Overview

overview

10

Static

static

6

24d5b572ee...f6.apk

android-9-x86

10

24d5b572ee...f6.apk

android-10-x64

10

24d5b572ee...f6.apk

android-11-x64

10

base.apk

android-9-x86

10

base.apk

android-11-x64

10

Analysis

  • max time kernel
    5s
  • max time network
    151s
  • platform
    android-9_x86
  • resource
    android-x86-arm-20240910-en
  • resource tags

    arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
  • submitted
    22/03/2025, 00:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    24d5b572ee0790c1ec05d5d968b70ac939df3a581dd0e5bd271b524a7d03c8f6.apk

  • Size

    9.1MB

  • MD5

    bd85d70283874bf7b9ed761dc3292429

  • SHA1

    3a11caa01fa22af37cdb59a4b0195599bf16f7ba

  • SHA256

    24d5b572ee0790c1ec05d5d968b70ac939df3a581dd0e5bd271b524a7d03c8f6

  • SHA512

    70a1dfd61b89c7524e52dbb16837f94e6670e8989dc17783c7a86bab8702bc1d6b04d2dc1a3a94b061ecb4bf0d6fe7d2039fcb7de3020004c5909f88eb547a81

  • SSDEEP

    196608:QW7vxyBSKPNncn9TJC71mcDoDf9TjoqDUZBbrkA8dC66c:RoBSKZcntYXoDfKtZdAAs6c

Score
10/10
tanglebotevasioninfostealerspywaretrojan

Malware Config

Signatures

  • TangleBot

    TangleBot is an Android SMS malware first seen in September 2021.

    trojaninfostealerspywaretanglebot
  • TangleBot payload 1 IoCs
  • Tanglebot family
    tanglebot
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion

Processes

  • com.expect.brain
    1⤵
    • Loads dropped Dex/Jar
    PID:4306
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.expect.brain/app_shaft/PqHrtrj.json --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.expect.brain/app_shaft/oat/x86/PqHrtrj.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4331

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.expect.brain/app_shaft/PqHrtrj.json
    Filesize

    1.8MB

    MD5

    0bbcdf8c57581080f15ba0caa57b21e4

    SHA1

    8b76347e16efd00a814f0df1840ee95356c92b7b

    SHA256

    d98056a7d7011e066555ef83ee9868e18662dafafda6a8340222e6a478523a09

    SHA512

    9bf35ffa0b8cd1ffc636da7838c6c4871f5efc77ab472479bfb90b4d86d87df81de18e11180f3730fcac5208871d5de86a22fe8f69162daf425954b38ae71757

    Download Submit

  • /data/data/com.expect.brain/app_shaft/PqHrtrj.json
    Filesize

    1.8MB

    MD5

    35312ac2858dc307ecb87fb130e789da

    SHA1

    96fee9d62726f468ec758feaaa8cf44405b8d18e

    SHA256

    9756f657b87373e7cfa95bcf52b945a5fb4a8014e596a3d8d12b68d195500898

    SHA512

    7e5d4640f55bd15c54cba71476f1c1cb9cf9586816b7b58081a99da399383788107b8aedb9a22496146c999144ee420d3fbb41c0ddec9b53b6bce9987db84395

    Download Submit

  • /data/user/0/com.expect.brain/app_shaft/PqHrtrj.json
    Filesize

    4.4MB

    MD5

    f8fd2d1f15e7b73cc8117b8f599c127a

    SHA1

    405ad1a70dcacc192d6cf1de0bd125840ebfa76f

    SHA256

    cf840bc6078a053a8e1029270e05f20879bad375df9f41fddee6aad5771b2eab

    SHA512

    356e22e961ac37ac6f29cc933a6bdaaa9da35aff87271c4a40dddfb35356fd3aba8440df76eb16d27b184f9d9051b77247cee5232a854e572253e0964105f5ed

    Download Submit

  • /data/user/0/com.expect.brain/app_shaft/PqHrtrj.json
    Filesize

    4.4MB

    MD5

    94967550635a8e55b335e9376bc9c89c

    SHA1

    04c99c4155a3bc48fea57639aab32c049687cf81

    SHA256

    d30ce5256510b0a7a4aecfa9cca2b7d52c5bcd41048a2a955f92b4841b83449a

    SHA512

    e38873595a47412bc924b1e3f62ed487322337193718a3954611a7c1248093ad388f341243efb1852b0f9225d40057da8a2cee9cf68f784943a921a846d03f5c

    Download Submit