badbazaar | 4f2de912db0bed6a882b61766e45a5f07003c040505456d36135a9d61c4a7e42

Analysis

max time kernel
7s
max time network
134s
platform
android_x64
resource
android-33-x64-arm64-20240229-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240229-enlocale:en-usos:android-13-x64system
submitted
14/04/2024, 17:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Telegram.apk
Size

85.8MB
MD5

a8f9aa86971215ed95417b98403eac49
SHA1

bfcf6069bdfec516e78540f6140e80abf05516f7
SHA256

4f2de912db0bed6a882b61766e45a5f07003c040505456d36135a9d61c4a7e42
SHA512

dd997cf77c5f2acd05eb743ffd8d6efe030a18e1fd2d6022f8acc7169ad75e1d45d0a9169efc0662bea9458943c3745e605a71e9472edf8b78487325727b10e1
SSDEEP

1572864:TX0EWAIYcIkZ2TGiP3QWX/JMC5OwtdE/UteLa0jkXA8vBOHKOGUxKlYl0:T3WPRZsGQvvJR5vSUoL3kdBaY

Score

10^/10

badbazaar discovery evasion infostealer spyware trojan

Malware Config

Signatures

BadBazaar
BadBazaar is an Android spyware used by GREF APT group.
spyware infostealer trojan badbazaar

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	org.telegram.messenger

Checks known Qemu pipes. 1 TTPs 2 IoCs

Checks for known pipes used by the Android emulator to communicate with the host.

evasion

System Checks

T1633.001

ioc	Process
/dev/socket/qemud	org.telegram.messenger
/dev/qemu_pipe	org.telegram.messenger

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	org.telegram.messenger

org.telegram.messenger
1⤵
- Checks CPU information
- Checks known Qemu pipes.
- Acquires the wake lock
PID:4282

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/org.telegram.messenger/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
70ff1ab76424157194becad2a855693c

SHA1
201aa8192b9a50b1c8d3377ae274b451a2331a04

SHA256
edd39873212a0f69859a31b277404ca294e88a1cccccf36d77d0aa30eb9e0bf5

SHA512
dd9f64a8a23344e8c56f371d2dae107214bcf03904b6c5144238f81f8e9c57115a71582c7489181e7cad3af46432010a894c1510f8de9cebf0214ca8a0eb6540

Download Submit
/data/data/org.telegram.messenger/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
0f42d67ebdf52f4777d6d921d2733e67

SHA1
a4bd02272c788eefdd439bef497aac09f89e5041

SHA256
a54c5dffe1778963fa143ea82b9f18d8ba3e66e77262beda40ebe1e8764d734b

SHA512
2d3734c021a45a4c60c34bb0bb01b5e80a8d3845e360040fea02e3d172dbfca362614b5d968243634aa1327d2e2a73595d5efbec1441ac65426e946b7fcc0658

Download Submit
/data/data/org.telegram.messenger/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
93a7bfd698fd3587376db147f0c64888

SHA1
1077252e0995500976c2ff568910deaab4c1f044

SHA256
add4d190324a78f5d8b23f8d3a115ca3d400c562126affa0a7791e6ed6fcf491

SHA512
d007b06601e5fabbd5118e7f3612974734007fc86379225df366ae6886f4d62c0cb59d588aab4e3b5a3608b364a2341230750bd60e43fce865e8057a76f3e190

Download Submit
/data/data/org.telegram.messenger/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
ce2b1765785b52b4863d0efc394ab617

SHA1
3594032042f290efc58d6cf7d5e861f43cfb76c9

SHA256
c64f3f29cccbe9232dd33c4d1945a8cdc7c95a6c74fc3a1eacc7f246b919cb74

SHA512
09cc421d4735bc76c2c9272672b624fa5f37ca4a77a1dabe657a754a3d8456ce617feb53b985d09840c7fcd5433f2bf7f21915a3409dffd57f402e429b6dcc27

Download Submit
/data/data/org.telegram.messenger/files/PersistedInstallation1333434609850493564tmp

Filesize
114B

MD5
0ba8105182614e0422284cef7c7579e2

SHA1
4a565c2349f76b650e3d1b0d1caa6ba73b709407

SHA256
d33f80d3acf5b2d11bb0dbc3250e015215ae29464cd94e94597b689437706199

SHA512
1ddb00fe134bf283ed1ab5f3ff04a5aa72f1c853bef26c0535941fdaf847c923109d471c34b8ae25028f9ad11c9c94a6833eba13b049f53107e9840ca1ec0777

Download Submit
/data/data/org.telegram.messenger/files/PersistedInstallation6716686555448029545tmp

Filesize
90B

MD5
55f80a4119fa837c74e8158f2b1cfb70

SHA1
027be06af84fc51e0b8f8cfe15efd63898882d69

SHA256
7caaa3dcd04e09e1301130dce63e8d3a2b91f17281237f296788fcbd6e3bb873

SHA512
aabd1c7017b96afd3558a12e401ed4bfd3b75aa9dac4b3d5136fa1c7d94efc16e9a9f3f698387333eea12361cfa2d78df50c04936a406bc9b6f014070f1d6d39

Download Submit
/data/data/org.telegram.messenger/files/cache4.db

Filesize
4KB

MD5
689eb9d3d2a866648f68f76e6a8c3d46

SHA1
ba65af36973bb4cb831868ec4882ce204bffb597

SHA256
2a8c5af4b19e1144088ff271ec893e963a454107facb5f7155c2ec33cfa17b6a

SHA512
98392c13983b1dea2b080c383bd26cae10b411360df2fe4192bef6c0958b5f6bbff98ad876d2edbd8bd771f0e8519ad9c3cc50ceff56afec569bdae864b14d83

Download Submit
/data/data/org.telegram.messenger/files/cache4.db-journal

Filesize
512B

MD5
6e9eaf29e0361bfedc0386793f27fdf1

SHA1
d9a6e905d099546e19a60f666ec9b0065a7405f4

SHA256
ec81b1b86d632a7bdbeeee49936482a75582d409ea922b6732d55e052726e715

SHA512
5c0028fca87917a49faf4bad9ba2bf5f17b4b12a5a94428209c901ac172455326307691fae78500ec69489b173a673c307ad541593509122e79a4ffcdf05ce87

Download Submit
/data/data/org.telegram.messenger/files/cache4.db-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/org.telegram.messenger/files/cache4.db-wal

Filesize
1.4MB

MD5
a785316c3445fa4438e09948de88add0

SHA1
0ac87090ca55dedd40b573c25758b1c15758f1e4

SHA256
70d5fae0fc55895dff0566fb8c8af9d832c2303ee28e31c7c5118bc341d4155f

SHA512
226e2c054735c501908b0a025b8df1eb7cd05b6ee2d9fd03c1874c34200ac1a1a86a8351c73398be1922380a9f2633f791dcbb675cd031089d61b3cb0a67a6a2

Download Submit
/data/data/org.telegram.messenger/files/tgnet.dat

Filesize
908B

MD5
d76b80c929c4dc2030659a4e34086d30

SHA1
bf60d71fc37ffb88c4d06624dc4101a2587bc184

SHA256
546dbbb250eb993b542a12077e78a893485ed9691c129e32403f1ea5e6272344

SHA512
53c04691a2d5dc711cda0bb075d7e6d92e58505204dccecd07b89016c644b7e628aff4d0b0347b6798f5f4d0a287fa0a2cb8c966dc4a0aee9d9dcd675a94ec21

Download Submit
/data/data/org.telegram.messenger/files/tgnet.dat

Filesize
912B

MD5
2a0abdf7117614e17e04d2fd530ce75b

SHA1
e71311be284d886902b35db863d89048bb22c939

SHA256
10336f2d8b6a23e3bc59fe068180320f14928674e59faae623613b7d5a045773

SHA512
4839c12f1209e60c55bb4aed9ca53a680ba1b8bc419f2e4630ac6bd8aa10ad5e28ca6058194a4ee9963dfb36674be2bcdbae314d4ba920e6b5d9900780440cec

Download Submit
/storage/emulated/0/Android/data/org.telegram.messenger/cache/000000000_999999_temp.f

Filesize
1024B

MD5
0f343b0931126a20f133d67c2b018a3b

SHA1
60cacbf3d72e1e7834203da608037b1bf83b40e8

SHA256
5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef

SHA512
8efb4f73c5655351c444eb109230c556d39e2c7624e9c11abc9e3fb4b9b9254218cc5085b454a9698d085cfa92198491f07a723be4574adc70617b73eb0b6461

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads