Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

Telegram_v...om.apk

android-13-x64

10

Analysis

  • max time kernel
    6s
  • max time network
    36s
  • platform
    android_x64
  • resource
    android-33-x64-arm64-20240229-en
  • resource tags

    androidarch:arm64arch:x64image:android-33-x64-arm64-20240229-enlocale:en-usos:android-13-x64system
  • submitted
    27/04/2024, 10:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Telegram_v10.12.0_MOD_modded-1.com.apk

  • Size

    72.4MB

  • MD5

    28799f01448c1382eb0bf8dc24ac065a

  • SHA1

    b9de67b8c6c55eda70fc26df5aedb97d4a2b8747

  • SHA256

    e9d16891e6ee12cdc6fcbaa0850de4952653e8474f5c0e45f6c989bd627efb8a

  • SHA512

    146f41c175dca391adee4c12acb4b7525cb232153c4cb1150f23a116d25f947bae4393316d8016b79e45e5f5ee07acc4f61d731674018673d6e84047f14de02b

  • SSDEEP

    1572864:7wogaA6GCK0UzbUqq+L0hfildnsWd5fHYZWsKg624EYaUYB0GR:8J6Gf0Uzbzq+0fq6gJponYa/NR

Score
10/10
badbazaardiscoveryevasioninfostealerspywaretrojan

Malware Config

Signatures

  • BadBazaar

    BadBazaar is an Android spyware used by GREF APT group.

    spywareinfostealertrojanbadbazaar
  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

    evasiondiscovery
  • Checks known Qemu pipes. 1 TTPs 2 IoCs

    Checks for known pipes used by the Android emulator to communicate with the host.

    evasion
  • Acquires the wake lock 1 IoCs

Processes

  • org.telegram.messenger
    1⤵
    • Checks CPU information
    • Checks known Qemu pipes.
    • Acquires the wake lock
    PID:4449

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/org.telegram.messenger/cache/volley/1245846101-986049369
    Filesize

    50KB

    MD5

    2089fb417fd5c468f52e13ff84dc553a

    SHA1

    cb31e053aa463679cc6631e3dbf0f601bfca5ef9

    SHA256

    e323e321e22c8c66d2acfb14a3d8ae5578fc9003a747fe48e0380d513866a16a

    SHA512

    9e9607b926322886f41fcd66f4f03d98cd83ca36a209d04607e5dba74634f15e3bad1aa095caedc9c9f1f232d25ef6b7d1fb2857c9c61bfd042bbfa5b8767142

    Download Submit

  • /data/data/org.telegram.messenger/databases/com.google.android.datatransport.events
    Filesize

    56KB

    MD5

    53cbd36226c3cf9208dcd0c40ebc9348

    SHA1

    63b1b822b21db4750f3af593a4b7b3a04ed19210

    SHA256

    86508eefc2a69c511494a63e265a6fc243fb1afae5a788b8849e17198527a474

    SHA512

    ae1861d4bd40ee7498085d5cd424fa98ba4548bf5ee6ee44a46d55752fe359aba78ab4fbf6b0a9f5c0dce320fe5479de69c7853e827c8e8362b156de28b34898

    Download Submit

  • /data/data/org.telegram.messenger/databases/com.google.android.datatransport.events-journal
    Filesize

    512B

    MD5

    2342a02cac3077d5c8757e0c81b7d32b

    SHA1

    18bf4c1dbf6242bf07507784509a9c64fab0644e

    SHA256

    a73550c278da71fd6966d834dca8e86bf142b9fd42009bbf9d66a4816ae14cc1

    SHA512

    4314fad52d535449fc9e1a4357cbfd58a11622e2a963244451e02bd150b748cee76c8ac9bcde655f0db28684705a14c0153242534b65450b30b5b39e9f2a6908

    Download Submit

  • /data/data/org.telegram.messenger/databases/com.google.android.datatransport.events-journal
    Filesize

    8KB

    MD5

    ccbdb56db8e41d42ef2de744bd898412

    SHA1

    f58efd668e9f216851b95911702b38c964414302

    SHA256

    26b5e6ae11206f4aff089101ef19bce776126c4e0fddea707a7988eb9931f5f0

    SHA512

    1df07449d947ee30fb587989b555ec014fd2d2c3612e06fd992dbb5c51e6e4a4b0c701113e1aeba941d703d83a046d9aabd220d09a39a644f796e9a6c3b765fc

    Download Submit

  • /data/data/org.telegram.messenger/databases/com.google.android.datatransport.events-journal
    Filesize

    8KB

    MD5

    815bdd87f210a775d379539faf2bf16c

    SHA1

    24ff80dc2e3962d89e3f87b2fd8ffa56898187a1

    SHA256

    b98854daaf919f0f03908a281b195dc0112114ba8e0bd25f58f6f8c12ee8d5aa

    SHA512

    24557aee899066d946aea28f12cedba29cf4f9d165831b3a16a668c2860dc43610032209181afb578deea89f8e77249c44c6575f926d46e141cb3c0d3b81b3f4

    Download Submit

  • /data/data/org.telegram.messenger/files/PersistedInstallation5150808522075770292tmp
    Filesize

    90B

    MD5

    03e475f9e572641543ce463ea6f4c9f5

    SHA1

    344a81efe73ff99f0c6381b68bd36eb42018f540

    SHA256

    34047526a4243117269c70a00ea1d0ca7e2f60fe421b883bc11390288bf4d4d0

    SHA512

    496068e99e6ff924a45608b1356aba8c8c695f98ad79cedb0cf5b3a8b7b212352544fa8bb180d9a9f08e6e51eb8791e938e6970f57c8224241fb638c4ccf9cc2

    Download Submit

  • /data/data/org.telegram.messenger/files/PersistedInstallation698611468281382058tmp
    Filesize

    114B

    MD5

    809dd6b8191d0659d509ceccb6ba43b4

    SHA1

    278defe7efe63ec0e7206553c353ba555c907f4f

    SHA256

    1d8d9807d250d3edb4b84819eecc1061e884dd02d4d83f3f4ef06c1739c51166

    SHA512

    7741f40b2a908435ba165c88f22934a70c6dcfa8037c45049ea0360fc666474ba117289272091bb923914abcee145b9a3cf0dfd22620e4d2b83be8cc85b829c6

    Download Submit

  • /data/data/org.telegram.messenger/files/cache4.db
    Filesize

    4KB

    MD5

    689eb9d3d2a866648f68f76e6a8c3d46

    SHA1

    ba65af36973bb4cb831868ec4882ce204bffb597

    SHA256

    2a8c5af4b19e1144088ff271ec893e963a454107facb5f7155c2ec33cfa17b6a

    SHA512

    98392c13983b1dea2b080c383bd26cae10b411360df2fe4192bef6c0958b5f6bbff98ad876d2edbd8bd771f0e8519ad9c3cc50ceff56afec569bdae864b14d83

    Download Submit

  • /data/data/org.telegram.messenger/files/cache4.db-journal
    Filesize

    512B

    MD5

    ea4ed43a8b0e6e61f37f7ef39b2d68bd

    SHA1

    5b8571bfec2bd3b6ea13b089df55d65e6cecddbf

    SHA256

    1e29a12a23ffd6bc1ec633a0a4648ce2805db0aca88050123af4e7fe87eeb1d8

    SHA512

    c82f6769f63e330a48fd6b0dffe9f9c7e18089ad45e2e8e306a0e6de2ac1f7b89fbd1f2a22cb4eca9e21ee0fad0578adeb5704976881e92680d451c8da33a3c5

    Download Submit

  • /data/data/org.telegram.messenger/files/cache4.db-shm
    Filesize

    28KB

    MD5

    cf845a781c107ec1346e849c9dd1b7e8

    SHA1

    b44ccc7f7d519352422e59ee8b0bdbac881768a7

    SHA256

    18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

    SHA512

    4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

    Download Submit

  • /data/data/org.telegram.messenger/files/cache4.db-wal
    Filesize

    2.1MB

    MD5

    aef7c0e5ad95809e1a092d804c92b9b7

    SHA1

    604455953b8045df26fa64eed47ce19cb9191b6e

    SHA256

    19a18a28e52b1b37b8e700759581363eabdda8fe3ff481756bdedd01a6cc22f0

    SHA512

    18cdd5ed33e41dbf8a0d4e7e1fe58fc20e1459cc5af83733b8bd4fc18f734e417d0f596a1bb6051370a025f2c8dfb6d929f791e948de593dfe0fabb39d3dd509

    Download Submit

  • /data/data/org.telegram.messenger/files/tgnet.dat
    Filesize

    908B

    MD5

    1dc3c53ca68c561a770c78082f723a1d

    SHA1

    f7efad37eddfe96f0db253315b8ec57ddbaa157c

    SHA256

    b12f224c19b5383c6d881bfc193d40e65ac44dc07f1bae3bc22a7bd9a506b35a

    SHA512

    9196686639aaccf9dacff9a7cba749bbfd553a10f03c6f3f38487d36968ae82f9b5a968062e87ba35626ab2d2bb25dbd8a29ef95d67d24cf11bf1b8911306b83

    Download Submit

  • /data/data/org.telegram.messenger/files/tgnet.dat
    Filesize

    912B

    MD5

    404a45c6ed34ee796b10b05cae2d1f5a

    SHA1

    d15eb7b15efc6d9e67697a0349dceafe06f6ed6d

    SHA256

    06c01fdd85b395f0be5a65e2adc60b4b6a7c2a4456b8160fbd892bc87dc465ef

    SHA512

    98139860057cfb4c2f8ee2d2fe8e973839b48a24a0339d0af0dddea88378ed1b088228c9cbe7250be5161d200210306986126719fa5b1961175a8883e6d10cd4

    Download Submit

  • /storage/emulated/0/Android/data/org.telegram.messenger/cache/000000000_999999_temp.f
    Filesize

    1024B

    MD5

    0f343b0931126a20f133d67c2b018a3b

    SHA1

    60cacbf3d72e1e7834203da608037b1bf83b40e8

    SHA256

    5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef

    SHA512

    8efb4f73c5655351c444eb109230c556d39e2c7624e9c11abc9e3fb4b9b9254218cc5085b454a9698d085cfa92198491f07a723be4574adc70617b73eb0b6461

    Download Submit