3e596694e6c74a1991490f4bde5e2404fc1b6d57af8499b7fc67adb44e17394e

Resubmissions

12-02-2024 13:53

240212-q69b9afc5s 10

12-02-2024 13:52

240212-q6r3zafc3w 10

12-02-2024 13:34

240212-qt47rsge54 10

Analysis

max time kernel
200s
max time network
317s
platform
android_x64
resource
android-x64-arm64-20231215-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system
submitted
12-02-2024 13:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

GBWhatsApp_v17.60.apk
Size

75.6MB
MD5

d73fa603bb7dfbd53f2ec4d05617b9e0
SHA1

86f18b9d0ce32f3ff1c608ae4317329e4da44e1d
SHA256

3e596694e6c74a1991490f4bde5e2404fc1b6d57af8499b7fc67adb44e17394e
SHA512

4e004ec348e58f8229d1e3b5d2137b64dc09234d355425d8fa5544e67a4d4d80d3e098c2ba7bd5659e443050bae7a404e1a35a2341cd6809b5e83e1078d8bbc2
SSDEEP

1572864:2R4YowDIMNvpPjEYr3V1c4sQ0MmDKPwpJ4qHSXKTHcvmM0hV:26YoEXEqFR0rDG0THSmZV

Score

7^/10

Malware Config

Signatures

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

Processes:

com.gbwhatsapp

ioc	pid	Process
/system_ext/framework/androidx.window.sidecar.jar	4666	com.gbwhatsapp
/system_ext/framework/androidx.window.sidecar.jar	4666	com.gbwhatsapp

Acquires the wake lock 1 IoCs

Processes:

com.gbwhatsapp

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.gbwhatsapp

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes:

com.gbwhatsapp

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.gbwhatsapp

com.gbwhatsapp
1⤵
- Loads dropped Dex/Jar
- Acquires the wake lock
- Uses Crypto APIs (Might try to encrypt user data)
PID:4666

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.gbwhatsapp/cache/downloadable/wallpaper_tmp/thumbnails/light/00005LightWallpaper.jpg

Filesize
14KB

MD5
74ad1a7f96bcf8abe710e6c598fe45b2

SHA1
e5cfae987ba5fbc83455503bb73e09c25f9174e5

SHA256
f1294c2615a4263c3b1aaac924e562f67f07dd1f5cec6f7d141232a16d2827e5

SHA512
c27c7b465a5f91afbff6a7b2fc7ed85f071aeee9d2c421b464f954f9db4148c459901c218e223ba1cc3ee83912093be18ae97fc769d82f9d6d8962046a750aa4

Download Submit
/data/data/com.gbwhatsapp/cache/downloadable/wallpaper_tmp/thumbnails/light/00008LightWallpaper.jpg

Filesize
29KB

MD5
7784a86f089bd36b9085a086d5a9ce90

SHA1
a2a07f49d1c42cd40147328bdded6e7a72ffd2a5

SHA256
16aa44249b826a8d8cd670f7ba1b82616c553b490596b3b3a59614265be4842b

SHA512
e8686633c06b3af93410b79902440d922d9cc7da15ac0557f357d2c1b7ed55db72faf20596e9f64ddc4a066ec82dc284f60165ae212d4a946a52a299b200c804

Download Submit
/data/data/com.gbwhatsapp/cache/downloadable/wallpaper_tmp/thumbnails/light/00010LightWallpaper.jpg

Filesize
12KB

MD5
f3eda3b2635ac4a77164a1df31e985fc

SHA1
3043bf67e2a8e8dbcabe517985b64a9adf27b48d

SHA256
5e68af2c528535cb9e96585dba7e5b4a2ef6587115257beb369633b207947c9d

SHA512
3e09db75642a3ef6213738ff58dc8ceec331e56fc182b47375838a72a000bbfb9ab3059a6887b6eb8fb06e2edaba0ed5867d712621c44d9078b0874c4a9ce78c

Download Submit
/data/data/com.gbwhatsapp/cache/downloadable/wallpaper_tmp/thumbnails/light/00014LightWallpaper.jpg

Filesize
18KB

MD5
e5eca14af8563d02ed98b7e1f58dc2e6

SHA1
51abbbfe8d9607d47721fdb5139c48b73bfeaf0c

SHA256
b6dfb2f22b8fda0ad450f6c72fb76b64d41ee8dae005b504a270d49531aa7c10

SHA512
911bdfb60f8de830d6b76c15e0fe7d7249b4485a5a157abd0f18c9df8b55a35aee29acb165a72eec65085eaa910914f8e28d98fcc9e537a4287bc233c8e2e221

Download Submit
/data/data/com.gbwhatsapp/cache/downloadable/wallpaper_tmp/thumbnails/light/00020LightWallpaper.jpg

Filesize
17KB

MD5
ae451a27b925c5b4776608cf82f7f304

SHA1
be2d9507777010bdb08f5f831ea4bdbcc1b29d50

SHA256
c0007b387df66d1e2b2c8893c94cb0883f2bd40b3dc56ef014a13eae6bc5fa61

SHA512
8597c9efc9b26a0eeaa641275afdd6adefa34dc420465f78c3f28c8e09cf480025ff7d54f01e26a1e1dce6599b2ad1b28508cef6a6f3462930e465d7f3e1c5ab

Download Submit
/data/data/com.gbwhatsapp/cache/downloadable/wallpaper_tmp/thumbnails/light/00024LightWallpaper.jpg

Filesize
10KB

MD5
9f4a152d07a083075a9070b315ceb635

SHA1
80bad7cd9e60eaf2e7fe46edef215eb96183c7d6

SHA256
9d2ef47ca8dca4458f2ff32dfd9afba0ceb78b6a72b14c5eb38c0687a65e9d16

SHA512
c411d8b805013e181d6d30c792894dfb50ca052e9f3aa3ebfe3ce4ab530071266fd66ae06cae6bc59e6fb7e2b7d4c1af746e5f53f7e5119f5ea9009b41dd1fa7

Download Submit
/data/data/com.gbwhatsapp/databases/BTOR.DB

Filesize
20KB

MD5
0618ac070d3d6310bf93d308bf221ee1

SHA1
4af3cfaeca579d0451e25541b6269689f0e446e9

SHA256
dd98241974487ce11a331a28a6eafb2f01b7eeb50ab579af07fce08ad6b076d5

SHA512
d355d807e6a8e48264cd5b372f8b434133532a8e366f38a546c4e8de54fa125d1281d73bbf246aed3cca75ced39d70cb20c2a8b4a134d09ad3e7c35344a3a93f

Download Submit
/data/data/com.gbwhatsapp/databases/BTOR.DB-journal

Filesize
512B

MD5
3ea553ce81859b1ae029c3a83621e4aa

SHA1
f417307f9512ea7a393b4106302f2c6aa82371e5

SHA256
1b119f338111981d87fcb32e515ce4e5305a32554d0bdbbb25ee836e0a672eb4

SHA512
d7c01aa4b24ce0956926fa5417eed3fd23154bc9d052b343e480be0908615694c307dcdb62dedec2c5b516d02a124eeba52f93074088e58dc4e49b432811e0ab

Download Submit
/data/data/com.gbwhatsapp/databases/BTOR.DB-journal

Filesize
8KB

MD5
0c9d56e088ee1deb75229e12a9d68166

SHA1
26dc84265945c017f2ac9b9c0889e5ae096b5da6

SHA256
c2c59eac4e20d8f84b432c076cb0d9cb1db4f45a217a4f42969c42bbd55cfe80

SHA512
800617a0407fa4df7d1e649cd83e01f87a366fc3faf3da7f985e12570b651a34d5ac5bfed352bc438847410f74e28ba8a7d4ef7fd230a542897e2a23fe9222d1

Download Submit
/data/data/com.gbwhatsapp/databases/BTOR.DB-journal

Filesize
8KB

MD5
d7d4723e3627d8d33c6b3f1033f4847b

SHA1
2b7838c0215c91ae0c01a7c63ccc06a0a12826fa

SHA256
f9c96ee1d38b7777df7d2fc5e24f5908f7b53dbd074c9159cd87b3a5830e2b8c

SHA512
6a2b3808188c77a48f0ca42390dcc74ab596e8eb07743b7011ac35c0f57d72002663298fc8cd4a1e1230c0bcacec278bfe66d25f97a7dff4df8ead1ec1d9143c

Download Submit
/data/data/com.gbwhatsapp/databases/EHS.DB

Filesize
20KB

MD5
917f0d647e1f960145cb9a8c136ec901

SHA1
0ad9a7f842bc32c30311245dd36771200ae7197a

SHA256
8adf41da52132b72f2c2230345e6517fbf48734e9b27ac16fc69b67c9289c02f

SHA512
0b24757735682711264577c7dc041f3ee2d5bd24040c7e50214574c551bf472d933e725aec1fc12952e88facb53d7b2fb0e47d1438fe063b11a82c97bc79e68f

Download Submit
/data/data/com.gbwhatsapp/databases/EHS.DB-journal

Filesize
512B

MD5
a0d0cb8c13041df870f2367b11dca9d5

SHA1
4299c567cafad66f36e0233c3fa5e4d2f9772df1

SHA256
fec45bacd676c0ba636929c637306a54de6d32da10474cca2fe9868831bd00df

SHA512
555735e3f695a5806cbd930a8e7cd046bac4095dc184ee8fb767ac91aba83ce0766026dcd56a42d8ca77398faedd58ad885e81e00def2c3b70f46b3bd29bec59

Download Submit
/data/data/com.gbwhatsapp/databases/EHS.DB-journal

Filesize
8KB

MD5
a3c6dc0601431d84ce15c2b3c428014e

SHA1
4c4a878c9540dd769ecacd96febc478550dd6901

SHA256
479c66dcf27381ad90671a0963ec17d01e8bb50ce60b9b1c15c7fd1e9fdc7476

SHA512
34b21d97607b01db082a370d7587a176ab6e3ff8fe08f92bcc1cbe45f700a0256af68fb2901ef6318f91ae1777b0e47e7ba4307cc62cda66449004ecab22e1c4

Download Submit
/data/data/com.gbwhatsapp/databases/EHS.DB-journal

Filesize
8KB

MD5
57a49098011830795c5fc5e07066e3c0

SHA1
8c99b710944b46837a1de6bd959728a7a3b43bd4

SHA256
89184cdeeae61529ae4618b621578f13a61cb21e1c7e4f21b2cef624ee7f5c73

SHA512
e0bbd26a39e63271fdeaf46e88f4be7d5c52f4fe54840d00edf9008e5e589916a5435744e4ead027753776496562c0de5569fad22b702734d11abfe318e2db9d

Download Submit
/data/data/com.gbwhatsapp/databases/axolotl.db-wal

Filesize
164KB

MD5
60b4dac958a328bc12447b7d88621e20

SHA1
584aa993114753e7d6fe5f2a7990474aee6db2a7

SHA256
29668f01569510b272091b7d9be83bb16ab28a88520c2cbf5601d06f4512450b

SHA512
e31b28a4e5f1b8105d54fff1535e49e10aa41298e5fac346139cf6d7392b89ab656396d50184eab8ef3dee08113e5eca526bd2ca6e9ecbf51f27ea431d7794bd

Download Submit
/data/data/com.gbwhatsapp/databases/chatsettings.db

Filesize
4KB

MD5
7e858c4054eb00fcddc653a04e5cd1c6

SHA1
2e056bf31a8d78df136f02a62afeeca77f4faccf

SHA256
9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad

SHA512
d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

Download Submit
/data/data/com.gbwhatsapp/databases/chatsettings.db-journal

Filesize
512B

MD5
7ab54d88318290913f8babbd58c2ac5e

SHA1
b46aba67a3eb0328096553ca586f5f17138703da

SHA256
ad246a7b1f11903aabf581c17b6ea43342079acbb7dd3f67ecac017016c2faee

SHA512
810d43a56aa9491f5d385c1371d9937968d9fa9e166697571f8336f8ba0a0a261f7253e324d8407df947d1b064a5e3731e29228283aac2e9a3919ca4efcb0d84

Download Submit
/data/data/com.gbwhatsapp/databases/chatsettings.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.gbwhatsapp/databases/chatsettings.db-wal

Filesize
16KB

MD5
2b8b6715a628ab476606476a0e5e7950

SHA1
6600b3637e8a75394c895c981a0abd72b5dd00f3

SHA256
9787b504d5b8b9cd871e21a8167832c7a11d262c38aa570430548fbf735851da

SHA512
fb39da6585f375453177b4c1801cd13784b14d8f06e0749e8ee339846aa14068a8a02cf0b0beb9f82ffb6973501882d381b89c8afa14bd1c56b9aa9ad2ba506d

Download Submit
/data/data/com.gbwhatsapp/databases/chatsettings.db-wal

Filesize
36KB

MD5
46b8396af9994dc316b6995b892a9c75

SHA1
0083bd7e47dd9ac867e1d56fb94ac6178f09ebc3

SHA256
59f6ef1b3539bf777a865a412c1d7ec5a2a1d50aed3fa42664c9d2cc164aeec5

SHA512
43bf85b3ea3777a98799dbafce529d361f38d0a26d2bdfdd5b8c7cd78085865ca89250f6f1d514b491b79f5375dd65441639bfcf42fd502ae51f022fa782e39a

Download Submit
/data/data/com.gbwhatsapp/databases/stickers.db-wal

Filesize
156KB

MD5
e6362752a71f431f581630a7f9d904d9

SHA1
29aeb7f37dbf7ae44f5fe19802b6a1652f2e215a

SHA256
83f09e47f80a144d0003b8e6670149978d8263d6e44da8897df6ef713fe88e00

SHA512
19c7ecf26555603b97de58a26f4efa2493b83e424bb46c7decdb348c1f8af19846f1774ae74bdd26c1860a57176577509264bc87ca7bf544c8e2f39a09b33efe

Download Submit
/data/data/com.gbwhatsapp/files/decompressed/libs.spk.zst/.superpack_version

Filesize
31B

MD5
e18dc8f4be5845a96d77920a85a1ef25

SHA1
2983d621d3e56d49120d5c3cdaca79ca3a028b24

SHA256
0978d3dc0214a18ef9aeab4c1455201029725398ebdaf6766afb7bf936cb416b

SHA512
f961415e789ac5dd2992a8d30e9a6356a5eef09c7377d7a50484d0e938b9353c835c7eb7cd1eddcd086932b43a5cc77286541ff455005571adf6c3d96851c1b9

Download Submit
/data/data/com.gbwhatsapp/files/extracted_pack_file.pack.tmp

Filesize
211KB

MD5
0c723e248d4fbd04fba6b9716c4c4da7

SHA1
a665110bf4b35616b3678debd41e5d7ed86fe4a4

SHA256
fe0b20920dadfcca4b2dcfef21719bd39f5db5a4df9f69e11e1f6c178795cdf6

SHA512
f718a2d52c84107d89d7476555f9dd193c4be7e16b75c26c1081aa93ebd2c56398035c7882328ffb3aa2c21f32b03ad223de01eadf786cfc6e023f9a2f7df8c4

Download Submit
/data/data/com.gbwhatsapp/lib-main/dso_deps

Filesize
384B

MD5
45902a98b5d89322fea2f977324373e8

SHA1
ffda372f579dca5f1fb2735579b919d1820f7b46

SHA256
c9200338a1f8305cc88c42bc4e10c3512c1c078f4fbe72550ce5590f9fedacb3

SHA512
f5b26446cbb46a309aec16e3bab22559c1e4d3a70562bbc301cd0250ccb917a78b7b0188a2db18c3c9586047305c73ff1de4d7b74b822ca24c2754a680062649

Download Submit
/data/data/com.gbwhatsapp/lib-main/dso_manifest

Filesize
5B

MD5
c06857e9ea338f3f3a24bb78f8fbdf6f

SHA1
c5a0a2529d2deb60fec041b4fbd722a2ebe31702

SHA256
957b88b12730e646e0f33d3618b77dfa579e8231e3c59c7104be7165611c8027

SHA512
29f61516876c25379a7bf4faa2b3ca6f6b53eac90e7de47671fec4a818d51441b4025cd7909f7c0a0d113ab6c5ff00cb3700c286bac7319185b77905feec4fb1

Download Submit
/data/data/com.gbwhatsapp/lib-main/dso_state

Filesize
1B

MD5
93b885adfe0da089cdf634904fd59f71

SHA1
5ba93c9db0cff93f52b521d7420e43f6eda2784f

SHA256
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

SHA512
b8244d028981d693af7b456af8efa4cad63d282e19ff14942c246e50d9351d22704a802a71c3580b6370de4ceb293c324a8423342557d4e5c38438f0e36910ee

Download Submit
/data/data/com.gbwhatsapp/lib-main/dso_state

Filesize
1B

MD5
55a54008ad1ba589aa210d2629c1df41

SHA1
bf8b4530d8d246dd74ac53a13471bba17941dff7

SHA256
4bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a

SHA512
7b54b66836c1fbdd13d2441d9e1434dc62ca677fb68f5fe66a464baadecdbd00576f8d6b5ac3bcc80844b7d50b1cc6603444bbe7cfcf8fc0aa1ee3c636d9e339

Download Submit
/data/data/com.gbwhatsapp/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
b91544a1ff829fc277b7e63d995f9b13

SHA1
14d2d73435bd6b373c2c8fc5b9ef4c95dd4d3991

SHA256
df105894a724818ddfba5ee73eabd489674178608b4341fa21ac65801752fb26

SHA512
97dcbb6ebb520026f400e6662a76b3b2765795fd07d989454b80eb7d2f8b3bfb58d1d0f16e20064ba64392448b81593553b05d1dac0d579c7ec13e8b26c24340

Download Submit
/data/data/com.gbwhatsapp/no_backup/com.google.InstanceId.properties

Filesize
63B

MD5
72114083e7da306257b5388c5648e20f

SHA1
f5c7f62eb060432d8032e6addcafbf4e43c727a3

SHA256
af2468e8903d924282b8ffac92e8fb7d849b6491f2b8d27204acc075c7a77b9d

SHA512
1145bd3ea95a6cae19fc97f58ad7337fa8bfe9669fa4bf782e104f32782002e376908649f6c41770672b88889bde538de8932c477e1ade935128ebd05a997249

Download Submit
/proc/4743/timerslack_ns

Filesize
8B

MD5
d46bf94e9eb1d22281a71504685082ac

SHA1
e4e0629aef7425ba63e897bc471f8625de44edd3

SHA256
2ddb67b8a8c259ffaff61a5abdd38f5b5d6f1c6e2af4344c85b17b77af2451cc

SHA512
68a1a1fd4de784e3a2e0e956d0a63ac4ca540ef90e7fd9a2ddc92cf68e52e29792db64f6615054a6e5460467f0b7abe055c899136d98ce6ebab3d580bc55ec86

Download Submit
/system_ext/framework/androidx.window.sidecar.jar

Filesize
12KB

MD5
bdf3529e80318eb14e53a5bf3720c10d

SHA1
25c9ace4b1af6e80ebb2572345972c56505969ba

SHA256
bbc8300dd1e9cd08de8f66560c1ac2c928615b72b51cef9649f88974f586d64b

SHA512
48b9c2d01171bb651b9b54826baa51f4add48431a3efd8ceb5f7cc3bcd6f8f37edf47fabb24349dd15b3a02329cd450f90a8d164bf4f8dfae554bf3b35a8a55b

Download Submit