17a0d8c197feaa1dfa63d89713d30a3a02f879f39a35095343ad085be48e6b49 | Triage

Submit
Reports

Overview

overview

7

Static

static

6

Telegram.apk

android-10-x64

7

Telegram.apk

android-11-x64

7

Telegram.apk

android-13-x64

7

Telegram.apk

android-9-x86

7

Resubmissions

20-05-2024 06:38

240520-hegh6aga66 10

Sharing

General

Target

Telegram.apk
Size

72.7MB
Sample

240524-dcf3dsaf89
MD5

3c1c87ec69fe57ae2aca6b24a1c819f8
SHA1

f4c7d1161a6fc09448bf56bb7cf27c3c11d4497d
SHA256

17a0d8c197feaa1dfa63d89713d30a3a02f879f39a35095343ad085be48e6b49
SHA512

c4ce9246fd1b62ada412b12fc03381470d6e2718dac79ce6202859ffe7e262c6b10059bd3a06330115c7ad9e476da29c68ae607b1f8e93f24b94dca271d15080
SSDEEP

1572864:AsI8T/iWuT4CK0EzbUqq+L0h7GldnkWd5fHYZWsKg6U40oq0wXQr25k:1bT/iBcf0Ezbzq+072SgJp6Loqt025k

Score

7^/10

android collection discovery evasion persistence

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Telegram.apk

Resource

android-x64-20240514-en

collection discovery evasion persistence

android-10-x64

9 signatures

300 seconds

Behavioral task

behavioral2

Sample

Telegram.apk

Resource

android-x64-arm64-20240514-en

collection discovery evasion

android-11-x64

7 signatures

300 seconds

Behavioral task

behavioral3

Sample

Telegram.apk

Resource

android-33-x64-arm64-20240514-en

discovery evasion

android-13-x64

4 signatures

300 seconds

Behavioral task

behavioral4

Sample

Telegram.apk

Resource

android-x86-arm-20240514-en

collection discovery evasion persistence

android-9-x86

8 signatures

300 seconds

Malware Config

Targets

- Target
  
  Telegram.apk
- Size
  
  72.7MB
- MD5
  
  3c1c87ec69fe57ae2aca6b24a1c819f8
- SHA1
  
  f4c7d1161a6fc09448bf56bb7cf27c3c11d4497d
- SHA256
  
  17a0d8c197feaa1dfa63d89713d30a3a02f879f39a35095343ad085be48e6b49
- SHA512
  
  c4ce9246fd1b62ada412b12fc03381470d6e2718dac79ce6202859ffe7e262c6b10059bd3a06330115c7ad9e476da29c68ae607b1f8e93f24b94dca271d15080
- SSDEEP
  
  1572864:AsI8T/iWuT4CK0EzbUqq+L0h7GldnkWd5fHYZWsKg6U40oq0wXQr25k:1bT/iBcf0Ezbzq+072SgJp6Loqt025k
Score

7^/10

collection discovery evasion persistence
- Checks CPU information
  Checks CPU information which indicate if the system is an emulator.
  evasion discovery
- Checks known Qemu pipes.
  Checks for known pipes used by the Android emulator to communicate with the host.
  evasion
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Queries account information for other applications stored on the device
  Application may abuse the framework's APIs to collect account information stored on the device.
  collection
- Reads the contacts stored on the device.
  collection
- Reads the content of photos stored on the user's device.
  collection
- Registers a broadcast receiver at runtime (usually for listening for system events)
  persistence
- Acquires the wake lock
- Checks if the internet connection is available
  discovery
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

collectiondiscoveryevasionpersistence

behavioral2

collectiondiscoveryevasion

behavioral3

discoveryevasion

behavioral4

collectiondiscoveryevasionpersistence

© 2018-2024

Terms | Privacy