tanglebot | d96173d6a98242950fd8797d8b36a8836abce6a991c9f987d84514dee1d7309f

Analysis

max time kernel
52s
max time network
70s
platform
android-13_x64
resource
android-33-x64-arm64-20240910-en
resource tags

arch:arm64arch:x64arch:x86image:android-33-x64-arm64-20240910-enlocale:en-usos:android-13-x64system
submitted
24/03/2025, 20:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

marcher.apk
Size

9.1MB
MD5

5f218d00ffb2baeb383b3e0edc191805
SHA1

e622b5eb702f4a65d26168296462be5d823f0425
SHA256

d96173d6a98242950fd8797d8b36a8836abce6a991c9f987d84514dee1d7309f
SHA512

9680b49c2a12a1f99aca410c43ed45656ac60627ce2fe89f8e5527fc7e3da8d1aabb02ad71d93121d436f8b678bd13b4aa3e8419e6c790f8a3bfe8487441e2ac
SSDEEP

196608:Vy0aiW7MCpgWyvJnuNX2jgCFl25mGngraiaI6/UhQfKLA4m3dfZEa7SJd6:HJW796JuNXWg04iaiBfnSdfrC0

Score

10^/10

tanglebot evasion infostealer spyware trojan

Malware Config

Signatures

TangleBot
TangleBot is an Android SMS malware first seen in September 2021.
trojan infostealer spyware tanglebot

TangleBot payload 1 IoCs

resource	yara_rule
behavioral1/memory/4499-0.dex	family_tanglebot3

Tanglebot family
tanglebot

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.math.cute/app_firm/Moffi.json	4499	com.math.cute

com.math.cute
1⤵
- Loads dropped Dex/Jar
PID:4499

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.math.cute/app_firm/Moffi.json

Filesize
1.8MB

MD5
ed66a8a2f38987e3e25192caef4c5d1c

SHA1
c37203a3743d4e665d23330176dd2ab677f3120e

SHA256
ccf4a14cb76c3e6ccae300f149a455c61722d2912f0c64c361ac937ce9b21078

SHA512
333d57dc5d8ccff3b4f4b753afe3658597256ba06076d5d8ef57311fada9ea13b3645eec939ec28a36f3ce26172d716154601c6e7d04e2ceb07e5841f7aa2b97

Download Submit
/data/data/com.math.cute/app_firm/Moffi.json

Filesize
1.8MB

MD5
33b4a64aaf95de1c7add1ab4451e81f6

SHA1
22c96731a08b09aba61919a5bd03d628f2d28d1e

SHA256
fe52ffe934efd3b2d7a71eeb5891954e5c4a07b04884b762d8b8c77e07b77534

SHA512
ac6d2bb2f6af57d0613e1bbb3c7da97aa8de5aee830270343ded55ab01dcae49152e876b3410395e38033030c17616ff56035821716ef4dcfcda0f20046061a2

Download Submit
/data/data/com.math.cute/app_firm/oat/Moffi.json.cur.prof

Filesize
926B

MD5
bb0ddeaeda3fea06d98e3588d3fa7d8e

SHA1
4c9f2e513d4738ebafba1bfcfa8776390e360f03

SHA256
ca29c5b8c25699d8f8521af25a9e8157f461ab8529541d4e42e5dd80f677f69e

SHA512
07b9d43ec27a1d22d80dcd127f83494f7d47d8b5a11eb1cf5eb7d9fa80ba5c13ea713b78feaa7519595c25ece43d4d6e0f074bcf16d248b49e3fb6fe602b7858

Download Submit
/data/data/com.math.cute/app_firm/oat/x86_64/Moffi.vdex

Filesize
65KB

MD5
def371a5daf3570a8d48f6d168691adc

SHA1
3f6fa0e6a2d577eddea3745a2a3ad3a689399763

SHA256
3f5b5d42f72e4eeff5f44713f0364656f813a3e3cc032424f2e036413991a66b

SHA512
e47e938c0f38b00a150b6f5c7bfb94411280302457b375ed221b3f3b043b6cc351c21fb69fe4922898da63d7174550fd5be9a7aa05105561c4f6be66502a1317

Download Submit
/data/user/0/com.math.cute/app_firm/Moffi.json

Filesize
4.4MB

MD5
dd891a992d2789de34d3b20affed5d60

SHA1
bfc93b437c850c91a5ca9829c39acfc4d61073a4

SHA256
febfe3b55e82175fb1321453a14ebfdfac226e27e8314b38c7785e35dfe1b040

SHA512
f02d8603e51b6e9c74acfc4b8cfa51a8fa1407e7b92abd05de03fb15b0303467677ce5bb76b3c3760a0f11644bc48255719501be30005477b71ee15702aa7b6c

Download Submit