Analysis

  • max time kernel
    50s
  • max time network
    137s
  • platform
    android_x86
  • resource
    android-x86-arm-20231215-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
  • submitted
    13-02-2024 03:08

General

  • Target

    3e596694e6c74a1991490f4bde5e2404fc1b6d57af8499b7fc67adb44e17394e.apk

  • Size

    75.6MB

  • MD5

    d73fa603bb7dfbd53f2ec4d05617b9e0

  • SHA1

    86f18b9d0ce32f3ff1c608ae4317329e4da44e1d

  • SHA256

    3e596694e6c74a1991490f4bde5e2404fc1b6d57af8499b7fc67adb44e17394e

  • SHA512

    4e004ec348e58f8229d1e3b5d2137b64dc09234d355425d8fa5544e67a4d4d80d3e098c2ba7bd5659e443050bae7a404e1a35a2341cd6809b5e83e1078d8bbc2

  • SSDEEP

    1572864:2R4YowDIMNvpPjEYr3V1c4sQ0MmDKPwpJ4qHSXKTHcvmM0hV:26YoEXEqFR0rDG0THSmZV

Score
6/10

Malware Config

Signatures

  • Acquires the wake lock 1 IoCs
  • Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes

  • com.gbwhatsapp
    1⤵
    • Acquires the wake lock
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4275

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.gbwhatsapp/databases/BTOR.DB

    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

  • /data/data/com.gbwhatsapp/databases/BTOR.DB-journal

    Filesize

    512B

    MD5

    27bc99d486e7a0d1bbb965996d0c063e

    SHA1

    00029e2ad1e886356b35c2e15865de6f565e807b

    SHA256

    0955c7d949b3e55f5a0c43779ad4edba313d2cb180ea86c8bc35caa787329fd3

    SHA512

    87d8f8fcb0ea67ac6c4d965c191fb99726bbb29dfd717c51b86b7f3f81f3f7bf29e003e7fb8dc3cc6eb3804ae9d719069887949f2dbde43ec6a740c609ce0114

  • /data/data/com.gbwhatsapp/databases/BTOR.DB-wal

    Filesize

    32KB

    MD5

    dfa2231dd027b9debf8d57384bb5c48c

    SHA1

    a114258bcc8d84479b2dcd9f94f5395ae8de7641

    SHA256

    1875bc57db0562bb90aa0ca6be0ee609922d30a5fd7cf1bebb03b9b28bda1afb

    SHA512

    bc9d580f0c10e1600f3faf2d32aa427d132d8f820b9cfe3ec690d75bb558d0218289e57c4404ae3c26ec3b5dbc3cac790e8c4b38b22d90efb59f894b2f230530

  • /data/data/com.gbwhatsapp/databases/EHS.DB-journal

    Filesize

    512B

    MD5

    3734b95d08405a51ee31ff87ae0062cb

    SHA1

    d4059410a493aeed2e708316a2626e67d9689bee

    SHA256

    61e60b6c1487d202d2db5b1a53bad941345477da8c1177fc5255d40ef7a65e5d

    SHA512

    14ab102a4825809879afc3d369cf805cc51b859173ad31a4048ca89931228f6e7e5a8593c303eef12cbbde29026f9eb1e969e0e2047cbcd9967d1ac443687125

  • /data/data/com.gbwhatsapp/files/decompressed/libs.spk.zst/libvlc.so

    Filesize

    3KB

    MD5

    cfaac46a9b3c925a53382f453c8c0d81

    SHA1

    8e82c86b6d77d7e1ef003aa7796b83ccc5efab7b

    SHA256

    0d87625993ef963e9bebf8f21f22525807d48dc26b3195fe94bedfe877f376e7

    SHA512

    22c8297645c4ffb8ba08e44e1136dcc3b3c16100ff837d7e3ae7bf3a1f181c12e9aa33f3f598d6d7e001536b9812106b4785c01f91a76874cd220a6229e787a2

  • /data/data/com.gbwhatsapp/files/decompressed/libs.spk.zst/libwhatsapp.so

    Filesize

    1.1MB

    MD5

    938f7215f056dca288bf4d634cdcf77c

    SHA1

    f0c5108420c168ee9c64cf04dcf5cc89ec34d0d4

    SHA256

    3468ced62480038921338f4c2cef13a98f324fabe130b8196d8ad0cfa746f868

    SHA512

    ed7710883600c5bd69dba7d20c9af9085b3c6df15bb8e81e2c30826ade5c077533a42c74cd16c198f013a032bf40702688185bcdf9861fcb4749e939c38d7924