badbazaar | 8f88dfcd8cee616a2f6e896a367a4071fe0eafabfd3d78e991787f56588017e0 | Triage

Resubmissions

29/05/2024, 07:28

240529-jaxv1sfg74 7

16/04/2024, 17:31

240416-v3y5bshg21 10

Sharing

General

Target

Telegram.apk
Size

72.6MB
Sample

240416-v3y5bshg21
MD5

9845a13b4294d0a1b379efcb8e8353fe
SHA1

b19f698052619a14251843aae695b11ad797788c
SHA256

8f88dfcd8cee616a2f6e896a367a4071fe0eafabfd3d78e991787f56588017e0
SHA512

1dd2a821a61642ccad0bd91b8e3b844e304791bcb2968bd8b33194d3b260d19005899937a07008565056b38aa869d71b99791a8f39870fc43b905fd71c0b7e03
SSDEEP

1572864:wAq+KnIblheCK0EzbUqq+L0h7GldnkWd5fHYZWsKg6940oq0wXQ4ga1:wWTef0Ezbzq+072SgJp/LoqtXg6

Score

10^/10

badbazaar android collection discovery evasion infostealer spyware trojan

Malware Config

Targets

- Target
  
  Telegram.apk
- Size
  
  72.6MB
- MD5
  
  9845a13b4294d0a1b379efcb8e8353fe
- SHA1
  
  b19f698052619a14251843aae695b11ad797788c
- SHA256
  
  8f88dfcd8cee616a2f6e896a367a4071fe0eafabfd3d78e991787f56588017e0
- SHA512
  
  1dd2a821a61642ccad0bd91b8e3b844e304791bcb2968bd8b33194d3b260d19005899937a07008565056b38aa869d71b99791a8f39870fc43b905fd71c0b7e03
- SSDEEP
  
  1572864:wAq+KnIblheCK0EzbUqq+L0h7GldnkWd5fHYZWsKg6940oq0wXQ4ga1:wWTef0Ezbzq+072SgJp/LoqtXg6
Score

10^/10

badbazaar collection discovery evasion infostealer spyware trojan
- BadBazaar
  BadBazaar is an Android spyware used by GREF APT group.
  spyware infostealer trojan badbazaar
- Checks CPU information
  Checks CPU information which indicate if the system is an emulator.
  evasion discovery
- Checks known Qemu pipes.
  Checks for known pipes used by the Android emulator to communicate with the host.
  evasion
- Queries account information for other applications stored on the device.
  Application may abuse the framework's APIs to collect account information stored on the device.
  collection
- Reads the contacts stored on the device.
  collection
- Reads the content of photos stored on the user's device.
  collection
- Acquires the wake lock
behavioral1

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Protected User Data

Contact List

Stored Application Data

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

badbazaarcollectiondiscoveryevasioninfostealerspywaretrojan