17a0d8c197feaa1dfa63d89713d30a3a02f879f39a35095343ad085be48e6b49

Resubmissions

20-05-2024 06:38

240520-hegh6aga66 10

Analysis

max time kernel
6s
max time network
342s
platform
android_x64
resource
android-33-x64-arm64-20240514-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240514-enlocale:en-usos:android-13-x64system
submitted
24-05-2024 02:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Telegram.apk
Size

72.7MB
MD5

3c1c87ec69fe57ae2aca6b24a1c819f8
SHA1

f4c7d1161a6fc09448bf56bb7cf27c3c11d4497d
SHA256

17a0d8c197feaa1dfa63d89713d30a3a02f879f39a35095343ad085be48e6b49
SHA512

c4ce9246fd1b62ada412b12fc03381470d6e2718dac79ce6202859ffe7e262c6b10059bd3a06330115c7ad9e476da29c68ae607b1f8e93f24b94dca271d15080
SSDEEP

1572864:AsI8T/iWuT4CK0EzbUqq+L0h7GldnkWd5fHYZWsKg6U40oq0wXQr25k:1bT/iBcf0Ezbzq+072SgJp6Loqt025k

Score

7^/10

discovery evasion

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

org.telegram.messenger.web

description ioc process

File opened for read /proc/cpuinfo org.telegram.messenger.web
Checks known Qemu pipes. 1 TTPs 2 IoCs
Checks for known pipes used by the Android emulator to communicate with the host.
evasion

System Checks
T1633.001

Processes:

org.telegram.messenger.web

ioc process

/dev/qemu_pipe org.telegram.messenger.web
/dev/socket/qemud org.telegram.messenger.web
Acquires the wake lock 1 IoCs

Processes:

org.telegram.messenger.web

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock org.telegram.messenger.web
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

org.telegram.messenger.web

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo org.telegram.messenger.web

description	ioc	process
File opened for read	/proc/cpuinfo	org.telegram.messenger.web

ioc	process
/dev/qemu_pipe	org.telegram.messenger.web
/dev/socket/qemud	org.telegram.messenger.web

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	org.telegram.messenger.web

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	org.telegram.messenger.web

org.telegram.messenger.web
1⤵
- Checks CPU information
- Checks known Qemu pipes.
- Acquires the wake lock
- Checks if the internet connection is available
PID:4375

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/org.telegram.messenger.web/databases/com.google.android.datatransport.events
Filesize
56KB

MD5
62d4dc6cd91c6c80de0f4a2802e2ece3

SHA1
c805e107627d5711f138b8f83facb573d043034a

SHA256
cfc5a8dca2b969ebbe0af258897c9661143cf60cd96d17044faffb2e614d4bd3

SHA512
dd22691b513f2e0263e010337fb75f5e1a5b2313a3332003d1ed9e315577006e906a28a919fbd015bbb270faa967075bbeac6f83fbb48dfa34685796ed7800dd

Download Submit
/data/data/org.telegram.messenger.web/databases/com.google.android.datatransport.events-journal
Filesize
512B

MD5
f4a97d9e1646d69df89b0df7cd6a80a6

SHA1
a70571e362c81de33649830d3d6509f5229dc35b

SHA256
731983ed3f4e06b8708acebb4d5e7a17f65a9138f072873725d1c52b7c25d1d8

SHA512
38ae65fa891daa901c9af44f0ed57a18341380a47fdefe25c4da103408a9974e339d19b6e98a62516dd8605749d06785b4931ed59bf8e81cd93e3cd4bb1c0fc4

Download Submit
/data/data/org.telegram.messenger.web/databases/com.google.android.datatransport.events-journal
Filesize
8KB

MD5
aa5cb819bbe4f3371b15f6bb16a8c4d0

SHA1
6195af5dc250553941e739f3c50ae1d2175417c3

SHA256
8af598a73ad8f6eb34973f741d96ba18031dd55d12b4a82a50687ccd1d8c91cb

SHA512
9f6bb8e1268d75fc7509b1fce484936bf0e0c5187b6aa1e348aeb67273f735356130b07b09f3fad3f85d8add245d53b4ebc2ed5c1a53457af7965c40aad5f13e

Download Submit
/data/data/org.telegram.messenger.web/databases/com.google.android.datatransport.events-journal
Filesize
8KB

MD5
df271221486c97362e767be0dfc8f3fe

SHA1
dddb53ecb78aff0ac3b72729e4782e33e30ac96d

SHA256
ef7ee5b0348c4726f844d367b79b420dda60c0686db07d1489f821ab6bc6eb99

SHA512
ba1f4753570891ddfb909fc311721b0c35882d7e13ab5908000da60dbfc245d114a72c5b0817534147428cd0de854e2e99232240762066f2ad4209bacd739c42

Download Submit
/data/data/org.telegram.messenger.web/files/PersistedInstallation8397277840471497989tmp
Filesize
569B

MD5
92d7f98eb9c8ae175ecf9f4e311a012f

SHA1
8b3a36a26f488ca83571b3d5e06a32ca9e5aa87a

SHA256
8c8b1230e9402f375064e5feaf39baeceaddebf851296d277b566926c8517b75

SHA512
8cc4be2c9119f247d17760c2add3b480b37a0b0d0e334caef06094018835b18c75b968616ada0e154af89b0d02a8ef2949587ecf78f70e58da5b8ee2aa2ecfa0

Download Submit
/data/data/org.telegram.messenger.web/files/PersistedInstallation983751142855409262tmp
Filesize
90B

MD5
6b8be6ec8aae6fcae60df390b139db74

SHA1
0a686ac585e2a2992a0cdad9cbda993ce3ce4e1f

SHA256
691f64f412095b4d2d54bb26c76542f6a40ef0d2f870b64757d822915c9a3f52

SHA512
1446c8230a1d981ed9da43d888e19bd456db1c8569080600fb3c8381356e6fe1b08e7e8614dc3977518a34723d9ee93b40f6256305cd01c78c4abfb476c56646

Download Submit
/data/data/org.telegram.messenger.web/files/cache4.db
Filesize
4KB

MD5
689eb9d3d2a866648f68f76e6a8c3d46

SHA1
ba65af36973bb4cb831868ec4882ce204bffb597

SHA256
2a8c5af4b19e1144088ff271ec893e963a454107facb5f7155c2ec33cfa17b6a

SHA512
98392c13983b1dea2b080c383bd26cae10b411360df2fe4192bef6c0958b5f6bbff98ad876d2edbd8bd771f0e8519ad9c3cc50ceff56afec569bdae864b14d83

Download Submit
/data/data/org.telegram.messenger.web/files/cache4.db-journal
Filesize
512B

MD5
fc8af8cb3e8ab0c52933e4279134f6c4

SHA1
8f3ea446c067afeff3fa11295f0782e2d354c0af

SHA256
0dd693259dbf3e4a5e6f70841389d41f89af377fb856482b1465c483dc8c4c9b

SHA512
8280fe9f3633991c5d196a3b618a12cdec32a6d412f3e793b3b13b2e190b81aa451ac54b3ba1e179003848cf41f35e14d95ba5be8e00d1914a67be5b0c3f2429

Download Submit
/data/data/org.telegram.messenger.web/files/cache4.db-shm
Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/org.telegram.messenger.web/files/cache4.db-wal
Filesize
1.1MB

MD5
e777cfb2aa939ce7d32be791562c7ca2

SHA1
62bcca332d012156ef66574200134110fdd5a610

SHA256
81333372fe6b2b3b891ac0bc264c4eeb5b8525ce8ad98c37850deb95f21352a0

SHA512
a06a167ff422e0b190f53595eb41feddb35858006ab8c1b6ec1a6b08f269697935470a6599127c16b7d7a27b8ad4b7bb2a720260d927db89ae5118c9b9305cfc

Download Submit
/data/data/org.telegram.messenger.web/files/tgnet.dat
Filesize
908B

MD5
2e4fbaf3763e4779340996123ec93011

SHA1
b9364dd40bcfcf4595071e61ccbde6045f560913

SHA256
c1557b20eb45c76a6b84b3ff2f986d8226110892bac62fd66939237b1ae38e34

SHA512
1dc9841463d79a8e4c22d4f2dd0720c18c2f0cd4da95999568533327e7d19d9bef27d443826cf1d910847704fe60c674e749ab73a8b94d82a76857f42c299459

Download Submit
/data/data/org.telegram.messenger.web/files/tgnet.dat
Filesize
912B

MD5
dad0e3949fd74084f65ea3778f02ba44

SHA1
3d091e3a08a83f64d3ece58a4e0b1c701218179a

SHA256
4a891f1b390fc4ce02bd1451c924b35b4b583fdf6ce716770b0c6e9c635500e0

SHA512
22bc255df57bc55494fd0cef21f73533e5f350a96f3736bac739097c77ba7a41b19db1408004b836d480420a33f647fc9baa976019f6c9c8005101dfded54650

Download Submit
/storage/emulated/0/Android/data/org.telegram.messenger.web/cache/000000000_999999_temp.f
Filesize
1024B

MD5
0f343b0931126a20f133d67c2b018a3b

SHA1
60cacbf3d72e1e7834203da608037b1bf83b40e8

SHA256
5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef

SHA512
8efb4f73c5655351c444eb109230c556d39e2c7624e9c11abc9e3fb4b9b9254218cc5085b454a9698d085cfa92198491f07a723be4574adc70617b73eb0b6461

Download Submit