Overview

overview

10

Static

static

6

1e3999f77e...41.apk

android-9-x86

10

1e3999f77e...41.apk

android-10-x64

10

1e3999f77e...41.apk

android-11-x64

10

Analysis

  • max time kernel
    91s
  • max time network
    160s
  • platform
    android-11_x64
  • resource
    android-x64-arm64-20240910-en
  • resource tags

    arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
  • submitted
    23/03/2025, 22:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1e3999f77e043954cc7638fdb481f07caa777da32bf3d72a80dd67567b82dc41.apk

  • Size

    1.0MB

  • MD5

    0a1f2dabacba4fe6c79443615c600ae4

  • SHA1

    34e3df4bf369f02dfcad167ad0b49d0728eb1a5a

  • SHA256

    1e3999f77e043954cc7638fdb481f07caa777da32bf3d72a80dd67567b82dc41

  • SHA512

    314c606eebf89cd91721d59b2bfbc2782c256940e6023c461e9abf83b58fdf7e4d9669d23a9a700df358e1ba338fad66c1e5c9b0dce51d813de6bb951c15fda7

  • SSDEEP

    24576:ddLTUwqRxcvAX8XcRmEoJzKLh+1z5UsQk:PLT6n8XVJVsQ11UsQk

Score
10/10
tanglebotbankercollectioncredential_accessdefense_evasiondiscoveryevasionimpactinfostealerspywaretrojan

Malware Config

Extracted

Family

tanglebot

C2

https://icq.im/AoLH58pXY8ejJTQiWg8

https://t.me/pempeppepepep

https://t.me/xpembeppep2p2

Signatures

Processes

  • ewon.nxgx.evilo
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Performs UI accessibility actions on behalf of the user
    • Checks CPU information
    • Checks memory information
    PID:4807

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/ewon.nxgx.evilo/code_cache/secondary-dexes/tmp-base.apk.classes5945463696465349056.zip
    Filesize

    455KB

    MD5

    d5ac1612c8c7e31f612065e7577f1725

    SHA1

    62a5dac0628036c8ca6b96414ff78e537be0e992

    SHA256

    f4547817889eba08465d8dbdcc5180b758cf1cb4e6aa3ab7de3f266d6700130e

    SHA512

    11fcd500b7aef2f7f524a95f122cf4cc1fcd8dd89f5a66fda2514d6e66a4c16534d3225cdfc9131725daddbaa0ec5a642ac37ddd600f8a31e3d31cd4104fc9c6

    Download Submit

  • /data/user/0/ewon.nxgx.evilo/code_cache/secondary-dexes/base.apk.classes1.zip
    Filesize

    949KB

    MD5

    d2143ed14a2c66480e0bef1a2801b2cf

    SHA1

    7ec8664e50e73603542c84f3c4bc1629f69226a7

    SHA256

    5c9035e83894a344f493faa5a46fbc9385539736522f648a81a0bd5e23d145e1

    SHA512

    6b41c780e81fcf5e0004c2348562d00d22e971f8e7df130f78feeebb3cfa533f74b2b8a0dd09dac08d4041023aaf08ef69a437a7c453c9862d9e91b5d613a46b

    Download Submit