badbazaar | 58983b38c45cee9dca42e8d2493f22caef448f430e7de27a982fa10f99510f0d | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

Rubika_3_6...df.apk

android-11-x64

Sharing

General

Target

Rubika_3_6_4_sidufsdf.apk
Size

75.4MB
Sample

240420-yvj7zsgf64
MD5

5d2c5a1192a92c4d114bfb52262d7428
SHA1

26739f37a180f37fb5be1107b582c87f34e6afb8
SHA256

58983b38c45cee9dca42e8d2493f22caef448f430e7de27a982fa10f99510f0d
SHA512

a9128568af1330e9904fbe02c069b4486858bf0ed7394cd1f317052fe5f6ad2a59733f5dd878544a84bd2aeed9266c99ac77cb6da30e5f3b80664ce4b8c9c315
SSDEEP

1572864:mX0eEhVtjZu232OvEgwLezxmvU/Inq04/7231nuC+L:meh7E2326wa8MH0ZICo

Score

10^/10

badbazaar android collection discovery evasion infostealer spyware trojan

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

Rubika_3_6_4_sidufsdf.apk

Resource

android-x64-arm64-20240221-en

badbazaar collection discovery evasion infostealer spyware trojan

android-11-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  Rubika_3_6_4_sidufsdf.apk
- Size
  
  75.4MB
- MD5
  
  5d2c5a1192a92c4d114bfb52262d7428
- SHA1
  
  26739f37a180f37fb5be1107b582c87f34e6afb8
- SHA256
  
  58983b38c45cee9dca42e8d2493f22caef448f430e7de27a982fa10f99510f0d
- SHA512
  
  a9128568af1330e9904fbe02c069b4486858bf0ed7394cd1f317052fe5f6ad2a59733f5dd878544a84bd2aeed9266c99ac77cb6da30e5f3b80664ce4b8c9c315
- SSDEEP
  
  1572864:mX0eEhVtjZu232OvEgwLezxmvU/Inq04/7231nuC+L:meh7E2326wa8MH0ZICo
Score

10^/10

badbazaar collection discovery evasion infostealer spyware trojan
- BadBazaar
  BadBazaar is an Android spyware used by GREF APT group.
  spyware infostealer trojan badbazaar
- Queries information about running processes on the device
  Application may abuse the framework's APIs to collect information about running processes on the device.
  discovery
- Reads the contacts stored on the device.
  collection
- Reads the content of photos stored on the user's device.
  collection
- Acquires the wake lock
- Checks if the internet connection is available
  discovery
- Reads information about phone network operator.
  discovery
- Checks the presence of a debugger
  evasion
behavioral1

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Data from Local System

Protected User Data

Contact List

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

badbazaarcollectiondiscoveryevasioninfostealerspywaretrojan

© 2018-2025

Terms | Privacy