1a5aac2a6c5a1e625821a2260675248596839806758d253156fb1c1da56ae8b9

Analysis

max time kernel
47s
max time network
130s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
13-02-2024 03:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1a5aac2a6c5a1e625821a2260675248596839806758d253156fb1c1da56ae8b9.apk
Size

76.2MB
MD5

67fff717824a15937e777dc2a98472df
SHA1

7efc96bae35f14883c353224d204e9a73841aa9e
SHA256

1a5aac2a6c5a1e625821a2260675248596839806758d253156fb1c1da56ae8b9
SHA512

bac2cd756d685be35defe236da6876135c1c2e3646447f86b46f0dafeacf2d047f7c1184b2691cc72af60f33c8682d329aa63857711e75eff126049fd34132cd
SSDEEP

1572864:16qJzShywPkPnZS+/eignjMg4DmlxI0MmDS1c4sLPwpJnraBK:11mhy5nZVYj/4uu0rDSOECK

Score

6^/10

Malware Config

Signatures

Acquires the wake lock 1 IoCs

Processes:

com.fmwhatsapp

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.fmwhatsapp

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes:

com.fmwhatsapp

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.fmwhatsapp

com.fmwhatsapp
1⤵
- Acquires the wake lock
- Uses Crypto APIs (Might try to encrypt user data)
PID:4280

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.fmwhatsapp/cache/SSLSessionCache/static.whatsapp.net.443

Filesize
5KB

MD5
121d557f177d7c1184e39698c81d39d4

SHA1
c098912ba5cb80dd97a744b025d48dc08c9c5716

SHA256
fa4df135106935699df879a957fcf1a4cb0d5d11c5c3ccc680da7b6e5a1588bd

SHA512
6416caef83302afbee2679f7496600cad2403d61aa08673187c31991606c9e7cc8836482c1aec6b90ffda6a5ead0a6aa00eafdf6f22ca35d4011fda6b200ae51

Download Submit
/data/data/com.fmwhatsapp/cache/downloadable/wallpaper_tmp/thumbnails/light/00005LightWallpaper.jpg

Filesize
16KB

MD5
d1ebc1bb492fe909623dcc2d739816a4

SHA1
046b46f02f875cd559115c557048731ce4d9f2d8

SHA256
ad9411dde548a7208703f40d066c0d0b9053262e8646617acb2b420b1e0b5ab4

SHA512
79f4b82c0468fae32231bc09d0f57a9d8f0b8c0d1b134339ebbc5521064e1a487f328c6287e00cc0cadfd8821c1d94a7254022e2b2d189d89bfef6eec250fa77

Download Submit
/data/data/com.fmwhatsapp/cache/downloadable/wallpaper_tmp/thumbnails/light/00028LightWallpaper.jpg

Filesize
7KB

MD5
6550e122ae1c44f9a37dc29a77843cb6

SHA1
8022c5333d66115f891c8c3b558bb06f5e052f43

SHA256
d81c11626b1992bfc6a9d455072e1ca7668209d7f0037e42aba26f322ca1aed3

SHA512
e520d15579e04529d490c6c0da224eb10c523f937f973df6cceddfe23cb1ee18cb1bc1390e1619d5dfd97ce257869dcdee223823f1d105f61dc4909792379d3c

Download Submit
/data/data/com.fmwhatsapp/cache/downloadable/wallpaper_tmp/thumbnails/light/00030LightWallpaper.jpg

Filesize
7KB

MD5
baea599a06edd69aed4eb35afd305b2d

SHA1
542cf349ea0afcc809cdf7d8bfd675d9a320825f

SHA256
b82d3888051f7fe30edd58c85107230091f949f233bff97e6eaf04881e66224a

SHA512
a6052164f3f94316a4c7912bdcb912b39dccc6d48d98377efe4161936612973400ccf14d45d118727108fee185060f7d35989913ed1042e74a779de70cb2d15b

Download Submit
/data/data/com.fmwhatsapp/cache/downloading-1291719672291438526.tmp

Filesize
73KB

MD5
26f985184419c9baf376aa694c5b9cd6

SHA1
5cd7628417612d95940e1b26b21b3112f938abfe

SHA256
5a89ab27be17e625c094159b40f68b6714ea3cc3cf8de1fd84ef584b725cb8ba

SHA512
2a5d9dd6d7ed5f6818417b6bcfed89e47c1b0e25242aca496e6356e62e3beeb02e3f168eb5471fc73a39bc56841f2109b753ff2c55be116774859dd0185d1ace

Download Submit
/data/data/com.fmwhatsapp/databases/BTOR.DB

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.fmwhatsapp/databases/BTOR.DB-journal

Filesize
512B

MD5
c675726e2474916164b58d1217cf1bc1

SHA1
d51048588b3a00e9de32d4fcaf63e418a0b1e47a

SHA256
99a920b23e84b1afa83c46fcc4e3d44588ead676499eb5bcd729b279b33bfaed

SHA512
1fcfcc28f3df14056023a0e153b9beab78be9e89cb2388c26a369437394887b7bb35e20b2f6a27f055b00e62b2292c632b1868aa3b229b3f0f658a715b10b6ec

Download Submit
/data/data/com.fmwhatsapp/databases/BTOR.DB-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.fmwhatsapp/databases/BTOR.DB-wal

Filesize
32KB

MD5
611f078d238dacf3c0900210b78e8a8a

SHA1
9a29f54b68908df94836b4106b36a86ac71a5199

SHA256
ac264909d6b270a52a01141deb03196cddf23ea935f99606cf580c2cfef24b30

SHA512
c3fc836780a5e5a0d1fee511a69735536d3c540de74b12d15c1d8cf53c9b2cb4ecd69ea1510c89246d47b84f81fb93431f317167c05fe590d26c186d7483cc92

Download Submit
/data/data/com.fmwhatsapp/databases/EHS.DB-journal

Filesize
512B

MD5
9c99995d229dd1c123f4b9d97d6b0423

SHA1
a30552d669a223b9fdcd362a156c61cf172157f1

SHA256
03534ebb052a9b02fc6d7163df08a6436024d84287d2d7dda5ce42b1d3640ceb

SHA512
de0d1f909cfd42ff5400331c0e346fb534c35aeabb87eb63fdaa6e856282b773eae8f7f0ce2406a0949069d7a4e188027eaff59981b01ba6878b88a00428c329

Download Submit
/data/data/com.fmwhatsapp/databases/EHS.DB-wal

Filesize
36KB

MD5
5fe3503ad603903119ac82e6573aea98

SHA1
5721376698aa1f0a6270cdc1c64ac0c85e8213bf

SHA256
ceb680a126b207050f81c3785d333009ee4973cacc8d81ca735dee824cfdca43

SHA512
32fde6f978ab2634f4b8507655a6e321d53da40c30621fa9c3440fa9c6d8d76eaf6a9e2383033f21674ad09cb317b31fecfadcb6fb144657ba10ac5811866fd8

Download Submit
/data/data/com.fmwhatsapp/databases/axolotl.db-wal

Filesize
100KB

MD5
75fcd17686d31511b8c0f0eadacc3b10

SHA1
07d89cafbd1489753a99697682bb17a55481f889

SHA256
62923656bcf8d20196411c2734c1e99297c500b6bf61dc4cb3eec7ee92708989

SHA512
9cdfabf563e5430d2cdaae03ca5c06099ab6dc90c51033e57101b715fdac606d4bd43bdc860d2ae528341416f3dc17c09eb5b287018e39d65d7e3f8fa3cb5007

Download Submit
/data/data/com.fmwhatsapp/databases/axolotl.db-wal

Filesize
16KB

MD5
2acff5319b53c5371bc7f64cd4dae9ae

SHA1
ad9ca0ff3330deaf58c809ec58a5832d6663b998

SHA256
92667ab84a12d151312d6531eba7851ef31729c6bed1edb0cb52c092c115dfe5

SHA512
d2f438aa1d6217e8a99b1d2306b9b409abf843ee122c6cb26f3e68c37aa4033b1e372a1dfd2d8a34c5baeb308f12c6f3824c25c50bcbe418a77d3b26d7119394

Download Submit
/data/data/com.fmwhatsapp/databases/stickers.db-wal

Filesize
16KB

MD5
3c01476c8e44aa2ed0a635a856e8424b

SHA1
927dbc8c0c66dafa47565c6ca55d5994b37526d2

SHA256
13b3fcf2d70f471eae9e6e1953256b319941ecd306344d1337d256ef0ac11abe

SHA512
4451f734de238939dcb4503c38b69a8eec35504eaa118141f37df863a3f5de2d80f9cea11fb60fe3cc39b504da1e14d0ad0287aa5dd17b0c2ba5dbeb517dcbae

Download Submit
/data/data/com.fmwhatsapp/databases/stickers.db-wal

Filesize
156KB

MD5
40ad575acf33a49d9ed86fc0f958cee8

SHA1
d5617ba373fc9edbe20eebc080f005a1b50bbc08

SHA256
d5b2b9445ef772262965343a2e5519ddd4fa684773cb316c3512b562dac19827

SHA512
23b80e40332792ce8ad6b1bf07c1215900a31d6010ff1d7b9bd04fa9ee3b788733be01ac9e64690d8546c254e6e4b462988a61b92b820b4f276341689265fc47

Download Submit
/data/data/com.fmwhatsapp/databases/sync.db-journal

Filesize
512B

MD5
87a0aa9d88f025469ac50ed69604f2f3

SHA1
06d68c3a8d734a9b64a9d0b989bfefe0500a1ed3

SHA256
21dc4af046199e4cdae513893839a32be3c4b50d519879344c5e7f0713a5b012

SHA512
f095b8177f8506175dcfdb6017ea66859c58dea8d3d643c97c2cf523fd69de2122642de8e28e7d6c85fefd68eea3134c00a3c7ef29c80f9b13a7ab6bf86cbb21

Download Submit
/data/data/com.fmwhatsapp/databases/sync.db-wal

Filesize
16KB

MD5
73395ed6596967cc1dc00534f93a45f9

SHA1
a1dab1e10156ead51a349a93c841a267eac10667

SHA256
65899e396b86fc2a7396b20ad8320f7cb55f5bb5e3f0f4df7fb07f51729485b4

SHA512
6e4ad5bee7093ca3f5259de5a028d3147cc027abd3149e24bb2dc704ca5d93e1792656dab349e1f29b897a8759d7ae9e998158eaef662c744a6656ea2fb3f0d4

Download Submit
/data/data/com.fmwhatsapp/files/Logs/whatsapp.log

Filesize
4KB

MD5
5ed0aa2e0731512495cb230a444dc577

SHA1
f8445781f30bf23f6541a3ad81cae38cf379ebb8

SHA256
bdd7e8385899ba1477dbf72728c027dcde66f8a9a34aa447db067600700fadbf

SHA512
e5581018b9567d20fa47e3451c7685440dd92082bf13be47d71059adda736fce38f49d132e3ae90017d3c91341c074dc82c4c53878420025a5d89f06596adeb0

Download Submit
/data/data/com.fmwhatsapp/files/decompressed/libs.spk.zst/libvlc.so

Filesize
3KB

MD5
cfaac46a9b3c925a53382f453c8c0d81

SHA1
8e82c86b6d77d7e1ef003aa7796b83ccc5efab7b

SHA256
0d87625993ef963e9bebf8f21f22525807d48dc26b3195fe94bedfe877f376e7

SHA512
22c8297645c4ffb8ba08e44e1136dcc3b3c16100ff837d7e3ae7bf3a1f181c12e9aa33f3f598d6d7e001536b9812106b4785c01f91a76874cd220a6229e787a2

Download Submit
/data/data/com.fmwhatsapp/files/decompressed/libs.spk.zst/libwhatsapp.so

Filesize
116KB

MD5
64c1f02eda51a5fd3148ad7dfb5ff400

SHA1
2856951ca7e3e4709fc196123ac28c1c8e40fffc

SHA256
3430b3451f3f3aa70df042a42aa2e29a90fd8b3b607b5d9ca07728798939d02b

SHA512
b846e16aadae3233e09babaa3d0b0706c6bb2f45db17707f0105ea302991a694bcd64783afb533d3672b92b6b2a8e4f5e8bacc61ff174426941da8246e038a80

Download Submit
/data/data/com.fmwhatsapp/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
751dd59a40232f1a0dd0f756be2a6333

SHA1
a2002850725b3ad2ebbad4ab74171763ceae0dfe

SHA256
b35d66ea80f7793355f6cdacd9585c1442030bb73f65d17d11784996b7bd47d8

SHA512
ceaa8fa226b7d584b7a7d701ed5cd04d36b54eac9eb7a47ce941cf087c85845f02b81e4cf55627f0c7688392934f925339c5849d37df39e096e1a32cb9fac181

Download Submit
/data/data/com.fmwhatsapp/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
3c3d268ce757490132a9ec0dc1853926

SHA1
b68ecde563c93d0fb9897600782ad4443ed9dfa5

SHA256
7fbb312e69c8e9f5a6b1db560c364c77f4073cc04ce418d36f76a00853301dd6

SHA512
099da8b5a458d53ff7a6be10723b94b102ba20a7ea12401cf6aad1a46197cab27cc4101a0d0cc5464306a0699745a8168488e5429eda79b184c72d575d4adfc2

Download Submit
/data/data/com.fmwhatsapp/no_backup/androidx.work.workdb-wal

Filesize
112KB

MD5
3626f02e82c1739463c897cd0c4cfd44

SHA1
0b4f01a32d44ba3c72626bb81cffa22c8994fec2

SHA256
1e2cd6fd9d9187c229cbb909b506b92bc15dc293b531a91ab3efbe3670654288

SHA512
0b4e1effd746905fea7f688155c636d4db8bfee9265f906189df94fd634e19e88499ac37aef9ba1f331aa535f0dfe502f271e553f18dd1524233f37ac772c9cb

Download Submit
/data/data/com.fmwhatsapp/no_backup/androidx.work.workdb-wal

Filesize
169KB

MD5
7d7aa0b517845d854cfafed47eceeca3

SHA1
f9f74b93957d4e7ffd92fc97f33586e38594f328

SHA256
b1d5a37846f130db2673cb43bbf207b86aabda65404e3016702daa5e319f7e4c

SHA512
cb1e98f710f06bf2f4598f6145055816f6677cbbeb91097c8669714f8a2306cd8519d3bce9c9f8a8c4613512b79fe1b555adebfffea1d06f12df4b5ba91bff49

Download Submit
/data/data/com.fmwhatsapp/no_backup/com.google.InstanceId.properties

Filesize
63B

MD5
6fb611155b3bf5eda4deb41b78bf9354

SHA1
3d40b85096b4e3f3a4af287b36ff155f1ad360ad

SHA256
00bab27a0776fdb8e4a15c2058c5523cf1f3997fde35452c9c47728338790c68

SHA512
08fd05b1fe53d08b96d3665bbd552e8404e9be5d8389b7e2836d49872d59fc9605ab749a963aa24590fc5c2ff6e343c5f6f7ca7692d4178bf389eda2fd078ad8

Download Submit