Overview

overview

10

Static

static

10

Telegram3765816.apk

android-9-x86

10

Telegram3765816.apk

android-13-x64

10

Analysis

  • max time kernel
    136s
  • max time network
    147s
  • platform
    android_x86
  • resource
    android-x86-arm-20231215-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
  • submitted
    04/02/2024, 18:48

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    Telegram3765816.apk

  • Size

    68.9MB

  • MD5

    62e143153aad5ccb8a7178a0fce49d5b

  • SHA1

    0df16d8225aaa07ba80bf6c20862add1f941d04a

  • SHA256

    42d370c1820a14d68bc1284414f231f9a5e49402aff83d2f524245fc9a2b90de

  • SHA512

    dd749c88d5b2dc46332fab1d27c4912c54d044d90dea56045dafe0f379bd91a2a96d0f8e003bb6cb6007f77fe2ee746ffc2fa144d07f67d2ae9557ab6d1ca9e1

  • SSDEEP

    1572864:ww4iC2AJLX3iWQWDHd84yL5mXK/zvMmEybEAjSk0wTqQF8jKXiv:vzGXwKWHb/zkTGE4Sk0U8Ki

Score
10/10
badbazaarinfostealerspywaretrojan

Malware Config

Signatures

  • BadBazaar

    BadBazaar is an Android spyware used by GREF APT group.

    spywareinfostealertrojanbadbazaar
  • Checks known Qemu pipes. 2 IoCs

    Checks for known pipes used by the Android emulator to communicate with the host.

  • Acquires the wake lock 1 IoCs

Processes

  • org.telegram.messenger
    1⤵
    • Checks known Qemu pipes.
    • Acquires the wake lock
    PID:4257

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /data/data/org.telegram.messenger/databases/com.google.android.datatransport.events
          Filesize

          4KB

          MD5

          f2b4b0190b9f384ca885f0c8c9b14700

          SHA1

          934ff2646757b5b6e7f20f6a0aa76c7f995d9361

          SHA256

          0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

          SHA512

          ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

          Download Submit

        • /data/data/org.telegram.messenger/databases/com.google.android.datatransport.events-journal
          Filesize

          512B

          MD5

          1f53d626bb468fc61708cae8688db14e

          SHA1

          351f2031a43f78ec099a068366375ebb04d9e786

          SHA256

          73752d08ea8e96453d73305e1a529d9f5edd54ea2118af1492d830d722137c71

          SHA512

          eb78cf48f8907348fc07c462bd25039e6d0a9e3963dd8f011436bb3d6dc08554ca9705f649df7f2e6a99a8b90dcd6fc2d97b29829ff0655fa9b81581b7b1986c

          Download Submit

        • /data/data/org.telegram.messenger/databases/com.google.android.datatransport.events-wal
          Filesize

          16KB

          MD5

          88882dd4928ac5151dd3138298e7056e

          SHA1

          108056650e2f91d794187b876c745a04257a95d8

          SHA256

          eaf44ad23e4516cae1aad8a89f5b485bffb497bba3216f472411fff6fce21f5a

          SHA512

          2c4f5b362115cf83d83898cdf443c2ec60733d78c9748516b854e19440692c8dedde9781eb6c2cac8434afcd77c398b1fbad5acef46d0d1f71ca9859e1f5db0c

          Download Submit

        • /data/data/org.telegram.messenger/files/PersistedInstallation1785181403082806368tmp
          Filesize

          114B

          MD5

          3d41d930fecf67bcdd56005173cfc08b

          SHA1

          9a735aa2561ed6b268fd2db441249a986c81a8b5

          SHA256

          f2da09a150b9be4d58f85ebabd02a4db3d6fe0f0e853be91edfc8831011b6f53

          SHA512

          eb007c4e1efeec04bb2910fc7c6dfe6dc99bb6e9e20aa327f4afa889e85071f763a505ba9168d6fe451fa5a5e6215c912cfa49991617c95e85581072b79ff183

          Download Submit

        • /data/data/org.telegram.messenger/files/PersistedInstallation6650278361407589036tmp
          Filesize

          90B

          MD5

          747bc65fe3bd068d39e18efdaa671188

          SHA1

          bd3156fa4bf66a6316be445aa378bd05c648d9ab

          SHA256

          6f032949a1b8cfc391b387d2587201ec6a8b4974c319ae9fe2f22eb5fd582dac

          SHA512

          5bf7b03de57bf74e84adbd933ea9fdf6339e49ec2be638ce28163b934e5d581f24e98113f1ace96441826f9cc0484ae53c3ad6b5ccb28216fd924448a52dd7fa

          Download Submit

        • /data/data/org.telegram.messenger/files/cache4.db
          Filesize

          4KB

          MD5

          689eb9d3d2a866648f68f76e6a8c3d46

          SHA1

          ba65af36973bb4cb831868ec4882ce204bffb597

          SHA256

          2a8c5af4b19e1144088ff271ec893e963a454107facb5f7155c2ec33cfa17b6a

          SHA512

          98392c13983b1dea2b080c383bd26cae10b411360df2fe4192bef6c0958b5f6bbff98ad876d2edbd8bd771f0e8519ad9c3cc50ceff56afec569bdae864b14d83

          Download Submit

        • /data/data/org.telegram.messenger/files/cache4.db-journal
          Filesize

          512B

          MD5

          713bacfc5089975de61185d469638152

          SHA1

          51200bb6335fca91dd3b907074d81b46e8dc5798

          SHA256

          f272cbb4d874353b3dfb0496d74465822226d989fdb9bcca8a1a2085bb5635e0

          SHA512

          b6d77d1ecc7377730e02c2d32c18845d3ad8e1eb66fc72d00038d7c6bcec1dafb305e4c5179aae1ae1ae5acbcfa03ff8e95a5531c13db1154954771ab707b97b

          Download Submit

        • /data/data/org.telegram.messenger/files/cache4.db-wal
          Filesize

          112KB

          MD5

          ffbf8600557cab21f232d1fd26b7de36

          SHA1

          f215bf3559ca92b412eb08b21fc07cf8391b0e36

          SHA256

          fe4ef6c14baa555a4dafa2de2bf422906c18d708f3df4032e926959f22a0a1eb

          SHA512

          2172344167ab6a42e9d5f05eb8c523ed02ff64b950453d4acb625b5e330bb6eb3e47936592750d2347194a9f5513fb6d98a8882c2e6baa39badfd6fefa07a346

          Download Submit

        • /data/data/org.telegram.messenger/files/remote_en.xml
          Filesize

          611KB

          MD5

          e57b0eade28d65a81fb5cb2e3fbf8272

          SHA1

          cb01dd5732be61865cb8006b6646ee1fd7c1eaad

          SHA256

          ee1b03e4ddff33e66d5b2c257666f1fff83c9f2b749cc36c93b24fe5a9f9fefb

          SHA512

          8fa02e3e08690c7a59c395be18c00e2bf70b112c771d1a787e550ad2310084f27a92c798486bb3707763d981a05e8626e905fc5d67bbb5249d55f52ab69f7db1

          Download Submit

        • /data/data/org.telegram.messenger/files/tgnet.dat
          Filesize

          908B

          MD5

          022f2bcf6224ab30fceaf6dcf52fd929

          SHA1

          1a0b39291df4e353df5f6563fb195310b745a811

          SHA256

          d4fb50ed4c05b202ca610243c2f50252e82e2c148ecf3ee029246e2da3403565

          SHA512

          04cf34bb3122188ff1fccde18897ad1df933d9bf35f05989474e3d7d07d5a7f1128179c18dae7c2fe7f6376e91a507ccb1441f539fb311a0a73159e9b33d2b50

          Download Submit

        • /data/data/org.telegram.messenger/files/tgnet.dat
          Filesize

          912B

          MD5

          f3e00273d7d6638eeee1e48e39696c97

          SHA1

          9f1fc8172f0891d45ce0bf5c51de4e5ede071ab3

          SHA256

          7ecd5c24710581e87b7a60feebad999fa5d948d67b1ef4f6553f77c2be45277e

          SHA512

          2e797c45226a20047e72ce673e244051a4211c1a88cd5c9bb618cef4eba280deeb08699675cb63dc76cd1f88b3f8d59b80c74eb9b7bd7c4b97fd39838073c40e

          Download Submit

        • /data/data/org.telegram.messenger/files/tgnet.dat
          Filesize

          1KB

          MD5

          6346bcc307e4197ee2c8378118161c6a

          SHA1

          03e4876180aad96d47ae8d93a81642edeeeee26d

          SHA256

          52d2f18a8b7a038dd8e8be38bcb4637872677bd2bd638ffc618881aa26fe0af9

          SHA512

          e231cfc9299502deb39d38d922a0ec4ef35260b149de9213de545b8bc91e509b9e28e5c7ec4e4b0b8e3853eb7a596bcac1e6180051bdb15b9ad503ca4eee5a89

          Download Submit

        • /storage/emulated/0/Android/data/org.telegram.messenger/cache/000000000_999999_temp.f
          Filesize

          1024B

          MD5

          0f343b0931126a20f133d67c2b018a3b

          SHA1

          60cacbf3d72e1e7834203da608037b1bf83b40e8

          SHA256

          5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef

          SHA512

          8efb4f73c5655351c444eb109230c556d39e2c7624e9c11abc9e3fb4b9b9254218cc5085b454a9698d085cfa92198491f07a723be4574adc70617b73eb0b6461

          Download Submit