badbazaar | 42d370c1820a14d68bc1284414f231f9a5e49402aff83d2f524245fc9a2b90de | Triage

Submit
Reports

Overview

overview

Static

static

Telegram3765816.apk

android-9-x86

Telegram3765816.apk

android-13-x64

Sharing

General

Target

Telegram3765816.apk
Size

68.9MB
Sample

240204-xfr4lsgdg4
MD5

62e143153aad5ccb8a7178a0fce49d5b
SHA1

0df16d8225aaa07ba80bf6c20862add1f941d04a
SHA256

42d370c1820a14d68bc1284414f231f9a5e49402aff83d2f524245fc9a2b90de
SHA512

dd749c88d5b2dc46332fab1d27c4912c54d044d90dea56045dafe0f379bd91a2a96d0f8e003bb6cb6007f77fe2ee746ffc2fa144d07f67d2ae9557ab6d1ca9e1
SSDEEP

1572864:ww4iC2AJLX3iWQWDHd84yL5mXK/zvMmEybEAjSk0wTqQF8jKXiv:vzGXwKWHb/zkTGE4Sk0U8Ki

Score

10^/10

badbazaar android infostealer spyware trojan

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

Telegram3765816.apk

Resource

android-x86-arm-20231215-en

badbazaar infostealer spyware trojan

android-9-x86

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

Telegram3765816.apk

Resource

android-33-x64-arm64-20231215-en

badbazaar infostealer spyware trojan

android-13-x64

3 signatures

150 seconds

Malware Config

Targets

- Target
  
  Telegram3765816.apk
- Size
  
  68.9MB
- MD5
  
  62e143153aad5ccb8a7178a0fce49d5b
- SHA1
  
  0df16d8225aaa07ba80bf6c20862add1f941d04a
- SHA256
  
  42d370c1820a14d68bc1284414f231f9a5e49402aff83d2f524245fc9a2b90de
- SHA512
  
  dd749c88d5b2dc46332fab1d27c4912c54d044d90dea56045dafe0f379bd91a2a96d0f8e003bb6cb6007f77fe2ee746ffc2fa144d07f67d2ae9557ab6d1ca9e1
- SSDEEP
  
  1572864:ww4iC2AJLX3iWQWDHd84yL5mXK/zvMmEybEAjSk0wTqQF8jKXiv:vzGXwKWHb/zkTGE4Sk0U8Ki
Score

10^/10

badbazaar infostealer spyware trojan
- BadBazaar
  BadBazaar is an Android spyware used by GREF APT group.
  spyware infostealer trojan badbazaar
- Checks known Qemu pipes.
  Checks for known pipes used by the Android emulator to communicate with the host.
- Acquires the wake lock
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

badbazaarinfostealerspywaretrojan

behavioral2

badbazaarinfostealerspywaretrojan

© 2018-2024

Terms | Privacy