Overview

overview

10

Static

static

6

d96173d6a9...9f.apk

android-9-x86

10

d96173d6a9...9f.apk

android-10-x64

10

d96173d6a9...9f.apk

android-11-x64

10

base.apk

android-9-x86

10

base.apk

android-11-x64

10

Analysis

  • max time kernel
    5s
  • max time network
    151s
  • platform
    android-9_x86
  • resource
    android-x86-arm-20240910-en
  • resource tags

    arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
  • submitted
    21/03/2025, 18:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d96173d6a98242950fd8797d8b36a8836abce6a991c9f987d84514dee1d7309f.apk

  • Size

    9.1MB

  • MD5

    5f218d00ffb2baeb383b3e0edc191805

  • SHA1

    e622b5eb702f4a65d26168296462be5d823f0425

  • SHA256

    d96173d6a98242950fd8797d8b36a8836abce6a991c9f987d84514dee1d7309f

  • SHA512

    9680b49c2a12a1f99aca410c43ed45656ac60627ce2fe89f8e5527fc7e3da8d1aabb02ad71d93121d436f8b678bd13b4aa3e8419e6c790f8a3bfe8487441e2ac

  • SSDEEP

    196608:Vy0aiW7MCpgWyvJnuNX2jgCFl25mGngraiaI6/UhQfKLA4m3dfZEa7SJd6:HJW796JuNXWg04iaiBfnSdfrC0

Score
10/10
tanglebotevasioninfostealerspywaretrojan

Malware Config

Signatures

  • TangleBot

    TangleBot is an Android SMS malware first seen in September 2021.

    trojaninfostealerspywaretanglebot
  • TangleBot payload 1 IoCs
  • Tanglebot family
    tanglebot
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion

Processes

  • com.math.cute
    1⤵
    • Loads dropped Dex/Jar
    PID:4310
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.math.cute/app_firm/Moffi.json --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.math.cute/app_firm/oat/x86/Moffi.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4335

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.math.cute/app_firm/Moffi.json
    Filesize

    1.8MB

    MD5

    ed66a8a2f38987e3e25192caef4c5d1c

    SHA1

    c37203a3743d4e665d23330176dd2ab677f3120e

    SHA256

    ccf4a14cb76c3e6ccae300f149a455c61722d2912f0c64c361ac937ce9b21078

    SHA512

    333d57dc5d8ccff3b4f4b753afe3658597256ba06076d5d8ef57311fada9ea13b3645eec939ec28a36f3ce26172d716154601c6e7d04e2ceb07e5841f7aa2b97

    Download Submit

  • /data/data/com.math.cute/app_firm/Moffi.json
    Filesize

    1.8MB

    MD5

    33b4a64aaf95de1c7add1ab4451e81f6

    SHA1

    22c96731a08b09aba61919a5bd03d628f2d28d1e

    SHA256

    fe52ffe934efd3b2d7a71eeb5891954e5c4a07b04884b762d8b8c77e07b77534

    SHA512

    ac6d2bb2f6af57d0613e1bbb3c7da97aa8de5aee830270343ded55ab01dcae49152e876b3410395e38033030c17616ff56035821716ef4dcfcda0f20046061a2

    Download Submit

  • /data/user/0/com.math.cute/app_firm/Moffi.json
    Filesize

    4.4MB

    MD5

    a131909b4bbabbdcb37789a582beafdd

    SHA1

    13d7f0b9a33b7181cdcf8c90466beaf066202ba3

    SHA256

    c71f5fb61f1e3857fc22075e5073f32251fb40d33aedfdfd8ccfa8969efdd803

    SHA512

    727b291d059e60e00c01e2cef9db53d4b7da068184c13222781b39213eb1a2e139bb0bf0bc3aa8137b7619fe1109784f1c438660b4836977b9faa85ab9d59944

    Download Submit

  • /data/user/0/com.math.cute/app_firm/Moffi.json
    Filesize

    4.4MB

    MD5

    dd891a992d2789de34d3b20affed5d60

    SHA1

    bfc93b437c850c91a5ca9829c39acfc4d61073a4

    SHA256

    febfe3b55e82175fb1321453a14ebfdfac226e27e8314b38c7785e35dfe1b040

    SHA512

    f02d8603e51b6e9c74acfc4b8cfa51a8fa1407e7b92abd05de03fb15b0303467677ce5bb76b3c3760a0f11644bc48255719501be30005477b71ee15702aa7b6c

    Download Submit