Extracted

• • Target

    c6036ac9e9c3ede37eb86938dc0a69e04a7b54a8585fc4859a7b25b28bc842c0

  • Size

    10.3MB

  • MD5

    660a7c32b2f4552aea850efcdd89401e

  • SHA1

    0917f84c43281ef77ef3e2e6bd08aeeb31ce30d7

  • SHA256

    c6036ac9e9c3ede37eb86938dc0a69e04a7b54a8585fc4859a7b25b28bc842c0

  • SHA512

    f94f24a6a45246e56436a24766e74369a5a966427e539bdcc5f7e6e55761b717883134f977bdacde44ea19a48e8eaec38587091318f632aef057510bb9556c69

  • SSDEEP

    196608:GW+j/Mp0fgojgAccs2ZP2+OcYwzMUtklcPZ1hDRgpOiLPSNQgIsG/bX0C0LQz0r6:uwaz82hJY6MGhDqcCPSqga/LV0L7r6

  Score

  10^/10

  tanglebotevasioninfostealerspywaretrojan

  • TangleBot

    TangleBot is an Android SMS malware first seen in September 2021.

    trojaninfostealerspywaretanglebot

  • TangleBot payload

  • Tanglebot family

    tanglebot

  • Loads dropped Dex/Jar

    Runs executable file dropped to the device during analysis.

    evasion
  behavioral1behavioral2behavioral3

• • Target

    base.apk

  • Size

    9.9MB

  • MD5

    19317ed93302a06ecaf0502adfbaa639

  • SHA1

    b4811105d5e15055ade059025421dbe85c36d185

  • SHA256

    3016cb465e8a6fdf61b0f2f49e12ffe6f67f501b195611d1b28ba21687f9bbd0

  • SHA512

    ef5bd4e7201af843cc8359f36dd31d60b6567a843ce1ae4f3ec67315cc44f2e827fe40a74fa4e1e64f447d0c6581297248dbf81449b3da832d74511633f124be

  • SSDEEP

    196608:QwUTrj7ZRkprdC3cYBJaxS9TNJ9jUZtyp+x87:Qw5rgsgJasJNJ94Zto

  Score

  10^/10

  octobankercollectioncredential_accessdefense_evasiondiscoveryevasionimpactinfostealerpersistenceratstealthtrojan

  • Octo

    Octo is a banking malware with remote access capabilities first seen in April 2022.

    bankertrojaninfostealerratocto

  • Octo family

    octo

  • Octo payload

  • Removes its main activity from the application launcher

    stealthtrojanevasion

  • Loads dropped Dex/Jar

    Runs executable file dropped to the device during analysis.

    evasion

  • Makes use of the framework's Accessibility service

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectiondefense_evasioncredential_access

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    bankerdiscovery

  • Queries the phone number (MSISDN for GSM devices)

    discovery

  • Acquires the wake lock

  • Makes use of the framework's foreground persistence service

    Application may abuse the framework's foreground service to continue running in the foreground.

    defense_evasionpersistence

  • Performs UI accessibility actions on behalf of the user

    Application may abuse the accessibility service to prevent their removal.

    evasion

  • Queries the mobile country code (MCC)

    discovery

  • Queries the unique device ID (IMEI, MEID, IMSI)

    discovery

  • Reads information about phone network operator.

    discovery

  • Requests enabling of the accessibility settings.

  behavioral4behavioral5