tanglebot | 93dc9e9017f77ecfd8d212fc4d3cd2a0aea0cda858f657f7ca271501ce81f26e

Analysis

max time kernel
5s
max time network
152s
platform
android-9_x86
resource
android-x86-arm-20240910-en
resource tags

arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
submitted
22/03/2025, 00:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

93dc9e9017f77ecfd8d212fc4d3cd2a0aea0cda858f657f7ca271501ce81f26e.apk
Size

8.8MB
MD5

1e1292a3a039d4b8b93914696a9ba8b8
SHA1

ec53d766f834301d5108bbf24f539f5f4437b686
SHA256

93dc9e9017f77ecfd8d212fc4d3cd2a0aea0cda858f657f7ca271501ce81f26e
SHA512

5d1865a05b824049e9b1da2c90286210569e2608ce6f8055d6ea5efa847f6a0b9a8a6792ab73a65f184493de7837ddd1292ae22be26e25f3cbb6bf6f9a87afb4
SSDEEP

196608:7i6wRFeYqfEWc7zle0A+0OydgQzkGPsO+PP+R7+BDj0yi:bwC15cvgQ0OIUO+PP/E

Score

10^/10

tanglebot evasion infostealer spyware trojan

Malware Config

Signatures

TangleBot
TangleBot is an Android SMS malware first seen in September 2021.
trojan infostealer spyware tanglebot

TangleBot payload 1 IoCs

resource	yara_rule
behavioral1/memory/4364-0.dex	family_tanglebot3

Tanglebot family
tanglebot

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.amount.jazz/app_turtle/yJPD.json	4364	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.amount.jazz/app_turtle/yJPD.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.amount.jazz/app_turtle/oat/x86/yJPD.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.amount.jazz/app_turtle/yJPD.json	4338	com.amount.jazz

com.amount.jazz
1⤵
- Loads dropped Dex/Jar
PID:4338
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.amount.jazz/app_turtle/yJPD.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.amount.jazz/app_turtle/oat/x86/yJPD.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4364

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.amount.jazz/app_turtle/yJPD.json

Filesize
1.8MB

MD5
6aa12098e1b197a23d4e2d987fa0a2ac

SHA1
cef3f973b10bd4531752f51138d242f1bf145e48

SHA256
1cb869525d708d0ec0372355554416483ae8493ca628a911ab64d3cfcecd3a9b

SHA512
91d1f2eb7d7c212e5f7e8207ad0264fbc3e12139d719441ddf78794a1043ecc79981afa6b28ad898b58f03025b5ede3eb6ec311a4f9473cc828b12c2a7efb46b

Download Submit
/data/data/com.amount.jazz/app_turtle/yJPD.json

Filesize
1.8MB

MD5
68ba15a5adf62209148bbc1309579ac9

SHA1
6bb6b4c674cdc4dcf0e8e13c524f3b0e8f938141

SHA256
4e3c36ae71236d86b1e82ff67423e53cc4fa7bf211d2ec449843ea56e9a2233a

SHA512
e2292975d844fb3c14e21cd51d6187afd7c4a676cfea0dfb18f72aec92b4437cc13d4464d69013bcfc801240981fe2e2a03f72672e2694f1c94282cef0c2f484

Download Submit
/data/user/0/com.amount.jazz/app_turtle/yJPD.json

Filesize
4.4MB

MD5
b0606fe4e6b9c1c1f3eaf5153e767829

SHA1
c7e8b220504410bc11f7102612d96de3d1e3ca44

SHA256
af3673eb9016e9e68ccf832da18017936885470b39f5b044d00942506138fd2a

SHA512
0c6344d9565808dea5530bc08101e6d60d0a2748d7b0832aa9851889572f5632a3d813a748e56ef638421a2001dbd13e83103b557d3f6686d380a2567a648c92

Download Submit
/data/user/0/com.amount.jazz/app_turtle/yJPD.json

Filesize
4.4MB

MD5
58d5d6d51443854ab8ed1f4ae531885f

SHA1
2165916a9f76d83697870d77f4c16a2fdd6a432a

SHA256
9d59661300aa633cc7cc90fdcec2fffeb83381ecc9cfdda1986d512ad533aa40

SHA512
0d9327ee204f76e5044d74c0d59726a39af01ccd1c1a7550ca4d1d5a210b67e282ab7849a79d18820270d41a083b6a01e4aadf217d3c6834e2b9d5739a16784f

Download Submit