badbazaar | d23704d50be8827883847a2c325e78d04d27ffc55a0dcdac9d469e841f1d27ed | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

d23704d50b...ed.apk

android-9-x86

d23704d50b...ed.apk

android-11-x64

Sharing

General

Target

d23704d50be8827883847a2c325e78d04d27ffc55a0dcdac9d469e841f1d27ed.apk
Size

70.8MB
Sample

240107-yya4gsdcgq
MD5

444404a5d3da9bb8e84720765390b828
SHA1

4a4f12b1c8510d678210a07ff7977f52009ce083
SHA256

d23704d50be8827883847a2c325e78d04d27ffc55a0dcdac9d469e841f1d27ed
SHA512

08073d3fd04187f4a9451193f1926593f04671b7aff220c45645099a1fbd8f64d3780206daa36b87283fe3b22e6728349c5a29c4560201dec35da4032a5b14a8
SSDEEP

1572864:86f9acDxoDal/DalVrQU3IXEu22mDNvxAoX62ncBdVoXqJOx:tFcqDUVrl3du2tRq2ncH+2o

Score

10^/10

badbazaar android infostealer spyware trojan

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

d23704d50be8827883847a2c325e78d04d27ffc55a0dcdac9d469e841f1d27ed.apk

Resource

android-x86-arm-20231215-en

badbazaar infostealer spyware trojan

android-9-x86

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

d23704d50be8827883847a2c325e78d04d27ffc55a0dcdac9d469e841f1d27ed.apk

Resource

android-x64-arm64-20231215-en

badbazaar infostealer spyware trojan

android-11-x64

4 signatures

150 seconds

Malware Config

Targets

- Target
  
  d23704d50be8827883847a2c325e78d04d27ffc55a0dcdac9d469e841f1d27ed.apk
- Size
  
  70.8MB
- MD5
  
  444404a5d3da9bb8e84720765390b828
- SHA1
  
  4a4f12b1c8510d678210a07ff7977f52009ce083
- SHA256
  
  d23704d50be8827883847a2c325e78d04d27ffc55a0dcdac9d469e841f1d27ed
- SHA512
  
  08073d3fd04187f4a9451193f1926593f04671b7aff220c45645099a1fbd8f64d3780206daa36b87283fe3b22e6728349c5a29c4560201dec35da4032a5b14a8
- SSDEEP
  
  1572864:86f9acDxoDal/DalVrQU3IXEu22mDNvxAoX62ncBdVoXqJOx:tFcqDUVrl3du2tRq2ncH+2o
Score

10^/10

badbazaar infostealer spyware trojan
- BadBazaar
  BadBazaar is an Android spyware used by GREF APT group.
  spyware infostealer trojan badbazaar
- Checks known Qemu pipes.
  Checks for known pipes used by the Android emulator to communicate with the host.
- Acquires the wake lock
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

badbazaarinfostealerspywaretrojan

behavioral2

badbazaarinfostealerspywaretrojan

© 2018-2025

Terms | Privacy