Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

Telegram.apk

android-9-x86

10

Telegram.apk

android-10-x64

10

Analysis

  • max time kernel
    2690125s
  • max time network
    137s
  • platform
    android_x86
  • resource
    android-x86-arm-20231215-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
  • submitted
    25/12/2023, 09:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Telegram.apk

  • Size

    71.6MB

  • MD5

    bb1d0e62868ec3527fdd58220bd65c15

  • SHA1

    8ab2f8bb1687c4b34ae511db8ca4c4283a093407

  • SHA256

    e3947611b3abd0788b75885e692928c6882fb173ef73acced4ebfdb4ef4b035d

  • SHA512

    ebd72ef94f15b3521611d106b49c7656202e99387b46013eb2e287404c3c58ad3f66852e394f7de589c737f5de6b4589c1d1caffdb7b7dd24a7d292a9ebe91ba

  • SSDEEP

    1572864:yCE59FBc3LskpPDp+cWz9gSRldiNuaU7xqybA6MLRMHoB4Vn9GO/pn:yCE597aIgBdSRn7xqAeuqKoKp

Score
10/10
badbazaarinfostealerspywaretrojan

Malware Config

Signatures

  • BadBazaar

    BadBazaar is an Android spyware used by GREF APT group.

    spywareinfostealertrojanbadbazaar
  • Checks known Qemu pipes. 2 IoCs

    Checks for known pipes used by the Android emulator to communicate with the host.

  • Acquires the wake lock 1 IoCs

Processes

  • uegaru.zerytt.mgffuw
    1⤵
    • Checks known Qemu pipes.
    • Acquires the wake lock
    PID:4221

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/uegaru.zerytt.mgffuw/databases/com.google.android.datatransport.events
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit

  • /data/data/uegaru.zerytt.mgffuw/databases/com.google.android.datatransport.events-journal
    Filesize

    512B

    MD5

    5bd6d44da10bd652bc0a9e9c6af2ca71

    SHA1

    0b8fad35806edc41a6083fce6effe88e0e79a640

    SHA256

    f78601f92dd6c2c98cb91a5d40031290b42ca9cc9cb5f707bcba86be03d3e1b9

    SHA512

    3a81ac77c70c5a0ba601e1ad97d185192f012be98db4a5641dc4ea7e09453c4b4b8676c802be602c7ba0eeeee60eb693da472c5d0642049be810bf4edd9ae963

    Download Submit

  • /data/data/uegaru.zerytt.mgffuw/databases/com.google.android.datatransport.events-shm
    Filesize

    28KB

    MD5

    cf845a781c107ec1346e849c9dd1b7e8

    SHA1

    b44ccc7f7d519352422e59ee8b0bdbac881768a7

    SHA256

    18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

    SHA512

    4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

    Download Submit

  • /data/data/uegaru.zerytt.mgffuw/databases/com.google.android.datatransport.events-wal
    Filesize

    16KB

    MD5

    f6e193d9644e4abd8ea2bd9fc248b88c

    SHA1

    838e4cfaeede2fb0a33fb5ccd7050e42d75b31cf

    SHA256

    5c04fdbd9119e92e00d7377c059ee03d39dd1953b35744ce5bbbb01586ed96cb

    SHA512

    3de04159b38ebe2b2c16aefa90a8ee62284d64ff8dc10d3ce1a72ec01278481a834fab295561864ac8b73f284968bbfb96c11a92fcb82076f66712fcc208af3d

    Download Submit

  • /data/data/uegaru.zerytt.mgffuw/files/PersistedInstallation7546342402348353697tmp
    Filesize

    90B

    MD5

    c7be9a30361082897bbf19b0581aa814

    SHA1

    8f0f68d4274195b224ad20e64ed22aef9883c3ec

    SHA256

    cc2ae5bf5ed792f4540020b3d80018a84186dae1df185ce4d3642bbeb85fdcc7

    SHA512

    992ceb5649367446c758970003403db3df4504b417a4b14fd78d7f24942ee055809fe56d5903714b0cc4aaa1fabeedb0cd790403ddec35ef65f17d494a54d934

    Download Submit

  • /data/data/uegaru.zerytt.mgffuw/files/account1/dc2conf.dat
    Filesize

    40B

    MD5

    098b011c59a80daf15c048dfee00ff1f

    SHA1

    47963ffe950f64e4ab0d329f111f1ea61e1f72c6

    SHA256

    87152114f80cd6a1b36e7649f2e54e18e347d15b45ca4245e1b2f20922a8f037

    SHA512

    2caea2577cd87ab62be62621d976c650f14f063b6ef815d23f218b35b17354c95f2a56d595fce876750fcbb47ddbdfa844812e1218d77aa5249d85dd349e16c4

    Download Submit

  • /data/data/uegaru.zerytt.mgffuw/files/account1/tgnet.dat
    Filesize

    1KB

    MD5

    434bed494baa0a537092bd0530e55ea2

    SHA1

    68c68f465b7527b64641df9f5c341b1c0bfef134

    SHA256

    a9da86d82bbf45d00b0008cbbe2e9ccd7f38f40d3686306eceefbea3038f02f4

    SHA512

    c68a5937129912eda27daab0c6bbecc30abfffdab538b77a0680e30201ecd356131b88cd3844421fb151e9a2b90148a368d34d051baa70540109218919bf26fa

    Download Submit

  • /data/data/uegaru.zerytt.mgffuw/files/account1/tgnet.dat
    Filesize

    1KB

    MD5

    fc63b440bf02ae474214416728b83618

    SHA1

    0bd08c14085993a102fca29f7d07766fba43f29b

    SHA256

    e9bb9520d654d9cf0011a59cc9c4b4077fbc0599d237c8cbd4a3cc72b3853c55

    SHA512

    63ae6ad5108ee501a3562eca9d25bd62efb57670923349e31431fa57c24a6f8f818f52b19ee44f727b32fa9e61d6df902f366c3f10157d970f9ceb56a572abf8

    Download Submit

  • /data/data/uegaru.zerytt.mgffuw/files/account1/tgnet.dat
    Filesize

    1KB

    MD5

    a79f40dd79b0922e5b73f648ac7b84f4

    SHA1

    4d87a121eddbef420e3d2e7d8a8c80d43d4d98cf

    SHA256

    1818dd53425cc43e2c574f1fc3c97f9ffaba8d67bea3f824bf00159300e01215

    SHA512

    56124d0a2554b97aa098b72b65e1efadf08f0f10a1e616bd3e17c690cca5a7893a9983d1fe5719621232630bad201529275927b2ecc010e6e049c8ad8b94082a

    Download Submit

  • /data/data/uegaru.zerytt.mgffuw/files/account2/cache4.db-journal
    Filesize

    512B

    MD5

    4d10f5c1be5adc976f3c64f8be9c2685

    SHA1

    c25062a4103ed91acc167ae29d90e46cc6bad7dd

    SHA256

    e19a3bb8c00c9b843e2f87763d4ac683c67e596f8607111e2de80111c85b5c97

    SHA512

    3a180df4885f095b24a9d95cf91f1ac7f7ce7859b722316fd29522e9ca4732a53fd35b2a967553c0974a5b9aaa6e493fa70f81da3f3b5b69bcecaaeea1a6b6a5

    Download Submit

  • /data/data/uegaru.zerytt.mgffuw/files/account2/cache4.db-wal
    Filesize

    321KB

    MD5

    6168da2ac46d2b3c627089ee235ddbc2

    SHA1

    2d36353c5500ec8c12e5efc0a4a4f7d353cdbb91

    SHA256

    0247616a4269c9407a20942a0f8591b4524fa27d59cb248c755baaedd3c41750

    SHA512

    a184f2b9b71e8f814d405b04b4d3322ccece14f834b8e793170c6b7394e0f14bb39c9e3a818df25eab5ed7668d757d34d75cd68512658bd277dc30b7337aefbf

    Download Submit

  • /data/data/uegaru.zerytt.mgffuw/files/account2/tgnet.dat
    Filesize

    908B

    MD5

    567d2216eb95b618aa2786ba420f4a12

    SHA1

    ca8a76c3da7df8bb24d8d923d80e17f636cafd0d

    SHA256

    019ca1d03fe81027f3b6c6b371f7f029588434befefeafc839dbd4c4f2810231

    SHA512

    cef7d9caaea06bab165988831efe7e041561630aef68ea2e6d8029af1f04adbcb0f0f785c867000abd2d426fc2c922d1823668ba4be3f843afab6cd91a85b630

    Download Submit

  • /data/data/uegaru.zerytt.mgffuw/files/account2/tgnet.dat
    Filesize

    912B

    MD5

    d81f455f52cee2c6134fe623a8ea3795

    SHA1

    8cba7a762339776393a6f45c6d83171d21c85898

    SHA256

    6f22de6c881123a38af69062c82a04f5d05420284c0da00d0619f6e7cd427c9b

    SHA512

    cc218ff0f2a6a09b4af9f5e2d21737c8c4e43fa281c4d86545e00244ff9b91ef807d80863d71b9e1e7eac67c50ff590e8399a69f88520bef3a729442db78db5c

    Download Submit

  • /data/data/uegaru.zerytt.mgffuw/files/account3/cache4.db-journal
    Filesize

    512B

    MD5

    7e1526d705ccdc23dc59c07c679e0e9f

    SHA1

    e574de4922899fd54b9d1e9b6cc70bbd9abffb50

    SHA256

    e870ae40788986bbf3e56ef5459dc5af2f93ffe28ed3961ad5355850ca8e001c

    SHA512

    8349159e6326a3446fa23ac68493287e687ba65393af4caefae4f812a02cbe74c3d35d3d434ccbb1142f55e54a44aa721b3ae95162c40f18842ff46d07265396

    Download Submit

  • /data/data/uegaru.zerytt.mgffuw/files/cache4.db
    Filesize

    4KB

    MD5

    689eb9d3d2a866648f68f76e6a8c3d46

    SHA1

    ba65af36973bb4cb831868ec4882ce204bffb597

    SHA256

    2a8c5af4b19e1144088ff271ec893e963a454107facb5f7155c2ec33cfa17b6a

    SHA512

    98392c13983b1dea2b080c383bd26cae10b411360df2fe4192bef6c0958b5f6bbff98ad876d2edbd8bd771f0e8519ad9c3cc50ceff56afec569bdae864b14d83

    Download Submit

  • /data/data/uegaru.zerytt.mgffuw/files/cache4.db-journal
    Filesize

    512B

    MD5

    40cd7d0847931a16d659e445db7bfd90

    SHA1

    3ee127538f107dee65e4acc55202ebc18ce767c6

    SHA256

    d75aa9cfcd897f6d5393d05c7aaeec9029af24d886485c85901c72d7617ed034

    SHA512

    6223fab0b1d4f8b94757544203b5c76cb18ca5ba6fe90874b5ef7675055bb63bc1d08310fc4dc20705cf884f12d95db846290e11f31db8bf0d8e86844cc85a6a

    Download Submit

  • /data/data/uegaru.zerytt.mgffuw/files/cache4.db-wal
    Filesize

    675KB

    MD5

    8929cede9d0d6a5236ff45a97ee1d3d0

    SHA1

    88f0c95f9beba27b31b6db9ab7bf85b3b99c280a

    SHA256

    76c65ea06412e81590b5de0a473699882489b1e5a9a48743044dac742c2be7c4

    SHA512

    2c8cf95c70a045a3e86847207f3876517c2c14c4cbc96d5d3f1343560c78abab60da160d1338b6aff737ba34ef34fbf4423834a0728a547e4b395834f82345c7

    Download Submit

  • /storage/emulated/0/Android/data/uegaru.zerytt.mgffuw/cache/000000000_999999_temp.f
    Filesize

    1024B

    MD5

    0f343b0931126a20f133d67c2b018a3b

    SHA1

    60cacbf3d72e1e7834203da608037b1bf83b40e8

    SHA256

    5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef

    SHA512

    8efb4f73c5655351c444eb109230c556d39e2c7624e9c11abc9e3fb4b9b9254218cc5085b454a9698d085cfa92198491f07a723be4574adc70617b73eb0b6461

    Download Submit