Analysis

  • max time kernel
    50s
  • max time network
    138s
  • platform
    android_x86
  • resource
    android-x86-arm-20231215-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
  • submitted
    13-02-2024 03:08

General

  • Target

    3e596694e6c74a1991490f4bde5e2404fc1b6d57af8499b7fc67adb44e17394e.apk

  • Size

    75.6MB

  • MD5

    d73fa603bb7dfbd53f2ec4d05617b9e0

  • SHA1

    86f18b9d0ce32f3ff1c608ae4317329e4da44e1d

  • SHA256

    3e596694e6c74a1991490f4bde5e2404fc1b6d57af8499b7fc67adb44e17394e

  • SHA512

    4e004ec348e58f8229d1e3b5d2137b64dc09234d355425d8fa5544e67a4d4d80d3e098c2ba7bd5659e443050bae7a404e1a35a2341cd6809b5e83e1078d8bbc2

  • SSDEEP

    1572864:2R4YowDIMNvpPjEYr3V1c4sQ0MmDKPwpJ4qHSXKTHcvmM0hV:26YoEXEqFR0rDG0THSmZV

Score
6/10

Malware Config

Signatures

  • Acquires the wake lock 1 IoCs
  • Reads information about phone network operator.
  • Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes

  • com.gbwhatsapp
    1⤵
    • Acquires the wake lock
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4290

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.gbwhatsapp/cache/downloadable/wallpaper_tmp/thumbnails/light/00012LightWallpaper.jpg

    Filesize

    19KB

    MD5

    bf3cba69f8d03926d7fdaa1d0a545883

    SHA1

    2bd99c360e6f8474fbaf6ce28662c75522558104

    SHA256

    45de3ecf843a7a19fe590d1cd44ee5d325b87d0899a41f46168a253796a03b39

    SHA512

    98fbb8d9da6bc4572f6db7c69ffff888f6b3d74c0bfddf9faee2f8069453cb47364126b831f637fe1c075956220984e3d9c9da7541a6ca12c4b3d6e5254d0b15

  • /data/data/com.gbwhatsapp/cache/downloadable/wallpaper_tmp/thumbnails/light/00023LightWallpaper.jpg

    Filesize

    9KB

    MD5

    29e322724c1d2ee0d4ab20a64e854a09

    SHA1

    60879d9f441a38935fb488fb41c29d38dded1879

    SHA256

    920bd0fe8136b1f1505bcd4b6d145ca3242b66104627418004b460a9d1ad7e5d

    SHA512

    f12f713dd5a570a8d067cb08a7acd5417caf0a56b6d288676b3b44aad861e875c53d4a11ef26bcbebec2d2ea8774acda71d43c2ef386f6788b03c6c340a6f2f0

  • /data/data/com.gbwhatsapp/cache/downloadable/wallpaper_tmp/thumbnails/light/00026LightWallpaper.jpg

    Filesize

    23KB

    MD5

    1fd107feb2179a67c8fc144df0a917b1

    SHA1

    37facae383998af190322d979f3b44d17b8e1554

    SHA256

    56d07b625ab5610f5fff0058e1f5ae7b91eefe925ee6e4760d306bcb67380dd9

    SHA512

    d0c7487d99a4c33fcbe27101f2efbd24b0cb825ac9d4ed6a9af96d54086ea306375f4240ad970f6a7488c3e4cf82f3bb6243b38cb2a24dd5aa25f9f6519ab9c6

  • /data/data/com.gbwhatsapp/cache/downloadable/wallpaper_tmp/thumbnails/light/00031LightWallpaper.jpg

    Filesize

    19KB

    MD5

    af5c828efdf154bc9ff2df7ebde687b5

    SHA1

    4d1ef48ec16d8aea8ccfeba5de7be1db308cbd52

    SHA256

    ff86313cb9fc21ea005eae91fbbeef2c6b4e3529cbb036da240bbadc4b598caa

    SHA512

    6034c78226d03e161a6215432c35c07459333e68a1187b85a3c832b12dcd12b7da10fe91d65b075f5ee9121e7bfacdd28ad94099629d7bb3ebb1dfa440f3b7de

  • /data/data/com.gbwhatsapp/databases/BTOR.DB

    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

  • /data/data/com.gbwhatsapp/databases/BTOR.DB-journal

    Filesize

    512B

    MD5

    e734187ed3539c31a840a3ce641a966f

    SHA1

    459fa488387a5e67fb75bfd9b0c45605e2a4132f

    SHA256

    51c5926bfef79f2de2c5834ad192767971caf71f53b8335bb089c85923b95a0c

    SHA512

    da0ce9bb18f7f34573edf9d0a7b4e4b242a2a0067ecedf39d1e7e0be88e163e43fd46a2374f2eaba5c54a7dc3b94be5c4f0efd6f5d139f9c2452b70634c3761c

  • /data/data/com.gbwhatsapp/databases/BTOR.DB-shm

    Filesize

    28KB

    MD5

    cf845a781c107ec1346e849c9dd1b7e8

    SHA1

    b44ccc7f7d519352422e59ee8b0bdbac881768a7

    SHA256

    18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

    SHA512

    4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

  • /data/data/com.gbwhatsapp/databases/BTOR.DB-wal

    Filesize

    32KB

    MD5

    63cf987c92aaab69893c78e8ff9c042e

    SHA1

    b5bf3842d11858e7b8a176ea3853523333cb2f9f

    SHA256

    67c2774cc9d0a887c13c539687129f6dd1a509b05bd61c7996eb87add38f528f

    SHA512

    7279f6ab0e22746a63faec12de884ed931ade43ff17ad799ab4ef920a65676a34452411bf45b24f36c7e3b43115c3b01268355c015e822f14c51d73fc1575967

  • /data/data/com.gbwhatsapp/databases/EHS.DB-journal

    Filesize

    512B

    MD5

    6daa0179c2d82ac29827a539898b17b8

    SHA1

    db312b6043c1d2704091929aec9e62dfc4cced9b

    SHA256

    955cea39826a3e62f27bf30262ae462a1813a17561dcc64083fdc58900268a5a

    SHA512

    1573656289a27925ce49fd9bc87584fc1d19519dff6a0d65e4e4d2ff7272054a8053041e6afe6824523150dde2f8caa7efe04325ee18a731cafa913977727536

  • /data/data/com.gbwhatsapp/databases/EHS.DB-wal

    Filesize

    32KB

    MD5

    d02fc576ea831ed9eb82024d694af8a2

    SHA1

    36ffe114c30de607fb9508344d9a42428cbb28de

    SHA256

    17a5204869490f3b451f75305449f65a3ca73225a898d2437217ee3ddcbcdc0e

    SHA512

    0b4dd9e3ba7be66803c49a8ac058d22d2c4cc0413ac97277a39cc5691ed500e81968c1d33a5e6aa7d520589ac54c2f041e6e2c8cfab5303ed5dd8a8f17efa0a5

  • /data/data/com.gbwhatsapp/databases/stickers.db-journal

    Filesize

    512B

    MD5

    209d9d9c7303d041a64d31ae3dc03952

    SHA1

    4cb6f789e9c2ea84b52e019d4878973041adb408

    SHA256

    1268af954de4ced840fddaea9019a25bc492fa6a5fb4189952faa4572f21c53c

    SHA512

    31b0410870f743a6a418ace64a22f2eca5780643a1518a291ff55ae656faa6ae7be93d03245a441df21db450516c9326c52660ab6aa8f89364649a342e7d28e2

  • /data/data/com.gbwhatsapp/databases/stickers.db-wal

    Filesize

    16KB

    MD5

    a3f025ee053d599a5c282ded1dda3e9f

    SHA1

    6c19cf4c968186dde8c465fa95f533e933ab1ee8

    SHA256

    93cfb93da638d8c103830bae088bd544120c9cf1a03ddab57766dc9cad2c4864

    SHA512

    a4ff6505e0ee4fefaa1bb831b3c901bbc012c321b4b0129d3145139c7966dfca536915dac55e8340ad2c2527007ee6e0b5f2bedb2ea0bacfacb933cb901a996d

  • /data/data/com.gbwhatsapp/databases/wa.db-wal

    Filesize

    16KB

    MD5

    d5303fdcc35dd259d0cf199518db0873

    SHA1

    aade24c439d0e3b628ae8eba863773350ed294c1

    SHA256

    de334bd6cf1fe1f78ce00ac86545446fb3e852db67600d042955665d0cef6c21

    SHA512

    7c706d1e0a016986516dc0ecc5d886ac89373375487bec6d0bcaff9fda6236836aa784410f685615d4366afbf564369752aae5891a3ec262b0894cb9218f0cfc

  • /data/data/com.gbwhatsapp/files/.trash/62b262ed-0352-49a5-8a0f-2917c5eaebfb/32310fbe-9e87-4571-9beb-0058db34fd18

    Filesize

    67B

    MD5

    d8141b97bb6b8752f676cba953de8e56

    SHA1

    b65fefc908682f7027ea3ca34ffd592a6d81ae87

    SHA256

    afff045ccff4a25dc9ed283acb206e37fbcdc6afd5adacc86c645d432e032a21

    SHA512

    98915af0eef59abcf116818f4398cbd5a0eaf31a65110422e186872f48aeb7400948d51d5b22b0ce82c07764f21dbcbf1e252bf5a49df0dea3951bda730092a3

  • /data/data/com.gbwhatsapp/files/.trash/62b262ed-0352-49a5-8a0f-2917c5eaebfb/9de4dd10-f817-4a27-89ff-5d55e04124a2

    Filesize

    526B

    MD5

    2c0f856d7250fb18c8dfe900ec9bd5d4

    SHA1

    10c62e9db2bdffd3d76829987e50d0efa5e0a72b

    SHA256

    62802cd5039ff363156f7d4dd4d7360d095090a6331131f018abba016b6e1aa6

    SHA512

    ef5d4481e27d2d6053a224f685b983e52d7ae0d2dbae4f349c1ed0191e4d5b737ce8e2f0d8a393f2384ff9bf05af29f47aea983d57d0b151e89b3cc8c6ef38e2

  • /data/data/com.gbwhatsapp/files/Logs/whatsapp.log

    Filesize

    4KB

    MD5

    01254a0fb0ef0a0a5d70c57fc15a6c11

    SHA1

    944c44e9bff90e91b258e732903790bff7a38727

    SHA256

    0ac78fc1f39ac4212376071a2fb445e6ebc571df5c8d52f7b537ce1a294317e4

    SHA512

    2e14fb0405a9d9a71e6b64c0c0bb5a0af6831aef237a5587e57e0268245cdd5c5be4e13fc0618ecc211a296d2a1acc36744396cd5ac15c60ea3a1fcd6991353f

  • /data/data/com.gbwhatsapp/files/decompressed/libs.spk.zst/libvlc.so

    Filesize

    3KB

    MD5

    cfaac46a9b3c925a53382f453c8c0d81

    SHA1

    8e82c86b6d77d7e1ef003aa7796b83ccc5efab7b

    SHA256

    0d87625993ef963e9bebf8f21f22525807d48dc26b3195fe94bedfe877f376e7

    SHA512

    22c8297645c4ffb8ba08e44e1136dcc3b3c16100ff837d7e3ae7bf3a1f181c12e9aa33f3f598d6d7e001536b9812106b4785c01f91a76874cd220a6229e787a2

  • /data/data/com.gbwhatsapp/files/decompressed/libs.spk.zst/libwhatsapp.so

    Filesize

    591KB

    MD5

    0fcd388534bbf6d89c535aa3cdca6f3e

    SHA1

    52af9c0afcb742ea891c97de922b8875591f99bd

    SHA256

    a2f826de7408a22b604e91608e9ab6aa2191826231fc2793a0ba7e5e9c008c69

    SHA512

    e29f342a570ea21f4e803fb9bf77148d8a62a82b7833d118f5323df626c70d61361172ff56efc88274fefb8f1929c4652c8b4eb5698905be4d1088ac8e726be5

  • /data/data/com.gbwhatsapp/no_backup/com.google.InstanceId.properties

    Filesize

    63B

    MD5

    bf782e5e8b3ddd7dfcd876b66df1e00f

    SHA1

    72010516d98e36cdf872138cc28ad024753c525d

    SHA256

    9a324ad0548a93bbe1d216ff7a5c70e94b71197dc50b019f2e339e29bb4ce406

    SHA512

    73c65f6d66a1529e7604028cad21d7b5142fa3f9811c256108e206d4af3c7571c86368c4b7360f97fb5750d57cfaa54cd72bccbba4529c7dc3acb2341675893a