Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

d23704d50b...ed.apk

android-9-x86

10

d23704d50b...ed.apk

android-11-x64

10

Analysis

  • max time kernel
    3851408s
  • max time network
    152s
  • platform
    android_x86
  • resource
    android-x86-arm-20231215-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
  • submitted
    07/01/2024, 20:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d23704d50be8827883847a2c325e78d04d27ffc55a0dcdac9d469e841f1d27ed.apk

  • Size

    70.8MB

  • MD5

    444404a5d3da9bb8e84720765390b828

  • SHA1

    4a4f12b1c8510d678210a07ff7977f52009ce083

  • SHA256

    d23704d50be8827883847a2c325e78d04d27ffc55a0dcdac9d469e841f1d27ed

  • SHA512

    08073d3fd04187f4a9451193f1926593f04671b7aff220c45645099a1fbd8f64d3780206daa36b87283fe3b22e6728349c5a29c4560201dec35da4032a5b14a8

  • SSDEEP

    1572864:86f9acDxoDal/DalVrQU3IXEu22mDNvxAoX62ncBdVoXqJOx:tFcqDUVrl3du2tRq2ncH+2o

Score
10/10
badbazaarinfostealerspywaretrojan

Malware Config

Signatures

  • BadBazaar

    BadBazaar is an Android spyware used by GREF APT group.

    spywareinfostealertrojanbadbazaar
  • Checks known Qemu pipes. 2 IoCs

    Checks for known pipes used by the Android emulator to communicate with the host.

  • Acquires the wake lock 1 IoCs
  • Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes

  • org.tg2.messenger
    1⤵
    • Checks known Qemu pipes.
    • Acquires the wake lock
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4269

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/org.tg2.messenger/databases/com.google.android.datatransport.events
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit

  • /data/data/org.tg2.messenger/databases/com.google.android.datatransport.events-journal
    Filesize

    512B

    MD5

    7e052fe2dca6adb539d8c52a0d08f054

    SHA1

    f4dc38fd3284f0b2ef7caee3b5c0d27328de448e

    SHA256

    fdaff2caff1c9f4a5bf01e2ae7c5748ea413764b44e83f3cfb8ef8bde31bf6b1

    SHA512

    ac53c49331c7a3e4226e55627ef90ed1c19143a0ace9bf5b2e3e126eae054c51b08b30a86ec2f1750283cfa80519916fda926d7ddd60e76cd0af025d34df4474

    Download Submit

  • /data/data/org.tg2.messenger/databases/com.google.android.datatransport.events-shm
    Filesize

    28KB

    MD5

    cf845a781c107ec1346e849c9dd1b7e8

    SHA1

    b44ccc7f7d519352422e59ee8b0bdbac881768a7

    SHA256

    18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

    SHA512

    4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

    Download Submit

  • /data/data/org.tg2.messenger/databases/com.google.android.datatransport.events-wal
    Filesize

    68KB

    MD5

    f2f939f73230914eb7a7610b0ea5a355

    SHA1

    080b860ee2b2f75af2d227a024e85352e9f954d1

    SHA256

    b485f18ec4dc2e1b69335979e126c4401b49d78eb37a2da4c949e03019c2c686

    SHA512

    155a93ca94d685f7f2905b5e37dde6416ee10a21d36c0033510d50ce9eeac9fb81af162829caf5231e880b72907c9aec03394ef013ff6eb133257afb69162d20

    Download Submit

  • /data/data/org.tg2.messenger/databases/ua.db
    Filesize

    24KB

    MD5

    42211116ea4adcdafa72e0d5cde67679

    SHA1

    fe359ce760f900c82d050d53f90c5912cc3168fb

    SHA256

    e73734f0a2e8e47775cc0e20a5b8e8fedc2da2d4236bc6575f847e1d300fcf95

    SHA512

    0d5eb02ddd823d43980a211cdbde2730fa5e257351070a9de39b6131ec16484e4bf5f469719fd9604aeaac5e024e77c6e5d5c7f1992951f72c58feb6bb2b2907

    Download Submit

  • /data/data/org.tg2.messenger/databases/ua.db
    Filesize

    32KB

    MD5

    a64a4a3aab95fcb3b56d74dd7d5ee3f9

    SHA1

    3077b7dc73fd17882e7a708a43386461de6ac971

    SHA256

    121b8f522b3b1c95acbf73798f9d6ccaf81a65601c570f3232c0dd217c135224

    SHA512

    916ecb842e42f733f5814f607119f1a219fc0e45f64be92f78c5b52b4f9274b2252a949fa127d25e4a12fa6ad77c714d99142b7cb3dfd39640c3aed07a4c0896

    Download Submit

  • /data/data/org.tg2.messenger/databases/ua.db
    Filesize

    36KB

    MD5

    68229976b6873d50b7d5abf68d9aa7f2

    SHA1

    505b01548faa590379b626da4da88bdf3e6376fd

    SHA256

    cfbc4fe867843f0571add0ef404fa60b3b6dbf2133aaa3b2b3553305e5fae128

    SHA512

    744f6b539b936670f7a622b0382797c8c127ab533b39d0df13b5a0ce5fc2ee9c2933d8b771cc7702d84d2e006bba2f60a845e1e3ff46efb39bea64cb97a438ab

    Download Submit

  • /data/data/org.tg2.messenger/databases/ua.db-wal
    Filesize

    12KB

    MD5

    4860e62c73e400de0058e1ac1c1b469b

    SHA1

    fe34f2a3af95bab5a2a16f2eb10aa7629e5757d6

    SHA256

    0831fe3d8a6d050ecf317703e74156398974e713ae12f291e61ae9cd51cdbfce

    SHA512

    68df4ca936bd64732486df3309811e4846bf29cad913c3d664b46e6bed82130dc81b419ee260d47bcf53214153a219d202abdf09c0de302e29908fac27b133b5

    Download Submit

  • /data/data/org.tg2.messenger/databases/ua.db-wal
    Filesize

    12KB

    MD5

    a398edae795b72ea8b6b0f7a5e5c1225

    SHA1

    67dc7dfba14496c65d42e4b801952e755314669f

    SHA256

    53e960a3f08dbb91adb5fa9f657a2ef661dc2e2bfbf15d16578231c05093fa7a

    SHA512

    508e58e67a29d0017b93adfc9f9cbdb196908dcbf819cbacf668fc1f1b5ad0e09456f92a41efcdab3721f02c88090189fd451327f0ed61e4d1185319d05f4a8e

    Download Submit

  • /data/data/org.tg2.messenger/databases/ua.db-wal
    Filesize

    4KB

    MD5

    32b7b8ca90570aa45d6ffdb1bce40fc9

    SHA1

    4db785812b49b7bc47e9ace9a38f9e1c1d531785

    SHA256

    1711a5db9991f6a227e969e281a356d1c78803c4434c477f802c8edeea43d6ca

    SHA512

    261bcd7d91f2ff2ffd502094c7c5a63b800f31bfb5bdf71598c4fb45e7e9b65df2f124259a3ca4586f327f45ccad17fe49b4f7e28ff567e08661105bde32ebb8

    Download Submit

  • /data/data/org.tg2.messenger/databases/umeng_zero_cache.db-journal
    Filesize

    512B

    MD5

    afa646d1dfb7fdd7f4b29749b162561d

    SHA1

    208c0f8a033d74b9be861cc46c2a7a4f6d06f1ac

    SHA256

    296f365ab05b55f2dee1a74c8a4d49d2e1fc9ea7ec5f82d5100bf3932d18fe59

    SHA512

    f9535415b864eff24b76683d7aefc79ce63d3d3e4c8d2ca393a40247d66cd049761903a71103d4f3f49dc0eb4a5354762bce1dae2d91a170ebf985e175535d8f

    Download Submit

  • /data/data/org.tg2.messenger/databases/umeng_zero_cache.db-wal
    Filesize

    32KB

    MD5

    aa8ac2d5167469b75c1b555e5f9a0b8c

    SHA1

    94c3338704d2c493fca26201511c832533877fdb

    SHA256

    6d83f8c0b5f1e84ce57a5039fa12ef71d703b2d23a933c0cf0a6babe2bdd3fe3

    SHA512

    6d32b0ac7d93203c21e544068e1690089781ba71b9b0fa2eb636fb95ee8ea78f279391ffffb679a4dd6b0bf55997d32d37d17379e41ec5af2799c4ec011efb87

    Download Submit

  • /data/data/org.tg2.messenger/files/.envelope/t==9.6.3&&9.6.5_1704658454020_dW5pZnlfbG9ncw== .log
    Filesize

    1KB

    MD5

    bf11710422e7a567ab41c1148881b666

    SHA1

    12eb591ca4a2d40310c6131622edeb019a0e9ec3

    SHA256

    e7b64608634cb263d42590fbca6044e95bcb6e768a516e98fdd3c366307b371c

    SHA512

    6fdec424220567a1a348c1d85aca527a277838121b0eda50c835b72616cb6a418290ec48f611c8829bd73b4dab0ddc6af59b96313576163da0cb90897aecaec1

    Download Submit

  • /data/data/org.tg2.messenger/files/.imprint
    Filesize

    87B

    MD5

    e5797edadd8872e46f49d74dca3ded42

    SHA1

    4e22ac4d05e78a71c2b0c673e78fd8078b717189

    SHA256

    90f5e0f38c192ca3c09455b21dbe59ac67774beb6e935f87c810ee148263c130

    SHA512

    0c99abada46b4646386c052af5001c1136bf397320b43f935ea517f16dda860fd141239a19dac8c297c74e98f439b273c7ec8850759126bb5d1ee734eca8793e

    Download Submit

  • /data/data/org.tg2.messenger/files/.umeng/exchangeIdentity.json
    Filesize

    162B

    MD5

    c08ef983b32d1f294ab51027559e4236

    SHA1

    93b0465f6ac3ce973178b8ba780d0f53c986320a

    SHA256

    726a5f27b87374644feeb5e3c82ceb3a48f58cb632188efb7e10c4e34e6522d7

    SHA512

    c98567e801948acbaec1db67048be85aeac9632db3e09c5709daaa4d2709dfb05b68384d634422c8dbbf6af392af4bb3f69de15b664e18cb483eb282ceb11609

    Download Submit

  • /data/data/org.tg2.messenger/files/PersistedInstallation3804147553591431484tmp
    Filesize

    90B

    MD5

    53b57514cd718f7633e20cbe35440062

    SHA1

    b989f6170c96e47731a2c916ce9d7cd9938aaed1

    SHA256

    5dfe28804a47385b28ef7d9ea5e5f5ebfd239df8f08aba38f9c7afb226943901

    SHA512

    82c90c3c21248027606af26b7b0a86976cb0a97e70757cd57e41d4a88943f2a174861cfb14d66cf6e257d2379b3a6f344750e86370138e89ccd7cb3d82febb59

    Download Submit

  • /data/data/org.tg2.messenger/files/account1/cache4.db-journal
    Filesize

    512B

    MD5

    f3369fcfe2e05b6fb6ac9d9b1c70e9ff

    SHA1

    54529a828b111c7bd035027c93d5e77052827cd8

    SHA256

    7baab759fab425b79e43be68f17cbe092cc0ce966d353476d36be8cfc728f9ce

    SHA512

    aa98cbf68af6d8d64fd353acd45d4cfd9c3de01d5941d64262fac08dca838e96fba40c1c5d2f733aa986eedb8fd6ae9d860286c408f9ffd27151e814e0461b60

    Download Submit

  • /data/data/org.tg2.messenger/files/account1/cache4.db-wal
    Filesize

    32KB

    MD5

    11e828afb7c57bbf386fe42068722dbb

    SHA1

    b3566ddacaee11f66a13d230a3244b9025b9a7df

    SHA256

    76fb11a7da49a02b4e2bf2c69755aa2d703814b419def8c0f222b358edf654d8

    SHA512

    936db240a5a42a783e56522c37b15f4f16003883259244746199d4620dc3e2cd6d80dbd19ae30534e4f22070abd3aa2b8a39df35b8afd652cc545a2dab0a63e5

    Download Submit

  • /data/data/org.tg2.messenger/files/account2/dc2conf.dat
    Filesize

    40B

    MD5

    098b011c59a80daf15c048dfee00ff1f

    SHA1

    47963ffe950f64e4ab0d329f111f1ea61e1f72c6

    SHA256

    87152114f80cd6a1b36e7649f2e54e18e347d15b45ca4245e1b2f20922a8f037

    SHA512

    2caea2577cd87ab62be62621d976c650f14f063b6ef815d23f218b35b17354c95f2a56d595fce876750fcbb47ddbdfa844812e1218d77aa5249d85dd349e16c4

    Download Submit

  • /data/data/org.tg2.messenger/files/account2/tgnet.dat
    Filesize

    1KB

    MD5

    bfb19985a9f42803d33d15651f1690d9

    SHA1

    7f6b705e5220fd7bb9a428358943c3915d8af880

    SHA256

    6840a917c55dcf5a4fa1a17518d1dc2984f33321a62b71bac6b972b8e81695fc

    SHA512

    06bb3960d91608acc3bde526d2f71d85845d2f4e567107fc99f33c512e7b69d199664769caeff7a9d64bf388fa61d97353e73525d47a88bfb3ae0d0b0eeeeea9

    Download Submit

  • /data/data/org.tg2.messenger/files/account2/tgnet.dat
    Filesize

    1KB

    MD5

    1c61fe06d12677ce3cf7362edd4be77a

    SHA1

    e644e96298459436298562ddc72c19a9b5bf06f6

    SHA256

    40b76968b7a003c4c77900e517c7b3efc21d45690d3fc3f7e3fe140436b96af8

    SHA512

    56529d11b40e23320a3b047f87aca57e222639fb9dd72286fd74a4ed01e6ff95c8341918a45d824d67d506396513014a5a46b54899912590276e3af5771d7058

    Download Submit

  • /data/data/org.tg2.messenger/files/account2/tgnet.dat
    Filesize

    1KB

    MD5

    c0e03dd42bd346ddfe4887d0c10dc20c

    SHA1

    8cae5203066bb396616f32f326a3994c92d969ad

    SHA256

    2e7b28bea25a1a983f9016f8a692d9e13abea59c79748ea3fc86fd1e09ad15e1

    SHA512

    cfaeff8e982519eb0afff40ef451adf87e85bb5075414e697c758af35669888cba897fe6d37be9011b229d25ff519d791eebcc1657eca43bdf1e617c9f8f619d

    Download Submit

  • /data/data/org.tg2.messenger/files/account3/stats2.dat
    Filesize

    612B

    MD5

    e6ee7e9c00a1b0d39ab96d78b54984e0

    SHA1

    dec64ca4b7e70a336804d2f53841c5b895ff2941

    SHA256

    b8fd7c702cc2ae7a6580463a859925ac5a484cbd57f52a98bf359e89e844cbcb

    SHA512

    e0db35ecf396acc307d36a1cb183003cb1705cfd22ca788988217aa56b048be1b0a04488fbe34c867da234cb3b65c2b6a5a56354c4cafd90b47dabb6448de552

    Download Submit

  • /data/data/org.tg2.messenger/files/account3/tgnet.dat
    Filesize

    1KB

    MD5

    2b2fb6a6845ec64b7601090f6d62a303

    SHA1

    e3cb9168f4ea27983f7143347926332186ce9c15

    SHA256

    090934f1a8d78cb403e57ba5e7f3437c8079324d410e76175a1fee862e8e6389

    SHA512

    a3de352ff6d18bf104cb55e7163fee5075a919e154bd006cd74512162125de4d9cccbd54d8c095878bfd28999809cb4d1d3bdca5e65654534cb8870b744a6d3b

    Download Submit

  • /data/data/org.tg2.messenger/files/cache4.db
    Filesize

    4KB

    MD5

    689eb9d3d2a866648f68f76e6a8c3d46

    SHA1

    ba65af36973bb4cb831868ec4882ce204bffb597

    SHA256

    2a8c5af4b19e1144088ff271ec893e963a454107facb5f7155c2ec33cfa17b6a

    SHA512

    98392c13983b1dea2b080c383bd26cae10b411360df2fe4192bef6c0958b5f6bbff98ad876d2edbd8bd771f0e8519ad9c3cc50ceff56afec569bdae864b14d83

    Download Submit

  • /data/data/org.tg2.messenger/files/cache4.db-journal
    Filesize

    512B

    MD5

    1a61d73a11686071dab5a36d6dc04814

    SHA1

    fbad2515d39870f3d42d1dcf8ba950a052b905ac

    SHA256

    8305a2a7b1d07d1470a2dd89a7d7df8a1ba59368e9545e2db92b199b156d39a3

    SHA512

    55fa829f2b8fa18cfaa2599906fca72b135b1f37d51371cc3439164d3bc65956460a2ea8b63d1306dea34308c7d59d5404168c663334965b96cf046122d745d0

    Download Submit

  • /data/data/org.tg2.messenger/files/cache4.db-wal
    Filesize

    1.3MB

    MD5

    39f27de80e2609549ac522ee76e75aef

    SHA1

    63de24f67c7f257744dd6dec81807eb5890651a7

    SHA256

    351fea081c261e4e0e91e77036abeec7047c72dcda8548b74b0d0c73ded8d531

    SHA512

    4d74793e8ee9d8ed0afa138a205639547266a5bbd571495bcd066760922317dce0d32fdf62cad37b032fc0eb487f9d42932a5be507745e15a0418355718b43e9

    Download Submit

  • /data/data/org.tg2.messenger/files/data-helper.db-wal
    Filesize

    3KB

    MD5

    d2e57f0ef4cee4c6c5f8fff092d1056b

    SHA1

    d5e502925a0940635aba1a5ca4996860412b672c

    SHA256

    62fd6d8d9d083d22acbd48b05fec164b68ccba36387f04de6cf9f35c6612297b

    SHA512

    f5e5bd5d22afebff0ba22b0ff57e2d01c9c92064d900b91702e11fe4a20b9d87b08ce8c6e2402776d042ea7e08973bf3796a4584d0c5d58ef9c74ebf52ce2105

    Download Submit

  • /data/data/org.tg2.messenger/files/exid.dat
    Filesize

    56B

    MD5

    ef0893cc42fac5e5a49f25ff853a500b

    SHA1

    ed573923622acaf6b77d565b17f665cb365dcf53

    SHA256

    43b4e1d02518848abfcd9205ad9d21f7a69a744f5beeecabd26bd87f0c773e1e

    SHA512

    60803fac5aecea7cb0996e61ec2907a139fda125a552ecf84c3abfa8cb8130d70de935f87a8ce1b23f47f78af0d8c0985be05ee91e974e18b8d9ff79423d7ba2

    Download Submit

  • /data/data/org.tg2.messenger/files/tgnet.dat
    Filesize

    908B

    MD5

    e524a4b94235ac8eecf2f2c57ca0e855

    SHA1

    b7c79d6e4a60fbccca89d0d0d2e9e8e238bf842a

    SHA256

    1249ab044c5055f615bc2b1a01fb4c6ad682d5577dc285191a1460bb3b754dcb

    SHA512

    de63655bbc77bd3cee974c4120cec23cece2da64528c504eaaf1ba165241bdafd5fbdba60c1b8962337bc459f915ae0aefe8621dc5a579619f15c04f3a896ad9

    Download Submit

  • /data/data/org.tg2.messenger/files/tgnet.dat
    Filesize

    912B

    MD5

    8f56018b192215b871c5ce598185ca17

    SHA1

    f4f3c7e94c83b694d642f021c9e99a6c545d01aa

    SHA256

    4744485d29409212fc7c9548b94fff0ae228cb68a38db25ee08bc3c8faa684b1

    SHA512

    880734a2315a98a67ac8d14248836103262ed31ba41ca528e07bc2e23501bdff8ed566ed7e36dc87183977d85c0fd519e8a8a2e473ca0c687435601c5339ac6f

    Download Submit

  • /data/data/org.tg2.messenger/files/umeng_it.cache
    Filesize

    350B

    MD5

    7c8346378c7d760fac937beb28eba441

    SHA1

    cdb11eaefc61b87fdb5c382fada9234323f922f0

    SHA256

    8e8f214af7a88d5311361c6bec4724e1a7bd06832e26d4f4183aaf86904596dc

    SHA512

    d0a620293dc761a761f6e9a283866083a7003681f18c3f4be131094411b718d9f19d2770494a73fa6efa276885cd6b36f2db7573a145450c0fde41e1339c3192

    Download Submit

  • /storage/emulated/0/Android/data/org.tg2.messenger/cache/000000000_999999_temp.f
    Filesize

    1024B

    MD5

    0f343b0931126a20f133d67c2b018a3b

    SHA1

    60cacbf3d72e1e7834203da608037b1bf83b40e8

    SHA256

    5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef

    SHA512

    8efb4f73c5655351c444eb109230c556d39e2c7624e9c11abc9e3fb4b9b9254218cc5085b454a9698d085cfa92198491f07a723be4574adc70617b73eb0b6461

    Download Submit