Overview

overview

10

Static

static

6

8c51df7bee...03.apk

android-9-x86

10

8c51df7bee...03.apk

android-10-x64

10

Analysis

  • max time kernel
    15s
  • max time network
    150s
  • platform
    android-9_x86
  • resource
    android-x86-arm-20240910-en
  • resource tags

    arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
  • submitted
    02/04/2025, 07:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8c51df7beedf6b5af934e3c9f43af603.apk

  • Size

    11.8MB

  • MD5

    8c51df7beedf6b5af934e3c9f43af603

  • SHA1

    6ac720ba2037ca8a2786b12c67b3455ab911f0c3

  • SHA256

    29fb5098e114d4b07be3544a073e835198673c7e9d2526575a1f85fe4231c65d

  • SHA512

    20523a55c8b2d03dfa27d093518ba3af8613b8639d561a0b930ac337cd0bbe434035c01406521f26f2ee1e753dd887c609ece6500a8b23d28555ca65d8aa050a

  • SSDEEP

    196608:vbzjWQcwVV+3bqy9tZrTSh9YGFngmd+JNHq4LMh5nqoF7bL:XCQemy9tZrYY0ng/qaU5nqoFvL

Score
10/10
tanglebotevasionimpactinfostealerspywaretrojan

Malware Config

Signatures

  • TangleBot

    TangleBot is an Android SMS malware first seen in September 2021.

    trojaninfostealerspywaretanglebot
  • TangleBot payload 1 IoCs
  • Tanglebot family
    tanglebot
  • Loads dropped Dex/Jar 1 TTPs 6 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • com.xinobideveloper.installer
    1⤵
    • Loads dropped Dex/Jar
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4305
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.xinobideveloper.installer/app_mph_dex/apk.crazy-v1.AndroidManifest.xml --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.xinobideveloper.installer/app_mph_dex/oat/x86/apk.crazy-v1.AndroidManifest.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4332
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.xinobideveloper.installer/app_mph_dex/apk.crazy-v1.AndroidManifest.xml --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.xinobideveloper.installer/app_mph_dex/oat/x86/apk.crazy-v1.AndroidManifest.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4392

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.xinobideveloper.installer/app_mph_dex/apk.crazy-v1.AndroidManifest.xml
    Filesize

    4.4MB

    MD5

    7ea973ca96f723638d634b907ab02a9f

    SHA1

    1162faeff741c4b554c90e69d6cb7d1f43ddf410

    SHA256

    5743b752567f711668176290c4cc4742d92cf3583faa6c2573e93c0b08d231dd

    SHA512

    42d49b51171dc95afe63d3a33a1f8a1efb464a2b597ced023c5e2bf418cdcbc33990a09514bfb5c942c8ee619fc94486a6f95396258b762fc6d17642b9a566cc

    Download Submit

  • /data/data/com.xinobideveloper.installer/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫
    Filesize

    10.1MB

    MD5

    36e3f4d8d9aeb9141635461ea9ad65e9

    SHA1

    1eae25a01ed40dd99adc0e6a6480be7b1d532a31

    SHA256

    c087b8889150a4fc3b49a1e0467a1e333295fb54076352f883cf7946016391af

    SHA512

    5fb5e5443670600f6352a87adf7908f1d7490aac69a9a0556ba817c51540978acdc4dd2480888b52cfe0eaa70e95ba9f8967a001e49a26a77a3befa3df2d8f55

    Download Submit

  • /data/data/com.xinobideveloper.installer/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫.
    Filesize

    8B

    MD5

    24e5830679d5e2eb20ce4d8dae423124

    SHA1

    db167870d53a342d69e82fe3f9c700e6d329162f

    SHA256

    2d0d0f693a4a6f05caf2409f6cb71d717a3613d4f3fb19ef1b666e35e702c009

    SHA512

    c6aa4e6da4f905aaec38725c94475a7cb089609d7125de97b9e860def13f3822abdc536968289b43b2212010cbedea17bc01788df2eab511ac462a8e906d18e8

    Download Submit

  • /data/user/0/com.xinobideveloper.installer/app_mph_dex/apk.crazy-v1.AndroidManifest.xml
    Filesize

    4.4MB

    MD5

    e7f3f6d4264518c04c4a1d3c2ab1e4a2

    SHA1

    2b5145cc0723f6adf4cd67d39e1168e6684c7f5b

    SHA256

    93c6e3d42bc9dfee1fa6afe4045928323d170e8549830eba22032de20bee5b81

    SHA512

    dbb092854ad359d26cf62cb89b53693042c1e6f6e7c361852357955945a20df7a7e617a751b617c9e7fe6751c139661e5d1c0124821725d080ce641def4e44e4

    Download Submit