Overview

overview

10

Static

static

6

7f1c986ae3...e2.apk

android-9-x86

10

7f1c986ae3...e2.apk

android-10-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    32d0da5518c5d801671cb592e94bd48b.bin

  • Size

    57.9MB

  • Sample

    240108-bj35dshebk

  • MD5

    3f089caeda87824b902471f137b057dd

  • SHA1

    c4fe0ac2bf97a798c4a8515fb0e6cd432f471ef3

  • SHA256

    c31cc01d1ce729cc4b311217602e599f516998170067510a25ffe771d66d7634

  • SHA512

    5b104e4da5daa23b4c6284ccf9843cf9d91815766a037298cb28c3be02b377b1b4b6dfd45d1d6b3978cc53ba2bb0d53f18bcc80b2f8f49bb0b15228d27107cee

  • SSDEEP

    1572864:hzxc/zb0yZbk5uP+sTi30sD8Mv978L4TXMh6wyNgmW:hz6X0Qbk5iHiMy78sTchwNgmW

Score
10/10
badbazaarandroidinfostealerspywaretrojan

Malware Config

Targets

    • Target

      7f1c986ae33571b0bfaae617d9e4bb02bd2c5e5dab71a24ba6c68d650148fee2.apk

    • Size

      62.6MB

    • MD5

      32d0da5518c5d801671cb592e94bd48b

    • SHA1

      5df6c83721f188f5baf7f878d3e8d41ccd1e64a6

    • SHA256

      7f1c986ae33571b0bfaae617d9e4bb02bd2c5e5dab71a24ba6c68d650148fee2

    • SHA512

      811e4bf5d453fc86fa3708c58b075aa7dc81864f326ebad65d30d00d7499c4fde953c5271c7dcdc70c4ee232d34de954ef1f648d97ea71aae99e803ee15f902c

    • SSDEEP

      1572864:xaiDh7S59M9UdpTDiMYUR4ACYEAtftncrWOLoHJVSv:xail9kpHoUR4ACNelnOWIopVSv

    Score
    10/10
    badbazaarinfostealerspywaretrojan

    • BadBazaar

      BadBazaar is an Android spyware used by GREF APT group.

      spywareinfostealertrojanbadbazaar

    • BadBazaar payload

    • Checks Android system properties for emulator presence.

    • Checks known Qemu files.

      Checks for known Qemu files that exist on Android virtual device images.

    • Checks known Qemu pipes.

      Checks for known pipes used by the Android emulator to communicate with the host.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Acquires the wake lock

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks