Overview

overview

10

Static

static

6

24d5b572ee...f6.apk

android-9-x86

10

24d5b572ee...f6.apk

android-10-x64

10

24d5b572ee...f6.apk

android-11-x64

10

base.apk

android-9-x86

10

base.apk

android-11-x64

10

Analysis

  • max time kernel
    5s
  • max time network
    150s
  • platform
    android-10_x64
  • resource
    android-x64-20240910-en
  • resource tags

    arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system
  • submitted
    22/03/2025, 00:54 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    24d5b572ee0790c1ec05d5d968b70ac939df3a581dd0e5bd271b524a7d03c8f6.apk

  • Size

    9.1MB

  • MD5

    bd85d70283874bf7b9ed761dc3292429

  • SHA1

    3a11caa01fa22af37cdb59a4b0195599bf16f7ba

  • SHA256

    24d5b572ee0790c1ec05d5d968b70ac939df3a581dd0e5bd271b524a7d03c8f6

  • SHA512

    70a1dfd61b89c7524e52dbb16837f94e6670e8989dc17783c7a86bab8702bc1d6b04d2dc1a3a94b061ecb4bf0d6fe7d2039fcb7de3020004c5909f88eb547a81

  • SSDEEP

    196608:QW7vxyBSKPNncn9TJC71mcDoDf9TjoqDUZBbrkA8dC66c:RoBSKZcntYXoDfKtZdAAs6c

Score
10/10
tanglebotevasioninfostealerspywaretrojan

Malware Config

Signatures

  • TangleBot

    TangleBot is an Android SMS malware first seen in September 2021.

    trojaninfostealerspywaretanglebot
  • TangleBot payload 1 IoCs
  • Tanglebot family
    tanglebot
  • Loads dropped Dex/Jar 1 TTPs 1 IoCs

    Runs executable file dropped to the device during analysis.

    evasion

Processes

  • com.expect.brain
    1⤵
    • Loads dropped Dex/Jar
    PID:5054

Network

  • flag-au
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
    Response
    android.apis.google.com
    IN CNAME
    clients.l.google.com
    clients.l.google.com
    IN A
    216.58.204.78
  • 142.250.187.206:443
    tls, https
    689 B
     40 B
     1
    1
  • 142.250.187.206:443
    tls, https
    689 B
     40 B
     1
    1
  • 216.58.204.78:443
    android.apis.google.com
    tls
    4.4kB
     8.7kB
     16
    23
  • 216.58.213.2:443
    tls
    135 B
     40 B
     2
    1
  • 224.0.0.251:5353
    3.7kB
     11
  • 1.1.1.1:53
    android.apis.google.com
    dns
    69 B
     109 B
     1
    1

    DNS Request

    android.apis.google.com

    DNS Response

    216.58.204.78

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.expect.brain/app_shaft/PqHrtrj.json
    Filesize

    1.8MB

    MD5

    0bbcdf8c57581080f15ba0caa57b21e4

    SHA1

    8b76347e16efd00a814f0df1840ee95356c92b7b

    SHA256

    d98056a7d7011e066555ef83ee9868e18662dafafda6a8340222e6a478523a09

    SHA512

    9bf35ffa0b8cd1ffc636da7838c6c4871f5efc77ab472479bfb90b4d86d87df81de18e11180f3730fcac5208871d5de86a22fe8f69162daf425954b38ae71757

    Download Submit

  • /data/data/com.expect.brain/app_shaft/PqHrtrj.json
    Filesize

    1.8MB

    MD5

    35312ac2858dc307ecb87fb130e789da

    SHA1

    96fee9d62726f468ec758feaaa8cf44405b8d18e

    SHA256

    9756f657b87373e7cfa95bcf52b945a5fb4a8014e596a3d8d12b68d195500898

    SHA512

    7e5d4640f55bd15c54cba71476f1c1cb9cf9586816b7b58081a99da399383788107b8aedb9a22496146c999144ee420d3fbb41c0ddec9b53b6bce9987db84395

    Download Submit

  • /data/user/0/com.expect.brain/app_shaft/PqHrtrj.json
    Filesize

    4.4MB

    MD5

    94967550635a8e55b335e9376bc9c89c

    SHA1

    04c99c4155a3bc48fea57639aab32c049687cf81

    SHA256

    d30ce5256510b0a7a4aecfa9cca2b7d52c5bcd41048a2a955f92b4841b83449a

    SHA512

    e38873595a47412bc924b1e3f62ed487322337193718a3954611a7c1248093ad388f341243efb1852b0f9225d40057da8a2cee9cf68f784943a921a846d03f5c

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.