1a5aac2a6c5a1e625821a2260675248596839806758d253156fb1c1da56ae8b9

Analysis

max time kernel
47s
max time network
137s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
13/02/2024, 02:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1a5aac2a6c5a1e625821a2260675248596839806758d253156fb1c1da56ae8b9.apk
Size

76.2MB
MD5

67fff717824a15937e777dc2a98472df
SHA1

7efc96bae35f14883c353224d204e9a73841aa9e
SHA256

1a5aac2a6c5a1e625821a2260675248596839806758d253156fb1c1da56ae8b9
SHA512

bac2cd756d685be35defe236da6876135c1c2e3646447f86b46f0dafeacf2d047f7c1184b2691cc72af60f33c8682d329aa63857711e75eff126049fd34132cd
SSDEEP

1572864:16qJzShywPkPnZS+/eignjMg4DmlxI0MmDS1c4sLPwpJnraBK:11mhy5nZVYj/4uu0rDSOECK

Score

6^/10

Malware Config

Signatures

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.fmwhatsapp

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.fmwhatsapp

com.fmwhatsapp
1⤵
- Acquires the wake lock
- Uses Crypto APIs (Might try to encrypt user data)
PID:4241

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.fmwhatsapp/databases/BTOR.DB

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.fmwhatsapp/databases/BTOR.DB-journal

Filesize
512B

MD5
7ac3454a41078e83b7fad57a80edf0f9

SHA1
2b42d7bff2eb83341c04a5fdc6d845ef497986a3

SHA256
5a22fbddafee7d68c32f7947c9721f7ed6d066c298098e1aa0e759fec1972497

SHA512
a3ceec4327b2b6958332aa1c52e4f07e66f5df9ee47ffdb552c991d604ab8d90d115c3e030a67a7c6063dbc32e611e3284b5ae1ce7b4ebcc2e3e5569005f8396

Download Submit
/data/data/com.fmwhatsapp/databases/BTOR.DB-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.fmwhatsapp/databases/BTOR.DB-wal

Filesize
32KB

MD5
64e7f45c1fe95f961ec304808d2dd938

SHA1
30c8e2f7f5a54e8ce1ec917eb0b54c880e607e49

SHA256
4d6afa95033fe2f776c80b6419e8bf6989af82b5ca631a7156080976e8a9b2ee

SHA512
ef081a4ade254c18d7f4fdb3b0c94adf5e84dc94748b7905eb9225461627a429b9eff429f8157b6885c529682c242004a6ecee3515c9424ef02af6390b0047f7

Download Submit
/data/data/com.fmwhatsapp/databases/EHS.DB-journal

Filesize
512B

MD5
27fbe54716f130ebb8c8a1665e921eb5

SHA1
de0e543a517fbb0fb86fa91cad0be7953b1ffeb6

SHA256
c95e05b32a17a60bfc40497f57e1684fde073141a8c916d33a725d8d95d594c5

SHA512
44fcab7f68db556ff06247fee15102b68a2151c79399e19c995e5aa5dce349091fa73733708548d344f37fb5edeebf6533a90e0eeeb9311bd77d56bd06549dfb

Download Submit
/data/data/com.fmwhatsapp/databases/EHS.DB-wal

Filesize
36KB

MD5
5df5ee7b7fe993c9f93cd6f7b636ebf6

SHA1
2d6e4308146dcf1ce3999d222f43781e3ccf24bb

SHA256
01b64246a1b2fb3a0a5d49df6391e61cf3d0b19cd9621ee5d57a6dfb1c9d323b

SHA512
d18657319555a42bc2a984cae25ada269ac421a4ee88eaaa9d713ade3d2699231ccee105097af9156dbbe1611620ebac2fc1accf8db2ee176092c8b19c52d204

Download Submit
/data/data/com.fmwhatsapp/files/Logs/whatsapp.log

Filesize
187B

MD5
7c6216c0da2cbba1d4955af17459a0ff

SHA1
0c5ad23fd078ca7db87e345b8f9899629f7e79bf

SHA256
63525448be671197e97de3f7cb658567851715b8da77c460f76288589ae5e2ba

SHA512
81a1bb9d2eaaa1136f8dfd5e6ee93b025db5dfb9c21515c2e6d1e9677efbc3913204f27fa635ec7146e6b0975eb7eee6a063b76bb0c52cc01273f113a0ef6ef7

Download Submit
/data/data/com.fmwhatsapp/files/decompressed/libs.spk.zst/libvlc.so

Filesize
3KB

MD5
cfaac46a9b3c925a53382f453c8c0d81

SHA1
8e82c86b6d77d7e1ef003aa7796b83ccc5efab7b

SHA256
0d87625993ef963e9bebf8f21f22525807d48dc26b3195fe94bedfe877f376e7

SHA512
22c8297645c4ffb8ba08e44e1136dcc3b3c16100ff837d7e3ae7bf3a1f181c12e9aa33f3f598d6d7e001536b9812106b4785c01f91a76874cd220a6229e787a2

Download Submit
/data/data/com.fmwhatsapp/files/decompressed/libs.spk.zst/libwhatsapp.so

Filesize
1.1MB

MD5
84fadf5aca0306751c6bd8fa49cbae55

SHA1
6da2ff99fe2ce8137290c89a354225ad2fbdbdb3

SHA256
64686aa98802b4265a0aa93cf90fbfbe9f39286e5fa5692e01607bcff413755f

SHA512
cc8962e9bfdd1a30e0c87c2ed37aed0a32208f4c2323d684ceb1b6f8087fe61b6fb920bbd6fa5ee74be4e6af146e84119f3359b00608d23428981c6e91bf588f

Download Submit
/data/data/com.fmwhatsapp/no_backup/com.google.InstanceId.properties

Filesize
63B

MD5
f989352bd72f24e970bee1d0942d32d9

SHA1
a6d5438eb256123a2679a82ef52a09a919984602

SHA256
d8049faa1a3ba6ee26588c19f2860f95fe0f85bff14f30307531fc42df85d9df

SHA512
e9b42fc56ae4fa0a821e3b5d041357c7cf4a9eaa0ed24ded23027d6649c74ce9036201c18cdc8eda7f0d6f7943f0b4b1d616517344e32ab503c7a2f5ce4d3aab

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads