8f88dfcd8cee616a2f6e896a367a4071fe0eafabfd3d78e991787f56588017e0

Resubmissions

29/05/2024, 07:28

240529-jaxv1sfg74 7

16/04/2024, 17:31

240416-v3y5bshg21 10

Analysis

max time kernel
11s
max time network
351s
platform
android_x64
resource
android-33-x64-arm64-20240514-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240514-enlocale:en-usos:android-13-x64system
submitted
29/05/2024, 07:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Telegram.apk
Size

72.6MB
MD5

9845a13b4294d0a1b379efcb8e8353fe
SHA1

b19f698052619a14251843aae695b11ad797788c
SHA256

8f88dfcd8cee616a2f6e896a367a4071fe0eafabfd3d78e991787f56588017e0
SHA512

1dd2a821a61642ccad0bd91b8e3b844e304791bcb2968bd8b33194d3b260d19005899937a07008565056b38aa869d71b99791a8f39870fc43b905fd71c0b7e03
SSDEEP

1572864:wAq+KnIblheCK0EzbUqq+L0h7GldnkWd5fHYZWsKg6940oq0wXQ4ga1:wWTef0Ezbzq+072SgJp/LoqtXg6

Score

7^/10

discovery evasion

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	org.telegram.messenger.web

Checks known Qemu pipes. 1 TTPs 2 IoCs

Checks for known pipes used by the Android emulator to communicate with the host.

evasion

System Checks

T1633.001

ioc	Process
/dev/socket/qemud	org.telegram.messenger.web
/dev/qemu_pipe	org.telegram.messenger.web

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	org.telegram.messenger.web

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	org.telegram.messenger.web

org.telegram.messenger.web
1⤵
- Checks CPU information
- Checks known Qemu pipes.
- Acquires the wake lock
- Checks if the internet connection is available
PID:4405

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/org.telegram.messenger.web/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
e0039d58c8bbcc1f5cd44938dc1aad57

SHA1
c422220e17c13862154af88785f67a5511e72542

SHA256
f8968b3e3b86956971d7a620aff31d5c5ff75783ac70d0f434e0c2cc90a51d4d

SHA512
6936a0457de049e646fee770f80a5915ae43957df95605628ef26763d296c29dc49efe0bfb751692051c638d21b948d4a9d34bed2ae38542cb63a803e1439f2d

Download Submit
/data/data/org.telegram.messenger.web/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
a4be3ca257b4e84ae964a2a4c8140f81

SHA1
5b1886d7bbfdad8f0bce3b6f60ac7ae68a8b67dc

SHA256
be6e58f62ba706430860b092dafd918cb122618dfdcd1df519de3590a9b155db

SHA512
f56ff61e1d7916b8f4348252f9eca1b928715f672edd35cd4f10b2844300716a6d526a977f46086e04511ca7383b63c5b5a4ac94d787fbb565ca73679e9f0a20

Download Submit
/data/data/org.telegram.messenger.web/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
3a134428bfdeb8f70742b1894e3a9952

SHA1
19c01c97c7d8631433bc934bf576d9365c920ff6

SHA256
b5bbdd2448b560fe3e50e7a35c112036de565db65a1ba7a714983790bdfb5ae6

SHA512
9afbfa7b51ecae22d1d74e3849d484a2c4128e7214681a9780f6fbd67b7850fc9b3e3a812b6947665f0ee8e559de95a1352eda8777f5bfa22790075751124e05

Download Submit
/data/data/org.telegram.messenger.web/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
4dfd228e6dff1d371aee2446907a8e99

SHA1
5de527d5d8a45620f57e8ab01cbc520733ad3f52

SHA256
87b45d3095b576eb75afb569c434b628de122a2e83dc77cd3c3e23b7960897ae

SHA512
3b2bed73515deb999d3ba17a47d776dc8ec64a0a6d47c663c17431947cdff3dc723e2b3bd81165e426a7e5f9b2e3373549fbf12dc9677b086f6bf85eb62ca8f5

Download Submit
/data/data/org.telegram.messenger.web/files/PersistedInstallation298003099324333570tmp

Filesize
567B

MD5
635183409d3d3449b4531f79ace9dae2

SHA1
2f4e7abb4e7e16a7c21bf54541b8835dd3423ba3

SHA256
899c86f809fe2cdd8baf088278498c858905e2755d1582dee2d16536129596f3

SHA512
864a4b21d443d8c628b5b09c7c52dae31ab1c3b562fc4ffedb1f56f6804bfd242a82d0aeefe0920baeb16303c2c51ca5904d3dbb5064c13cc35a7301189255b3

Download Submit
/data/data/org.telegram.messenger.web/files/PersistedInstallation406003376457382106tmp

Filesize
90B

MD5
519b8295e9032b34ee6331876577fe45

SHA1
bc517da5ad440ceafe0d0eff3a0cb9bf0999c6db

SHA256
6cb08d64041fa2371efe0dbba17c2c356a2ef797df56976421e398164c2c56bc

SHA512
4655f489b9d08fbfe82d8649fa02bb3e0d31d1b601248cbe451a6869ed4c2263bfa23be204dda55f5bce05cdf691ba039defe3a0836076d8752a6ca74bd2a528

Download Submit
/data/data/org.telegram.messenger.web/files/cache4.db

Filesize
4KB

MD5
689eb9d3d2a866648f68f76e6a8c3d46

SHA1
ba65af36973bb4cb831868ec4882ce204bffb597

SHA256
2a8c5af4b19e1144088ff271ec893e963a454107facb5f7155c2ec33cfa17b6a

SHA512
98392c13983b1dea2b080c383bd26cae10b411360df2fe4192bef6c0958b5f6bbff98ad876d2edbd8bd771f0e8519ad9c3cc50ceff56afec569bdae864b14d83

Download Submit
/data/data/org.telegram.messenger.web/files/cache4.db-journal

Filesize
512B

MD5
65bcb8ef9bb96a5b61e11530cd533480

SHA1
3366ee17d7418342d8186c668f76cf392e415e38

SHA256
8f154ab12f2eee9c5d5e14ce00fe2394e230a428ee151ca3fac190efb75e63be

SHA512
707e6a1480a1cc6e81e16920bff17e497e55fa660bf73099ef12dd6b3264df895e178dd6b498e94191760afcc559f6b20391a2d4481d1b54c079b904227ee502

Download Submit
/data/data/org.telegram.messenger.web/files/cache4.db-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/org.telegram.messenger.web/files/cache4.db-wal

Filesize
1.3MB

MD5
b31a228b00cc2d57c5b7779a2daf64ee

SHA1
c8ab3060fe96178ebb74c491b1795af11462d24c

SHA256
0e0c47f602b1b264d2df29879610bf1b51999069bfacf3cc6fa658fb7297adb5

SHA512
c1f6e1a73ffabf25540007a01c8a38dcb785e40f9ff2f2f6776c2b02ec56c020bc648c6f316b7e3d49478702de86e280e99ece30b14a49e9cd5869a3916f3262

Download Submit
/data/data/org.telegram.messenger.web/files/tgnet.dat

Filesize
908B

MD5
bc43c33d4baec1e68dd1f21f2f3998a4

SHA1
cf7b090a7425e4fd783274374d6a52cc3155df2b

SHA256
cdd44f5ca8221fde0e0dd9cd9c915e3483bed5c9a8887a01da80bc6149cd18df

SHA512
98c24cdb5cfdda05f9d1031b70c08f75e95473031c614c44cfa9bad4b2f460f1e811e39d09467581b7261a663e414d13d410b7c14b617dda5f5ff12092a94a7e

Download Submit
/data/data/org.telegram.messenger.web/files/tgnet.dat

Filesize
912B

MD5
2f0af8ab5f0ab48072607e7470c7463e

SHA1
6138b882d5c7674485780c6dfb0bdcbdf5910dee

SHA256
da60c5771265f415ccd136daea5af499b3a4203f8b7a71907dbe8b36bafce6c4

SHA512
d43ef2337b2dce6e0964380df4a0a9e612870288607d1d61119422e23227628f0c9edd720287a857fbffbe01d2f7a26fbfe1960874ef8a5c2ce6426f4763e88b

Download Submit
/storage/emulated/0/Android/data/org.telegram.messenger.web/cache/000000000_999999_temp.f

Filesize
1024B

MD5
0f343b0931126a20f133d67c2b018a3b

SHA1
60cacbf3d72e1e7834203da608037b1bf83b40e8

SHA256
5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef

SHA512
8efb4f73c5655351c444eb109230c556d39e2c7624e9c11abc9e3fb4b9b9254218cc5085b454a9698d085cfa92198491f07a723be4574adc70617b73eb0b6461

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads