Extracted

• • Target

    24d5b572ee0790c1ec05d5d968b70ac939df3a581dd0e5bd271b524a7d03c8f6

  • Size

    9.1MB

  • MD5

    bd85d70283874bf7b9ed761dc3292429

  • SHA1

    3a11caa01fa22af37cdb59a4b0195599bf16f7ba

  • SHA256

    24d5b572ee0790c1ec05d5d968b70ac939df3a581dd0e5bd271b524a7d03c8f6

  • SHA512

    70a1dfd61b89c7524e52dbb16837f94e6670e8989dc17783c7a86bab8702bc1d6b04d2dc1a3a94b061ecb4bf0d6fe7d2039fcb7de3020004c5909f88eb547a81

  • SSDEEP

    196608:QW7vxyBSKPNncn9TJC71mcDoDf9TjoqDUZBbrkA8dC66c:RoBSKZcntYXoDfKtZdAAs6c

  Score

  10^/10

  tanglebotevasioninfostealerspywaretrojan

  • TangleBot

    TangleBot is an Android SMS malware first seen in September 2021.

    trojaninfostealerspywaretanglebot

  • TangleBot payload

  • Tanglebot family

    tanglebot

  • Loads dropped Dex/Jar

    Runs executable file dropped to the device during analysis.

    evasion
  behavioral1behavioral2behavioral3

• • Target

    base.apk

  • Size

    7.2MB

  • MD5

    4a61da22726c477f73e1c8518062cb28

  • SHA1

    d489dce01704de491fa56bc694889cb5a8d22fe9

  • SHA256

    04ac76ce0b7d9e2e7ee4664743e446b7a5fe9dd1b60aa69e30a38fa0088749c3

  • SHA512

    6e3ff9d924039a99dca74568a9f0bd1780370c8930551c1f207671cc7478d580738f9365cd3340cd99bc166b6a8f02eed9105511d36aca4d38917f1cfcd8059e

  • SSDEEP

    98304:mQ/n5iSRGj2Rs5i1yFWxBuTh2VKXXtw5j7tokkG1Fe:mQnrNRcki2Ut2j7wYs

  Score

  10^/10

  octobankercollectioncredential_accessdefense_evasiondiscoveryevasionimpactinfostealerpersistenceratstealthtrojan

  • Octo

    Octo is a banking malware with remote access capabilities first seen in April 2022.

    bankertrojaninfostealerratocto

  • Octo family

    octo

  • Octo payload

  • Removes its main activity from the application launcher

    stealthtrojanevasion

  • Loads dropped Dex/Jar

    Runs executable file dropped to the device during analysis.

    evasion

  • Makes use of the framework's Accessibility service

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectiondefense_evasioncredential_access

  • Obtains sensitive information copied to the device clipboard

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    collectioncredential_accessimpact

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    bankerdiscovery

  • Queries the phone number (MSISDN for GSM devices)

    discovery

  • Acquires the wake lock

  • Makes use of the framework's foreground persistence service

    Application may abuse the framework's foreground service to continue running in the foreground.

    defense_evasionpersistence

  • Queries the mobile country code (MCC)

    discovery

  • Queries the unique device ID (IMEI, MEID, IMSI)

    discovery

  • Reads information about phone network operator.

    discovery

  • Requests disabling of battery optimizations (often used to enable hiding in the background).

    defense_evasion
  behavioral4behavioral5