badbazaar | e3947611b3abd0788b75885e692928c6882fb173ef73acced4ebfdb4ef4b035d

Analysis

max time kernel
2690203s
max time network
156s
platform
android_x64
resource
android-x64-20231215-en
resource tags

androidarch:x64arch:x86image:android-x64-20231215-enlocale:en-usos:android-10-x64system
submitted
25/12/2023, 09:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Telegram.apk
Size

71.6MB
MD5

bb1d0e62868ec3527fdd58220bd65c15
SHA1

8ab2f8bb1687c4b34ae511db8ca4c4283a093407
SHA256

e3947611b3abd0788b75885e692928c6882fb173ef73acced4ebfdb4ef4b035d
SHA512

ebd72ef94f15b3521611d106b49c7656202e99387b46013eb2e287404c3c58ad3f66852e394f7de589c737f5de6b4589c1d1caffdb7b7dd24a7d292a9ebe91ba
SSDEEP

1572864:yCE59FBc3LskpPDp+cWz9gSRldiNuaU7xqybA6MLRMHoB4Vn9GO/pn:yCE597aIgBdSRn7xqAeuqKoKp

Score

10^/10

badbazaar infostealer spyware trojan

Malware Config

Signatures

BadBazaar
BadBazaar is an Android spyware used by GREF APT group.
spyware infostealer trojan badbazaar

Checks known Qemu pipes. 2 IoCs

Checks for known pipes used by the Android emulator to communicate with the host.

ioc	Process
/dev/socket/qemud	uegaru.zerytt.mgffuw
/dev/qemu_pipe	uegaru.zerytt.mgffuw

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/product/framework/com.google.android.maps.jar	5163	uegaru.zerytt.mgffuw
/product/framework/com.google.android.maps.jar	5163	uegaru.zerytt.mgffuw

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	uegaru.zerytt.mgffuw

uegaru.zerytt.mgffuw
1⤵
- Checks known Qemu pipes.
- Loads dropped Dex/Jar
- Acquires the wake lock
PID:5163

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/uegaru.zerytt.mgffuw/databases/com.google.android.datatransport.events

Filesize
12KB

MD5
ea628e04765adaf4238a5dcdff4bbd51

SHA1
a801947619ea8c368efe9c006a324dc6339ac60b

SHA256
885e337c2156e4dbf2176a9677ade50418740532d222ccae5ad4aa371b54c6a4

SHA512
c0287b0e7b690a7231a37d1745c49f3d861b22aa65dd769ba6a8b5ab9da55443f749957781ee05a405019c39e1be45d37a971b821bffd62a1d5620bc39119abe

Download Submit
/data/data/uegaru.zerytt.mgffuw/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
ef2bd72dbfd60418ea9b8f7b262d1e93

SHA1
878d91f0a2bccb8d628e77a71450467602f0ec07

SHA256
1fe878881b217544c2b1a4290021adf70800ad7d0a2b9762e9f75d94afa9034d

SHA512
07502d5946a57d15e20dacc0a385932106d7f2ceeb9516caee88f51fa525dc5dd754179b78940e5a29270ede01b35a09095be7ed28f50ba8c78229c914b62e23

Download Submit
/data/data/uegaru.zerytt.mgffuw/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
92ec84a26e7174a83c374252ea83b803

SHA1
a26e473b34e2c1a7866e947a3c97c53f4413501a

SHA256
9807f188930041478921f11d5721ca7b4fa1e488451be8fd51e29a855045d817

SHA512
e38b46260fce19b9e55b6fc99060fc83bbb3d8d539dcca88305b2c407924f3eb53b8607ef29c63dc5161b2d3bf9f489cd801246693badb9f4ea6344a0ce29bbf

Download Submit
/data/data/uegaru.zerytt.mgffuw/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
ce157eabe103dc98287a0670a2b9f00a

SHA1
a6269785b489d4c2e01da2953c17714e5b7014b2

SHA256
35035b655a9c956b65fc292ae7130ebf7647bc4869ad415f0fee43397a82aaf3

SHA512
69fc1ed222cbdc056910ac2f343a3669ae58351cac2acd73986c0e05c1251a0b856bcfb4bd1934f5a3e319f27ad97654af524905602e3ef7a9a56e402b6a68ad

Download Submit
/data/data/uegaru.zerytt.mgffuw/files/PersistedInstallation6485043358812881275tmp

Filesize
114B

MD5
f5af1b9c177f66f781f43db8adcc68ed

SHA1
7e967db43109fc63b94f665706a0951b34815b23

SHA256
1e0b1e143edadc70c41931174183a76467b150bcaa72299f3ab7c2dab5f17f01

SHA512
aa581f1452096dce10747e74b62d97ee6ec3a817a4834f911174dce4fd30477d264c9e37ab47fa07181d828fe5926d336712ec4f163c13575e9a9e38ae9c0083

Download Submit
/data/data/uegaru.zerytt.mgffuw/files/PersistedInstallation8212556698595335225tmp

Filesize
90B

MD5
690d41c9175b2dff17280f986f14a5c5

SHA1
42d614f0b2dfb80fa028a6e5e1b3011b5dab70db

SHA256
d1b7848d4ed5dd8fddf45a3d215fd3c85a032f401357cef2a3f4f30d8719300d

SHA512
07f378faa0f74af31e24318bc5f4d2280fdd1fd2e503dd4a79b61810fadf0aee0a764ab0e955cabb1006df300275cedcccd2f73b391a0657d1e739dce280d49d

Download Submit
/data/data/uegaru.zerytt.mgffuw/files/account1/tgnet.dat

Filesize
908B

MD5
d46efdbea5c436716c951a10c8575571

SHA1
a8a52edd334763cde0bda18cfb484fa8e03dd552

SHA256
0ff4e283d7081f4b5794f50781e496716b2bc18e0f0ccb0709d3511e2358c9d6

SHA512
e6190877a58c17596cebef69340d681b10b333beeb31fcac1af94118c33c26bdd0a2c89c287296eba7a67b0665dee5180d469ab93fd189f33517c8c5a7833233

Download Submit
/data/data/uegaru.zerytt.mgffuw/files/account1/tgnet.dat

Filesize
912B

MD5
621599711a4eec52fd660f2c5f317bc0

SHA1
42469178f552ee1ce352eae81af9b244f2bfdeb5

SHA256
15251b412f94152b39225b2103593b71a5b4b4ad4ec9c4438456ef81a2967cc3

SHA512
f08d405f9229bb4fe0a999f0d5423b6f65fa4de7db7b25e4108da4548d33b9685d529477f91c32345e3148be1705abfe1f1906d15ddc660b96043a67cf1dd4be

Download Submit
/data/data/uegaru.zerytt.mgffuw/files/account2/tgnet.dat

Filesize
1KB

MD5
75b152fbc639c33fbc49bd11fe82f615

SHA1
882d3c9e1d6638e11244f4d46812e158117536c4

SHA256
5042a37eeea92e789cd69f1c98e6a9117761c81ca907c2860823dc2054488e43

SHA512
83ec40533349f4e35a6e90d0676832b99b4a4dc8077821ee44410489fcb6796d6d6fd795ad2f09bdf2834bfcc187d18e658874b02e7e01031776135f3cd9bc81

Download Submit
/data/data/uegaru.zerytt.mgffuw/files/account2/tgnet.dat

Filesize
1KB

MD5
027a4114397fb426d6bf0f4e87d98039

SHA1
14701c855b2edfab82f301706d8ff6d11ed88791

SHA256
1b8865bc8c4129571d8144d1e7c47ec98cf71377cf985d93fb8652f813a9fa52

SHA512
d067e69396dc759d4c26c5a296387257cfc097ba9737dde4af1beb8c64624376b4c92b54f24550df29e0f2fb8b71c2c5953fd74e2de549380e2dc8fadaeeed12

Download Submit
/data/data/uegaru.zerytt.mgffuw/files/account2/tgnet.dat

Filesize
1KB

MD5
8adee3c954aa928e2eb2a108a1bc841b

SHA1
74989a435f0cb72b164545cb6fbb4c988f2d27a1

SHA256
53eedb12943fce56c4a57fefe88b3fc07ab7701bf130eacbc53c70086114365d

SHA512
8e6d6d2e2cd3be049a8b6bdf26e736d23a1e07ff86d518c2aece3ab5629f1efec1a96749c2921355b1b4ac9644ca10eda1cb15e4d0c643272ed61a9d701bf23a

Download Submit
/data/data/uegaru.zerytt.mgffuw/files/account3/dc2conf.dat

Filesize
40B

MD5
098b011c59a80daf15c048dfee00ff1f

SHA1
47963ffe950f64e4ab0d329f111f1ea61e1f72c6

SHA256
87152114f80cd6a1b36e7649f2e54e18e347d15b45ca4245e1b2f20922a8f037

SHA512
2caea2577cd87ab62be62621d976c650f14f063b6ef815d23f218b35b17354c95f2a56d595fce876750fcbb47ddbdfa844812e1218d77aa5249d85dd349e16c4

Download Submit
/data/data/uegaru.zerytt.mgffuw/files/account3/stats2.dat

Filesize
612B

MD5
8925e2048cfdee06903c7663bf32c818

SHA1
529abd54881f8469aa10fd8253ce30c258cb56b5

SHA256
3acc6cc7df2a9854321e8f040e329c6213adb41c641fdbf53288fff7c95de472

SHA512
17cc451db117f93c11861401661cb27ee23efbae355165f3ccce75dea9b724ab9ad0e6fce7aaf2537fd20877619018fecff8f9f1378e20438496d9390567997f

Download Submit
/data/data/uegaru.zerytt.mgffuw/files/account3/tgnet.dat

Filesize
1KB

MD5
4f35fc6885d946aad9cbf4952c37cac2

SHA1
6e4fae37e7368d1c7ada71b41b829165a4f5f31e

SHA256
dcb2b8621c0c57fe0980d53b713534e6c162871681b83e220cca3d6274617e03

SHA512
8d35a1f3263a1af3eb3c523a9bc13691f173eebc2f6d3b8240c59500d3c091d0e68a8275ff0d4900e01cf9b2a55bb0b5820e763af0972e869086cfd3a7185712

Download Submit
/data/data/uegaru.zerytt.mgffuw/files/account3/tgnet.dat

Filesize
1KB

MD5
c93b1384e4dad1be3207589be09e0f43

SHA1
e4b342bd4f20766b790b1152858a3a981d2d3c0a

SHA256
72558ec81f13cf9cff699f9e14b68f1d0269aff6cc0f6b3e99621a6c72671741

SHA512
a49b31e60b66b4d4f2e8fa61db4cb5e605e2a66832ea836eeed967ac90a2f6a3374473be4e3710db1f0b8f3ff49b17a9bb65f207a94195f58acc8ff3228e9522

Download Submit
/data/data/uegaru.zerytt.mgffuw/files/account3/tgnet.dat

Filesize
1KB

MD5
3cc590ce3e3a8fca8a74c91ced49633f

SHA1
c65bb9b7970433e5f169cfec77e5505d2e5c74fb

SHA256
047b0d10e9fd25a98314df1bae2e909dcaa2e3bb3209489dde66ea6b7014fcae

SHA512
91a7659ad3c9884e7ea0b6c2142c96a409a216585083cb898947861c61ade34c9c78d64ae94d3d73d0a42bcbf0559aef6707a507f941a4a90d540ba562d61d82

Download Submit
/data/data/uegaru.zerytt.mgffuw/files/account3/tgnet.dat

Filesize
1KB

MD5
81ec8b08f0f582739463d3a1abcbea7d

SHA1
39163481929a8efdbc03e07e7e8fde35f0b9edef

SHA256
b911813db7350d7be44314a17d1a0561f447492494cef9c30105d0d2f473563e

SHA512
648dc3f835cb3f05118f2ac03bd02e088f8c0affc008c8006b0d4a7ebae9d470c16409e4372f0e637560dc1caf7fdce93a5af872432f0536f2818446aa1ac14b

Download Submit
/data/data/uegaru.zerytt.mgffuw/files/bluebubbles.attheme

Filesize
5KB

MD5
6420f44c7c5cf39db3d34bc1bd234ad9

SHA1
e77b6e7525b32567a0e3db22d204ef32e3bf4eaf

SHA256
90b3cbfb9e621cbec2493b2650de4bc7d039247b78c12324cf0949997c46180d

SHA512
8943cbfaebe00d9c60cd27f2fff3d02c6ba0fa2fe3d505426c6933aac49de7d7eb75b8d534fc911d4febff7b9a9b6f503a66b9a1445304f9dfeaf77fa8c07289

Download Submit
/data/data/uegaru.zerytt.mgffuw/files/cache4.db

Filesize
4KB

MD5
689eb9d3d2a866648f68f76e6a8c3d46

SHA1
ba65af36973bb4cb831868ec4882ce204bffb597

SHA256
2a8c5af4b19e1144088ff271ec893e963a454107facb5f7155c2ec33cfa17b6a

SHA512
98392c13983b1dea2b080c383bd26cae10b411360df2fe4192bef6c0958b5f6bbff98ad876d2edbd8bd771f0e8519ad9c3cc50ceff56afec569bdae864b14d83

Download Submit
/data/data/uegaru.zerytt.mgffuw/files/cache4.db-journal

Filesize
512B

MD5
40c720558bd41d76e297ff62b020fe57

SHA1
750ee993f73a537b99276b37781ea6b92e0d5487

SHA256
6c0e9de2334c45eb65b122b0bba34351d86126a5469a60a4a572a280a8372496

SHA512
4bd9c61dd29619d991ee1a2819af209c6b478f170fb9f75327e5641f2378dc96e58a5cfc39483899287ba90fe8433d2945d589fca351e9a9c67abdbe0622c7a3

Download Submit
/data/data/uegaru.zerytt.mgffuw/files/cache4.db-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/uegaru.zerytt.mgffuw/files/cache4.db-wal

Filesize
728KB

MD5
0457548b3e9c52d1efed3f5369c4241f

SHA1
26e04f82e972f3227b5602ff6d35ac92e5bb8fdc

SHA256
447c385efa8245b0d49651aff354297ca3bcbe877ad0034b73ff4fd0354ba532

SHA512
4a1659ef72477a7a18957928f3cdf89432cf8fd1a7d2235718ad8047b3e4d8870a28cf1a9e7b306987a38b8f8bb317eaeb0226d9c730a193e13a207aad9cf966

Download Submit
/data/data/uegaru.zerytt.mgffuw/files/remote_en.xml

Filesize
600KB

MD5
8964b4afde73817c5f7a2eed5fcfacc7

SHA1
7a1f413bd93d9f688ef82b69a7b262447a586328

SHA256
259be36f54d0d9ba2fbf0872cc32e5241b3402b959811d0dd4e91258ff00b12a

SHA512
814b797a04eac969c77e76a6cdb16ed885105631ab806ed11171e41bd72db5de34edd4b8eee78e7c34f461d7496cf1efd9cf00a8fb887cb60f2754cebf6a0024

Download Submit
/data/data/uegaru.zerytt.mgffuw/files/tgnet.dat

Filesize
1KB

MD5
04ece218fcd4d205579f65222e61c3cc

SHA1
9c1adfea8353fdfb5269998029f09cf90763c3fc

SHA256
34546cdec3ee74c283f7dba57a375113f2c0aeac0ab0add3c7e62b3a61424e68

SHA512
36710177554a97b711a8306721d9a71c3ff80e3e533c555cef8e32a442c09301954463d4e2aaa024db048300e9583d41e98797f143d035fdd039fc03c2a9948a

Download Submit
/product/framework/com.google.android.maps.jar

Filesize
315KB

MD5
4899aca36d1ed747a447dcac0d101a62

SHA1
32e43edc0bf3e036683ea8639472e6cd31ab9929

SHA256
67a651acd867e046fb4463b31ea584c1468f7243a9d1e2efd34059e8ee2f130f

SHA512
50b23dd279a9efba566c6a6523c7537723c0cd6dd3e4871f1cbdb8d5bc355caa3ddea99452b1c8e5356802f812b3768066a9848b93d715bb8bdfa455b704285f

Download Submit
/storage/emulated/0/Android/data/uegaru.zerytt.mgffuw/cache/000000000_999999_temp.f

Filesize
1024B

MD5
0f343b0931126a20f133d67c2b018a3b

SHA1
60cacbf3d72e1e7834203da608037b1bf83b40e8

SHA256
5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef

SHA512
8efb4f73c5655351c444eb109230c556d39e2c7624e9c11abc9e3fb4b9b9254218cc5085b454a9698d085cfa92198491f07a723be4574adc70617b73eb0b6461

Download Submit