badbazaar | 7da7a999a1efb6591013734ec3464f23aca7cd9fa896efdb0e82f894dc6a151a

Analysis

max time kernel
2340447s
max time network
160s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
20/12/2023, 02:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7da7a999a1efb6591013734ec3464f23aca7cd9fa896efdb0e82f894dc6a151a.apk
Size

17.1MB
MD5

0f32d26b2c84430ad6c1f05e08612815
SHA1

4ed10a2045ce34d9639b5bc78ed93b5ac60c9612
SHA256

7da7a999a1efb6591013734ec3464f23aca7cd9fa896efdb0e82f894dc6a151a
SHA512

6caaf0e7246904398752888d371c7db5d3562c7413bf285fe5cd6e0d521e2d64fe9b7d9688de2733eef1bf40ac56cd1202101bfd744bcee590d6e12fa6768f13
SSDEEP

393216:bwXc7nKYvHRzHyzhtotpOmucAxOhjSZ23+:8M7nlHRzHyDoLNAxOhe

Score

10^/10

badbazaar infostealer spyware trojan

Malware Config

Signatures

BadBazaar
BadBazaar is an Android spyware used by GREF APT group.
spyware infostealer trojan badbazaar

Requests cell location 2 IoCs

Uses Android APIs to to get current cell location.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.blackgramsoft.pro
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	com.blackgramsoft.pro

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.blackgramsoft.pro

Reads information about phone network operator.

com.blackgramsoft.pro
1⤵
- Requests cell location
- Acquires the wake lock
PID:4268

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.blackgramsoft.pro/databases/__pushe_base_lib_db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.blackgramsoft.pro/databases/__pushe_base_lib_db-journal

Filesize
512B

MD5
de82f793a2e0faa7627568431010182a

SHA1
c887d74710900e899bc5fb9cc5bfe1b8dabd922b

SHA256
1898f226e0988be41a71ff1a7f57c489ad686ceae99da97b3b537f7819835cf0

SHA512
706f87a131a1982073487015f097c6ba4adee65907ceaba153555491c8a25f6c65c5ccf19c4c2a72b59a564d3a44379b041d256441db5c15b3e843f79cb2701d

Download Submit
/data/data/com.blackgramsoft.pro/databases/__pushe_base_lib_db-wal

Filesize
36KB

MD5
ec05f493062d64b11a51a56cfd000216

SHA1
59905a063f29cb7d86ed2ae5e87b72ae116ccafb

SHA256
d82f41c94630e72f0677067e58f43e8b7764a6d1395df9267ff7c291731d5922

SHA512
b64b076d1e4c8ed930627a7a3f58408f013e9e156a193ba31bbd09fe1377e54e457f66c35992b18ebbc4884e16651b0374cd1f6f35055f521e55ba24ed30b585

Download Submit
/data/data/com.blackgramsoft.pro/databases/evernote_jobs.db

Filesize
16KB

MD5
15094c6a968c90ac7a79b427c9de691d

SHA1
30602e10e226c53e5212dbea09018212992b4808

SHA256
68b50a4bd972d266894f15f589e7a4ad62ad94c5ddb3276b2b0933ead8dee617

SHA512
61eb24da08aca9b884b00c499952000cf22acaa16d020ee2dcdb2f3a510cb937139e50d20aadfa8446e4411adaf7e3bfa608f3b26ae08ee3b2412e85225b2adb

Download Submit
/data/data/com.blackgramsoft.pro/databases/evernote_jobs.db

Filesize
16KB

MD5
978fdf85b8448e3a7c9015e51477eb49

SHA1
793bb88398dc9457935a4416638d5ed3974baf19

SHA256
8f72919eebbe45ed6d33b7b763d7e45d76a880128aee9aa5c29d28ab79689a92

SHA512
852b2d3e2607c96625e9bcd454c702ccec6a0f07aba3410976d6400ecd2d48ccc92d93c8ce7fcc87a622d04357bd6805a996f11d339ca7fc3eab99c0e991fe38

Download Submit
/data/data/com.blackgramsoft.pro/databases/evernote_jobs.db

Filesize
16KB

MD5
add6a642e973aa20aa6399d43c912ddd

SHA1
55132ac76676fd649544e80ffd2239e6c636fb8b

SHA256
cebe489a4cffd130faf5177d687b4092227475214a07f9182efbebb54120fdad

SHA512
c34c54579ef7643ba8155348bd0dd5a66b538dd921ef474fe9fd41304aec90ff882d0e25338c49916413e2a2f4ae7e10e0db8df406cba7aba83e3493e42872f0

Download Submit
/data/data/com.blackgramsoft.pro/databases/evernote_jobs.db

Filesize
16KB

MD5
cee1c830ecfc554d25a68052bb7378c2

SHA1
bbe1e12b557f94dc52e5a213dc346097433075e9

SHA256
6e96ec06a9b58587fd1975690f090dfd11606b7f237e448c1157be1c8692731d

SHA512
c319e00841b4939d258335288ee55d8f33c913a6275aa33bdacc380d531d8e5d212fad6ae59552541550797ff9a2cb66ee769cee879ad4514524b3f01c517d4b

Download Submit
/data/data/com.blackgramsoft.pro/databases/evernote_jobs.db

Filesize
16KB

MD5
424e6633b5032441e42e188f49fb81e4

SHA1
c6d99faf8bfa88ac1e164305c174c81f92641e91

SHA256
fb45063893503b1335f0b6c9ad8b1bbaa0b4d120405efee58314f8b71be7b39c

SHA512
34066ed5b7db9223120cc85c752f58aaa01e1e662e98ffab5254d18e2575b7d7b53c511ec637b4c8a5a94bf6e54d2a445ffab82cd405f9f45052ef3b6831ed76

Download Submit
/data/data/com.blackgramsoft.pro/databases/evernote_jobs.db-journal

Filesize
512B

MD5
02acd11210bb55b0d9d910d4a533728a

SHA1
2a2494aa159bde1e0982b6c6b7fb7e22a4954cab

SHA256
ff5a67cc659c668e579306697ae95099c7a9176a6f05955de9c12a1344b423be

SHA512
fb7a81a14844b351c55996497bba198860308ad0763abcb7bf17c66529b458ade6c404ac320a18e46998348eced7484b4856615494303452e6a829384fb9e1b5

Download Submit
/data/data/com.blackgramsoft.pro/databases/evernote_jobs.db-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.blackgramsoft.pro/databases/evernote_jobs.db-wal

Filesize
4KB

MD5
2f2c23c43aec6ce52b40d536df924227

SHA1
0d0500e7c4076add4987ba17ec2fb5c4cb2f6fcb

SHA256
7ff0af6592a1274eae6f4303930787eecabdb1fa146ef1301ac663b08b9a7f13

SHA512
60a1be8db6cd22e4e22e83eb926e66d894088a903e15ea92ab5bafb83b7a45a3bc513606b36d1c5756580ab9d540d042e4efed9246907398114596334951341a

Download Submit
/data/data/com.blackgramsoft.pro/databases/evernote_jobs.db-wal

Filesize
4KB

MD5
39e85c4470068e5b08b3531ecaa56e5a

SHA1
1b8702ee690948e832f49df64892ac1a16134999

SHA256
f53febdb6549182673a9163565bfa5645050e43a79093ba1f6c040c98140cb0c

SHA512
88a1b03f3bd149486bcbe96038f0c5108cc7dd5c6a170b9881823344b3e0e63a06b81dc821c2ae4e959e918bccc616f0922ee708a9c027ca41acee70db8ed1ca

Download Submit
/data/data/com.blackgramsoft.pro/databases/evernote_jobs.db-wal

Filesize
4KB

MD5
46aab84057127026275550f2fbd1138b

SHA1
b5503413d8f5649444e0c691ef68aa89b7103a6e

SHA256
d421b77e9e71f59a82e1cbe2d141f831d36b15093a54f546dd1df81655b6d815

SHA512
8ecd41328816ece85480f3547c36a02663f9f707beb362182b809014d2039050426e3e68cc13d92822388ccecb7fc0dad913fb8d5047048d394372185be25232

Download Submit
/data/data/com.blackgramsoft.pro/databases/evernote_jobs.db-wal

Filesize
28KB

MD5
d2fa8122fd8b9d3d5c041c9cd879908a

SHA1
e9b9df024f00c3b673206f40bb9b698e64f0c9ce

SHA256
25687a9a0a00127347a93b60b11cd159be96eca0763293c794a87ecf6b81b92a

SHA512
c8d6808158577c30d7ea8d06ed4750648f02f39a9606b67fd6f75dc9c4eb1d9d6ba5415cc823bda0a58152d8e922cb42de379b222ff263d82b1a4181336bf4d7

Download Submit
/data/data/com.blackgramsoft.pro/databases/evernote_jobs.db-wal

Filesize
4KB

MD5
c711bfd574d0419728e32b5ca1d98971

SHA1
fb17741696fafd50e799dd52dcd29f2d62658350

SHA256
6b748a24312ad9fb6da1f396a9671075806ee6f922a13908ee0d9717681610e7

SHA512
c6835781d5afa7c9d7e113f6036fc840cc8a79fbe8d3dfe3c4782717d089693bd06bd271892c9d9f03eeab20e2a587e2d8daaa14816f55b9bbaea3ea4d466dae

Download Submit
/data/data/com.blackgramsoft.pro/files/account1/tgnet.dat

Filesize
1KB

MD5
cd87171c85c0b5f6e2c01f0a3b969f32

SHA1
5733048c8fb730f123932fd824472909deeb404c

SHA256
6faf264f66145b776c78cc489dc47968be21d303db7e2d3d27f03f542e53f8f0

SHA512
222cb701b2cd90ac85ea24a5348243eef2aef44bd30316b298b0f0d3e4ca4e44a0376e0b9566e7271f21dbba5eeda1ec5276629e1df900cba7c7c1cec74e29ac

Download Submit
/data/data/com.blackgramsoft.pro/files/cache4.db

Filesize
4KB

MD5
016683935acbb282c7578e3bd33ccd0d

SHA1
660bf3aa98f5d315d125233d8c41e36ca6a29dc7

SHA256
5c05dce52b7158962eaf74d334082631d324befeedbb807914fd71b0e520210e

SHA512
03f47876f950d614174aa5c0ec7ac81184e587aebb50354e761ba8c84ccb96100aeef678f3a9a62160482b87c4bcd2d46c5a31ce7dadcf4f2792a0da0097e693

Download Submit
/data/data/com.blackgramsoft.pro/files/cache4.db-journal

Filesize
512B

MD5
c6418b205055129afb1672adc10bd9cb

SHA1
03e4a097d0840a93e2280bd194fbfda1fc871430

SHA256
5c6a149a49cbc26e6a5e4ae3293811309aed7e83e9fdebb3fc976e639a08988c

SHA512
2d2b889fc11e08c242504d395457d6ed737125ebd65119755dd5a116b06f6a31cd9e8b0b70971676845827eff771055941c2a43e18cb2010f12432b0a4a07bd0

Download Submit
/data/data/com.blackgramsoft.pro/files/cache4.db-wal

Filesize
116KB

MD5
443f512c76b7a632dc891102389b88d2

SHA1
85ab02a8cf619e266a71d58a72c3f9369b80e81d

SHA256
148166cba9fbeb264eab3b426399748b8f85c12f20f4bf399b0e3985997d6edd

SHA512
7ebb180a3e313dba6acf7453c9267e9a88307529a530933950f1b60dc837efef0ae6d8ee1b0025a0b3678849fdfc07420140a94c58c7f4d89b3ee0756fd0b551

Download Submit
/data/data/com.blackgramsoft.pro/files/dark.attheme

Filesize
142B

MD5
4883d0a476c9ecedb97865c1ea791cc4

SHA1
0513f1963c26ba19c1c236edbff7f9b78b216d3e

SHA256
f11982f51fcfbe74560962e04ee67423c56945467817bd7aa404daa9aa5f92f3

SHA512
693f3791857090a6a135b876430ab868485401808456bade40c4328b0e2648dcc30665d871bcff6a3ce60ea39bfb96231f6b33264603caac74d5123b430b06c3

Download Submit
/data/data/com.blackgramsoft.pro/files/remote_fa.xml

Filesize
793KB

MD5
a46b66a69c8179a5ae2cef053be0fadf

SHA1
d34ec8caee1dc561688a38e4894bc5f37ab3e59b

SHA256
870a9ad148c751f7d1d057f1d57bc9728171da9d4c65d7212b8c1851f1f3e64d

SHA512
32d8de1852cf3f56862195797851d13c06afeebea5464420aa56df9348dfc1f379be75abb05f2bef60556324b69023e94e7d79701b3dd71a0dcf5ab321da991c

Download Submit
/data/data/com.blackgramsoft.pro/files/tgnet.dat

Filesize
792B

MD5
ed12917cf9b65b36cdf3e0b05b4d2005

SHA1
2d9cef12b09cb1738af2d449dbae9c7e19803e7c

SHA256
b99f12ee28da215b9b9f37184d92242e255fc121da8788e9b2476f59c063ac5c

SHA512
7b2652aa6ac952225c5b27a3c65a31c1336c83f7ae9d2235c46e22b27589b94d021da21e142721a9b39a528b91db656d2d65d8a1d45796d8303289982b0e3b5b

Download Submit
/data/data/com.blackgramsoft.pro/files/unsent_requests

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/data/data/com.blackgramsoft.pro/no_backup/com.google.InstanceId.properties

Filesize
2KB

MD5
6ad7472aa42970a44932e61f0a4e2d10

SHA1
b32767039f878f36452a0927741648250d730c59

SHA256
57c687f8baaf2b065030345be0348d3273d9a9e657601d5da7361e45ded984ea

SHA512
224bc58f6ee09ec16f7dd638f70b8d5f6dc68b29b09324acf7db1f56b114be764e6b5e7bbab60fa32e08a563b761b96667fbb0598ac10d17fcb0b3df88e01a3f

Download Submit
/storage/emulated/0/Android/data/com.blackgramsoft.pro/cache/000000000_999999_temp.jpg

Filesize
1024B

MD5
0f343b0931126a20f133d67c2b018a3b

SHA1
60cacbf3d72e1e7834203da608037b1bf83b40e8

SHA256
5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef

SHA512
8efb4f73c5655351c444eb109230c556d39e2c7624e9c11abc9e3fb4b9b9254218cc5085b454a9698d085cfa92198491f07a723be4574adc70617b73eb0b6461

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads