Overview

overview

7

Static

static

6

Telegram.apk

android-13-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Telegram.apk

  • Size

    73.3MB

  • Sample

    240630-1nth7awgkb

  • MD5

    f8f1954eea472d48d91af5aca2abd2d3

  • SHA1

    0c283ed015582530fe9dda544e68db24e8508585

  • SHA256

    25f434ac85059d1a7636e3b6058e0499e16deeffbc8d8ed3ac2e55d90f7104a4

  • SHA512

    e076acce0811975b08524712c78dc8860ac7892ec42167153200625a282bdc66ce101b629ca0784342aff896e16715b60bcf723574ae30e962cf6b7521c94a60

  • SSDEEP

    1572864:YYoB2pP6b4Y4thGMAN36zVoRfEbANBul340oq0wXQrtyH:Ywl64F8Z2oRfEE+LoqtAtyH

Score
7/10
androidcollectiondiscoveryevasion

Malware Config

Targets

    • Target

      Telegram.apk

    • Size

      73.3MB

    • MD5

      f8f1954eea472d48d91af5aca2abd2d3

    • SHA1

      0c283ed015582530fe9dda544e68db24e8508585

    • SHA256

      25f434ac85059d1a7636e3b6058e0499e16deeffbc8d8ed3ac2e55d90f7104a4

    • SHA512

      e076acce0811975b08524712c78dc8860ac7892ec42167153200625a282bdc66ce101b629ca0784342aff896e16715b60bcf723574ae30e962cf6b7521c94a60

    • SSDEEP

      1572864:YYoB2pP6b4Y4thGMAN36zVoRfEbANBul340oq0wXQrtyH:Ywl64F8Z2oRfEE+LoqtAtyH

    Score
    7/10
    collectiondiscoveryevasion

    • Checks known Qemu pipes.

      Checks for known pipes used by the Android emulator to communicate with the host.

      evasion

    • Queries account information for other applications stored on the device

      Application may abuse the framework's APIs to collect account information stored on the device.

      collection

    • Queries the phone number (MSISDN for GSM devices)

      discovery

    • Reads the contacts stored on the device.

      collection

    • Reads the content of photos stored on the user's device.

      collection

    • Acquires the wake lock

    • Queries information about active data network

      discovery
    behavioral1

MITRE ATT&CK Matrix

Tasks