Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Telegram.apk

  • Size

    71.6MB

  • Sample

    231225-llke6shbeq

  • MD5

    bb1d0e62868ec3527fdd58220bd65c15

  • SHA1

    8ab2f8bb1687c4b34ae511db8ca4c4283a093407

  • SHA256

    e3947611b3abd0788b75885e692928c6882fb173ef73acced4ebfdb4ef4b035d

  • SHA512

    ebd72ef94f15b3521611d106b49c7656202e99387b46013eb2e287404c3c58ad3f66852e394f7de589c737f5de6b4589c1d1caffdb7b7dd24a7d292a9ebe91ba

  • SSDEEP

    1572864:yCE59FBc3LskpPDp+cWz9gSRldiNuaU7xqybA6MLRMHoB4Vn9GO/pn:yCE597aIgBdSRn7xqAeuqKoKp

Malware Config

Targets

    • Target

      Telegram.apk

    • Size

      71.6MB

    • MD5

      bb1d0e62868ec3527fdd58220bd65c15

    • SHA1

      8ab2f8bb1687c4b34ae511db8ca4c4283a093407

    • SHA256

      e3947611b3abd0788b75885e692928c6882fb173ef73acced4ebfdb4ef4b035d

    • SHA512

      ebd72ef94f15b3521611d106b49c7656202e99387b46013eb2e287404c3c58ad3f66852e394f7de589c737f5de6b4589c1d1caffdb7b7dd24a7d292a9ebe91ba

    • SSDEEP

      1572864:yCE59FBc3LskpPDp+cWz9gSRldiNuaU7xqybA6MLRMHoB4Vn9GO/pn:yCE597aIgBdSRn7xqAeuqKoKp

    • BadBazaar

      BadBazaar is an Android spyware used by GREF APT group.

    • Checks known Qemu pipes.

      Checks for known pipes used by the Android emulator to communicate with the host.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Acquires the wake lock

MITRE ATT&CK Matrix

Tasks