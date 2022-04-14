Telegram bots are a series of third-party apps running inside the messaging appwith the advantage that you don’t have to install anything locally or do anything special to be able to use them, since they work as if they were just another chat.

Thanks to that MalScanBot It is a very useful tool since it allows us to analyze files, APKs and URLs that we send it in search of threats from both the mobile version and the desktop version. The bot uses Virustotal, Clamav, Opswat, Koodous engines for APKs.

How MalScanBot works

Once we connect with the bot for the first time, we will be presented with a screen similar to this one. To start using it, we must start the bot with the /start command.

Once we start the bot, a presentation by the bot and a short explanation along with some tips for using it will appear. The only necessary step, prior to using it, is to register using the /register command and we will be able to use all the bot’s functions.

From that moment, we can load the files, APKs and URLs that we want to investigate. When we upload a file directly, it will forward the file to ClamAvgiving us back the hash sum of the file (in sha256) and matching Yara rules if applicable.

MalScanBot Commands

The commands that can be used in this bot are the following:

/register

/unregister

/feedback

/lastfile [<sha256>]

/myuploads

/vt (report|fullreport|submit) [<sha256>]

/nslookup

/whois

/malshare (report|getfile|search) [<sha256>|–term=]

/opswat (report|fullreport|submit) [<sha256>]

/yarascan [<sha256>]

/wget

/filetype [<sha256>]

/apkinfo [<sha256>]

/interzer (report|submit) [<sha256>]

/virusbaysearch [<sha256>|–term=]

/koodous (report|submit|analyze)

/clamav (scan|report) [<sha256>]

/coinblockerlist [<sha256>]

/iris (search|submit) [<sha256>]

/help

/start

/version

