Overview

overview

10

Static

static

10

FlyGram.apk

android-9-x86

10

Resubmissions

20/05/2024, 06:03

240520-gsgkmseg38 10

27/12/2023, 08:11

231227-j3db3sedek 10

Analysis

  • max time kernel
    2857803s
  • max time network
    158s
  • platform
    android_x86
  • resource
    android-x86-arm-20231215-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
  • submitted
    27/12/2023, 08:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    FlyGram.apk

  • Size

    50.6MB

  • MD5

    207591f089116460eecac93556cc4ee6

  • SHA1

    c6e26eafbf6703dc19446944af5ded65f86c9571

  • SHA256

    daf3d2cb6f1bbb7c8d1cfb5fc0db23afc304a622ebb24aa940228be691bcda2d

  • SHA512

    4fc1f05e6113680d2439541f9a66dca0284c3a56030ba4ad8b89f70b896df3b171ed99dc22ed09000429b325b1d8cc14194dff7c6209955cef40ac87eccc87c3

  • SSDEEP

    786432:PQhaCgW+rjQgsjp0i2bq5TXQOtj2pG4dG5NzarvqHwl0DdaAlmE:Iha7WA2lKbgTXTtjsGN3aLqHBaAlmE

Score
10/10
badbazaarinfostealerspywaretrojan

Malware Config

Signatures

  • BadBazaar

    BadBazaar is an Android spyware used by GREF APT group.

    spywareinfostealertrojanbadbazaar
  • Checks known Qemu pipes. 2 IoCs

    Checks for known pipes used by the Android emulator to communicate with the host.

  • Acquires the wake lock 1 IoCs

Processes

  • org.telegram.FlyGram
    1⤵
    • Checks known Qemu pipes.
    • Acquires the wake lock
    PID:4211

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/org.telegram.FlyGram/databases/com.google.android.datatransport.events
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit

  • /data/data/org.telegram.FlyGram/databases/com.google.android.datatransport.events-journal
    Filesize

    512B

    MD5

    df4dc36922daf0cd74a8c65c8be37c2d

    SHA1

    d367019869da1ba7fbe1dfaede5bc80af26b42f9

    SHA256

    6856b6affa82d66931d69e54455879ae4ea78351ffaeab40d5e957859de20189

    SHA512

    8518ccccc21a6f1cacd4680ef7f748860e4054a0ef6c2377c4313b3d918737fca415b2632ec94a51ff4b567d241872fdd72d2b6e0dbdbd3ec16a8d10926e0f0b

    Download Submit

  • /data/data/org.telegram.FlyGram/databases/com.google.android.datatransport.events-shm
    Filesize

    28KB

    MD5

    cf845a781c107ec1346e849c9dd1b7e8

    SHA1

    b44ccc7f7d519352422e59ee8b0bdbac881768a7

    SHA256

    18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

    SHA512

    4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

    Download Submit

  • /data/data/org.telegram.FlyGram/databases/com.google.android.datatransport.events-wal
    Filesize

    16KB

    MD5

    def59e6b12f2508caa43411ec8fb7e10

    SHA1

    7647f05f763e41ced6fe4f2616ab969340deb872

    SHA256

    5d2c1677604d690fb9b70dba03735dee07b26ad80e1ad8c9f556546012f3538b

    SHA512

    680e16b71085b9349a0b24d130dd4f583b7aeef4fd24aa791005116c49c2e3143e2b9ac9d443d1107941c47a8a8462ef9707c1b2600b0d6b878963ceb758a6e7

    Download Submit

  • /data/data/org.telegram.FlyGram/files/PersistedInstallation6067219124813325024tmp
    Filesize

    90B

    MD5

    6f17da2a09d27547255999df8dffb672

    SHA1

    b3d45ef71955c3c89c2fa6249482fa9a00f1cc2d

    SHA256

    5633380b11b6e7b4965f2afaf94dff8c39e4b985ea65ce8d3cc371391d5c0020

    SHA512

    c84615b97d039ee92019fa69d2a282cfcec05e284775f802fe0c69a5ef36157471e32627e23c72dfe60147628a5a84be56171c61407da8c59f14ef2fb64e75ce

    Download Submit

  • /data/data/org.telegram.FlyGram/files/account1/file_to_path.db-journal
    Filesize

    512B

    MD5

    363852e0651c6c57f293da4d021b2b2e

    SHA1

    bbf9a4c7d1bc788c603dd09e37d2b4437f051c2c

    SHA256

    f8b606ae8848a317f3ddfef77b1dde84ef6e4f83f3524bb410d49a74c2352943

    SHA512

    e905e4c19850a461208bd7f7195e03b9238d85571e4d4629ab7fcf18de5129c969248f2b0b8b556542f6505e70c0a9d876ecccda06ec52de902d6f8b94fd93ec

    Download Submit

  • /data/data/org.telegram.FlyGram/files/account1/file_to_path.db-journal
    Filesize

    4KB

    MD5

    6183cbcabbd8dd5c75ddd48c9637c8e1

    SHA1

    f053779511cc51950e012cec60894d08253199fb

    SHA256

    d21296d2b0688674ed0f214056980a3b8da5954911ff16052c3234a4e5ded426

    SHA512

    0e6317404adf523e34cdef520586e23799eac1400fd6bce2cb7e950aaaacf2d0644d6d3c98cfc585d85fa3a9950e302aa3e7b30912074341f6cbe41871f7c971

    Download Submit

  • /data/data/org.telegram.FlyGram/files/account1/file_to_path.db-journal
    Filesize

    4KB

    MD5

    93f5b93abbf66bd1d23afa4c11cf8f9f

    SHA1

    8c723fa46a6787f62e3346731b55ccbd68f9522e

    SHA256

    58363b9c7cddd750b44c44bc716a4e27842488648c925e19536504371b2ac42e

    SHA512

    ae9548ec6fc63b35b58a8391ccf9386833ec4a32e7bda34f3f1730a5fe2432de7f1def2f1844b3287cead3f016108fc2a79f39b508616a9349fb2837f121812b

    Download Submit

  • /data/data/org.telegram.FlyGram/files/account1/file_to_path.db-journal
    Filesize

    4KB

    MD5

    35c576d33239a670b814c2b84d18a7b4

    SHA1

    09f11ed407bc18e66077b7739fe983bb3b72265f

    SHA256

    42054ecbcdd0ae339d7c0fc37e976cc2ce842212505361649693458831d0dc0c

    SHA512

    aae756fd9887ac6de4bb6d72c0d3939744e66599e742fe4ed987cb8c62911b37dd3ff0cac65109f82a7c56a384f4ff3ffae8d0476d047b357655d7a301d5d0cc

    Download Submit

  • /data/data/org.telegram.FlyGram/files/account2/file_to_path.db-journal
    Filesize

    512B

    MD5

    ca3914c98f6b270db6dffa85a769734e

    SHA1

    5c8fd1bfd038170b6d0e25d64eaec6fc82c4e304

    SHA256

    6bfe70a708efb6296f5a8a95dbe957bb6e166d946e18354c109028d934004e1f

    SHA512

    841c042b23493714cb15bb10d2f8016f30a6c2e00f18f5ebca74c1e02b08d7586a8832407a8dbc9c4655c8c967c00626da3723b41c4d82ca587402ced8b67134

    Download Submit

  • /data/data/org.telegram.FlyGram/files/account2/file_to_path.db-journal
    Filesize

    4KB

    MD5

    67e11f5a84bba00f5b7732a8eca7f7a9

    SHA1

    50e9bc261a65b2fe74b2d981cadd9426491684ac

    SHA256

    23c1850779501dfc23f960f0e1677e2b2ddfd4536e5092253372a0acd33d4af7

    SHA512

    443678b5666b1a210778c98ce0e413480dbee01e065c1fd5e84bc1e0a690229e2ea6d7e6bed26e70309eb574236a6f7b6e0ce4fabaddac71ccf8ed7d756a4a06

    Download Submit

  • /data/data/org.telegram.FlyGram/files/account2/file_to_path.db-journal
    Filesize

    4KB

    MD5

    b5cfdd295add2109f90e3a96becb4605

    SHA1

    8079945efb78a7d989592868f3242fd8a407f6e5

    SHA256

    a500cfe8ea75bc739ede7811b0a4fff920c773f43485994669caddbb3e7663c1

    SHA512

    070a7cbc7f038dcca382ed6e9eb3b086c4a54870d5eff41efcffc3216d4097d7db9083be5db977213dae406775f2ea60aca166dab7fb34a703b344a8dd67b7d6

    Download Submit

  • /data/data/org.telegram.FlyGram/files/account2/file_to_path.db-journal
    Filesize

    4KB

    MD5

    be2c556cc2a283850af8ca43466939e9

    SHA1

    f93eab42d9505bcde581bfe7ef828ae9ce4095a0

    SHA256

    7cd888c99529411588f8ef95ccd26b223d5464b586027b9a32700c79c7539fbb

    SHA512

    8934978c3639666ecacbef13401d396d1c175203610f08860f5bf532e551e5bd9d761b15fda468cb5df3d272f626558cab38b6f2e7be6362e7e03cca7d4829a9

    Download Submit

  • /data/data/org.telegram.FlyGram/files/account3/file_to_path.db-journal
    Filesize

    512B

    MD5

    6bea7a47cf61455a1256cddda7fca525

    SHA1

    92c935a7b293bc5278a5eb1e0286b5ae05e22f18

    SHA256

    6d5f731a266e0d7e038f155e00841ed6f8b77120a98878384bf856d0d5acff9a

    SHA512

    769a6bba1a6faca7ca09eb5cf575356ff3c8209b85d87af7d678a7c280c396713cd2b4c82f06ff23dd3185539fc1e978fc03d1fd464b3036126a1495672e7159

    Download Submit

  • /data/data/org.telegram.FlyGram/files/account3/file_to_path.db-journal
    Filesize

    4KB

    MD5

    05aa126997ee8507ba31bfa8a77954c3

    SHA1

    392f5fa4767afe7bd3063ccfd3f8e047f8a4e321

    SHA256

    635ff61c973929a2bf14757f648bb8deed87292a1592ac58cc79485cf38db1ec

    SHA512

    0f1428727bb8d08e63f8eb570c4ede3dbf05e50a8ee34861c1757f3cfd5e523f3b9e418e79c99a749053bc6022acfee492fc3be25411c16afc267aabf24b8df1

    Download Submit

  • /data/data/org.telegram.FlyGram/files/account3/file_to_path.db-journal
    Filesize

    4KB

    MD5

    303f886f6ddd616af9bcade033013356

    SHA1

    ac9d7b3450c373e285c1643d009301264b049e1b

    SHA256

    5b8f649abb87ebf6992a4933d9ab0420cdf23b545f19dbc3a14b22898ba09144

    SHA512

    2d364b02bf918914dfbc9d80787245b687ee6ab48955e337f7903ee848663225d330b2d8c6e6143ba7a0b752c7e89ca6e8fd3f729051adf20bea30479d434e89

    Download Submit

  • /data/data/org.telegram.FlyGram/files/account3/file_to_path.db-journal
    Filesize

    4KB

    MD5

    a6ab22fb75eff5ca69aa2c5dc7d79fc9

    SHA1

    4bd31a34c93c4b524614867351ba9592641255fd

    SHA256

    7c0bbcf98a745ec17bf452bc75713e7583507294fd54460bea5bcc22567ac553

    SHA512

    a8b0cbcbab453535867f9dab36125900910315e535891cad0ddbb29094d0357a517e2b3aa0084e7b77e536cb96b02bf29b1b4b8289691a6ddbc82ac6b4296d0e

    Download Submit

  • /data/data/org.telegram.FlyGram/files/account3/file_to_path_backup.db
    Filesize

    24KB

    MD5

    0896f8facda443d1f4857d3f8f9987fc

    SHA1

    d3e80821bf57491c8a7f9a28ec2fd51f1654ca2c

    SHA256

    3119a312492090d16a81ddafadff2f238bcbecd6036518e9276831588dc80583

    SHA512

    851bfb8c15732ee4c11573e411382d8aaa5c97b188ef2b0eefa6fa085643cd0e0246641c79e1d05bb3adf75f460c01edc62fff8e7d5129236fddd0b5ea854dda

    Download Submit

  • /data/data/org.telegram.FlyGram/files/cache4.db
    Filesize

    4KB

    MD5

    689eb9d3d2a866648f68f76e6a8c3d46

    SHA1

    ba65af36973bb4cb831868ec4882ce204bffb597

    SHA256

    2a8c5af4b19e1144088ff271ec893e963a454107facb5f7155c2ec33cfa17b6a

    SHA512

    98392c13983b1dea2b080c383bd26cae10b411360df2fe4192bef6c0958b5f6bbff98ad876d2edbd8bd771f0e8519ad9c3cc50ceff56afec569bdae864b14d83

    Download Submit

  • /data/data/org.telegram.FlyGram/files/cache4.db-journal
    Filesize

    512B

    MD5

    2230b5543999415a9777d008c85b1b6a

    SHA1

    ce1e1580153930aa46457312189d8c0e5026573c

    SHA256

    7367a0777297284e053285cf41d306f07316d585ca5002c4c9e1c1bb021a2b0e

    SHA512

    4e4879ad2c3f2468571f9233c6b36a057faaab5535de3905d4a2eb1426c444ce08104e76ed1b17f5c319ea4644e25a842fba5fe88d3127801fa9575f1c47ea2e

    Download Submit

  • /data/data/org.telegram.FlyGram/files/cache4.db-wal
    Filesize

    32KB

    MD5

    686805a2797153e186e767b6f381d909

    SHA1

    ae22dd7653e2bc7f438f9c4f1fd3df0dcf3a009e

    SHA256

    744c85b6daf7874bc28412176ac478b9dc4c4414e6f245ee76f1bc7fad2b7e9c

    SHA512

    fd5698ff5b68c9664b889a3a927f7d417e51552dd1a4596cd509cd6b278c2cb8aa135387235ef0ac9c9f1ad743f72a597b63ca7b05a94adbfdcca0383114af9f

    Download Submit

  • /data/data/org.telegram.FlyGram/files/file_to_path.db
    Filesize

    12KB

    MD5

    51df08c16cd51d03460873b04dbe0208

    SHA1

    3043a29f43b3c8781d886a89533e714d2de092fb

    SHA256

    b47bc20ee9c34fd53d317ce9d1c1ac581f75cb42f54532dca77af8804ee02ca2

    SHA512

    1de921c0639692e15cb09d2afa5a5bece59b8af415df0b114c5cab4ade259fc0c082ec589cc7cb568bfe19b58e55fbc3872b482c31eed2f9373a4b03d7578acf

    Download Submit

  • /data/data/org.telegram.FlyGram/files/file_to_path.db-journal
    Filesize

    512B

    MD5

    d875827b95de957acf387883ba514ebf

    SHA1

    8ac7d972ef03ef70a7e319f2b2c09609d0ea0954

    SHA256

    5cbe1ffad5ece649af3d9a6706e875a53f0dff232411071ccf2831385a5d9f4f

    SHA512

    59f60e130618cfdcda7709d1b50955d2285a6070d2f4453a26167792cee88ef99149f292ee47ff60a2a39c2de1a055e6908a5adc90fa05ee5d9049fccf43ac04

    Download Submit

  • /data/data/org.telegram.FlyGram/files/file_to_path.db-journal
    Filesize

    4KB

    MD5

    b710951e764313624777bcadd2a6c2ac

    SHA1

    6eea53f1a7a964cc80a2855a0405cfc38de97146

    SHA256

    1f734245f4edb04956ef27de8a7750c66b2ac11e6d1760cfa24952320f3f8022

    SHA512

    ddd97e38753884c1d2f687a6434cdf96c1b56f763eb5a21dfc159ccdfe688c5dcfc1873e51261fe60ff34e6ef8cd3c4f82671f7b3cc58fc17c6e6f671194a7a1

    Download Submit

  • /data/data/org.telegram.FlyGram/files/file_to_path.db-journal
    Filesize

    4KB

    MD5

    136677ac3ccb8fe1b561961012a9e477

    SHA1

    c0f0b0ebb4f09b42f07b1fd05e68d27afca95807

    SHA256

    62b2142f7633eae64a058bdd0b7a189ab6c3d476c334d838b9d4a68372fee9d7

    SHA512

    f1d5e387d4c8a72f78104c59e48ca04186f06b432eb08932ce115dfa30965a4a5a7ec870ac9847e0d9d2de6d6ef88e1429d15c421cac84a1eb061f06e00dfb75

    Download Submit

  • /data/data/org.telegram.FlyGram/files/file_to_path.db-journal
    Filesize

    4KB

    MD5

    adafc57c5280ae78ec55f7727368eeee

    SHA1

    cd7f7a7b81a36daa81d3eaf3deb3a0c956a38a90

    SHA256

    d30509d3fe12f65f134f617f390d46f58694d01df8f4036399d3f8cce05ca456

    SHA512

    e37bc4bde7197f6dfbcba4dee56190d6fa6653f14f1cca2b0d14b6e065c2f2f986a437a836c1455719b51350c435e6e1de6bce232eebd4e15b748a13128a785e

    Download Submit

  • /storage/emulated/0/Android/data/org.telegram.FlyGram/cache/000000000_999999_temp.f
    Filesize

    1024B

    MD5

    0f343b0931126a20f133d67c2b018a3b

    SHA1

    60cacbf3d72e1e7834203da608037b1bf83b40e8

    SHA256

    5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef

    SHA512

    8efb4f73c5655351c444eb109230c556d39e2c7624e9c11abc9e3fb4b9b9254218cc5085b454a9698d085cfa92198491f07a723be4574adc70617b73eb0b6461

    Download Submit