badbazaar | 1134bd7a1903c7a56045775f39dc92133b65045c3fbf905386ecd78d6679a1dc | Triage

Submit
Reports

Overview

overview

Static

static

Telegram v...M).apk

android-13-x64

Sharing

General

Target

Telegram v10.12.0 (PREMIUM).apk
Size

51.0MB
Sample

240425-3rva1agc73
MD5

4b339fc216cc99c75bbc9ec98cd07df6
SHA1

627313ba917aefcb110a541be86a694b3e9f9f1f
SHA256

1134bd7a1903c7a56045775f39dc92133b65045c3fbf905386ecd78d6679a1dc
SHA512

fe3904a65b2afbf362bb4c77e0defc471c773670b3b90d5390ca30e9c58a2c202582eeca7fca614dd853d947df3dc42a13b8ef8b1d3b839bacb2fc6bd1702bf7
SSDEEP

786432:D47sCD1zLC4n5+j/HNEr4xjRfZQJ927DxkyQWO37y5cMNKRWcET435Cmug15/wiq:8o1tEUPhG6kyQd2HtVT43G

Score

10^/10

badbazaar android discovery evasion infostealer spyware trojan

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

Telegram v10.12.0 (PREMIUM).apk

Resource

android-33-x64-arm64-20240229-en

badbazaar discovery evasion infostealer spyware trojan

android-13-x64

4 signatures

300 seconds

Malware Config

Targets

- Target
  
  Telegram v10.12.0 (PREMIUM).apk
- Size
  
  51.0MB
- MD5
  
  4b339fc216cc99c75bbc9ec98cd07df6
- SHA1
  
  627313ba917aefcb110a541be86a694b3e9f9f1f
- SHA256
  
  1134bd7a1903c7a56045775f39dc92133b65045c3fbf905386ecd78d6679a1dc
- SHA512
  
  fe3904a65b2afbf362bb4c77e0defc471c773670b3b90d5390ca30e9c58a2c202582eeca7fca614dd853d947df3dc42a13b8ef8b1d3b839bacb2fc6bd1702bf7
- SSDEEP
  
  786432:D47sCD1zLC4n5+j/HNEr4xjRfZQJ927DxkyQWO37y5cMNKRWcET435Cmug15/wiq:8o1tEUPhG6kyQd2HtVT43G
Score

10^/10

badbazaar discovery evasion infostealer spyware trojan
- BadBazaar
  BadBazaar is an Android spyware used by GREF APT group.
  spyware infostealer trojan badbazaar
- Checks CPU information
  Checks CPU information which indicate if the system is an emulator.
  evasion discovery
- Checks known Qemu pipes.
  Checks for known pipes used by the Android emulator to communicate with the host.
  evasion
- Acquires the wake lock
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

badbazaardiscoveryevasioninfostealerspywaretrojan

© 2018-2024

Terms | Privacy