badbazaar | 98e7fbd7bb6f124f589d4232f917858c3522e30108e77aeb1e915208a090f8ca

Analysis

max time kernel
6s
max time network
132s
platform
android_x64
resource
android-33-x64-arm64-20240514-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240514-enlocale:en-usos:android-13-x64system
submitted
19/05/2024, 16:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Telegram.apk
Size

68.1MB
MD5

0bb39a3867b1df844f39b023d1ba4d22
SHA1

1f3cae80d6552ab0699bea5c3fa6c1a3c6ba0b9f
SHA256

98e7fbd7bb6f124f589d4232f917858c3522e30108e77aeb1e915208a090f8ca
SHA512

394f90a8fc3c708031c76fb0c17c762998d4073abe8ba188651a9f78cd47658bc858c82ec42b495c4c4b5a510946c2f1c4422ab2c546e44065e4c805a6325c1b
SSDEEP

1572864:Ta3WA+VaB/D9Weg4KPzI7SwGZiUYsCKPJ5:Ta3Wbw/RxKPzI7LGZig35

Score

10^/10

badbazaar discovery evasion infostealer spyware trojan

Malware Config

Signatures

BadBazaar
BadBazaar is an Android spyware used by GREF APT group.
spyware infostealer trojan badbazaar

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	org.mytelegramer.messenger

Checks known Qemu pipes. 1 TTPs 2 IoCs

Checks for known pipes used by the Android emulator to communicate with the host.

evasion

System Checks

T1633.001

ioc	Process
/dev/socket/qemud	org.mytelegramer.messenger
/dev/qemu_pipe	org.mytelegramer.messenger

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	org.mytelegramer.messenger

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	org.mytelegramer.messenger

org.mytelegramer.messenger
1⤵
- Checks CPU information
- Checks known Qemu pipes.
- Acquires the wake lock
- Checks if the internet connection is available
PID:4319

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/org.mytelegramer.messenger/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
6b1f7c5b31c0eaf49959c858477dbe34

SHA1
ca1e40aa0b1a16737af375e9d62ecf1b178ab54e

SHA256
c0377ae9647bf4fbcd18bd27e2b2057b3a049140ac3d44799d6654e04695feff

SHA512
9488596faa72027a4c53e86b2aac7e874db6266200d04eb9432b7bce5540e606d6d3fce6d2699c09bb8559815a1561e3210e0b94da7b797b0190d84213a015cd

Download Submit
/data/data/org.mytelegramer.messenger/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
21a7580dc177240e6444b024b01c6b6c

SHA1
34b8981905ae2770c5ad0d688ba2fd071353e8f9

SHA256
2e832d791df3409cc29cca0aa4c92cfadf1bd42fceff2c137b7cde95b2120124

SHA512
7251b00e2c5306abfce12a2744a0847d57c9ab7e33f72517e9ee569319a788a7d8d5bebbc42022d6eb47724c8dd3bcba58b759df959b9ffa41a850d81dcd4fa0

Download Submit
/data/data/org.mytelegramer.messenger/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
5fbc0c205fb1ad4bf484dd2a338ef50e

SHA1
00eb032a253f64a98bb0c628541b3840f8bb30c9

SHA256
dda38d611aac1ec2c8e8e5c8b9c19d8d2537122b06344cac56b41fda35ee63e3

SHA512
21c59778da36084d9946e0f83d55e97cb564efe2e47869471e99271c7053e885b8817ce4cba18d1623b180c9a06513e117a76ecbd5ef511a9eeda3113d9e0557

Download Submit
/data/data/org.mytelegramer.messenger/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
97954b1e57d603e1da56d4c65fd7b40f

SHA1
a3e1007b46a309ddf8f950ff20fb14b96d544017

SHA256
0e111ba507e3b83fb64114bd25aedaa4c05473c30954014ae4e970172381242c

SHA512
125dedd768b802e8962563fd2c389302c46b69f9e6a00724e021675c74ce4d1baf085e3079382e2f013e3482af628613c2bdfb4eb0467c0f2e40fbfb1224800e

Download Submit
/data/data/org.mytelegramer.messenger/files/PersistedInstallation7047208839496743042tmp

Filesize
567B

MD5
dadaa49c44b7dc7bc440d8c1c24479bd

SHA1
f37e60fc8608bbed48c2388de4d1f4f42f13472f

SHA256
c3c20d97a503c04561f454bfffcd50a7b74a045ff72c4b7a001a288f8cccf410

SHA512
79d541acf94f39f957741182867bbd458ada9212b35e8b317f3563d3f06fe7d28f523798c2f6346266996fc73cb72bcb40b4f0daa1be2b5de1bca527b14218f4

Download Submit
/data/data/org.mytelegramer.messenger/files/PersistedInstallation8268248630920318688tmp

Filesize
90B

MD5
7cedbbb39fc4d315bdc542bbbd87c179

SHA1
8c475a054fa7559afb572fcc19e96ee813f24978

SHA256
a1449c690aa450aacb7139d5e8a243ad698a656ab9716ab68a5bd3ff60bb0994

SHA512
9e25779cece2653d96f761cd4b07b7fdb81f6d5b80e55e63c8f36a72d422654d8ce7a591ae33f7531e0416f61435bf395c5e28ac10e8606b3beefcbffb2c0311

Download Submit
/data/data/org.mytelegramer.messenger/files/account1/file_to_path.db-journal

Filesize
512B

MD5
367d674623b297dcd96e6b339f6ef252

SHA1
18e2a62c285ae267a0dfdd0b119af9708d6c4f33

SHA256
4ffb04530d97026bd70b17f7dfbcef73899626dbcfd76f4b1e73d3f613aa8591

SHA512
bda17cc5f705c0c78587d2205d17b1497cc8a1b50f62b394c28dc706be7bf6de1035e47ce5bd2309026bb624850e48b7fcbbce7cf86918131da7e9fe044ad290

Download Submit
/data/data/org.mytelegramer.messenger/files/account1/file_to_path.db-journal

Filesize
4KB

MD5
d8d204b0f39f1b8d7505c53a094c5ffb

SHA1
a1839400c4b8cd4edd48785585d7bb9708adbaea

SHA256
4958277720f503c0b24f6919a74651fdbf508936d4871420fbd3860e2702d3ff

SHA512
dd8d12c8de295c26c6377b6feeaee8b69df5740878a80fa1db34182459f03309aafd28fe828b381b49c6dd1d399fed6c0c4bd30cfaa6bb016702efd7a2274d49

Download Submit
/data/data/org.mytelegramer.messenger/files/account1/file_to_path.db-journal

Filesize
4KB

MD5
5fdf4d850f481f25cbd60ff47d2e553c

SHA1
2ac461bfa8cd9fb65c38005103581b2f06b2221b

SHA256
7f021a4963d81939aa4e35a2df61fd6570d950e442176a124595247aa433f278

SHA512
11bfefed5cd96e220a3a242f8cb1a2cd14c9496ffca4e5e5cc08abb596a3e27297aded51dcb585fc42289b633238be42a3896d022a066ebebb2ac64dbbda300a

Download Submit
/data/data/org.mytelegramer.messenger/files/account2/file_to_path.db-journal

Filesize
512B

MD5
2d22f9f0c0f59296d900aba5b4db9dff

SHA1
0f122a9e7b2aad2042276611da5c95f9caaa45c1

SHA256
63e2cbd45e462244b7d300e241b17752f4f5fc31e7faa596c69c6c7bd6d22491

SHA512
7f45e63f68db07e9c6a9f5d8e0affae38815214ca6fef1e4932dbd37ad9643cd314639b196d1788ae8116588b81ec5ff2e311193b36237206ffec88e497487dc

Download Submit
/data/data/org.mytelegramer.messenger/files/account2/file_to_path.db-journal

Filesize
4KB

MD5
1d5b382e13fb810b80315dadeb6ccf9a

SHA1
ae2f35be3d334a4eafe79f8b8d8b0ffa0644b004

SHA256
d269014bffffeb56ebf5d806bc0d8af358006fe4816bba3671468cf4315cf908

SHA512
001d85313ad1090716ea06857ce0884173bb6edf8ae2b6a89c2dfc2c790f71af514d80b7a3a9ba1dcb92d7b679ccc5424e5913bf06ea206f5005ffe9254036e3

Download Submit
/data/data/org.mytelegramer.messenger/files/account2/file_to_path.db-journal

Filesize
4KB

MD5
35e8d595457c2039ec9a00425b2734ca

SHA1
8e0f22f6a08bea238dccd58cadae3b409d2a28f4

SHA256
79d30cd0c8f7b22cb4c0722830888e43a5c95278869e5235893095b295c0364c

SHA512
d8f155bc54ba9eed7503457a36dbf4bd6f52d7f7b58a91968187f2ebfa9c2ad5ff652a825c11c3d2731908bb18dd53e2c9c3d8732c0e6924a2d7c36609f43dd7

Download Submit
/data/data/org.mytelegramer.messenger/files/account3/file_to_path.db-journal

Filesize
512B

MD5
04e417e0c2007c9c6195518468fe624f

SHA1
bb64d24f00ae5306231f879106f9fb6bc245dc54

SHA256
50617bbcb2190dc4a0e919348fe8052b13a945808f4345ba3786ca3503b16c3f

SHA512
5d73b3acd0977ba6e813bb93883e5f9aa4cfeb1a0e8518191f21a6b75494ab762f9ed4f1c2fcb60ae471457c7b5358e43696070524d5dc5f8b6102a433456489

Download Submit
/data/data/org.mytelegramer.messenger/files/account3/file_to_path.db-journal

Filesize
4KB

MD5
2f16577cdcb92b17ec700f4a6b7a8e27

SHA1
6c3c1cb0ae4521822e444bee7062338508aa8cb1

SHA256
324032afe9f66a566253cc0d7d5192500c60dc32d8f4d170f6dfec6226ced624

SHA512
b7996364f95f1143699b7c78ebdc3e77c2b63b2a9754b39300eb61e72d94a3b1707b8ebb8c0ebde965038b813f337bc0f5da04c6b24fc1518c5f1d40a772479e

Download Submit
/data/data/org.mytelegramer.messenger/files/account3/file_to_path.db-journal

Filesize
4KB

MD5
641ca0c674c02a695f8a9cad3abcaa97

SHA1
d7271f55da6a0445e98f5db7e44306d3ff745391

SHA256
bdc55cb1ee263053809ac2654875b6f01a7842066fc61d2ac74281428d24c547

SHA512
162b657157eae13d42a8eaff97f3b0059fd3b5174fcf7fd4efcc2dc0b2e04dba08b68ffa9d016bc07f6720416a7ac96f129159a755dcbb4a851f7f9dbb3b8bd8

Download Submit
/data/data/org.mytelegramer.messenger/files/cache4.db

Filesize
4KB

MD5
3ff674d0f9e82976113f39dca75b8f78

SHA1
fb1bf8a36688935c194e63dd8f18107e7033f5c0

SHA256
d4e1b9bdba21d5fd3b004eb02f191389d2b3e21f5a793af5d27a199f90c5493e

SHA512
41eb558e3b75e601a0fdb733833c5504fc869ba664cb537b2e2c84353218a9dfb7f94b4f20957f38043bf336ffc7a201834e4c4a5217fd2761648ef7cbbdef7e

Download Submit
/data/data/org.mytelegramer.messenger/files/cache4.db-journal

Filesize
512B

MD5
ed90742557a76c94881e0559f5a105ff

SHA1
5605391ea2d118d2d0bbb7cea8730106575ea4c4

SHA256
4be321bc21fd5a688c470831a2eff10963634b93a4b1da615506099863e1a125

SHA512
5a26dab0d5494d91683522f84e07fd142a4dcf646f09134d1475f0fdc2eb43f4ae812b596c0aa0ebf74aa22732200ee9415c93558ea5360f63af44db98690d13

Download Submit
/data/data/org.mytelegramer.messenger/files/cache4.db-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/org.mytelegramer.messenger/files/cache4.db-wal

Filesize
378KB

MD5
f6b024294eda84b9840d06cdc38ecd47

SHA1
75010fa835332040406d2c2626dd874fed81d01a

SHA256
80d0cf867684b56ba7d1d98557f6c795bb552d01e7c7d2fba3ef3e59a7133f50

SHA512
703aa2166b26b4fc2de54f543051fed22082846ec7251a5a06020d2b46272988c97492e667ab2c09798976401a9cf6e231e7f955f599020905b722e8074687e5

Download Submit
/data/data/org.mytelegramer.messenger/files/file_to_path.db

Filesize
16KB

MD5
4f9cbb0fd2337b98e887619ce0b9459b

SHA1
5ceb63fde9f73f58f5ec4bfd22d7ba71fd4e99d4

SHA256
4993c99c1e27d80d8cdf657799c36f535b5e68468c1caed88000c3840a268a75

SHA512
169f8ca60b3dcfb8ac36006d2d075aa6bb34c9c0d3231e52c167cdfa128594b645c1c2cbaf9f637c4853865c170aaf799507413d84c3eb2c2fe24145d6fc1492

Download Submit
/data/data/org.mytelegramer.messenger/files/file_to_path.db-journal

Filesize
512B

MD5
4d14b79956e9c77e558ba940c85d30d2

SHA1
3506aeb94d86b399e44d0e2cd2ede062da1ea160

SHA256
4735c4f97edc1b7a4060c10d021c76907b1d0e028a670165961a3c3b0364541e

SHA512
0e130424c1a0ef34f638d9b5e670744bc7e60c9a30e9c1d19b63fc3a293013b7316fe71f8091ebb60ca5f971e2e92c8621b39e4f8d9d32421012e8ffc91afdc7

Download Submit
/data/data/org.mytelegramer.messenger/files/file_to_path.db-journal

Filesize
4KB

MD5
0beabc338e90e2964a7e1dd0172fad88

SHA1
4deee72cca2f7de3aaf444561fd1ce9378421e07

SHA256
46bd9ecea563dc6357563f902ee37aa2c9cbd77c47c65ebd63f9f77d3224852e

SHA512
debfb49a85274b6f5221fdf7f80ae3d42a5f79d1fc17423a12863414069283fab8e86822a400648b0c2dc5d4cdaaff077ef2592ceeb28fced22ae974eb1ad8b5

Download Submit
/data/data/org.mytelegramer.messenger/files/file_to_path.db-journal

Filesize
4KB

MD5
36e2ab11d4d3698c685f436d148b9b04

SHA1
f925d2904cbff635c1dbc43eadaae06fa2c5df8f

SHA256
a43e98889f48611900d42de2fd2d78ed54393ef0fb2e1c72ac5a2fbde6545dcb

SHA512
b8cfc754b9e036ecbdc3fdd4e56624e078822c672ccc326df6b9a03bb13ac9f3cf7f64bdf386222164c60a144e5ade136fc5ee38cdbfd3d6999181ee466d5e5d

Download Submit
/data/data/org.mytelegramer.messenger/files/tgnet.dat

Filesize
908B

MD5
c47bb29c9d4cb3b21610de295791808d

SHA1
68e649f1e6b51fa060226a533ff749d20eba2cbe

SHA256
87ba94ea393ef6f299d1290f7821e9d4cc3ac1d30562636f8535f265a0f7c4cc

SHA512
61c373865b4bfdc9fcd32e42d4ca5093d988adbd6346dda526400e5c7f489105bca0ab3ac61ec90e8ac73de1186a371660a1e2f6693d484f9d756d88cd1168a0

Download Submit
/data/data/org.mytelegramer.messenger/files/tgnet.dat

Filesize
912B

MD5
2588cf577293ea434e31213451caad15

SHA1
5dd2ec22274a53de59c9e845246b070bfc2f338d

SHA256
eb391f1fe5cb286226e788eb0d3568a3594df60898042f9cf40b080975f5394b

SHA512
58d2ceb04a13ff7e4d546b5838e11f4fe2d4b16e129fd94131439b1cbff9d6b61e3db6a24a6e2a34c1c19f1a9328bfdd179b0f734ea8b64d44b06e1bef83906a

Download Submit
/storage/emulated/0/Android/data/org.mytelegramer.messenger/cache/000000000_999999_temp.f

Filesize
1024B

MD5
0f343b0931126a20f133d67c2b018a3b

SHA1
60cacbf3d72e1e7834203da608037b1bf83b40e8

SHA256
5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef

SHA512
8efb4f73c5655351c444eb109230c556d39e2c7624e9c11abc9e3fb4b9b9254218cc5085b454a9698d085cfa92198491f07a723be4574adc70617b73eb0b6461

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads