badbazaar | 98e7fbd7bb6f124f589d4232f917858c3522e30108e77aeb1e915208a090f8ca

Analysis

max time kernel
6s
max time network
140s
platform
android_x64
resource
android-33-x64-arm64-20240514-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240514-enlocale:en-usos:android-13-x64system
submitted
19/05/2024, 16:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

98e7fbd7bb6f124f589d4232f917858c3522e30108e77aeb1e915208a090f8ca.apk
Size

68.1MB
MD5

0bb39a3867b1df844f39b023d1ba4d22
SHA1

1f3cae80d6552ab0699bea5c3fa6c1a3c6ba0b9f
SHA256

98e7fbd7bb6f124f589d4232f917858c3522e30108e77aeb1e915208a090f8ca
SHA512

394f90a8fc3c708031c76fb0c17c762998d4073abe8ba188651a9f78cd47658bc858c82ec42b495c4c4b5a510946c2f1c4422ab2c546e44065e4c805a6325c1b
SSDEEP

1572864:Ta3WA+VaB/D9Weg4KPzI7SwGZiUYsCKPJ5:Ta3Wbw/RxKPzI7LGZig35

Score

10^/10

badbazaar discovery evasion infostealer spyware trojan

Malware Config

Signatures

BadBazaar
BadBazaar is an Android spyware used by GREF APT group.
spyware infostealer trojan badbazaar

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	org.mytelegramer.messenger

Checks known Qemu pipes. 1 TTPs 2 IoCs

Checks for known pipes used by the Android emulator to communicate with the host.

evasion

System Checks

T1633.001

ioc	Process
/dev/socket/qemud	org.mytelegramer.messenger
/dev/qemu_pipe	org.mytelegramer.messenger

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	org.mytelegramer.messenger

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	org.mytelegramer.messenger

org.mytelegramer.messenger
1⤵
- Checks CPU information
- Checks known Qemu pipes.
- Acquires the wake lock
- Checks if the internet connection is available
PID:4318

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/org.mytelegramer.messenger/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
2795de5009fc127efec3b35b0197d527

SHA1
0aa023b5c42ddf7ddd224ee862d6bbc8e0e18328

SHA256
ae335086ab5fb945445e65129dc6c497ab54eff3962c984cc3960b886443f91f

SHA512
0d434a2509bfa360377654b0c099f30af8924b0f1c0e40ba746fe1d610b9a6394ae9fb59c71f97d703cfe96416af40bd3bf3e71b6320e82d34e0d8656f4cf055

Download Submit
/data/data/org.mytelegramer.messenger/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
17b1b1070a394d12c6bd39447c0d0241

SHA1
aa1cb9d25ff2b938173b893537a6c21e24498047

SHA256
071327a36e2c6ce02a0e85e6e0217874010fa26aa125998c60d46e7a1e675f0d

SHA512
4bdaf3fdf411498fc28c007ab28f9b54315c666952673839ba42a91815b4fab92701e0096a1cd522f5af90ed3c10bdfa2b9abb59407b62cd4a642c42f2986e3f

Download Submit
/data/data/org.mytelegramer.messenger/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
cb7c697f2ff5132eb59cd8af159745f7

SHA1
1344ba5f2e44ea45cd949dfa6800116f04b723d5

SHA256
3c35486bde116b0c8af582598fd2ba99f569982694d82631cd97e3d6376ddf14

SHA512
bb01df4d69c65fd30f53dcd05b5073d7babeb6c0a763fb379ed6311b0ac1ba03854b612ddd528aef29d2637c1303636a7bed04e51462826e60b46a5bc5318b9c

Download Submit
/data/data/org.mytelegramer.messenger/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
8966d4f76dbbb99048c27b24941f9e7c

SHA1
345c3828a2697245d1b92403041195fb366868e0

SHA256
e7746b1e912d7fea9db516c77b1dac7c807cf89b140fc3cd97ef854926936d7b

SHA512
aae8e99e1734fd0e893a5ce9115f34878aa870a5a8fb2e7bddeeb771efbe82cfe29da04eac0dea7802e525412682c060c4bd4a5b916f190a94aa294829b81c6f

Download Submit
/data/data/org.mytelegramer.messenger/files/PersistedInstallation4005188083067243862tmp

Filesize
90B

MD5
86843fd7960be6e8edf976e5d89ab3dd

SHA1
9bf3ef953597ae90a1b77f5a9d498827e4e7a192

SHA256
08e9e0278df298674b7375668badc39056197763d3af55fd870fb46b4595bf85

SHA512
e136386006ace06bd1ae265a7f0bf50d5e7f0f6fe41f1e158eb8f2f051017efbe10981b94c2f29b451c4836678591b98fc6ce6e743408148f19835592ae80b2d

Download Submit
/data/data/org.mytelegramer.messenger/files/PersistedInstallation5085191585604731175tmp

Filesize
570B

MD5
791a6abf02b7d7f5598282eb3a4de24e

SHA1
052396239bfe5771bb7c4d13f34f2baa1f360b50

SHA256
2e39dfd583f96765241b4cb27ce1209999b6bec5fea214efa6ff1b45bc4b05a8

SHA512
5cc7e040b20694f823316f90731ef0b0fc7f280b113293c46d138691af7c2cfd8a50d03592e1ebe6e043d303b56db7f03389898e2107ad01a62016ca84fe83ab

Download Submit
/data/data/org.mytelegramer.messenger/files/account1/file_to_path.db

Filesize
16KB

MD5
4f9cbb0fd2337b98e887619ce0b9459b

SHA1
5ceb63fde9f73f58f5ec4bfd22d7ba71fd4e99d4

SHA256
4993c99c1e27d80d8cdf657799c36f535b5e68468c1caed88000c3840a268a75

SHA512
169f8ca60b3dcfb8ac36006d2d075aa6bb34c9c0d3231e52c167cdfa128594b645c1c2cbaf9f637c4853865c170aaf799507413d84c3eb2c2fe24145d6fc1492

Download Submit
/data/data/org.mytelegramer.messenger/files/account1/file_to_path.db-journal

Filesize
512B

MD5
eb8bc1c67a26217525ece691a730de6d

SHA1
2c2c285d515eb6486f785ce7ab6c7b25f091b50d

SHA256
1c1000c7f571cffe647abbf993ec41c13a61700753c86c1c30bfbc4a6e6772db

SHA512
172c878a621d1805675736ea75d282e3e8bcef945e9b5ea35e75d2c240a03786ee027e218361f1aaf02a6f89bda04cbd371849d0c458615d75b4a6af43891c66

Download Submit
/data/data/org.mytelegramer.messenger/files/account1/file_to_path.db-journal

Filesize
4KB

MD5
ff784901f57e4e58b677cab227de2dab

SHA1
69d061944981e8bfb22e40977fd23c7843c7f536

SHA256
361bd1780f0de8bdd479a73d2ef3f1dc47bb59683e41e2c984fae29c807768c9

SHA512
937be0986cb5418396e3bf62166b43ddf073b39df47fd50c709835767706c4bfc1d0582a5debc192ce6ab12d1e326bb4c7d2f1e6c80f4d1a6aea1d615c5ada4d

Download Submit
/data/data/org.mytelegramer.messenger/files/account1/file_to_path.db-journal

Filesize
4KB

MD5
a6b188970085923f6ea800da513412f8

SHA1
030c078935dffa3fef4804c1508a52db53e74a7f

SHA256
32203eded6fe1a062b9ab6bb17184530bce36fd9878875c3d27a8244a6020eab

SHA512
f99555b169c0553e249347bfc13d6fed4efdbb4bfcb35f23fcea78501c187eb0f362137bd3bd5a6609f3e22248be4f947f1f11367245032c6f672f59cf077fc8

Download Submit
/data/data/org.mytelegramer.messenger/files/account2/file_to_path.db-journal

Filesize
512B

MD5
63af75f6c6f7c09ca7bd99ec0658f028

SHA1
fe1c812c0e0ec110052453077997c0c831fe9250

SHA256
eb80fb9a003eb334105b10f02d9420f9d9ef62e33c2427537838d36858a73d1a

SHA512
150a068213c13e349ef80e79979eb451a40da23ad5f61fe53ba00fbcdda277f599a237ce179a8407f27c0771c73f8162afc0b524d4212858f1a62bcd34206693

Download Submit
/data/data/org.mytelegramer.messenger/files/account2/file_to_path.db-journal

Filesize
4KB

MD5
15f6436e852e49c2ecf056f9b8e8df4c

SHA1
440234bc46b3f6734c723430630ce64e106eee8c

SHA256
e19db72708cde00994314ef482d802c8ef780544686b5d95e7bbdfaf493e9c83

SHA512
02222971b980941fa01bd4fead6e1f578651a46797d048e7f2023f43483e5e083ca0a3187aed7537d0fb794dc0c52fb835f7516bdd5041ea7cafa215a3cd3e25

Download Submit
/data/data/org.mytelegramer.messenger/files/account2/file_to_path.db-journal

Filesize
4KB

MD5
4c2b6d53c3473684c118ea54245f6518

SHA1
65550a129082bd054a4a5f0a46af98cddfc71feb

SHA256
9830e322717e720427d872103280f99ccc0a4a52042aca31c7c51f42be88b35d

SHA512
65679597338e37c8f32e2b8bfce971a157ae71e640c8b001da2fac3e24e290ae7d1a9dc4dce4de70628e9ed9b8a15d5806917914bd8dbaccec27e4c60def8791

Download Submit
/data/data/org.mytelegramer.messenger/files/account3/file_to_path.db-journal

Filesize
512B

MD5
8929d9a9f88b6228353f8be70935bf5b

SHA1
f4c485faa35343346c4961ef05fe1bc253b91027

SHA256
49f5ffdea5a9c45263b109578d102e69aff34e5ea7c2182841ad919dd9e0ee05

SHA512
a5f77826392fb4a38dc0861076680279c9f1991ade05315c47e6ad915951bd351ad29db9b0129967ffdb6b011f4db2f3e7c9a27f0acb25dda9cbf3af81dbc981

Download Submit
/data/data/org.mytelegramer.messenger/files/account3/file_to_path.db-journal

Filesize
4KB

MD5
e1a122babe936b3447be13f64e43d0ec

SHA1
903cb8487e664afae5e4f321ebf3eb8b5e222014

SHA256
874be87245ff28ac52b37c0552fc2fe2823f237cfb06fa1c21c913866e8bf670

SHA512
79e6418ac32e1300c63fa033318a3ee616680e397a63aa0a9b661fadc4c0bbd3df56c2e0e51fc39dc48088e23206e4e80ec51af8231b079dce0eb50dfcd2cd15

Download Submit
/data/data/org.mytelegramer.messenger/files/account3/file_to_path.db-journal

Filesize
4KB

MD5
7aa2be488c5a1ad03d4c6a214606b5e2

SHA1
8ad6f7a9f05adb9982fba7d7c9ed056a8b1f8abb

SHA256
08a17107bef77657e79d2bdea4dd3ec473ed63d3d24eeeb318994883db5ffa7b

SHA512
1a1a12b36728cb0a60a65025af3de66a6f7851fda2acff7845b69dd46ef33cbc0f24f35d095da201bd64a8b8b09e2ad6cb8181734e2674992cfc865f713eea40

Download Submit
/data/data/org.mytelegramer.messenger/files/cache4.db

Filesize
4KB

MD5
3ff674d0f9e82976113f39dca75b8f78

SHA1
fb1bf8a36688935c194e63dd8f18107e7033f5c0

SHA256
d4e1b9bdba21d5fd3b004eb02f191389d2b3e21f5a793af5d27a199f90c5493e

SHA512
41eb558e3b75e601a0fdb733833c5504fc869ba664cb537b2e2c84353218a9dfb7f94b4f20957f38043bf336ffc7a201834e4c4a5217fd2761648ef7cbbdef7e

Download Submit
/data/data/org.mytelegramer.messenger/files/cache4.db-journal

Filesize
512B

MD5
974a38986b91b5284b96da51cfdf2ecf

SHA1
b275e314753c4aa3317a89fa06665a280b5303e2

SHA256
788ec9f30d5936de07201040b9da609a6a6729de91ccbf19e4dfe864ed7ef550

SHA512
4c24edf141956e3f72a20b981ad50835a1795b7979bf3dcb773ad50b9a92c3d5462fa53a17e41f644e277f9586bb992940174f1fd3829c545d72132de7a11728

Download Submit
/data/data/org.mytelegramer.messenger/files/cache4.db-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/org.mytelegramer.messenger/files/cache4.db-wal

Filesize
1.3MB

MD5
e0124a3cbe94eb388dd26db898318b0d

SHA1
0cb56071434cfca8fd65a5b5afe35e36342b1caa

SHA256
a4777262844e1d017a5704b0cbb1910329afa4b70ed4cfd54f90296f2638767b

SHA512
a4275cb0a42b426553dba56054c3a312553bd6c807105245dae711e86e43bc8f35a55be63037cc29c8a051f098e28a4708a40cc5c0f861c68c5eacf5e363969c

Download Submit
/data/data/org.mytelegramer.messenger/files/file_to_path.db-journal

Filesize
512B

MD5
d1a90bbf154153bf328f7451d8f6ceec

SHA1
3f647238b7afb4c2831cbc2a3dbe1e0bbb00264c

SHA256
acd4993eff4ef9219c08d2f17e1128b90906b5e43754cfb1abc0bb3513e53f98

SHA512
1359072e5a21ed6d64f3e6663d87d457e5ee94aa86aef4a1dc320e54b4b5c52b63494a7a8eb1ce33ba2877dc1f033149052bdea936bbcc70112b3dd1701154c0

Download Submit
/data/data/org.mytelegramer.messenger/files/file_to_path.db-journal

Filesize
4KB

MD5
342c3fd30d8e306eca410f779125b6e1

SHA1
57e2563adba286ebded40983430b565c8a70ffb5

SHA256
62ddd279e776758c4f60e865ac8e3abd6e620657e24594619a9f6eea843548fc

SHA512
43a611175c790a99d8eb75506476c12eab852976b504260285f379193733a7ce04ecd6cb4becf162734e596f1bd129f2309dc51d958686ac83f4f17b1e03f3bc

Download Submit
/data/data/org.mytelegramer.messenger/files/file_to_path.db-journal

Filesize
4KB

MD5
28ce1ddd87306ed614360244f15c09c0

SHA1
09d5e21fed97a54580d4c3d5867fa39e756480a2

SHA256
a686576e70c729a1b956095027b24be8921f6766eae209c98354ce29d8f1e5e7

SHA512
e9e2e731bdb8ba2d2c40c6f9ae428586e50a9508dbebca468e150eeb097a4ab34535a1e17b4e06c1927c082d0e2c0580c10138b4616c761c9a89bd4ffa942f93

Download Submit
/data/data/org.mytelegramer.messenger/files/tgnet.dat

Filesize
908B

MD5
b6a70a6adcf7754f25813cc0b197a7ec

SHA1
0a981c5ea66507b7b42392c75e781f5585327eb2

SHA256
29833e6d132d9388e9acccb2fb53daf1d88aaf611f5f69cc1431212696aa6a55

SHA512
c1d202b540baf9b40dcb78c4ea057d754f216cfd83d526d006b5891d115a809ca6034a5018cca391e03469a0daea83ca8885291e4946adb15b486822acc76075

Download Submit
/data/data/org.mytelegramer.messenger/files/tgnet.dat

Filesize
912B

MD5
003869e6b0bc6660a70d7bebcdf5a4ee

SHA1
f0280623a3fa3a4ce7c3d0ba0f7871eef763b347

SHA256
26f27605a09745eb3b8286b33a76818154dcf6a4e5f69c96d0a3acaca4b3a864

SHA512
0e0ec5d60a7389a5dc332b2d5c9e522bdccbbe4c951b1f4962086f99318b9518ac5e99296a2b7dee21d55f3263c37a173ac34546ab8208d84a0dcc5462ae506d

Download Submit
/storage/emulated/0/Android/data/org.mytelegramer.messenger/cache/000000000_999999_temp.f

Filesize
1024B

MD5
0f343b0931126a20f133d67c2b018a3b

SHA1
60cacbf3d72e1e7834203da608037b1bf83b40e8

SHA256
5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef

SHA512
8efb4f73c5655351c444eb109230c556d39e2c7624e9c11abc9e3fb4b9b9254218cc5085b454a9698d085cfa92198491f07a723be4574adc70617b73eb0b6461

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads