badbazaar | 489beba9688bd805654dc72ca293a9d9f5abec9347450e9fbb1441e8126c17c0 | Triage

Resubmissions

10/04/2024, 10:44

240410-msvedsch34 10

10/04/2024, 09:27

240410-le4kgadf6y 10

10/04/2024, 06:54

240410-hpjq9sad8t 10

10/04/2024, 06:31

240410-g94rhafb62 10

Sharing

Copy URL Twitter E-mail

General

Target

Telegram_10.10.1_Apkpure.apk
Size

71.9MB
Sample

240410-g94rhafb62
MD5

b511bb3c55a0750a9d2abaf0a152e663
SHA1

485ad90afc53b743a826f0760b44a2e5d069560f
SHA256

489beba9688bd805654dc72ca293a9d9f5abec9347450e9fbb1441e8126c17c0
SHA512

731f55a0b55d3889bb486ae1fa164ff7fa5f889707485a7247662f3550aec5a2ab77943e0823aab545335f061daa7318068325a04724981151ef43179d741e7d
SSDEEP

1572864:TNENHjvwHuo8I0opegS1JJbTiPcv4CW240oq0wXQaQp:TyNH06Q6rVTyz2LoqtJm

Score

10^/10

badbazaar android collection discovery evasion infostealer spyware trojan

Malware Config

Targets

- Target
  
  Telegram_10.10.1_Apkpure.apk
- Size
  
  71.9MB
- MD5
  
  b511bb3c55a0750a9d2abaf0a152e663
- SHA1
  
  485ad90afc53b743a826f0760b44a2e5d069560f
- SHA256
  
  489beba9688bd805654dc72ca293a9d9f5abec9347450e9fbb1441e8126c17c0
- SHA512
  
  731f55a0b55d3889bb486ae1fa164ff7fa5f889707485a7247662f3550aec5a2ab77943e0823aab545335f061daa7318068325a04724981151ef43179d741e7d
- SSDEEP
  
  1572864:TNENHjvwHuo8I0opegS1JJbTiPcv4CW240oq0wXQaQp:TyNH06Q6rVTyz2LoqtJm
Score

10^/10

badbazaar collection discovery evasion infostealer spyware trojan
- BadBazaar
  BadBazaar is an Android spyware used by GREF APT group.
  spyware infostealer trojan badbazaar
- Checks CPU information
  Checks CPU information which indicate if the system is an emulator.
  evasion discovery
- Checks known Qemu pipes.
  Checks for known pipes used by the Android emulator to communicate with the host.
  evasion
- Queries account information for other applications stored on the device.
  Application may abuse the framework's APIs to collect account information stored on the device.
  collection
- Reads the contacts stored on the device.
  collection
- Reads the content of photos stored on the user's device.
  collection
- Acquires the wake lock
behavioral1

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Protected User Data

Contact List

Stored Application Data

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

badbazaarcollectiondiscoveryevasioninfostealerspywaretrojan