tanglebot | 24d5b572ee0790c1ec05d5d968b70ac939df3a581dd0e5bd271b524a7d03c8f6

Analysis

max time kernel
5s
max time network
25s
platform
android-13_x64
resource
android-33-x64-arm64-20240910-en
resource tags

arch:arm64arch:x64arch:x86image:android-33-x64-arm64-20240910-enlocale:en-usos:android-13-x64system
submitted
22/03/2025, 00:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

24d5b572ee0790c1ec05d5d968b70ac939df3a581dd0e5bd271b524a7d03c8f6.apk
Size

9.1MB
MD5

bd85d70283874bf7b9ed761dc3292429
SHA1

3a11caa01fa22af37cdb59a4b0195599bf16f7ba
SHA256

24d5b572ee0790c1ec05d5d968b70ac939df3a581dd0e5bd271b524a7d03c8f6
SHA512

70a1dfd61b89c7524e52dbb16837f94e6670e8989dc17783c7a86bab8702bc1d6b04d2dc1a3a94b061ecb4bf0d6fe7d2039fcb7de3020004c5909f88eb547a81
SSDEEP

196608:QW7vxyBSKPNncn9TJC71mcDoDf9TjoqDUZBbrkA8dC66c:RoBSKZcntYXoDfKtZdAAs6c

Score

10^/10

tanglebot evasion infostealer spyware trojan

Malware Config

Signatures

TangleBot
TangleBot is an Android SMS malware first seen in September 2021.
trojan infostealer spyware tanglebot

TangleBot payload 1 IoCs

resource	yara_rule
behavioral1/memory/4508-0.dex	family_tanglebot3

Tanglebot family
tanglebot

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.expect.brain/app_shaft/PqHrtrj.json	4508	com.expect.brain

com.expect.brain
1⤵
- Loads dropped Dex/Jar
PID:4508

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.expect.brain/app_shaft/PqHrtrj.json

Filesize
1.8MB

MD5
0bbcdf8c57581080f15ba0caa57b21e4

SHA1
8b76347e16efd00a814f0df1840ee95356c92b7b

SHA256
d98056a7d7011e066555ef83ee9868e18662dafafda6a8340222e6a478523a09

SHA512
9bf35ffa0b8cd1ffc636da7838c6c4871f5efc77ab472479bfb90b4d86d87df81de18e11180f3730fcac5208871d5de86a22fe8f69162daf425954b38ae71757

Download Submit
/data/data/com.expect.brain/app_shaft/PqHrtrj.json

Filesize
1.8MB

MD5
35312ac2858dc307ecb87fb130e789da

SHA1
96fee9d62726f468ec758feaaa8cf44405b8d18e

SHA256
9756f657b87373e7cfa95bcf52b945a5fb4a8014e596a3d8d12b68d195500898

SHA512
7e5d4640f55bd15c54cba71476f1c1cb9cf9586816b7b58081a99da399383788107b8aedb9a22496146c999144ee420d3fbb41c0ddec9b53b6bce9987db84395

Download Submit
/data/data/com.expect.brain/app_shaft/oat/x86_64/PqHrtrj.vdex

Filesize
65KB

MD5
a6c51c16a970936675d9810af3d6bc95

SHA1
9dd74b5a281ba8908c8c20dd874163380ab0bbe8

SHA256
16ad724299b58c57cd395c758ec0e678ae565bf15bb1a8aa41fef89bef586c38

SHA512
5e0f1dfb601bde292782935e2799bea4cabec235e411186647dd8a50a8eed0b98a257364e340b03c56126b0d21df50723e98b651a311dc0946b8ef27f6e1ab25

Download Submit
/data/user/0/com.expect.brain/app_shaft/PqHrtrj.json

Filesize
4.4MB

MD5
94967550635a8e55b335e9376bc9c89c

SHA1
04c99c4155a3bc48fea57639aab32c049687cf81

SHA256
d30ce5256510b0a7a4aecfa9cca2b7d52c5bcd41048a2a955f92b4841b83449a

SHA512
e38873595a47412bc924b1e3f62ed487322337193718a3954611a7c1248093ad388f341243efb1852b0f9225d40057da8a2cee9cf68f784943a921a846d03f5c

Download Submit