tanglebot | d96173d6a98242950fd8797d8b36a8836abce6a991c9f987d84514dee1d7309f

Analysis

max time kernel
5s
max time network
151s
platform
android-10_x64
resource
android-x64-20240910-en
resource tags

arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system
submitted
21/03/2025, 18:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d96173d6a98242950fd8797d8b36a8836abce6a991c9f987d84514dee1d7309f.apk
Size

9.1MB
MD5

5f218d00ffb2baeb383b3e0edc191805
SHA1

e622b5eb702f4a65d26168296462be5d823f0425
SHA256

d96173d6a98242950fd8797d8b36a8836abce6a991c9f987d84514dee1d7309f
SHA512

9680b49c2a12a1f99aca410c43ed45656ac60627ce2fe89f8e5527fc7e3da8d1aabb02ad71d93121d436f8b678bd13b4aa3e8419e6c790f8a3bfe8487441e2ac
SSDEEP

196608:Vy0aiW7MCpgWyvJnuNX2jgCFl25mGngraiaI6/UhQfKLA4m3dfZEa7SJd6:HJW796JuNXWg04iaiBfnSdfrC0

Score

10^/10

tanglebot evasion infostealer spyware trojan

Malware Config

Signatures

TangleBot
TangleBot is an Android SMS malware first seen in September 2021.
trojan infostealer spyware tanglebot

TangleBot payload 1 IoCs

resource	yara_rule
behavioral2/memory/5056-0.dex	family_tanglebot3

Tanglebot family
tanglebot

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.math.cute/app_firm/Moffi.json	5056	com.math.cute

com.math.cute
1⤵
- Loads dropped Dex/Jar
PID:5056

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.math.cute/app_firm/Moffi.json

Filesize
1.8MB

MD5
ed66a8a2f38987e3e25192caef4c5d1c

SHA1
c37203a3743d4e665d23330176dd2ab677f3120e

SHA256
ccf4a14cb76c3e6ccae300f149a455c61722d2912f0c64c361ac937ce9b21078

SHA512
333d57dc5d8ccff3b4f4b753afe3658597256ba06076d5d8ef57311fada9ea13b3645eec939ec28a36f3ce26172d716154601c6e7d04e2ceb07e5841f7aa2b97

Download Submit
/data/data/com.math.cute/app_firm/Moffi.json

Filesize
1.8MB

MD5
33b4a64aaf95de1c7add1ab4451e81f6

SHA1
22c96731a08b09aba61919a5bd03d628f2d28d1e

SHA256
fe52ffe934efd3b2d7a71eeb5891954e5c4a07b04884b762d8b8c77e07b77534

SHA512
ac6d2bb2f6af57d0613e1bbb3c7da97aa8de5aee830270343ded55ab01dcae49152e876b3410395e38033030c17616ff56035821716ef4dcfcda0f20046061a2

Download Submit
/data/user/0/com.math.cute/app_firm/Moffi.json

Filesize
4.4MB

MD5
dd891a992d2789de34d3b20affed5d60

SHA1
bfc93b437c850c91a5ca9829c39acfc4d61073a4

SHA256
febfe3b55e82175fb1321453a14ebfdfac226e27e8314b38c7785e35dfe1b040

SHA512
f02d8603e51b6e9c74acfc4b8cfa51a8fa1407e7b92abd05de03fb15b0303467677ce5bb76b3c3760a0f11644bc48255719501be30005477b71ee15702aa7b6c

Download Submit