General

  • Target

    010a657926667e125bf1eb9775544dc038cddc242dd9bc4d71acc99d0fe2c913.bin

  • Size

    2.2MB

  • MD5

    544026ab10fa9f1aa76ce514896b2453

  • SHA1

    657b9563234e38ed1ddd7b7f8351f3e4cd3286a6

  • SHA256

    010a657926667e125bf1eb9775544dc038cddc242dd9bc4d71acc99d0fe2c913

  • SHA512

    768ecbeda0b8285e8deffb0af5affb01e98050cc4e37cfb6929677dd4bcd26641dac01d89dc76e34df0f038304a0cda89dab106a0f7c44df004d21c60dbf2df6

  • SSDEEP

    49152:Uucd2zfrsxLFbIaijjx1Il4UwoakyuSLg+YhI39u:UQzfrs3MfjDUwoligPhGs

Score
10/10

Malware Config

Extracted

Family

tanglebot

C2

https://icq.im/AoLH58pXY8ejJTQiWg8

https://t.me/pempeppepepep

https://t.me/xpembeppep2p2

Signatures

  • TangleBot payload 2 IoCs
  • Tanglebot family
  • Attempts to obfuscate APK file format

    Applies obfuscation techniques to the APK format in order to hinder analysis

  • Declares services with permission to bind to the system 1 IoCs
  • Requests dangerous framework permissions 5 IoCs

Files

  • 010a657926667e125bf1eb9775544dc038cddc242dd9bc4d71acc99d0fe2c913.bin
    .apk android

    la.openport.yoyojaja

    la.openport.yoyojaja.MainActivity


Android Permissions

010a657926667e125bf1eb9775544dc038cddc242dd9bc4d71acc99d0fe2c913.bin

Permissions

android.permission.INTERNET

android.permission.POST_NOTIFICATIONS

android.permission.QUERY_ALL_PACKAGES

android.permission.REQUEST_DELETE_PACKAGES

android.permission.FOREGROUND_SERVICE

android.permission.READ_PHONE_STATE

android.permission.RECORD_AUDIO

android.permission.CAMERA

android.permission.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS

android.permission.WAKE_LOCK

android.permission.SYSTEM_ALERT_WINDOW