8a9a742f17eb05a0a96f0eabaa568da92c9bf4aa040bbed0d1593b42ab90ba5b

Analysis

max time kernel
12s
max time network
141s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
26-07-2024 13:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

TelegramMessenger_8.2.7_APKPure.apk
Size

59.5MB
MD5

f76b68118af5f4ed9ab9db1324f92b95
SHA1

f044aed5cf92d361510fd417dcddd88ae8f6e835
SHA256

8a9a742f17eb05a0a96f0eabaa568da92c9bf4aa040bbed0d1593b42ab90ba5b
SHA512

a33332cb84e66812871ed7591c01aa24ecb0fd38a31d583957f215ff5b377b2531f4ce7276a846cec231d4c195528b86e0abdc84cddf919d6255483d2325abb0
SSDEEP

1572864:bYLNIqBfC3eMoRBT8TYBi8eCkZsTpu+aiD7v:bYLiDkV8MiRCkE7ainv

Score

7^/10

collection discovery evasion persistence

Malware Config

Signatures

Checks known Qemu pipes. 1 TTPs 2 IoCs
Checks for known pipes used by the Android emulator to communicate with the host.
evasion

T1633.001

Processes:

org.telegram.messenger.web

ioc process

/dev/qemu_pipe org.telegram.messenger.web
/dev/socket/qemud org.telegram.messenger.web
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
collection

T1409

Processes:

org.telegram.messenger.web

description ioc process

Framework service call android.accounts.IAccountManager.getAccountsAsUser org.telegram.messenger.web
Reads the contacts stored on the device. 1 TTPs 1 IoCs
collection

T1636.003

Processes:

org.telegram.messenger.web

description ioc process

URI accessed for read content://com.android.contacts/contacts org.telegram.messenger.web
Reads the content of photos stored on the user's device. 1 TTPs 1 IoCs
collection

T1533

Processes:

org.telegram.messenger.web

description ioc process

URI accessed for read content://media/external/images/media org.telegram.messenger.web
Acquires the wake lock 1 IoCs

Processes:

org.telegram.messenger.web

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock org.telegram.messenger.web
Queries information about active data network 1 TTPs 1 IoCs
discovery

T1421

Processes:

org.telegram.messenger.web

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo org.telegram.messenger.web
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

org.telegram.messenger.web

description ioc process

Framework service call android.app.IActivityManager.registerReceiver org.telegram.messenger.web
Checks CPU information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

org.telegram.messenger.web

description ioc process

File opened for read /proc/cpuinfo org.telegram.messenger.web

ioc	process
/dev/qemu_pipe	org.telegram.messenger.web
/dev/socket/qemud	org.telegram.messenger.web

description	ioc	process
Framework service call	android.accounts.IAccountManager.getAccountsAsUser	org.telegram.messenger.web

description	ioc	process
URI accessed for read	content://com.android.contacts/contacts	org.telegram.messenger.web

description	ioc	process
URI accessed for read	content://media/external/images/media	org.telegram.messenger.web

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	org.telegram.messenger.web

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	org.telegram.messenger.web

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	org.telegram.messenger.web

description	ioc	process
File opened for read	/proc/cpuinfo	org.telegram.messenger.web

org.telegram.messenger.web
1⤵
- Checks known Qemu pipes.
- Queries account information for other applications stored on the device
- Reads the contacts stored on the device.
- Reads the content of photos stored on the user's device.
- Acquires the wake lock
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
PID:4244

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/org.telegram.messenger.web/databases/com.google.android.datatransport.events
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/org.telegram.messenger.web/databases/com.google.android.datatransport.events-journal
Filesize
512B

MD5
0921897ee14dc26989f5b308ec64ef5d

SHA1
55a15ea60b68726f1ae949a305fb2b2c8f154595

SHA256
a5d1913b1c47407f8005ff825d3a9a8b2e5a80bfff3a7ca0aa5a066fdc075400

SHA512
8357d23d7525258dc0564a4daba3ee507a0e1863b919a1315a52e7fb67e0e68ebcce9266cb3ff8b0209835253f91a7e50fc543702fb92f0f555ae5dc7d113c70

Download Submit
/data/data/org.telegram.messenger.web/databases/com.google.android.datatransport.events-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/org.telegram.messenger.web/databases/com.google.android.datatransport.events-wal
Filesize
68KB

MD5
8dcf0144b714563471e9a55e8cae6c5d

SHA1
e40e202eba8df11e7b1931c0c7eb59534768b4e2

SHA256
e82cfe5a8b528100d8e78dbaf6c56904395c76759a6070b1815f75fb80eddd2c

SHA512
7019f8a3a87c82b60c980249b0171bfaafd70ea478fd00ab75113a2e6c2e7cbf41ee37b7b62fb0a080597f02f40508ef0c9437c8df84f5d22e863697b27e2b94

Download Submit
/data/data/org.telegram.messenger.web/files/PersistedInstallation2467792581836729051tmp
Filesize
570B

MD5
40772a134c10663f43e5446c28df74b6

SHA1
91b32e9f460e6874679dd24887b713b1b99331b0

SHA256
c1981e8350f5a0f3122d0165d19863e1508e02bd5471c1b68fced92ce46e317e

SHA512
10775ec967953c0d5e18bd0f541241a66007829018315456bd07dd607a1952b9261bb1461937d1205aa78ec74dee7112c80537d28f53ddc8b0b9ee019e8bc56a

Download Submit
/data/data/org.telegram.messenger.web/files/PersistedInstallation6808766075436323868tmp
Filesize
90B

MD5
3f8d330b17e757b3083ca88b78882980

SHA1
04bd395a74d145fe3b9baf73f94d92239080eb90

SHA256
8fbd6f59d1ebfb03c9a38557e9d1d6d3e677b950e939a59696afa8e307096241

SHA512
0a611d84fbf481ab0d6f43a92cc482e898b184e9f6532dc7506108d532b4c3f9be40009b607d84587644122787220ccde37bb7f48313760accce37014057c1e4

Download Submit
/data/data/org.telegram.messenger.web/files/account1/cache4.db-journal
Filesize
512B

MD5
f76f612b2be1beef22734633ac1320c9

SHA1
a5e30e5e73cd81862b0e6fac950d7cdea11ec28d

SHA256
43d9c9dc146375eb6ecf99859fa31e6d896a4bccec0f93062205ef9aa7788acb

SHA512
03319f4dbd711432f83d53053e8116e34d834a185bfe915eb0c6b2b72e6f3c817bb51120326c9d8d847bbe211b12cdc1ab880cea4a68d93ce33e75ffae199840

Download Submit
/data/data/org.telegram.messenger.web/files/account1/cache4.db-wal
Filesize
1.2MB

MD5
577f9738c385d7fc0cd35692ba36a581

SHA1
b8bc092626fa7e1d07f680b638a44e9b8e07dcaa

SHA256
8cd4a86aac5bdd3c44157554861fd2cb8131e47e926e0f830e25fdbc360fbf42

SHA512
3197b681d9bfce845e6127df3bc2a7a67d7714593cafe0e4d68d599302fc4a785746485e29549ced04f7bdf8eb95dbaf713103314dbafd0cdf69cdd5673a1eb4

Download Submit
/data/data/org.telegram.messenger.web/files/account1/dc2conf.dat
Filesize
40B

MD5
098b011c59a80daf15c048dfee00ff1f

SHA1
47963ffe950f64e4ab0d329f111f1ea61e1f72c6

SHA256
87152114f80cd6a1b36e7649f2e54e18e347d15b45ca4245e1b2f20922a8f037

SHA512
2caea2577cd87ab62be62621d976c650f14f063b6ef815d23f218b35b17354c95f2a56d595fce876750fcbb47ddbdfa844812e1218d77aa5249d85dd349e16c4

Download Submit
/data/data/org.telegram.messenger.web/files/account1/stats2.dat
Filesize
540B

MD5
f1c40322f1129190efd3488680e96874

SHA1
166db2af5f8d03edb56e86747d873ec54a392339

SHA256
ee04044e1adcee7b0adc8a468c7aad528afd18adc1c9bdc90d6199f55db91c03

SHA512
ca808f075d194d11f18f47fb33c4244a0be0e95e9cbbc726db204d28f8562e7f06137776c6c8752723bc6a40b23a2d3a71482b769bed46ea6f4deec0f29bf736

Download Submit
/data/data/org.telegram.messenger.web/files/account1/tgnet.dat
Filesize
908B

MD5
e50ab18f8afd3533700306a6665b909b

SHA1
33af455ae00c81cc7fa7494b01025032b122f891

SHA256
8fcc06d602fb4926bfb5c5f6fa989e5a23e904307a4d0d0b22eff6737f1f9f24

SHA512
5e788e82bff4819cca2052b1aa0b614e9908aca2fc8b858f799ccf375c3764b0a60d1ed280c2818a5a14ee65022b84efe37b1f58fb9485bc91fb714dde461302

Download Submit
/data/data/org.telegram.messenger.web/files/account1/tgnet.dat
Filesize
912B

MD5
da26f02e22ece7d2e2b7e4e666dbc34b

SHA1
e28d6004738d00278ff745c1792492bb1bd606b2

SHA256
9407d021691ffc2503ebee682691927fd3c87e5184d6a7314977e0f1a9d5016d

SHA512
c9fd6da1dd2f5e47b2fcdda15ea1c2d0c4f77417bf48306b183b80559cbfdf3407281642eb773c8c6508a238b3abd465132cd2e9668220d9638d6f54ee3ee1fa

Download Submit
/data/data/org.telegram.messenger.web/files/account1/tgnet.dat
Filesize
1KB

MD5
914529b1265b2825f061330695143240

SHA1
a62cbb630328c846de05cc0331465fe5dae04ba6

SHA256
bdad7db7d084c248cfba878014eef1c3a90d80abacf57f6a8318684f528715a9

SHA512
95bdc8a487fd2773f462f03deafa441d5f03011f9904badaa4c60d2eee91dc6e323591e90abe179e4c5744477a0d190d23773c37d2ef75b125b849281f83c120

Download Submit
/data/data/org.telegram.messenger.web/files/account1/tgnet.dat
Filesize
1KB

MD5
58816e6d89842ea929719316c6f1d19f

SHA1
ff4f66cb2a06a5506046030aafc26b86ee411464

SHA256
af57ae3cc952d1f176e0d457384d83389e65ceb7851edc3549c32e77696c5727

SHA512
8316eaec1a55e5b3e02a7e33c12182577d381fb61e69d949287ec4bcf563ffa8ad5cc8ed5247c7acec1fc31395efed43cd36e2dae16a1110527fa7707d83da5b

Download Submit
/data/data/org.telegram.messenger.web/files/account1/tgnet.dat
Filesize
1KB

MD5
566d0a8ad798b05e673119d8c2c86a66

SHA1
1d4301861db2cdee9dc058b2e26d23fa0983b81c

SHA256
9597a6d6cbb9d57f64d9a86de8a7e8cacf99130f20f324d6dcd4719833159f0e

SHA512
8db281e43ee0d35890cfe68c9cbf58bdc31a477fa8f2d2ec78664bc325fbd945cbe6c178938e659e94a8347fdf93f57c20e1790bafb68b5cc6e1c027bd68d22a

Download Submit
/data/data/org.telegram.messenger.web/files/account1/tgnet.dat
Filesize
1KB

MD5
88060472ca6fdbed32c7286f1cd2008f

SHA1
dd0c2430bea5b78fa3176e1900e743f088c66be9

SHA256
82187dd126dd3ebec0764f0d77b5c62e6e33f22c4f0dcc32c5a859fc293ec2ed

SHA512
21c90b72ea0099b51e8b671c1a3647a82b505b4446eb9615a2ac77e5f600471b288344e13e3ed18356d430f11ee96ed82e57f89511d49124aa909373bf7a50d4

Download Submit
/data/data/org.telegram.messenger.web/files/account2/cache4.db-journal
Filesize
512B

MD5
def73b040aaa19899bb132d0648e5ae4

SHA1
294d99dcf3bbeb07a4a54ff0fa6ad071f45b3d81

SHA256
6930ac75d3f910e086d1a6bdc1bdac154ccd2dda7afc6a290724cc8f36894d5a

SHA512
6f4d46414abd9057231410d3a982ed796d327b5c4f5a4a73979648be0b84f29bb9e46f8f1075b1a6e4ffe3c02d44ab188dabcf605dc31d487057c2a57689c13d

Download Submit
/data/data/org.telegram.messenger.web/files/account2/cache4.db-wal
Filesize
1.2MB

MD5
10d0fa1b736d5ca7fb60baac751243f4

SHA1
43b438541a154cf1faa669cac3d7feabcfeefb27

SHA256
9eba0092bde26e23b1a29b3128d9e8843e7b9a21a48eb188b309aeafdf389a10

SHA512
1f6d896695d3563fa876f584085181168a03f942e2fe82c7fcda6e33ec38a180c29a2b3f01d675562f68e7e74875437bcadba0d34b052b260efbdc3e56100d32

Download Submit
/data/data/org.telegram.messenger.web/files/account2/stats2.dat
Filesize
540B

MD5
487476aceb70ef727437f79c1376d6ef

SHA1
0b5ae40a3475acffc0cb79312e72b866149106f0

SHA256
a247a4521c5155099b402070669f4fa2cafbf63caaca8e416644280ad9ca5432

SHA512
f27718a71e391aa6fd4e6f888f243ebf1b12d693dac58f18d3f58a20bddd94e7f184bf691df2b3cc1cb0d8f8d763fa0de1903eb8419b51c92525ddcf044352d5

Download Submit
/data/data/org.telegram.messenger.web/files/account2/tgnet.dat
Filesize
908B

MD5
5bf25aaaac2715be499cdca959d25bb4

SHA1
3f38bd9964450bc9d3e815554b17b024c8b93fd0

SHA256
be3fd723a714ce1e096b150187d2be963c262789394c8c695f8e3ed2ce0ada13

SHA512
6d5c57ef8c020512e95c532d32d2fb6b5a6ec11674dd3c00ac238c0b1de5b195a8a0af0c734d3ffcdb49278dc85cbc93473949cfafad90feabee013a57efb48a

Download Submit
/data/data/org.telegram.messenger.web/files/account2/tgnet.dat
Filesize
912B

MD5
d172aae40ddc6a4cdfdc6351f41edf1d

SHA1
e512796627229f6ffeea4994ee12130b868f11d7

SHA256
3194b92a1cd90a4f15da84825b1c013a0139b12f1576becf03bc5844aad95bac

SHA512
3be735c20ff3cb1f11fdd3f18d90539490b626620f2d3675f0ee8bda6ca444cdcbe11a886bf5e27f616cf34db86acfd5ee7db357b6e3fa0906a4ada43ceb2e59

Download Submit
/data/data/org.telegram.messenger.web/files/account2/tgnet.dat
Filesize
1KB

MD5
253af3d52020d8f5029a3b2b963018ae

SHA1
73424b8294dfda405fb434a781fb41330f0cf60a

SHA256
84415f1b7d675379b17f548aad6988ca9518991149a8ae4fabfc0063d56862e2

SHA512
5b8154375fab08ae47e84cf2feb83a30cfd3936a52a169065f95b142493db9c248908de4aaaaf964abb7c273ea00f9ca21f9f9258c7f4d3bf174b79ea3c273f3

Download Submit
/data/data/org.telegram.messenger.web/files/account2/tgnet.dat
Filesize
1KB

MD5
3b49737360e6d485dab55b46f3034e4c

SHA1
c6925261633d44f2392c5da9597d6b6ba144022e

SHA256
34ed7ecd7f063c54ae9c25a1e191cf1db853c4b970ba82f57a387b9b6347ac94

SHA512
0e339cc8f6f6ae75cca16e77e13ca4e2a30ea7c3235f53634bd9b88ffbdeb72a7a9fc2ab79ba1d87b986add34365cd9794025d2a7e5f2847886dc77327fe1e98

Download Submit
/data/data/org.telegram.messenger.web/files/account2/tgnet.dat
Filesize
1KB

MD5
0d31b0070290a49a81c33efa44a2fa35

SHA1
c38345c85c9bcb28aeff8b8fa3e3d9d2557f995a

SHA256
ec38c50ac125127ee9405faf075a3b2c84b712e56170d6d44924b537ec29f5d9

SHA512
7d9c7cbdf6868113df52484fcfd312fc1a4434727b85299bafaa75f85ccfed4392251033c25ab1669b5ea1b5556e587794c354163a5b3ce2c802f052b9bd02d8

Download Submit
/data/data/org.telegram.messenger.web/files/account2/tgnet.dat
Filesize
1KB

MD5
1f2dc61ff88e4e961dd4837a0aba043b

SHA1
eefd252a5f4b68444d4dfc7e179c877d2e3cd5c8

SHA256
4157a15997018a94ba7f3b8a458cdfd3ff17fff5bf4fda71fa9c289da6f0a9b5

SHA512
351d590b5e379d75a704b1420a4972bba015523513c0fea2f644fff361c76e36d626d97b5ea2b7bbb37ff0aaec7516d8b0ef82fb0c1f7fccd61018ff703a9b62

Download Submit
/data/data/org.telegram.messenger.web/files/bluebubbles.attheme
Filesize
5KB

MD5
f5a93ba32fdfdfaec10b24ba11174386

SHA1
b95598987156ef2672af651e8123ea594d02742f

SHA256
e695b0c750d87cda424e0bb36637c0f1a621b4e5f1ef082345194495a2248c71

SHA512
c34c5deec6b3fea38a872316f333d22ec7828b28a1c9f2d623a37d80d702a23b1beb5e6954783194c071fab7da6744911002858fc7849efeb94c748ca3d59701

Download Submit
/data/data/org.telegram.messenger.web/files/cache4.db
Filesize
4KB

MD5
3ff674d0f9e82976113f39dca75b8f78

SHA1
fb1bf8a36688935c194e63dd8f18107e7033f5c0

SHA256
d4e1b9bdba21d5fd3b004eb02f191389d2b3e21f5a793af5d27a199f90c5493e

SHA512
41eb558e3b75e601a0fdb733833c5504fc869ba664cb537b2e2c84353218a9dfb7f94b4f20957f38043bf336ffc7a201834e4c4a5217fd2761648ef7cbbdef7e

Download Submit
/data/data/org.telegram.messenger.web/files/cache4.db-journal
Filesize
512B

MD5
caf647840f1595c988a4aa269847f9cd

SHA1
099045dbfcdb4fe8485633054f5f6c150db0df37

SHA256
c8a8f4652ce29928d0c190df4597c9f0ddccfd43e89a1245643a0c43d1ea1c62

SHA512
8170c34d489b698e8b9ad8653e247698fdc7cff1953b4272bd8cb30b30bf5f53a22de0a9c5436103eed870fc679386014167494353a008b287ea6333a1a23df6

Download Submit
/data/data/org.telegram.messenger.web/files/cache4.db-wal
Filesize
1.2MB

MD5
d8587a4ea85dba65b7dfb64be0bd11ca

SHA1
b81bac63d93f035b379481a7d0a4b842c47514f5

SHA256
113085f1761aa0501732f9c6120e9d3130e4db354347b57bde3edc2e3ad13445

SHA512
3863981846484e20e29f68c039fa18bb5faefe56d36fa4808677cc08312d9962bb6ee9b09891831b8f2e000d29b604ce9046153e5985f98ae3c13a8f20fef0e6

Download Submit
/data/data/org.telegram.messenger.web/files/tgnet.dat
Filesize
908B

MD5
606cb4653c183a3dad0fc582ab292bbb

SHA1
802b2fbfe1ba07e7253ea1ebe720a8101314b784

SHA256
e33696137c47d9cfb0ad55bdbff08db9dfc459304d6696e7b8c775f44b1167f6

SHA512
6c45b798fd2c3c35aa719a31cd4efa0f0772169859806013afd66653a70343f65d69041994b4d68469d96a12904a19ab9b8fb703ff3193db17e4902fc185e48d

Download Submit
/data/data/org.telegram.messenger.web/files/tgnet.dat
Filesize
912B

MD5
8393ba4aa5893c9b370f88dc3f65818b

SHA1
a43f676f38b39f76940e30c8d55853280f46888f

SHA256
13f42d3b493ab93ff6969d0a1c7bc291c35a1b4da526b394039101d5cff5cc0a

SHA512
7f42cafbd4e689bec5e19b3acf5620ed8b2032c10eb9b8bbc8baa89375db7aed8a454743037199159f36aeca0e8b35cce0b732abc6eee2e57e857bfc1e74eafc

Download Submit
/storage/emulated/0/Android/data/org.telegram.messenger.web/cache/000000000_999999_temp.f
Filesize
1024B

MD5
0f343b0931126a20f133d67c2b018a3b

SHA1
60cacbf3d72e1e7834203da608037b1bf83b40e8

SHA256
5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef

SHA512
8efb4f73c5655351c444eb109230c556d39e2c7624e9c11abc9e3fb4b9b9254218cc5085b454a9698d085cfa92198491f07a723be4574adc70617b73eb0b6461

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads