Overview

overview

10

Static

static

10

c6036ac9e9...c0.apk

android-13-x64

10

c6036ac9e9...c0.apk

android-9-x86

10

base.apk

android-13-x64

10

base.apk

android-9-x86

10

Analysis

  • max time kernel
    6s
  • max time network
    25s
  • platform
    android-9_x86
  • resource
    android-x86-arm-20240910-en
  • resource tags

    arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
  • submitted
    21/03/2025, 18:45 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c6036ac9e9c3ede37eb86938dc0a69e04a7b54a8585fc4859a7b25b28bc842c0.apk

  • Size

    10.3MB

  • MD5

    660a7c32b2f4552aea850efcdd89401e

  • SHA1

    0917f84c43281ef77ef3e2e6bd08aeeb31ce30d7

  • SHA256

    c6036ac9e9c3ede37eb86938dc0a69e04a7b54a8585fc4859a7b25b28bc842c0

  • SHA512

    f94f24a6a45246e56436a24766e74369a5a966427e539bdcc5f7e6e55761b717883134f977bdacde44ea19a48e8eaec38587091318f632aef057510bb9556c69

  • SSDEEP

    196608:GW+j/Mp0fgojgAccs2ZP2+OcYwzMUtklcPZ1hDRgpOiLPSNQgIsG/bX0C0LQz0r6:uwaz82hJY6MGhDqcCPSqga/LV0L7r6

Score
10/10
tanglebotevasioninfostealerspywaretrojan

Malware Config

Signatures

  • TangleBot

    TangleBot is an Android SMS malware first seen in September 2021.

    trojaninfostealerspywaretanglebot
  • TangleBot payload 1 IoCs
  • Tanglebot family
    tanglebot
  • Loads dropped Dex/Jar 1 TTPs 1 IoCs

    Runs executable file dropped to the device during analysis.

    evasion

Processes

  • com.stay.save
    1⤵
    • Loads dropped Dex/Jar
    PID:4319

Network

  • flag-au
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
    Response
  • flag-au
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
    Response
  • 172.217.169.74:443
    tls, https
    1.2kB
     40 B
     1
    1
  • 142.250.187.238:443
    tls, https
    915 B
     40 B
     1
    1
  • 142.250.187.238:443
    tls, https
    915 B
     40 B
     1
    1
  • 216.58.213.10:443
    tls, https
    2.3kB
     40 B
     1
    1
  • 224.0.0.251:5353
    2.5kB
     8
  • 1.1.1.1:53
    android.apis.google.com
    dns
    69 B
     69 B
     1
    1

    DNS Request

    android.apis.google.com

  • 1.1.1.1:53
    android.apis.google.com
    dns
    69 B
     69 B
     1
    1

    DNS Request

    android.apis.google.com

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.stay.save/app_unhappy/YBrKP.json
    Filesize

    1.8MB

    MD5

    f3b2d6d9378755eac83d58be019e8783

    SHA1

    1747d3faca90e524e731a04a55895c335bde0b41

    SHA256

    afc6f0c5a78334526b23c95b215bf49b301e9974ef3f2153b9ec5d078198793a

    SHA512

    4f4170c5cec39d24bafba3cc7dbae53e334acee1174027888f5bed6455190000c98da534fef018ff0884ad217374f495085385320d898fd05e670345f2bde7fc

    Download Submit

  • /data/data/com.stay.save/app_unhappy/YBrKP.json
    Filesize

    1.8MB

    MD5

    4382abe93fc40d69a5b8b41d4f6af658

    SHA1

    8df7c7bc8178e7676e5a00e593a475fbeeb3db4f

    SHA256

    b341bacf2f855c63628ffd021ea204aa52ad27cc8ce58346c3d2c4b00c487803

    SHA512

    dfd8c31a88b5dddc939a8ee37a9231a1788f8cd519ff6bd4d2434f252c171f7afce9a32976a0ad1d28753d889d3d27363b213df4c292600a75b53a1eff2ec83c

    Download Submit

  • /data/user/0/com.stay.save/app_unhappy/YBrKP.json
    Filesize

    4.4MB

    MD5

    88dc4cc573cc9d0a4f8b398d6da2aaea

    SHA1

    a3bd8c8531d2c7444a798c2c7c5522447d10a470

    SHA256

    b071a132a9dfdb5f0e14f1220bf6f2cf603986c0aee6e1a2b62cea20d8ec8ba2

    SHA512

    00f10e73bdb171345ae88f2b9daacefd0fbdcb6975dae5caa7b23319f1ee7264370c15b661d9100785917f947fdda99a851a57618aa76ed2d7b2c871699526b2

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.