8a9a742f17eb05a0a96f0eabaa568da92c9bf4aa040bbed0d1593b42ab90ba5b

Analysis

max time kernel
53s
max time network
174s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
26-07-2024 13:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

TelegramMessenger_8.2.7_APKPure.apk
Size

59.5MB
MD5

f76b68118af5f4ed9ab9db1324f92b95
SHA1

f044aed5cf92d361510fd417dcddd88ae8f6e835
SHA256

8a9a742f17eb05a0a96f0eabaa568da92c9bf4aa040bbed0d1593b42ab90ba5b
SHA512

a33332cb84e66812871ed7591c01aa24ecb0fd38a31d583957f215ff5b377b2531f4ce7276a846cec231d4c195528b86e0abdc84cddf919d6255483d2325abb0
SSDEEP

1572864:bYLNIqBfC3eMoRBT8TYBi8eCkZsTpu+aiD7v:bYLiDkV8MiRCkE7ainv

Score

7^/10

collection discovery evasion persistence

Malware Config

Signatures

Checks known Qemu pipes. 1 TTPs 2 IoCs
Checks for known pipes used by the Android emulator to communicate with the host.
evasion

T1633.001

Processes:

org.telegram.messenger.web

ioc process

/dev/socket/qemud org.telegram.messenger.web
/dev/qemu_pipe org.telegram.messenger.web

ioc	process
/dev/socket/qemud	org.telegram.messenger.web
/dev/qemu_pipe	org.telegram.messenger.web

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

T1407

Processes:

org.telegram.messenger.web

ioc	pid	process
/product/framework/com.google.android.maps.jar	4951	org.telegram.messenger.web
/product/framework/com.google.android.maps.jar	4951	org.telegram.messenger.web

Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
collection

T1409

Processes:

org.telegram.messenger.web

description ioc process

Framework service call android.accounts.IAccountManager.getAccountsAsUser org.telegram.messenger.web
Reads the contacts stored on the device. 1 TTPs 1 IoCs
collection

T1636.003

Processes:

org.telegram.messenger.web

description ioc process

URI accessed for read content://com.android.contacts/contacts org.telegram.messenger.web
Reads the content of photos stored on the user's device. 1 TTPs 1 IoCs
collection

T1533

Processes:

org.telegram.messenger.web

description ioc process

URI accessed for read content://media/external/images/media org.telegram.messenger.web
Acquires the wake lock 1 IoCs

Processes:

org.telegram.messenger.web

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock org.telegram.messenger.web
Queries information about active data network 1 TTPs 1 IoCs
discovery

T1421

Processes:

org.telegram.messenger.web

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo org.telegram.messenger.web
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

org.telegram.messenger.web

description ioc process

Framework service call android.app.IActivityManager.registerReceiver org.telegram.messenger.web
Checks CPU information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

org.telegram.messenger.web

description ioc process

File opened for read /proc/cpuinfo org.telegram.messenger.web

description	ioc	process
Framework service call	android.accounts.IAccountManager.getAccountsAsUser	org.telegram.messenger.web

description	ioc	process
URI accessed for read	content://com.android.contacts/contacts	org.telegram.messenger.web

description	ioc	process
URI accessed for read	content://media/external/images/media	org.telegram.messenger.web

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	org.telegram.messenger.web

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	org.telegram.messenger.web

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	org.telegram.messenger.web

description	ioc	process
File opened for read	/proc/cpuinfo	org.telegram.messenger.web

org.telegram.messenger.web
1⤵
- Checks known Qemu pipes.
- Loads dropped Dex/Jar
- Queries account information for other applications stored on the device
- Reads the contacts stored on the device.
- Reads the content of photos stored on the user's device.
- Acquires the wake lock
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
PID:4951

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/org.telegram.messenger.web/databases/com.google.android.datatransport.events
Filesize
56KB

MD5
0dd3cd6aa1c66f73d8d2c51e093fa771

SHA1
a197b2aa1529cff9d7491430f9e3b617a9b7a35a

SHA256
3e3c3c430bd97835b02af947fc35b42638134c2d62156cb849b842d02114ebf9

SHA512
598ee8f3eb67159fcbb5cb4da91523d93d3c1aa5be710a3a29607df8e88b465b2b01734d6d5c7c38041d6804ad55060e1143df4ea76523b33c47ee8992c373bd

Download Submit
/data/data/org.telegram.messenger.web/databases/com.google.android.datatransport.events-journal
Filesize
512B

MD5
d349b827c1682951166e23748ded98b1

SHA1
4d7284ef9a4fe2109d84cbc869b659ab43c48f2e

SHA256
1438d68ceb059d87b6ae740ea2e020c655389143bd234e2d3b666b7630806525

SHA512
74e3f0b7bc938d4be6c4ab0bb82adb07f9ec808c1a1231700bc347c3cece5e2da3e7c6c0ead3faa13879983d1f160050aee65bc0e62957a8413d5129b67214d1

Download Submit
/data/data/org.telegram.messenger.web/databases/com.google.android.datatransport.events-journal
Filesize
8KB

MD5
9a884c96cce9b13432083a9a99bee8db

SHA1
09919c1c16855c160a9fece2420583dddae342de

SHA256
e7049a4925a4b3f6c396e29e06cbee072bfc57ffd7bb82d8724acb70e9358f6a

SHA512
feba36e41d056fbc5a4e7d60e89fde2e26fcfb2f34bc8433cd651b38d71a10d94dc511142f0c7483a940764d0d03db5f1703b01cd9420aaec7862561074689e1

Download Submit
/data/data/org.telegram.messenger.web/databases/com.google.android.datatransport.events-journal
Filesize
8KB

MD5
dc15251775873dc65870e7666c0e2f11

SHA1
27bdce5c2ebea14e9857b1ad30432af5dbe681d3

SHA256
ef331961221239b5053bca1a9757b2d2f7092c96cb733c561324907ad0f9d9db

SHA512
0f9b666a17b3464be4a11755298e1ff4933a8a10a9fdfd7b24747f4ddc07934b6f08b710521297fbebf72c05734dd1a2b7609d318a3547566ae9f2a5cb10b0a2

Download Submit
/data/data/org.telegram.messenger.web/files/PersistedInstallation5502305117485598445tmp
Filesize
90B

MD5
42c6f5c72978b17c3cd1fffb54b9ca3a

SHA1
d7e87992ad7468b25d7cc5dd95a084fc60532514

SHA256
322c3d68731b4529ab1faceac41235385e3c52b0594553ed6bf891b2ec8e7d14

SHA512
04db114f27836d9f6274c85c93ac45fbc4f4e47c0452eee4e205c3c6a18940580712d266803441239e121ba2f16986a8e000a826b33a54b6723578a7d2b335f4

Download Submit
/data/data/org.telegram.messenger.web/files/PersistedInstallation7093955058107914902tmp
Filesize
569B

MD5
1016734ce0035f512777b27da801ad9e

SHA1
99331d31a80107490a93c3d110a0e3930d6f6d96

SHA256
8b1dd79d1e3b71856b1e3382f054f074826b2e1ffd6bc11f3916fb7b260e59b8

SHA512
ae8aafa24b44bf0ec36e641fe85d9ad95062b3ed23994c51218cb7b53271656eddfd1f1eb4a1aff23e083f18ae4c54575118ff0a9b488aaae4d4a67039234ddf

Download Submit
/data/data/org.telegram.messenger.web/files/account1/cache4.db-journal
Filesize
512B

MD5
aa0c53972f2332751980847747cbb942

SHA1
326fe90bc7ce06f6f01fa2243cae018b3095b0ff

SHA256
80b8ec5ad51a06592c4ff9e2e6b9f998f92eff867807450bb5eb3f2198030339

SHA512
f5fffefd43f7d5f94fb55f33d104c61cc44fbfa5d53a41670220a62f3f36058f5a505eae29eb6514359ba26f1ca5fee28869283040ca9e68187a80eafa2f2b03

Download Submit
/data/data/org.telegram.messenger.web/files/account1/cache4.db-wal
Filesize
1.2MB

MD5
c33590d93e3b2163c5893b04ce5df8be

SHA1
9aa4871c4ca6a413f013a73b2b35f44db0ef2c0b

SHA256
136baeef315214e5054f8519fa6b2f1a420462d55ed4600bc3bb3296c776657d

SHA512
67802505c1134a93486b9e9dce24ee9f0c781fca2573a5e5342fec1a1580588a4f7a98c90a9f57a3f6bdb57ce040a4b5c05a331d1f5ca9f59fc2daea194740c9

Download Submit
/data/data/org.telegram.messenger.web/files/account1/dc2conf.dat
Filesize
40B

MD5
098b011c59a80daf15c048dfee00ff1f

SHA1
47963ffe950f64e4ab0d329f111f1ea61e1f72c6

SHA256
87152114f80cd6a1b36e7649f2e54e18e347d15b45ca4245e1b2f20922a8f037

SHA512
2caea2577cd87ab62be62621d976c650f14f063b6ef815d23f218b35b17354c95f2a56d595fce876750fcbb47ddbdfa844812e1218d77aa5249d85dd349e16c4

Download Submit
/data/data/org.telegram.messenger.web/files/account1/stats2.dat
Filesize
540B

MD5
109a7e824a74337263015d51d37ade11

SHA1
15404d40916f56a0c9a67f47d0bf2d9a35021837

SHA256
80150d51b2af1bc0433d14498779fcdba9617c9ee2475195cc08af45a534b001

SHA512
530055eaf0f3db653e92dfced2fb3bbe221cf969bc1b5215be9f6d213673c551952c6ba4e9e3b70d18c816ce39d372e77cf3ce9b4badcba994c2c03b710b2284

Download Submit
/data/data/org.telegram.messenger.web/files/account1/tgnet.dat
Filesize
908B

MD5
0a73b7889a917a67868146079bbc41b2

SHA1
dd3e22c721b9040a924939b015181e1a48d2b6dc

SHA256
a6d9d6472a4f857fcac0224c56b7c15130a76f2d6149067e34ba17209b6a96e6

SHA512
6aee19a7bd9a477661e3d0d09412da50f6d7fd9794b453a7eac9415c8b26b3bcd8adf9e288b993cc7bf57800b66399dd3dd87ea72d3f0743cffdf202a8428170

Download Submit
/data/data/org.telegram.messenger.web/files/account1/tgnet.dat
Filesize
912B

MD5
b61d0a11bd849fe44eca07ddbd949659

SHA1
e15ed7e9f98d591a16b190ca589318f965ef115d

SHA256
4843ded260236ba0340326dfdae3188d2ca9b021ff2288a361ddd9a27d22689b

SHA512
ae037f07bf9b46bc79ac0f57ccda42117c2d912ca023a711b8c61cc5a9fbfd537e61a0bec31d0f905342a6d8759738f2eb686fe8f9ca979fbab826ee9fe0fce1

Download Submit
/data/data/org.telegram.messenger.web/files/account1/tgnet.dat
Filesize
1KB

MD5
7e979221abb8413711b3014fe4a0b463

SHA1
7e3f9c2cbfa17801f975f0c01f6f7ea74e943cd9

SHA256
b5c44c166eb931d99524c9cc07219e39180caa660638eb8fa9d7fe4aacdd5474

SHA512
708c220d43494af7a9f237b20e53720f076ed7b881c25247404433d1a2395953aaa383f2b0c014dc8da8f892be8edb34197a95e2218bc4de60da6db0eccddbeb

Download Submit
/data/data/org.telegram.messenger.web/files/account1/tgnet.dat
Filesize
1KB

MD5
dbb577403f83c2e59fcf5f1b90f9e46c

SHA1
cade984ceb2c7b3121b1aba7fa985298ea9d2f4f

SHA256
767a75965cbe774f4882fb057634bea38b621ade8b7839e1550d682c216e87fb

SHA512
4d0522dbffbeeff1d12f1eaa29a8d09aea6f678d09a9487b3fef54b77207dcd406238b9ff4333dd53e3203026f36d755563293302bbed7633dac0901ffc6d956

Download Submit
/data/data/org.telegram.messenger.web/files/account1/tgnet.dat
Filesize
1KB

MD5
1d771325df42844cdf2f8dafcab3a855

SHA1
1031c83b4e3c121ae8a35a60ebd55348df936db6

SHA256
bc7d1bca9031fbd165228f4a018a4df0d23fc69df54468ac392e535633afbf1e

SHA512
00871ddf2aa01ade5400564fbf6fb52bf871b0adc5739c06bf312bcb5c8d18c9a99d1560435efe3e88e83ac8d5a5dd5487c779d9478b377bfc0b9ad698fb4470

Download Submit
/data/data/org.telegram.messenger.web/files/account1/tgnet.dat
Filesize
1KB

MD5
e1542084f1b62c0889e8f2de49dfc69e

SHA1
4f88bd2725a7ee23330feb57e3ed954ec2d72ece

SHA256
7a1f30a889784f1f92ecfa8f564311022ca7b92c86250f8d101221009f558cc0

SHA512
4a131644d9bbe93bd53b07d0320dac97396a1c288d099bc0d511fa4bfe5e33f6f346e67af3a3ab92f345b6966e139e5650b8a02d4e5f982ca73bc5e5d100dae2

Download Submit
/data/data/org.telegram.messenger.web/files/account2/cache4.db-journal
Filesize
512B

MD5
12b42eb08576d770d8073facd673a0f3

SHA1
c6d0154bd7f0bd2b378f3f45fcd5dcc7289b721b

SHA256
b9c3c217ea40ae02c1fcef946b1f4a278d417cdf68ed08b6b946e69f6d409bc0

SHA512
7878ce94b12d6a52211b993dccb5424dc0723742ba0efcaf6fb8b902ad796067af442bbb1efe1e8154d63cf24fe7a2f59cbf39cfa6fe4994d3f82a654dbd5712

Download Submit
/data/data/org.telegram.messenger.web/files/account2/cache4.db-wal
Filesize
1.2MB

MD5
1327f0ead414b0fd87ec4c508d05e615

SHA1
419321ada2777892c8adc5c728b7795ea7ea522d

SHA256
bc17f5d59543657d2287f04ded9a67adacc2da17a97557595e83b30c71ba2748

SHA512
ae19f8979bcdd54d03601b14626461321e82b62745bcb52ea0baf5545c5dfbe87659e54b5af5e5f1514245605b1e9fc71f1ae2fff510bfdb1a596d1de14dfc18

Download Submit
/data/data/org.telegram.messenger.web/files/account2/stats2.dat
Filesize
540B

MD5
ab279c41b80a718cff4ea716635256f9

SHA1
6726936667ba17777232ccf98dde0541ca9cec45

SHA256
068a56cd7f8c4331202149c777840dfb4984d02402b80eb2f9af87baa6d4ac8d

SHA512
75a0cb9ddf63ce18009403a59182b32d5daca11d0c2d5e1afcc286410d08f7f801cb3a35942360b19e72e8c89fd59d5648d5111ac4c2d6ff146fe72da7f0445f

Download Submit
/data/data/org.telegram.messenger.web/files/account2/tgnet.dat
Filesize
908B

MD5
45fd72f0d767944f25c8ab4f8cf3f269

SHA1
4e7384340d2db42c622a1420e1acc3ef4c97bf11

SHA256
c18c51f0af9bd6930f8e1f8367a05d102723f683035a88b8028d01cdc9a87219

SHA512
3c3f886a83af0b364088382deeb2a892af1ce4eef5ceee69e46cd536583ffc6609803c074b4efadfe02594739251b306a971a956812577c285105d0d71a65cd7

Download Submit
/data/data/org.telegram.messenger.web/files/account2/tgnet.dat
Filesize
912B

MD5
aa72153502774b1456e5eb9ac6127a31

SHA1
a23e409e7b31c73cb637c26eaa7c77c50535cb13

SHA256
bdea29b50ba6e78750d1c2e3de227cb2e6c138fc374c78704b1d9f4b70bb7aab

SHA512
24bfc7599dbc869880fa9ae9745ddd32a69be475b3eb80712fd6f1fa3109236cfea8151fd1a7df057325044975c75af0fb707d6b9a0583298c9a47f62e8c639e

Download Submit
/data/data/org.telegram.messenger.web/files/account2/tgnet.dat
Filesize
1KB

MD5
b5332c8760682ed8bdacd0757c22e66c

SHA1
4aee95615d1ad927dd754ccf1ff5642c02165e6f

SHA256
1cbcd52793322a034dc3e521ac5b1991b5eac2c88194905b4598b318455467a8

SHA512
ea728e48199840b4af8fe1a3a627f9e50f88f4592a4dfc7f7e74c1b945587f177d726a4eb65c283d30af83d32511cf7ca5e45ab1c782236413d9ca1f3fa107cd

Download Submit
/data/data/org.telegram.messenger.web/files/account2/tgnet.dat
Filesize
1KB

MD5
15dcc7bc130fef5cd46d5a877a16d92e

SHA1
7fdd1f7371bf419ffc415e976ce43dd418f25c06

SHA256
80aa2d0dec2d2ff8e3e8729de171967b3fc4b04f0f0226983d1e9fb1bdcbb099

SHA512
629f4ce97bed1636ca959818b6f4e29a87ef1ec255aba31b5cd869fae2b83a0e728474da8404d6a33ced6a0189fee94cc5e5ec589106dc91b021c4f70377f1b1

Download Submit
/data/data/org.telegram.messenger.web/files/account2/tgnet.dat
Filesize
1KB

MD5
c561e48bfb371b8b0e68dbca80e5f5f7

SHA1
3e111688fede61cd192ccb15ef6175aecb1f0c85

SHA256
748d928dd9658b39b32a141a3f3772cbd66fe1f879615f0096fea7079d049f7b

SHA512
6c308bb5dd94f03bca0ba30287c18f0b473336169b2729920d0607f9b28651dfa64f37110b642098398e33f1357919998ff133db3bc21502cc7d2f583e55dff1

Download Submit
/data/data/org.telegram.messenger.web/files/account2/tgnet.dat
Filesize
1KB

MD5
58c1cbaa670a16e2e8e9e2a4a5182faa

SHA1
48f5b9c6f0c071aacca6db2b63d6aae1725eeb20

SHA256
643f0d89b79ca6a5b29cb4e87b21dc4ef7025f9438c2678369f83e3eb6a1d89d

SHA512
f616ec6e07447a8e5676ce10511b1def9d3e5511078a21d709a87f54aa8ed319f5c60a54fb58cc48810d8c12118a0ce86f23d34dd3cb1f30a6f6c95ce8aa897f

Download Submit
/data/data/org.telegram.messenger.web/files/bluebubbles.attheme
Filesize
5KB

MD5
f5a93ba32fdfdfaec10b24ba11174386

SHA1
b95598987156ef2672af651e8123ea594d02742f

SHA256
e695b0c750d87cda424e0bb36637c0f1a621b4e5f1ef082345194495a2248c71

SHA512
c34c5deec6b3fea38a872316f333d22ec7828b28a1c9f2d623a37d80d702a23b1beb5e6954783194c071fab7da6744911002858fc7849efeb94c748ca3d59701

Download Submit
/data/data/org.telegram.messenger.web/files/cache4.db
Filesize
4KB

MD5
3ff674d0f9e82976113f39dca75b8f78

SHA1
fb1bf8a36688935c194e63dd8f18107e7033f5c0

SHA256
d4e1b9bdba21d5fd3b004eb02f191389d2b3e21f5a793af5d27a199f90c5493e

SHA512
41eb558e3b75e601a0fdb733833c5504fc869ba664cb537b2e2c84353218a9dfb7f94b4f20957f38043bf336ffc7a201834e4c4a5217fd2761648ef7cbbdef7e

Download Submit
/data/data/org.telegram.messenger.web/files/cache4.db-journal
Filesize
512B

MD5
ac7f2a70316686a8b780f40b2a9b34f0

SHA1
b1b379e51a897198b79df732479e10624ed3f38a

SHA256
dbefd5d24d9822a8458a64227410758349c4d4a23d493ec35aa1a6de1d044a10

SHA512
2b0de1e472279a69d5331f485a744a0f6838824333f24b8d43d7cc15c95cd2eb3142ac90864f3b5d596bc8c4ef179cf69bc4f4105b78c5b7b3258772efad4ec5

Download Submit
/data/data/org.telegram.messenger.web/files/cache4.db-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/org.telegram.messenger.web/files/cache4.db-wal
Filesize
1.2MB

MD5
28f3f4cc3e41bdcb270aa4f38b9891cc

SHA1
7f39b08eada71927565c00060866aed5599c0723

SHA256
2f9db6302ea60844bf8b05a434e1b2aa445a257699c2a1e23301db763defc51b

SHA512
03437b695c97a3b08d47be861711d5189a775f1b1824a729f5f698a6a104ad227455945c5f459d7f2e92b4a547813a9283ee182e3475c3133d21924ffd9ea411

Download Submit
/data/data/org.telegram.messenger.web/files/tgnet.dat
Filesize
908B

MD5
9432a626fbc6d68ffb8096a4ffc43208

SHA1
04d8540132d045f8cac6c6aa9ae947fb3cf2bb62

SHA256
d3a33c615db63d8297569bec19c9de6bc4d96d772bca01e4d4c2370094964546

SHA512
ecc0ff27c3d79bdc0ebc696193402342ac734bacd960ef77a799e5df8a4bb99d7ef990c212962b626967307d20f9b426c9325b7baea8d1393e5e8c36ab292711

Download Submit
/data/data/org.telegram.messenger.web/files/tgnet.dat
Filesize
912B

MD5
88432c535be32d994998be8833a83d16

SHA1
298b5351be56ba526aa7174e9e46dd47c5b9acf4

SHA256
30061cff28bfa90b4821e2fc1f3b913f0b7915ab3e950d71bd10e229ec29ff79

SHA512
ba12b08ec3709f6cdabf426efa04598e0213c8d755e07dcd2d854c58cbf5bf71727cabe473261c7f4798a304629c2b12c003b777f30a21bc48022b83854124c5

Download Submit
/product/framework/com.google.android.maps.jar
Filesize
315KB

MD5
4899aca36d1ed747a447dcac0d101a62

SHA1
32e43edc0bf3e036683ea8639472e6cd31ab9929

SHA256
67a651acd867e046fb4463b31ea584c1468f7243a9d1e2efd34059e8ee2f130f

SHA512
50b23dd279a9efba566c6a6523c7537723c0cd6dd3e4871f1cbdb8d5bc355caa3ddea99452b1c8e5356802f812b3768066a9848b93d715bb8bdfa455b704285f

Download Submit
/storage/emulated/0/Android/data/org.telegram.messenger.web/cache/000000000_999999_temp.f
Filesize
1024B

MD5
0f343b0931126a20f133d67c2b018a3b

SHA1
60cacbf3d72e1e7834203da608037b1bf83b40e8

SHA256
5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef

SHA512
8efb4f73c5655351c444eb109230c556d39e2c7624e9c11abc9e3fb4b9b9254218cc5085b454a9698d085cfa92198491f07a723be4574adc70617b73eb0b6461

Download Submit