Extracted

• • Target

    d96173d6a98242950fd8797d8b36a8836abce6a991c9f987d84514dee1d7309f

  • Size

    9.1MB

  • MD5

    5f218d00ffb2baeb383b3e0edc191805

  • SHA1

    e622b5eb702f4a65d26168296462be5d823f0425

  • SHA256

    d96173d6a98242950fd8797d8b36a8836abce6a991c9f987d84514dee1d7309f

  • SHA512

    9680b49c2a12a1f99aca410c43ed45656ac60627ce2fe89f8e5527fc7e3da8d1aabb02ad71d93121d436f8b678bd13b4aa3e8419e6c790f8a3bfe8487441e2ac

  • SSDEEP

    196608:Vy0aiW7MCpgWyvJnuNX2jgCFl25mGngraiaI6/UhQfKLA4m3dfZEa7SJd6:HJW796JuNXWg04iaiBfnSdfrC0

  Score

  10^/10

  tanglebotevasioninfostealerspywaretrojan

  • TangleBot

    TangleBot is an Android SMS malware first seen in September 2021.

    trojaninfostealerspywaretanglebot

  • TangleBot payload

  • Tanglebot family

    tanglebot

  • Loads dropped Dex/Jar

    Runs executable file dropped to the device during analysis.

    evasion
  behavioral1behavioral2behavioral3

• • Target

    base.apk

  • Size

    7.1MB

  • MD5

    ef9ca4ebd1e4f8c345a8ef2c9cbcb756

  • SHA1

    cc378fa2d6b2af6dcf65f8c8608fa5e0306f0f45

  • SHA256

    0ed5e46d9da10084baa9cad664f2f54b15ace995208e171d5c49c56466a64146

  • SHA512

    f9a0abd1d8be2ab13d6cc2c70ef946075bc18f0b0400b0814e0855c617c6506701c8b4f7341d643b52f75049d11ff8ec3bf6b65a3bfaa329b3591700d161980e

  • SSDEEP

    98304:R5iSRG9jujVKjJsDSj76Rs4J3z8pPcoAABKPbfUfmNB6Ae0OR5Y:RrBU1s2j76RH8yoAC+NV

  Score

  10^/10

  octobankercollectioncredential_accessdefense_evasiondiscoveryevasionimpactinfostealerpersistenceratstealthtrojan

  • Octo

    Octo is a banking malware with remote access capabilities first seen in April 2022.

    bankertrojaninfostealerratocto

  • Octo family

    octo

  • Octo payload

  • Removes its main activity from the application launcher

    stealthtrojanevasion

  • Loads dropped Dex/Jar

    Runs executable file dropped to the device during analysis.

    evasion

  • Makes use of the framework's Accessibility service

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectiondefense_evasioncredential_access

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    bankerdiscovery

  • Queries the phone number (MSISDN for GSM devices)

    discovery

  • Acquires the wake lock

  • Makes use of the framework's foreground persistence service

    Application may abuse the framework's foreground service to continue running in the foreground.

    defense_evasionpersistence

  • Performs UI accessibility actions on behalf of the user

    Application may abuse the accessibility service to prevent their removal.

    evasion

  • Queries the mobile country code (MCC)

    discovery

  • Queries the unique device ID (IMEI, MEID, IMSI)

    discovery

  • Reads information about phone network operator.

    discovery

  • Requests enabling of the accessibility settings.

  behavioral4behavioral5