tanglebot | c6036ac9e9c3ede37eb86938dc0a69e04a7b54a8585fc4859a7b25b28bc842c0

Analysis

max time kernel
5s
max time network
152s
platform
android-10_x64
resource
android-x64-20240910-en
resource tags

arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system
submitted
21/03/2025, 18:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c6036ac9e9c3ede37eb86938dc0a69e04a7b54a8585fc4859a7b25b28bc842c0.apk
Size

10.3MB
MD5

660a7c32b2f4552aea850efcdd89401e
SHA1

0917f84c43281ef77ef3e2e6bd08aeeb31ce30d7
SHA256

c6036ac9e9c3ede37eb86938dc0a69e04a7b54a8585fc4859a7b25b28bc842c0
SHA512

f94f24a6a45246e56436a24766e74369a5a966427e539bdcc5f7e6e55761b717883134f977bdacde44ea19a48e8eaec38587091318f632aef057510bb9556c69
SSDEEP

196608:GW+j/Mp0fgojgAccs2ZP2+OcYwzMUtklcPZ1hDRgpOiLPSNQgIsG/bX0C0LQz0r6:uwaz82hJY6MGhDqcCPSqga/LV0L7r6

Score

10^/10

tanglebot evasion infostealer spyware trojan

Malware Config

Signatures

TangleBot
TangleBot is an Android SMS malware first seen in September 2021.
trojan infostealer spyware tanglebot

TangleBot payload 1 IoCs

resource	yara_rule
behavioral2/memory/5057-0.dex	family_tanglebot3

Tanglebot family
tanglebot

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.stay.save/app_unhappy/YBrKP.json	5057	com.stay.save

com.stay.save
1⤵
- Loads dropped Dex/Jar
PID:5057

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.stay.save/app_unhappy/YBrKP.json

Filesize
1.8MB

MD5
f3b2d6d9378755eac83d58be019e8783

SHA1
1747d3faca90e524e731a04a55895c335bde0b41

SHA256
afc6f0c5a78334526b23c95b215bf49b301e9974ef3f2153b9ec5d078198793a

SHA512
4f4170c5cec39d24bafba3cc7dbae53e334acee1174027888f5bed6455190000c98da534fef018ff0884ad217374f495085385320d898fd05e670345f2bde7fc

Download Submit
/data/data/com.stay.save/app_unhappy/YBrKP.json

Filesize
1.8MB

MD5
4382abe93fc40d69a5b8b41d4f6af658

SHA1
8df7c7bc8178e7676e5a00e593a475fbeeb3db4f

SHA256
b341bacf2f855c63628ffd021ea204aa52ad27cc8ce58346c3d2c4b00c487803

SHA512
dfd8c31a88b5dddc939a8ee37a9231a1788f8cd519ff6bd4d2434f252c171f7afce9a32976a0ad1d28753d889d3d27363b213df4c292600a75b53a1eff2ec83c

Download Submit
/data/user/0/com.stay.save/app_unhappy/YBrKP.json

Filesize
4.4MB

MD5
88dc4cc573cc9d0a4f8b398d6da2aaea

SHA1
a3bd8c8531d2c7444a798c2c7c5522447d10a470

SHA256
b071a132a9dfdb5f0e14f1220bf6f2cf603986c0aee6e1a2b62cea20d8ec8ba2

SHA512
00f10e73bdb171345ae88f2b9daacefd0fbdcb6975dae5caa7b23319f1ee7264370c15b661d9100785917f947fdda99a851a57618aa76ed2d7b2c871699526b2

Download Submit