Overview

overview

10

Static

static

10

e48d8b5e60...38.apk

android-13-x64

10

e48d8b5e60...38.apk

android-9-x86

10

base.apk

android-13-x64

10

base.apk

android-9-x86

10

Analysis

  • max time kernel
    5s
  • max time network
    26s
  • platform
    android-9_x86
  • resource
    android-x86-arm-20240910-en
  • resource tags

    arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
  • submitted
    21/03/2025, 18:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e48d8b5e607bcd5b9b85d3be271e96e7e088b551f03aae04f4129a1c1f0dba38.apk

  • Size

    11.3MB

  • MD5

    3db7b048b30968866463cb2987457f8b

  • SHA1

    7c84efcbeb839e00f27271aeb0a06f45e87f08c8

  • SHA256

    e48d8b5e607bcd5b9b85d3be271e96e7e088b551f03aae04f4129a1c1f0dba38

  • SHA512

    bc8c3f5b2d00da2e69ea365732d244d8f7dab615eace083f2bcac0c05f9bd0fd2358ef9b6689e728038052949b0390acb2d777f54e6dae6e18b2881ec13ab0c2

  • SSDEEP

    196608:++ZCJB4PrnDwtE+sAMbM5Gevv8Tb2G/BLTG2/NGO6FcDdcE+8NjT4jrt4rIl2GoY:gJ+bcXsAMoxcv/BLH/9Y854quoMt

Score
10/10
tanglebotevasioninfostealerspywaretrojan

Malware Config

Signatures

  • TangleBot

    TangleBot is an Android SMS malware first seen in September 2021.

    trojaninfostealerspywaretanglebot
  • TangleBot payload 1 IoCs
  • Tanglebot family
    tanglebot
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion

Processes

  • com.target.glide
    1⤵
    • Loads dropped Dex/Jar
    PID:4210
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.target.glide/app_build/OYZFbsK.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.target.glide/app_build/oat/x86/OYZFbsK.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4237

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.target.glide/app_build/OYZFbsK.json
    Filesize

    1.8MB

    MD5

    5421d484506b958f6990b843a901a119

    SHA1

    67c778a321c4ce4f0dad5a5f29d66d075f814795

    SHA256

    1b98d767e85b4f67ef8f3fa6a52ad8c88611aebb7e7511e8014342ba760ced2a

    SHA512

    a688b954e826f1f2222559554653d085c59c36986d826ed13c88af0be567cff2a4d414a290add396d140b6312b5c8416b10a029b1b99d31db8f852e7eafe8c0c

    Download Submit

  • /data/data/com.target.glide/app_build/OYZFbsK.json
    Filesize

    1.8MB

    MD5

    3116f80372235f2f963693d3e0c3e6da

    SHA1

    a7d53695624d20e45ce877c6ae45ca3d91beec07

    SHA256

    be594de1bafdd0109572cef1e17ad4e1e62b40a105d9decb7cf2adeb9d2a81e7

    SHA512

    1eb8179a91ce66e2b7982c61bce1144259daff1ebd466591d4e374755cd23f0a644c69bbadb7866718cbce90a24c26c48e09f6751948aaa7fc84aa00bfd75655

    Download Submit

  • /data/user/0/com.target.glide/app_build/OYZFbsK.json
    Filesize

    4.4MB

    MD5

    5437f772a3729a3b38b52029553bf6a7

    SHA1

    dfabeb717379d606929360a45f9dd5d6c72f15f9

    SHA256

    0a24b2a258779c49ec22342a7f9ac6aa2a07ab7846e927cdfd6d29a07b27fa82

    SHA512

    1bf2fad3db262e85bee2e5a45111b35a91e63dbfc6a8c0aca6076afb886d9028cedcc15df5b992e53f8408e30411efaa300035a5b7f472597e0c06f922049d33

    Download Submit

  • /data/user/0/com.target.glide/app_build/OYZFbsK.json
    Filesize

    4.4MB

    MD5

    f73cc6b4b1e9f29d17810adc5846e817

    SHA1

    3810c0158cc16ff4fcd7b6105b88097d456c829c

    SHA256

    94f04b06e191e946095905ef78727adfe81b6d44e415340571373e4ff241b0c4

    SHA512

    3af985468096772ce9a757ff96c08dee381b1352384f80d379b3427de421f842f42d3501687e60cb67b8135e325de765c9db740d12f6b4dc859fb18934ca89f2

    Download Submit