Overview

overview

10

Static

static

6

af93d22ba4...28.apk

android-9-x86

10

af93d22ba4...28.apk

android-10-x64

10

af93d22ba4...28.apk

android-11-x64

10

Analysis

  • max time kernel
    140s
  • max time network
    152s
  • platform
    android-9_x86
  • resource
    android-x86-arm-20240910-en
  • resource tags

    arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
  • submitted
    25/03/2025, 22:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    af93d22ba400051acbcd0ca569d310f75cb7885fefa85cb4e9e5fabfdc951028.apk

  • Size

    4.8MB

  • MD5

    dc5fe3621b9d0f1bfee759d3ee776c2e

  • SHA1

    8295d2bdba7f7ff722dcf6570474eac60905b93b

  • SHA256

    af93d22ba400051acbcd0ca569d310f75cb7885fefa85cb4e9e5fabfdc951028

  • SHA512

    0c510b2702de550994fb8c8e6c7ceffb6a7abf10c063b59586ce3ed9712766d99a06d00ffc3e1075f8ef76e7f83513677792208fc5a8b2fe7655c2d5fde1b541

  • SSDEEP

    98304:NGW5N5cOMtxhRf/hdw6JcVadNPH2HjPY13Ab5khsyBL5O:jj5cOMPhRfpdwMawIPY9AbEsMO

Score
10/10
tanglebotbankercollectioncredential_accessdefense_evasiondiscoveryevasioninfostealerpersistencespywaretrojan

Malware Config

Extracted

Family

tanglebot

C2

https://t.me/+LFAFYjStX6wzZmFk

https://t.me/+s8bf3BX_dUYxMzU0

https://t.me/+sklwiGKlByJhZGM0

Signatures

  • TangleBot

    TangleBot is an Android SMS malware first seen in September 2021.

    trojaninfostealerspywaretanglebot
  • TangleBot payload 2 IoCs
  • Tanglebot family
    tanglebot
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectiondefense_evasioncredential_access
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Performs UI accessibility actions on behalf of the user 1 TTPs 1 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • bzvix.mnziz.minimiz
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Performs UI accessibility actions on behalf of the user
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks CPU information
    • Checks memory information
    PID:4217
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/bzvix.mnziz.minimiz/code_cache/secondary-dexes/base.apk.classes1.zip --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/bzvix.mnziz.minimiz/code_cache/secondary-dexes/oat/x86/base.apk.classes1.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4246

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/bzvix.mnziz.minimiz/code_cache/secondary-dexes/tmp-base.apk.classes8375204129383480104.zip
    Filesize

    455KB

    MD5

    cb172a4ce8c9b97a8489ced5e204f59c

    SHA1

    d0e9d07f9476625526a9bfea6ded860db6d77aea

    SHA256

    ed1ca998ca7a5b7eb8ee90434726a17e8760f44c000161006010fe4386aa0ab2

    SHA512

    a94c835ed6993af28018fa7bb60e6b5019c516c48e7d94f5a4ddb3241654ad274a567c3aa2355d8bf826172a68474cb95e5ee5c6dc91cdc3706785ef0ba32a9f

    Download Submit

  • /data/user/0/bzvix.mnziz.minimiz/code_cache/secondary-dexes/base.apk.classes1.zip
    Filesize

    951KB

    MD5

    1b871d3fbd8848049d1fc8b4a9ae892d

    SHA1

    b10684c9de9eac2533505d8f8d21270f5bbc4446

    SHA256

    d389d857eda2ac541dbe788da5dc2548bdd999943cd335e89a0b077a2a513ec3

    SHA512

    22af5fa3a1e4f640b5ce06a313b78a72254d80b07c89c3e747c9fce383e46b6397190e9aabecb1d01d24b774fd2d1efdb44cc2ada85da5a926b6a3eb8058b6a9

    Download Submit

  • /data/user/0/bzvix.mnziz.minimiz/code_cache/secondary-dexes/base.apk.classes1.zip
    Filesize

    951KB

    MD5

    227cf60b8041a24a237a2d4c41bde035

    SHA1

    2de3237bed0082cd7d8a4f01d44e4689f909f2fd

    SHA256

    80002805d7ec3641f2a632acd3efdf8ec099a94c5ea2895db0fa5a0750988aed

    SHA512

    0ae93b4517b9f19d628b57ff346fe75cd6d75a60a97da40d1377a8dc4575a6435d23920e0027188b24d28690dd869063e11d016a44f73cafcf726ca69b971d49

    Download Submit