03/2025, 18:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

12979c926e3c3759cab084ca371d996384422b7932ccf7289408228150f552f7.apk
Size

11.4MB
MD5

2ad0c28f8ac131bfc51615f26186f222
SHA1

5a37f988169f1c9fbe82acfd3a156f3df17a8ef2
SHA256

12979c926e3c3759cab084ca371d996384422b7932ccf7289408228150f552f7
SHA512

cc496b1adbaa0f0578e63336b484cb0afea9ab1b00f5e0c08c2575601a729c493a8c258e49f2c94571db1d028289ad6621b196b52b5d501ccd6be1d863f4a0ca
SSDEEP

196608:Rq2sniu16IfwWqBEN8K3K+c3VpHvW/ao+O9Aend7DmrZLlswmPN6N9:R+iuPfwWqBENJ3OTHvWiChdDmr4wm1Y

Score

10^/10

tanglebot evasion infostealer spyware trojan

Malware Config

Signatures

TangleBot
TangleBot is an Android SMS malware first seen in September 2021.
trojan infostealer spyware tanglebot

TangleBot payload 1 IoCs

resource	yara_rule
behavioral2/memory/5243-0.dex	family_tanglebot3

Tanglebot family
tanglebot

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.retire.sniff/app_find/HxFj.json	5243	com.retire.sniff

com.retire.sniff
1⤵
- Loads dropped Dex/Jar
PID:5243

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.retire.sniff/app_find/HxFj.json

Filesize
1.8MB

MD5
a3fcb68f93fd982ee36755723eeeb8e7

SHA1
d436555df5e5e877750361f29b4f668f17688670

SHA256
cc636643b3f7a3366422502c0a5d033bbd99a1ba5787d9f2482a518739c24b3d

SHA512
a6ecde6ff8a9533aba68a2c65b6a51c90d498fe3c850377889ef60d62018b4536cc972eac3fe9eece78260b51b6546abb3570753845f93a8139021a4a83ac3d1

Download Submit
/data/data/com.retire.sniff/app_find/HxFj.json

Filesize
1.8MB

MD5
28ac7edb17b630560a717bf792ca0b2b

SHA1
55b483d1b26a319f2eabf4e06d5b0dcf085b4565

SHA256
d002d36cbfebc8c48011467624ca1bb4044ae1de1823d357f9eb105e0ea757b6

SHA512
0e95e01206ec96343243970ddea224831e6c250b4cef883f791fe013ee1a8653f93a9eb6b12c9e7e25d5c4a3893ae5fb6f5fe17bc795f0224dc0ee3c623149fb

Download Submit
/data/user/0/com.retire.sniff/app_find/HxFj.json

Filesize
4.4MB

MD5
5a6c049dd4f0973b4f03322b0e4c41dc

SHA1
1a3704721a3ca3b2554769106c4840bfc7d3a85d

SHA256
406b9c572803d4adcd262b65c6ab3e9d2c7afb485ed4e7e16c597be6e107c748

SHA512
4d34397efe22bc2c1404378beca31e617c4468a00d38f9b1083901f6427179eb3e03044105f8ace9da6482fd0fe935cf593da6ea3968ab8ce1424a92306abe2b

Download Submit