General
-
Target
Telegram_10.0.8_apkcombo.com.apk
-
Size
69.5MB
-
Sample
231013-yt533ahh83
-
MD5
2933e561f7293f5a847d6bdee0b27420
-
SHA1
47ef6ef813f0895a5ff6dd06900d03574b584aa4
-
SHA256
117d7a223f481056d49daf7ead5249089f56b44c50c557cee1617f7ea9fa07ee
-
SHA512
5d2e3d3afa70529bf0dbbbfb8792be1f982064491313a77519d4ff9a98108e36bd13963a53d1a6ad7a6d31f739200ab2869b51bbe8f0d4b3b3c233549f2d221a
-
SSDEEP
1572864:38v9KTmBfI7wjohzFIq0y1P4qVrLhnqc1CeQ/EVnY0X0/WQnCo8g:3+9KCK7wjolFd0awqVrLhn5C7clzAWX+
Malware Config
Targets
-
-
Target
Telegram_10.0.8_apkcombo.com.apk
-
Size
69.5MB
-
MD5
2933e561f7293f5a847d6bdee0b27420
-
SHA1
47ef6ef813f0895a5ff6dd06900d03574b584aa4
-
SHA256
117d7a223f481056d49daf7ead5249089f56b44c50c557cee1617f7ea9fa07ee
-
SHA512
5d2e3d3afa70529bf0dbbbfb8792be1f982064491313a77519d4ff9a98108e36bd13963a53d1a6ad7a6d31f739200ab2869b51bbe8f0d4b3b3c233549f2d221a
-
SSDEEP
1572864:38v9KTmBfI7wjohzFIq0y1P4qVrLhnqc1CeQ/EVnY0X0/WQnCo8g:3+9KCK7wjolFd0awqVrLhn5C7clzAWX+
Score10/10-
BadBazaar
BadBazaar is an Android spyware used by GREF APT group.
-
Checks Android system properties for emulator presence.
-
Checks known Qemu pipes.
Checks for known pipes used by the Android emulator to communicate with the host.
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Removes a system notification.
-
-
-
Target
youtube_embed.html
-
Size
4KB
-
MD5
2ef02526d37f620d84e2089957abdc71
-
SHA1
e2f3339e91cac8904d7d37f1f4909bb2e3c7960c
-
SHA256
64759a92e22868f3a7bc37381908520aff9bae31ef2c5e3cf998ac2f9c0d6c05
-
SHA512
58b4857311dc3a24acac11a511e0d3a1fc5075ef1354669ffba6e0cfb57369d39d40a47abcac29af991be71711504a08ec391e66ca59f1e9461573dc90657a43
-
SSDEEP
96:b7vebZZFTzS50Nij89Ur9FUvi9znUlq84YI38FxxuxxprhUUI8s:b70Zh8A9Ur9FUvi9TUM849383AxTtUV1
Score1/10 -