tanglebot | e48d8b5e607bcd5b9b85d3be271e96e7e088b551f03aae04f4129a1c1f0dba38

Analysis

max time kernel
5s
max time network
150s
platform
android-11_x64
resource
android-x64-arm64-20240910-en
resource tags

arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
submitted
21/03/2025, 19:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e48d8b5e607bcd5b9b85d3be271e96e7e088b551f03aae04f4129a1c1f0dba38.apk
Size

11.3MB
MD5

3db7b048b30968866463cb2987457f8b
SHA1

7c84efcbeb839e00f27271aeb0a06f45e87f08c8
SHA256

e48d8b5e607bcd5b9b85d3be271e96e7e088b551f03aae04f4129a1c1f0dba38
SHA512

bc8c3f5b2d00da2e69ea365732d244d8f7dab615eace083f2bcac0c05f9bd0fd2358ef9b6689e728038052949b0390acb2d777f54e6dae6e18b2881ec13ab0c2
SSDEEP

196608:++ZCJB4PrnDwtE+sAMbM5Gevv8Tb2G/BLTG2/NGO6FcDdcE+8NjT4jrt4rIl2GoY:gJ+bcXsAMoxcv/BLH/9Y854quoMt

Score

10^/10

tanglebot evasion infostealer spyware trojan

Malware Config

Signatures

TangleBot
TangleBot is an Android SMS malware first seen in September 2021.
trojan infostealer spyware tanglebot

TangleBot payload 1 IoCs

resource	yara_rule
behavioral3/memory/4744-0.dex	family_tanglebot3

Tanglebot family
tanglebot

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.target.glide/app_build/OYZFbsK.json	4744	com.target.glide

com.target.glide
1⤵
- Loads dropped Dex/Jar
PID:4744

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.target.glide/app_build/OYZFbsK.json

Filesize
1.8MB

MD5
5421d484506b958f6990b843a901a119

SHA1
67c778a321c4ce4f0dad5a5f29d66d075f814795

SHA256
1b98d767e85b4f67ef8f3fa6a52ad8c88611aebb7e7511e8014342ba760ced2a

SHA512
a688b954e826f1f2222559554653d085c59c36986d826ed13c88af0be567cff2a4d414a290add396d140b6312b5c8416b10a029b1b99d31db8f852e7eafe8c0c

Download Submit
/data/data/com.target.glide/app_build/OYZFbsK.json

Filesize
1.8MB

MD5
3116f80372235f2f963693d3e0c3e6da

SHA1
a7d53695624d20e45ce877c6ae45ca3d91beec07

SHA256
be594de1bafdd0109572cef1e17ad4e1e62b40a105d9decb7cf2adeb9d2a81e7

SHA512
1eb8179a91ce66e2b7982c61bce1144259daff1ebd466591d4e374755cd23f0a644c69bbadb7866718cbce90a24c26c48e09f6751948aaa7fc84aa00bfd75655

Download Submit
/data/user/0/com.target.glide/app_build/OYZFbsK.json

Filesize
4.4MB

MD5
f73cc6b4b1e9f29d17810adc5846e817

SHA1
3810c0158cc16ff4fcd7b6105b88097d456c829c

SHA256
94f04b06e191e946095905ef78727adfe81b6d44e415340571373e4ff241b0c4

SHA512
3af985468096772ce9a757ff96c08dee381b1352384f80d379b3427de421f842f42d3501687e60cb67b8135e325de765c9db740d12f6b4dc859fb18934ca89f2

Download Submit