75f804d346dc48de24e447e262da09b75bb20405095bcee2ab2a775800158ef9

Analysis

max time kernel
46s
max time network
310s
platform
android_x64
resource
android-33-x64-arm64-20231215-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20231215-enlocale:en-usos:android-13-x64system
submitted
12-02-2024 16:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

FMWA9.93_Official.apk
Size

69.6MB
MD5

921ce55fa82f0025debcb7cb3cee27d8
SHA1

cca091918c4b55d00dda82221a198023aff27dd6
SHA256

75f804d346dc48de24e447e262da09b75bb20405095bcee2ab2a775800158ef9
SHA512

569a25d5c9488e1aef22f064d5f751cfb2cdf5aa2e56747759cb7fba17facc373d8e31577a25a8025e5b3ae9c884f3d9603e4db7abe99d1ed3af2ed3dc0ff8e0
SSDEEP

1572864:tHMbZg+KOS73QTXvmpQWACjrXS0CYZZW+jApvoG+oQP1o3N:tHmhKOS739QWAGXgYZZW1toGq9mN

Score

7^/10

Malware Config

Signatures

Loads dropped Dex/Jar 4 IoCs

Runs executable file dropped to the device during analysis.

Processes:

com.fmwhatsapp

ioc	pid	Process
/system_ext/framework/androidx.window.extensions.jar	4387	com.fmwhatsapp
/system_ext/framework/androidx.window.extensions.jar	4387	com.fmwhatsapp
/system_ext/framework/androidx.window.sidecar.jar	4387	com.fmwhatsapp
/system_ext/framework/androidx.window.sidecar.jar	4387	com.fmwhatsapp

Acquires the wake lock 1 IoCs

Processes:

com.fmwhatsapp

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.fmwhatsapp

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes:

com.fmwhatsapp

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.fmwhatsapp

com.fmwhatsapp
1⤵
- Loads dropped Dex/Jar
- Acquires the wake lock
- Uses Crypto APIs (Might try to encrypt user data)
PID:4387

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.fmwhatsapp/cache/downloadable/wallpaper_tmp/thumbnails/dark/00001DarkWallpaper.jpg

Filesize
2KB

MD5
ce57f4a8a7f6f2afb35c86dbb8f1f7dd

SHA1
9ead9440c73f6cceb0175e15dac473c9fe56155f

SHA256
b541695affda1e92cac2e9bf5993adc6ebaf1d17055b4afd28261e4baddf155d

SHA512
eeae2160ed0b6616e4ead8e417890c537f4aeda4a082b60a3b0296b678c1bb8a7a6dbec7768e6c32e3b4fe3b253509af84f89681348160995bd63e81f3833563

Download Submit
/data/data/com.fmwhatsapp/cache/downloadable/wallpaper_tmp/thumbnails/dark/00015DarkWallpaper.jpg

Filesize
11KB

MD5
4f14fe3090fb9780a896f712f3068147

SHA1
7711179a523d8bb65dfd3b0f169aaa6147498209

SHA256
bebc51ea385d30c3a2e3b227d2ca3d780156337fcd2fdf9927f18520c4fb9b7b

SHA512
792f6c4db8098a5f63378833c5fd4870e2fd0ceac9edbf924059f3bbf996035d70b9890a694bea1c882a5a45d3b1c5151d98f66f570a28a4c8c85dfa9a924381

Download Submit
/data/data/com.fmwhatsapp/cache/downloadable/wallpaper_tmp/thumbnails/dark/00020DarkWallpaper.jpg

Filesize
16KB

MD5
bdc10d3425f632648c9d64d93c7b6deb

SHA1
ba1a2c31d42cd9e385a05926122a163395d454d1

SHA256
3bf8f668c2de257590429e45d4014c0f036613948b48975aa10c5b648f2a2efc

SHA512
445af864483b3fea6e6f2bc7692a14fe1f144698e82b9d42fa3a45f59e1cceb55d14e860351fe0993f019d9ebd4dad463a2e4fe4846c76393bb8a4c4a69d7665

Download Submit
/data/data/com.fmwhatsapp/cache/downloadable/wallpaper_tmp/thumbnails/light/00007LightWallpaper.jpg

Filesize
11KB

MD5
8ffc615154f876ffa625d5b996697d6f

SHA1
dea80402ae9af9fd85678dcf428eccad43b5b5b5

SHA256
20056eb0a865525e8f111b01de7e34f75d7be5096e2ba7292a7312476040c9d9

SHA512
81b874eea5f688908f49c45a1742ed494eeb42548b43e9681bc8d4157f64b2ba8e212859046161b6cdbe651827cbfbdc4a45faa770645a188727e64104298fda

Download Submit
/data/data/com.fmwhatsapp/databases/BTOR.DB

Filesize
20KB

MD5
6365b8be8792f9d6cdf02b86aac88673

SHA1
e9ea1b6b1db7bb348cfb63357c451215e2c016af

SHA256
63ccde4cb62894420110307fb114801ed6ea591182334a2c564187d7987648cd

SHA512
d53f6cc31df48c5ec099d7ee96465071aeffe2f1d06d0e31d9f326ebf846f72a5d4d7d1833999c5c7cbc36410a6422e0a7ea4411aaea9c75c7e55ef3eeee373c

Download Submit
/data/data/com.fmwhatsapp/databases/BTOR.DB-journal

Filesize
512B

MD5
e252a91a89931dbc5ab62081e77b88b1

SHA1
e46cc35b3044720dd0433f4c526c68e384591997

SHA256
a3e48a6ba92b6ae954e286d3725a080ea14d1eaea3596e7a65ff1e05d043d4b4

SHA512
c9aa4f5e33da9ebd830ca1703a6bcff8fea3acb8d79f73e1506f7a9b664e89cd6ce8cb83bd38e505778c5e885559ab7e297a76138e1ae9cd95157a0315633801

Download Submit
/data/data/com.fmwhatsapp/databases/BTOR.DB-journal

Filesize
8KB

MD5
2bbcd36ab17b83214dc9eaf4cbf6c0c3

SHA1
e35fa6ad52807c0fb6f0ab9f41ba666cb12a8936

SHA256
bbad87b631d8971eab73787661ab71267b1da3b333566d44fb52facfe646cce9

SHA512
1ffd48d9803a8270a10281fa1daddd69a0fc6bed8a477193556cd136ab6d353e3b322620b24ffcd30c3be8692b36b98d61a9e20fb67a4821dddaebf57bd3482f

Download Submit
/data/data/com.fmwhatsapp/databases/BTOR.DB-journal

Filesize
8KB

MD5
187323308007bfa2659a78caf87101cf

SHA1
905aaee62637d1f03cc94403858d9b66fac8cc6c

SHA256
e31953282346c3a76a5058fbe8825f81a3061a2e1c58f9faa41233ad64ab2cb2

SHA512
df95fdecaba2fdff062bfc8e93fd651f3ce1bce9e309d6c923ee77f5b635e5c85b4a7dd6dc89cf03b158a1d7716dedd52fa37203d386df292f4f440375a39d3c

Download Submit
/data/data/com.fmwhatsapp/databases/_jobqueue-FMWhatsAppJobManager

Filesize
16KB

MD5
0e145d133c72f8c39c5d795723271c64

SHA1
98a8244b8946f3340ca57ae5382455c60e05da66

SHA256
e8b345fed052ae1a0519c532864c763893932b1360eb6ec1afa819547f6cb1aa

SHA512
464f0914180a5d090a1c7f6843c86d5f130f6797b97ecf8a33a05bbfcde7338f014fa6f6b997e3b7ebcb5beb42cedcb69096af0cffa53331fb3c3687b456908f

Download Submit
/data/data/com.fmwhatsapp/databases/_jobqueue-FMWhatsAppJobManager-journal

Filesize
512B

MD5
086b1b29e6565ec5029435d2062f0602

SHA1
7a39f5b4904bfc8b2b9af75dfaab410b877438f9

SHA256
633f6ec923a3e531fdb6105a056166caa238681a73f9259b37b4ec228f9019f5

SHA512
4bd4c9cb324a6349c8948bc3947c954be212f5d58cd4d7dcdbfdf7ff476f03643877fddc37a117a2bfbcbd4af30a4d29d29a490c3b3eb4acce87fd4a5ae548e9

Download Submit
/data/data/com.fmwhatsapp/databases/_jobqueue-FMWhatsAppJobManager-journal

Filesize
8KB

MD5
c8953b1d6a2aef57b76102b7f7c2e2af

SHA1
35cc5b70219c3c141c90530c4becf61f5d8562d4

SHA256
5995acae02e099b5e2ff4b1909c6e8238d184c6e394cbd2c93298d67cbd87cad

SHA512
b6b0540d63475233bccbc950356175c78cdd0f813bc6be09c212cd26e86189d5cb6c25db46181e3a9b108a9c7a291937ab7432802e17195ac7a855fc869cf011

Download Submit
/data/data/com.fmwhatsapp/databases/_jobqueue-FMWhatsAppJobManager-journal

Filesize
8KB

MD5
f7eede17c541070e62f03ae032d6bd5e

SHA1
8a23b2d39bcdaf2d3d6772bc124a63c6dec81f39

SHA256
20b8c67ce5c3075ffb0780ca197ff50e683837ca5ae98ec3c966649cd4246ada

SHA512
e109ea2e745a2411718dfed86d0367115903f43cb98ef445e88913020fceafc12d16b0ea6ba31c46e425f7d171b68f7d777fff939311e192f0a1bf73ea98326c

Download Submit
/data/data/com.fmwhatsapp/databases/axolotl.db-journal

Filesize
512B

MD5
9a87408104dbdb73dc7b2a488d651266

SHA1
a6f3f8a901770b1817fe28dc22cd3a2e00537fb0

SHA256
414ab36d8db1a404ebba1d78a9260235d1a91be98523ce3f0c3c338420307808

SHA512
470cc5b291ad8fb816b73982911dc29b33502b4a9fe5a805addf9e826e40f9d8f4f0f1b1c930990af58b3d7e321949137bea49f366ccfa9d4d75ef2bbe3d8ff2

Download Submit
/data/data/com.fmwhatsapp/databases/axolotl.db-wal

Filesize
16KB

MD5
e916740754c035ba9e1e27e00460a4fe

SHA1
eaff4d856cfe84239745d6c86a56278db0fa2a96

SHA256
e0e18f8bcf9004e85ee893412424c793695ddda4a1a9ef76e5bd2f017f7b9ba8

SHA512
db4b112789250e17d6559b3e29878004fb6bdb2e9f737e3dffb090a9232445771b89a45f898fcc2edc44326fe1981fda287fba5e32b902286b8123e06b1d9bc6

Download Submit
/data/data/com.fmwhatsapp/databases/chatsettings.db

Filesize
4KB

MD5
0eb157e1a86d4d00aa601dd2f6ff3ee3

SHA1
fee434f784e73cc7916322e949f727caf8363102

SHA256
b9a8194b71a046e8c0eb30995827b582b4bea834f630a5df2483b778a7d7d8a4

SHA512
b9b79b8c3af8a3f140df230fd89e95206358ba50ff214e7323a2dbbe2937b795f970e588302ffd5d721318bd597ce0a27af26d6cdb07f45569c30209845082a8

Download Submit
/data/data/com.fmwhatsapp/databases/chatsettings.db-journal

Filesize
512B

MD5
2e9874616e65d41b7ab4da577ab12823

SHA1
1fdbbdeaf5773613d7f44e9fd773fae728994977

SHA256
eee271f2c9b38dcc8583c5d8f53a051c2aeeb4e5ce4fc9c5e3550fc88d3f7adc

SHA512
1e6367d3f933c2e08b85d51bad4c6c294d42d38493623f85dfe4bce86d917b3858570aa4251c0188e8113af157c2ba08c7d08b6ebd0aee2c99a75e00786ee3c3

Download Submit
/data/data/com.fmwhatsapp/databases/chatsettings.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.fmwhatsapp/databases/chatsettings.db-wal

Filesize
16KB

MD5
31088a2fe63928266301c3a7b73324e2

SHA1
e95796a670da600d855ccb4a9df33feeb11b1388

SHA256
a527eb55d7933d58523d19eef02f04aa8f447eccba85a3aae2f0fbaa9cf5bd9d

SHA512
06d900ed83d598619326e72559df68cf7817d9494aac06985bd4b86d8e6a35363df1ef96924658988887a74c50ec4aa2b964abf02892ce3bc4f2f318366a4be0

Download Submit
/data/data/com.fmwhatsapp/databases/chatsettings.db-wal

Filesize
36KB

MD5
51b04fc786f2b90e5ca4d1534fc4a746

SHA1
c37ee1f8d5cad6902f9b93983a35ef664c46e1da

SHA256
873c7610e6e385020dea4ae25baca2c32da7af44637341ecf39ae8866547eee1

SHA512
1ab8b6c28f96ae52db32d858e0ac4b61458ddcab0afcf70b244b7b190e31e2739f26b45b602125f956f704bd5e89e7b28eb1f58c985f6598733b72a7f7ebf4f7

Download Submit
/data/data/com.fmwhatsapp/databases/sync.db-wal

Filesize
116KB

MD5
e0bd5abaec6c7833fd8e1b3d9d72bb0d

SHA1
bea5f6b7d0f6b4ca7e72d081976df9a78c9314a2

SHA256
c6e3236ad4e08889fb26575567033025548313c8cbf3af426dabbae52270c2cb

SHA512
1206e2807c5d9f99ae791ce50229801bc7d1f488b08f94363735fbaa382f749abaecf87d6fa17ebe5787fe4017ba311dbc5c8ec4beb2f30a3cbe93c29eb4c621

Download Submit
/data/data/com.fmwhatsapp/files/Logs/whatsapp.log

Filesize
184B

MD5
231e5d4f8b106649a1d64df322657d2a

SHA1
32e09152a8daffe748f53ae91caa893e2721aacb

SHA256
546c016826bb584f0d19ecac0d0017963f27d93475a815d525be4fab71864d86

SHA512
b23aa62f92b90ee369abf73974dec40b40702865c124253f43a1076b6f85b7071607985884db9522160b2a04652e3ff91afadd59748f93acc9941f598aea29f7

Download Submit
/data/data/com.fmwhatsapp/files/decompressed/libs.spk.zst/.superpack_version

Filesize
30B

MD5
7eaca23257298fa940e35a6f400d8827

SHA1
d6e8d2e591909e39bd38e38b693036994ef233bc

SHA256
94ce0d704d0d8cb972f4630bfbbb31d823d4ee5e5281df72b20d9038d0f3c7db

SHA512
f575f20073d19dbb209834f2f444aae06683a6219156536c7f0618e23d2b47d7b482eacfc1c8d914047e3820be7a6a92e4a3697990dbb08d32fd9f2d60fb1344

Download Submit
/data/data/com.fmwhatsapp/files/extracted_pack_file.pack.tmp

Filesize
211KB

MD5
0c723e248d4fbd04fba6b9716c4c4da7

SHA1
a665110bf4b35616b3678debd41e5d7ed86fe4a4

SHA256
fe0b20920dadfcca4b2dcfef21719bd39f5db5a4df9f69e11e1f6c178795cdf6

SHA512
f718a2d52c84107d89d7476555f9dd193c4be7e16b75c26c1081aa93ebd2c56398035c7882328ffb3aa2c21f32b03ad223de01eadf786cfc6e023f9a2f7df8c4

Download Submit
/data/data/com.fmwhatsapp/lib-main/dso_deps

Filesize
384B

MD5
8c3a3d21497281e5fd38d12bb70d81c5

SHA1
7ecd3d0e9515f0ecdc5c56a3c3987929e7b73be2

SHA256
182ba8df63745a872b244d212d223357725535c9687b2f5bf90c0e54c6f52aba

SHA512
367cc178e063e0a8f559f72ebc7375d7501d76124e7669010d64a538dfc91b46ce55c559567bb6227e126178c8f4a318a5bd8869b17d13fb5116dc94041c99fe

Download Submit
/data/data/com.fmwhatsapp/lib-main/dso_manifest

Filesize
5B

MD5
c06857e9ea338f3f3a24bb78f8fbdf6f

SHA1
c5a0a2529d2deb60fec041b4fbd722a2ebe31702

SHA256
957b88b12730e646e0f33d3618b77dfa579e8231e3c59c7104be7165611c8027

SHA512
29f61516876c25379a7bf4faa2b3ca6f6b53eac90e7de47671fec4a818d51441b4025cd7909f7c0a0d113ab6c5ff00cb3700c286bac7319185b77905feec4fb1

Download Submit
/data/data/com.fmwhatsapp/lib-main/dso_state

Filesize
1B

MD5
93b885adfe0da089cdf634904fd59f71

SHA1
5ba93c9db0cff93f52b521d7420e43f6eda2784f

SHA256
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

SHA512
b8244d028981d693af7b456af8efa4cad63d282e19ff14942c246e50d9351d22704a802a71c3580b6370de4ceb293c324a8423342557d4e5c38438f0e36910ee

Download Submit
/data/data/com.fmwhatsapp/lib-main/dso_state

Filesize
1B

MD5
55a54008ad1ba589aa210d2629c1df41

SHA1
bf8b4530d8d246dd74ac53a13471bba17941dff7

SHA256
4bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a

SHA512
7b54b66836c1fbdd13d2441d9e1434dc62ca677fb68f5fe66a464baadecdbd00576f8d6b5ac3bcc80844b7d50b1cc6603444bbe7cfcf8fc0aa1ee3c636d9e339

Download Submit
/data/data/com.fmwhatsapp/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
ab8cab644d33571d1e09c0b04826338d

SHA1
5a67effd24ddffe2e21b17aff7fa9bf9ed12b237

SHA256
adbd3af1f6995e4700d596a0715725e5bed47afb6fbaf07ca0f4be35a4e1abd9

SHA512
df48e25ed828618edbf419fea3915a3330ab5840ea9bb8523536e8f1f0d1b06a9de509dee039769718dcd633e32350a6326c320956ac71772dacb9e4f2ce5a23

Download Submit
/data/data/com.fmwhatsapp/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
9cbd88122da34b828e1e5dc24ab2f50e

SHA1
2b435370b535a1515bb1f536533da070dc43d7c1

SHA256
d848d24cbf6fb0a4579bf878bd92b574210f653549f37397b21bc2eb364d6ffd

SHA512
3d60e18cfbc225641cb930e63f822f1c6ef2f6bfab28cf2ad3211402d5c646dc1391b255da1a181aab6fb41ffe3662db0898b0ea369331003676bfbb38be3471

Download Submit
/data/data/com.fmwhatsapp/no_backup/com.google.InstanceId.properties

Filesize
63B

MD5
eb60ecf1c656146ddb07e4860594ba08

SHA1
ee3f9aff48938142b3996b15f0ef57dc86318362

SHA256
310d7ba49eac5470ec47f10e1cfe6d3e382d556dfa4500d76430b87759d33788

SHA512
88cee7dd5dd46873f326c93855dbd0922d35410f419665f947b75c7bc72220cd8b70a0a488d58f91d62792f7616ff3fc92057dcf829037e1439f75624634e4ad

Download Submit
/storage/emulated/0/Documents/FMBackups/com.fmwhatsapp.zip

Filesize
56B

MD5
07e18012f2840ea25f64214548bcce31

SHA1
c9b1c8cab58537ae471daeffe714b31bafdde02e

SHA256
d0a2ad48cbd6311ecafe32404f472e83197a815ff5bf2a3cef638a05618260d7

SHA512
978ca98aabd4f24be6e04df22a303f77ac66eeda7c2ef87f526a5bf0770ca12e1d912732b020d62c82eaf58288790091902060509f9dfe66046908df53ec6dd4

Download Submit
/system_ext/framework/androidx.window.extensions.jar

Filesize
123KB

MD5
3056e1bdb7d4e19789d0319eff484bd0

SHA1
6791ae47aa9466fe0bca27ad6643f846853bbee4

SHA256
8e6331a07c9f2ac139214c527dcaff2c82d126bbe7bd3420cdc36d6a8c9204b0

SHA512
c790980fd68d9f89e32743bc28846807d5e5947c555f494de47714dec5cbd0c08d81c3260fa463759d1b17a953af3c44ec30b14fb08bf6b29db3837346c9f658

Download Submit
/system_ext/framework/androidx.window.sidecar.jar

Filesize
25KB

MD5
29469324e59dfcc052f24b5af4e7b2c4

SHA1
10c1e17ac6f598037bb51baa07945663645de4eb

SHA256
9195dc6a1c75a841384050240dfc972e48178964993fba6619788625f4b40d1a

SHA512
5e27c2b1431369a248298f2f749136a575005584f9999f2a4c204a0c47adce2e33c8df9f058bdafa1bde1c99e46d175560cedfcddcd8581718ed1d9973c37cc2

Download Submit