Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

d23704d50b...ed.apk

android-9-x86

10

d23704d50b...ed.apk

android-11-x64

10

Analysis

  • max time kernel
    3851439s
  • max time network
    164s
  • platform
    android_x64
  • resource
    android-x64-arm64-20231215-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system
  • submitted
    07/01/2024, 20:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d23704d50be8827883847a2c325e78d04d27ffc55a0dcdac9d469e841f1d27ed.apk

  • Size

    70.8MB

  • MD5

    444404a5d3da9bb8e84720765390b828

  • SHA1

    4a4f12b1c8510d678210a07ff7977f52009ce083

  • SHA256

    d23704d50be8827883847a2c325e78d04d27ffc55a0dcdac9d469e841f1d27ed

  • SHA512

    08073d3fd04187f4a9451193f1926593f04671b7aff220c45645099a1fbd8f64d3780206daa36b87283fe3b22e6728349c5a29c4560201dec35da4032a5b14a8

  • SSDEEP

    1572864:86f9acDxoDal/DalVrQU3IXEu22mDNvxAoX62ncBdVoXqJOx:tFcqDUVrl3du2tRq2ncH+2o

Score
10/10
badbazaarinfostealerspywaretrojan

Malware Config

Signatures

  • BadBazaar

    BadBazaar is an Android spyware used by GREF APT group.

    spywareinfostealertrojanbadbazaar
  • Checks known Qemu pipes. 2 IoCs

    Checks for known pipes used by the Android emulator to communicate with the host.

  • Acquires the wake lock 1 IoCs
  • Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes

  • org.tg2.messenger
    1⤵
    • Checks known Qemu pipes.
    • Acquires the wake lock
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4515

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/org.tg2.messenger/databases/com.google.android.datatransport.events
    Filesize

    12KB

    MD5

    171aedf968e17a2744d2585715606cb9

    SHA1

    bbeddeb3b89fcf809619c35b4a318a80e7d5b029

    SHA256

    d2ab452d9360848f46af866b870b5c6fc98230b09c72b89cb1a4b2778586678e

    SHA512

    78a0f517ee3d21c153dda6dbfec4187ebaee9d520d7b1b63f358bcb125d08aea53f26943907a56fdeba40161d9fc7e4fd63f9ae3154dd2ad887ba0162738285b

    Download Submit

  • /data/data/org.tg2.messenger/databases/com.google.android.datatransport.events-journal
    Filesize

    512B

    MD5

    a8e5e1da14d2ac52c01e1de64c007d5e

    SHA1

    20e6471449482e40326f0a378a00e7cf90c12b7b

    SHA256

    0eab489f7f7d97292db5a4f850435c605f18288dcd31c5626c7168ee7797d762

    SHA512

    730bc1d06b20059c5936327c347561d75bd29efe4a9c3b8a6aa05d25899ad15df721e9659f1bcea9cdde83f4767bbfd5d8eef6ebdf69f3c1120b620879859fa9

    Download Submit

  • /data/data/org.tg2.messenger/databases/com.google.android.datatransport.events-journal
    Filesize

    8KB

    MD5

    26fb7e247c30fc13c8c0a36e292a2861

    SHA1

    fcd1ce3c75ec7c150dd0053c731b42d396b3d649

    SHA256

    2da8e571e3385a2b83b4c20b4f626a76148807ff495e6bcf31c78821876a8d13

    SHA512

    08191bb645c9129de969c957403c8baee5747d527bd8e9c52f318bf5760f5045f4a24429d910e2c44482b6bdbf73a345affd57363b13b943d1f9187397d456c9

    Download Submit

  • /data/data/org.tg2.messenger/databases/com.google.android.datatransport.events-journal
    Filesize

    8KB

    MD5

    1de61849385de636c93e4c669b17d30a

    SHA1

    d9686e763e3cccf6ec587e9cc73e702b5b93e647

    SHA256

    3ee26a68ec4669073f3726f628563adccd911fdcf7dc1893b6a99eb05c22640d

    SHA512

    ec078c2738ffff196a9616b376149a6ebd10592593efbdd697c134c0287d45562ae1d78c7e3b6f2051fd2af4accb3e348325a9e6c6d3b16ea737ff58fb39a7d4

    Download Submit

  • /data/data/org.tg2.messenger/databases/ua.db
    Filesize

    30KB

    MD5

    2af1e8d421659feb1427f3f52c004b85

    SHA1

    e91a51d928fc2851418059a2f17e4b431a3e2715

    SHA256

    4293e6efb4887a4ca66c414f931fd65d24449722908d5bd74e2b1d4a67895f43

    SHA512

    1079c17a01408a157015b01ff7de813c07c1a618d7d2a86ce47e3c4c29438b0e60cd9f0d5916b0b299a406c9ab0c7e3588bb1a609870518928284f0b8db764ce

    Download Submit

  • /data/data/org.tg2.messenger/databases/ua.db
    Filesize

    36KB

    MD5

    b31a1115c30ca653c9389bc23ef0cfb3

    SHA1

    c9373cb0a31aeba431a4b5eece1d737ae30dc0fb

    SHA256

    8d0a4d0453f4f8d6f589d4e4fb0c40357e32999ef040b94b5dead0ae2b3a3fd3

    SHA512

    3a53545637d9be219f9c4add85b1330ad4ef40fc1f2a3435b8a5bd4813f6d964c4427aaabac12caf58ddc12119379fcbf04edcfefd4c271023e386516e3f718d

    Download Submit

  • /data/data/org.tg2.messenger/databases/ua.db
    Filesize

    12KB

    MD5

    a23569c8a7da34b5b72b6e40f98ebca7

    SHA1

    f3c7451a13c1f53c9e2aed4ada9c5f60c571c47b

    SHA256

    6bf168c42c9cb6b08460eeee3227b66f775fb6b6e347619ec6fae8c52f5563fc

    SHA512

    1d64576440b616dd316e374fcb9f8958db06c8d9ed645ee3897fb439d8e91edcd71ee9c1c7acb042788870b27dbd211b179087eb7c98e6bd0f15b6c9b9a1d622

    Download Submit

  • /data/data/org.tg2.messenger/databases/ua.db-journal
    Filesize

    8KB

    MD5

    04c9bb3f604043ea36738c733415c6ad

    SHA1

    f8c5c991e699a8b0abb565e5a4a672789622085c

    SHA256

    aedc942fc18d3670c86b7853b06bfca1430c59f2d6d1620e706d999ebe080e05

    SHA512

    e9196f49e665f1b0093aac298f66138f6edc2d69f61d006ca8016dfbad2f2f4e707755b9f685e0c136f06120b8989181e583ae823d4cada9284355669ce0f9e7

    Download Submit

  • /data/data/org.tg2.messenger/databases/ua.db-journal
    Filesize

    16KB

    MD5

    0db0b290d403061c67c45c636249edb9

    SHA1

    87439124240611a353cb300102d1448b78b51d07

    SHA256

    227297180157850d7ac047904435e8b227e1d6fdc9901035e0d6d95064256114

    SHA512

    9e0e1559d77d9c1f927f518918861bf566f2f2ea76f926118b71bfa020ebaea97967645710778630488e77ad5a4ecaa8e4a35d04a5ee71f8a80eb7d5adca1810

    Download Submit

  • /data/data/org.tg2.messenger/databases/ua.db-journal
    Filesize

    512B

    MD5

    de05af85ddecb51e1dc53693b612095d

    SHA1

    48ebcdbc13b1a0854ce4fc5d04da5ef13b034a52

    SHA256

    48d96ffcc7e5d78f07578b341935e2a6f5a0737f6c9a3ef1cda59bd99afa4cc8

    SHA512

    15d777ef70ef81a8664551850aeaaf01d7fc37491c87fc4ff46317fd21bcc95d746c24c0bee44d9a4a142e78f9bc81953f3cbdb3f08de9af25c3e01ade114c24

    Download Submit

  • /data/data/org.tg2.messenger/databases/ua.db-journal
    Filesize

    8KB

    MD5

    be44720f4511fe7a223d51654c236d90

    SHA1

    0f937f93e70e96fdf03b723b764b4e24da86235c

    SHA256

    bfb2661973bcc986e51bcd7413b957fad030c768c37796d93acb1c726892cec5

    SHA512

    e1b732c53d2b4d8963e73fba2530833d88a035258366d644f22b092dd74c4aeb6adb21f58378217884cea922aff8002a2b16791da3bc1dca33698d1403db3e80

    Download Submit

  • /data/data/org.tg2.messenger/databases/ua.db-journal
    Filesize

    8KB

    MD5

    ed778591ea12e8b5c7a298e3a1fe6f09

    SHA1

    31ad06b58cbf973eaf8f3094ad1b13b8d50634e2

    SHA256

    66e1166b1e8c5d2679d970a9c86d4c1cb28e90938a86ee10ef1672c7513a5d5f

    SHA512

    d486c11ba2a7dd9b5db837b39bd0860a17d1c36bdc3d841dedd1c5ab9afcc1ef30ff23ef7405d2f1450832c16427aa89fd2d8d7d21c03a0c9a32c47d82960688

    Download Submit

  • /data/data/org.tg2.messenger/files/.envelope/z==1.2.0&&9.6.5_1704658405894_emNmZw== .log
    Filesize

    286B

    MD5

    1fcc5c098292700e8aa5be52635684b1

    SHA1

    c1b2f7ff9fb3ba2fca1e72947b64c05eac286a2c

    SHA256

    45965778381e4514c0de61cf67796407bad509e718cbe08d2ad45fa991e85193

    SHA512

    8d2a4e9e5752012bee1efdae943c3033e95d06715338186172d20af36a67de55133f655a82fd7d52a3b53d3cf64b7ffa7d7483c5a0d36e89a9eef0960d5090ef

    Download Submit

  • /data/data/org.tg2.messenger/files/.umeng/exchangeIdentity.json
    Filesize

    162B

    MD5

    a38c5444b593e60991622892dfc88808

    SHA1

    f00597c46ea2a3736c3aedcacc60a319e8f1ee7a

    SHA256

    fd22d84676834f47d48cc29f7bf059db00ffe26a5b33660a1baf9cfaa1efa3e4

    SHA512

    a09de6844c407be5fb0958357524f7b9a9de8d9e070b8bec3a0985839faeed21f3c0f1f1f4a571db4d819a3b0d792dc837fde290b66442b78e58ee43d981deec

    Download Submit

  • /data/data/org.tg2.messenger/files/PersistedInstallation3295360192669145845tmp
    Filesize

    114B

    MD5

    32c036d2d9685d0f6f39b95bbb6fa4c7

    SHA1

    0606de7540c07da2e44b4da4cc19e7ab02850e59

    SHA256

    5dde4e7b15e19b0a54fb1bdb51756de21815c36ac93193b04d70fdb5c76c9947

    SHA512

    4c3a2e07ad1771777a4ce39f917957be5fc833e95c21e25cc881d53821deb33e06785f36f6ba8dfbf102ba58d8128f088d162bd4368796f05f21f7b44a7e1b89

    Download Submit

  • /data/data/org.tg2.messenger/files/PersistedInstallation4951238912422779692tmp
    Filesize

    90B

    MD5

    5099e25b170ae6ccee6001dbc99ee969

    SHA1

    04a220d23c88d6bbc32fd2785770ffcba174e046

    SHA256

    59d4baa902435ae4c2f71a410c59b22c3f9a3461be68f352ecb35bfdffccad2f

    SHA512

    f01c03f88c0d314a129d1f2f523a79deb84571e8b7026a90227cd0766446a94a63176531dac528deb179cee8294030af0612ec83b810aebad2196e9caa7fa256

    Download Submit

  • /data/data/org.tg2.messenger/files/account1/dc2conf.dat
    Filesize

    40B

    MD5

    098b011c59a80daf15c048dfee00ff1f

    SHA1

    47963ffe950f64e4ab0d329f111f1ea61e1f72c6

    SHA256

    87152114f80cd6a1b36e7649f2e54e18e347d15b45ca4245e1b2f20922a8f037

    SHA512

    2caea2577cd87ab62be62621d976c650f14f063b6ef815d23f218b35b17354c95f2a56d595fce876750fcbb47ddbdfa844812e1218d77aa5249d85dd349e16c4

    Download Submit

  • /data/data/org.tg2.messenger/files/account2/stats2.dat
    Filesize

    612B

    MD5

    80144b0cd0aef0b1dc8684384b01ca25

    SHA1

    b65c6732e9ef3a1a018d8c1965609c9b4a395e8f

    SHA256

    9b59d98a8822fb87eb308c7a67b34d9a214a1f750109ac472967165139f94105

    SHA512

    57e9de6af124e155fcdcafda15cba3c54c1f085668ef2ea6ce6e1557bc4f4f0421182eb2043892093a874415596acd0c6c4c278f305323a219179e8f2c88b8cc

    Download Submit

  • /data/data/org.tg2.messenger/files/account3/cache4.db-journal
    Filesize

    512B

    MD5

    a7a18e93e70042199c0a1f262f378637

    SHA1

    a64513a36c8539a871b55bdbcfabfef258ed74cc

    SHA256

    ad1488c992c6380361489392370fbeeaa7c3b05b830e234cd542c332ab51f09a

    SHA512

    ea1d6b561e518a802638536fa80f2ea466fef8425ac0a22ec0660248ae091c0a17c1c1cd472bf2e3776638c0691bb55ba3d7e7f2db938e5b83c42313469d0e56

    Download Submit

  • /data/data/org.tg2.messenger/files/account3/tgnet.dat
    Filesize

    1KB

    MD5

    643e3044c1bf2c72bb2e76a6756159ab

    SHA1

    0ca2e60415278f6b9bd3b3fc92645346724458a2

    SHA256

    349efbf4dcbdcfd8f5eb475b28e0c37cf36f67c76076551825ae213e6d98c473

    SHA512

    e70c7f7dfc67f3d463b2924e77714bd6d3626067d1754d58bd844fa78976a5d063e267fc3df2bac4cf37692bd2af5d09de3b42391f1fa7b42af68007b0b5d05b

    Download Submit

  • /data/data/org.tg2.messenger/files/account3/tgnet.dat
    Filesize

    1KB

    MD5

    49a8fff32dc638a7c0d1fecffa07c5e0

    SHA1

    b0c9da96a8bc3cb303372d868bba986e69143e3d

    SHA256

    4cb6cd567e52c4abe4fb99f09b19415daeee2c839fbf3c13db944d45ba020974

    SHA512

    5df6f4bc572a635898d5610b66a8b807bce9841349159e1b6344f7437b1ac511a5d79083cacb050481e467cf4d1ad554c5ad3756364c55bc5520841fe68db217

    Download Submit

  • /data/data/org.tg2.messenger/files/cache4.db-journal
    Filesize

    512B

    MD5

    502c022ad8fd41a7916f89c64c3405ec

    SHA1

    00044a8cc28afaa986dbbd451e45971a925a5d0d

    SHA256

    9d907c79d1ba1d1174cb0fe4c02e7f665075e01df700c7915fb42e4da9bfb0bf

    SHA512

    e1f26f478f4af8012252b6469693c667fef0d4c08426d2bf82990a6b651b6b7249052feea86cdb0c2eccd7a80c1e92b52794b595148befe5780cd25ae3955b6b

    Download Submit

  • /data/data/org.tg2.messenger/files/cache4.db-wal
    Filesize

    136KB

    MD5

    f7f87bcaa148a0f915dbfd3d4589ab03

    SHA1

    434993402e8d685c00f827138b2ff44f14a44fd6

    SHA256

    12522631728f9ae067cf14374a22a47a9dc71c5fbaa6df5ba5f0d42b9562cb06

    SHA512

    34b311563141ad8edf4db58a1ad9a42b39d653e780405e75c0b230e123dfcc0374d1abd9be63f6639561177c1f638555b2ab9b74d6238606255c46478966aefc

    Download Submit

  • /data/data/org.tg2.messenger/files/data-helper.db
    Filesize

    4KB

    MD5

    689eb9d3d2a866648f68f76e6a8c3d46

    SHA1

    ba65af36973bb4cb831868ec4882ce204bffb597

    SHA256

    2a8c5af4b19e1144088ff271ec893e963a454107facb5f7155c2ec33cfa17b6a

    SHA512

    98392c13983b1dea2b080c383bd26cae10b411360df2fe4192bef6c0958b5f6bbff98ad876d2edbd8bd771f0e8519ad9c3cc50ceff56afec569bdae864b14d83

    Download Submit

  • /data/data/org.tg2.messenger/files/data-helper.db-journal
    Filesize

    512B

    MD5

    e40f0d199aac5a394b0aa1e91dd78731

    SHA1

    4280e19483ad84a97a7e7c734fe509818f56b0f2

    SHA256

    2b4aaa10e2c6104c0800a381f3129552b9c8419848c305e4c8bd8c0111529f58

    SHA512

    0f20563905ae248ee46a11160362393fd89762e03a49cdcc5d87fe8b4a520cc332f5915ccf47feaf040fc716bc70136321e120d6dbaf939ba0e6c04bc17f89ff

    Download Submit

  • /data/data/org.tg2.messenger/files/data-helper.db-wal
    Filesize

    80KB

    MD5

    e7a70da0bd3f7c3fc9f74c80aa2965e3

    SHA1

    1ea3f0c48f37062adf8a47fca19d43d2f4d786df

    SHA256

    a591d0b5aeba842d2ed0a0b9a19d414ec7c98460d1e9da33e187313a18e36a0d

    SHA512

    96b400582d2bc905c6c476fef23ef1295ca56fca96d2bb68fe25eff351e6db0857d0b85349a2e12c420dcaf11138df3b75d6b40d715a5acde211047c147843f4

    Download Submit

  • /data/data/org.tg2.messenger/files/exid.dat
    Filesize

    56B

    MD5

    ef0893cc42fac5e5a49f25ff853a500b

    SHA1

    ed573923622acaf6b77d565b17f665cb365dcf53

    SHA256

    43b4e1d02518848abfcd9205ad9d21f7a69a744f5beeecabd26bd87f0c773e1e

    SHA512

    60803fac5aecea7cb0996e61ec2907a139fda125a552ecf84c3abfa8cb8130d70de935f87a8ce1b23f47f78af0d8c0985be05ee91e974e18b8d9ff79423d7ba2

    Download Submit

  • /storage/emulated/0/Android/data/org.tg2.messenger/cache/000000000_999999_temp.f
    Filesize

    1024B

    MD5

    0f343b0931126a20f133d67c2b018a3b

    SHA1

    60cacbf3d72e1e7834203da608037b1bf83b40e8

    SHA256

    5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef

    SHA512

    8efb4f73c5655351c444eb109230c556d39e2c7624e9c11abc9e3fb4b9b9254218cc5085b454a9698d085cfa92198491f07a723be4574adc70617b73eb0b6461

    Download Submit