695d779c70c8ef0834b478551e09bd6b92ccb6360d631069fc40923e04bbd8de

Analysis

max time kernel
87s
max time network
147s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
15/02/2024, 21:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

695d779c70c8ef0834b478551e09bd6b92ccb6360d631069fc40923e04bbd8de.apk
Size

114.1MB
MD5

d3407d7b7486b6a9f238da15ba58250b
SHA1

89f8cdc6f2753c518d8b666faa8dc331143ce118
SHA256

695d779c70c8ef0834b478551e09bd6b92ccb6360d631069fc40923e04bbd8de
SHA512

50ab0e0a8e4bcb02c5f24da23858f54ec275b68a984f5671e971d9e436227d5cf92cb484f8e310f0abdeba1a2fbeae660b17d4cacc2d21635105f5a5725dc93c
SSDEEP

1572864:MMwPwpJva0MmDPELJueKSY8bFyyvbUnSo1p5vYmqHK2lAa5pmvBHtfI+7FsBCMhl:MbN0rDcLgekv1pFHqlT5YzJF+CE

Score

8^/10

upx

Malware Config

Signatures

Patched UPX-packed file 1 IoCs

Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.

resource	yara_rule
behavioral1/files/fstream-19.dat	patched_upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/fstream-19.dat	upx

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.whatsapp

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.whatsapp

com.whatsapp
1⤵
- Acquires the wake lock
- Uses Crypto APIs (Might try to encrypt user data)
PID:4295

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.whatsapp/cache/downloadable/wallpaper_tmp/thumbnails/dark/00019DarkWallpaper.jpg

Filesize
20KB

MD5
84f2540f625433f52661af5c2b23e2b9

SHA1
1cc35e4515abca1294c8266bec583340c3f7ac71

SHA256
95d88da931010a4164f6365262587fdd7b8ce3074d219b060d41f8cc956a0f85

SHA512
196fbddc3a5fae4a3f1896adf6d9f2f7ba312d079e0e9abdc4fa6db2e961b9d03db1119a2527ae09119b1fa283b8c495a8b1b1c51837cf9e192aac8bf6a79bf7

Download Submit
/data/data/com.whatsapp/cache/downloadable/wallpaper_tmp/thumbnails/light/00004LightWallpaper.jpg

Filesize
525B

MD5
a0d6c946f3d57b2baffac8b7b1480be6

SHA1
f166df9ac3c0a141d30d33cece42003155623f8d

SHA256
ba299afa2be966df64eec3b8c1ff88be223667a10a8076c49a1eab9e2431adb8

SHA512
c140defbeeefad018475263c1ca7680180bc286fc9b1351e331cfaef77e0268be70b2864a67afe4afbdd6557f49955f5be0b7303d145ab79475e9d09c33429a8

Download Submit
/data/data/com.whatsapp/cache/downloadable/wallpaper_tmp/thumbnails/light/00019LightWallpaper.jpg

Filesize
2KB

MD5
2062b82f7dc28f178cb12307b7c8e88a

SHA1
a13a007b032b63e5f2a25cfa82966176bb64cacd

SHA256
c08bce34b44cd3bbfb82e1b8e2be7f7d5fd4f8f43fb1c5cf330f63bf4f686e99

SHA512
70639c3fa0856ba7ae9d45e9b8fe381786032d85ac1b5d3d827f280c4133271aad094cd090a4d8097b22313ee5d4213eaa4bb71e11b963dfb3ba5aaf77393939

Download Submit
/data/data/com.whatsapp/databases/BTOR.DB

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.whatsapp/databases/BTOR.DB-journal

Filesize
512B

MD5
3c7e69951db3e3d3e1f6a86fb82daee7

SHA1
d160a652d18b0a7255b80d07a28edee9cb05322a

SHA256
0d63e59719c403a9800a90e3d03b7a50ed89ee6888ab72ee9aff2706048a25d2

SHA512
0ac689ac4136e5cc4ba0686852929feb3708adce1f956e516fe990d83139ba7e5d0da86aa6ee52b4fa234fffad58d8ee4885dd5ed3278d06179e147a496c7ffa

Download Submit
/data/data/com.whatsapp/databases/BTOR.DB-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.whatsapp/databases/BTOR.DB-wal

Filesize
32KB

MD5
fa6ad4d26a94e499977f55547e225fd9

SHA1
9c5c0e15187670a83197960eb83094ef0306a395

SHA256
7d9be9a4c58f5606f1bde3b0e3d723f1ad191fddbc72f32438dbe681814f01b5

SHA512
0354a50ae5dc3c2955b0639b279e51d74fda042709cf388f07609f76e55d9e0193265c4a2ffe84a21ab4001741f4e2af2123da1b31f9f78522c203394ea2f2c3

Download Submit
/data/data/com.whatsapp/databases/EHS.DB-journal

Filesize
512B

MD5
2bdeb916bfdf0e3bda79286869178e7a

SHA1
db651ca655ce13150175ac056d99b5c994315836

SHA256
84ad78d4c2701406203114696b8afb1d3ced3dd95b9575480f6f4281ad0ea209

SHA512
49c9ca402bcde208cae1831c8ec445db64dbb2defefac3db90331c070190bf19b181ab1fdb6a4935f6ec248233fedccf1db69b9a6725afabe3603379bcb1821b

Download Submit
/data/data/com.whatsapp/databases/EHS.DB-wal

Filesize
32KB

MD5
6a5b7447e883d9e421045329c4a7d7bf

SHA1
957783255a6e460b1b30c1ecbc998e70cd33115b

SHA256
7be8d6f4a6695522c07529171ff99e24a3ecdca4a39d78d306eebca7aea47831

SHA512
bab51b43899baecfec8a74f6a0ed13b65b1faa087c5d5f95e75430ae42e96384feb4d37c6a8b7c28b23230829da6cc8a42152dfe9b659437a02d1def455c9af9

Download Submit
/data/data/com.whatsapp/databases/_jobqueue-WhatsAppJobManager-journal

Filesize
512B

MD5
a8c56ee148bf1ad05cc91ccb36abf79c

SHA1
20905e5ddefc16f587fce7d8bdda28128c38d587

SHA256
0964581dd8a6cddd4872de59b88e65fb3f2a6770bbfcfaca867dfc318b54f87e

SHA512
4378490766d829605521384ac1fa31fdf947373f8624f438c221a6b47fe612e81124224144b3be0086a41cca63dd0abd917e727bded3b5b1f2b4cdbb0d0e706f

Download Submit
/data/data/com.whatsapp/databases/_jobqueue-WhatsAppJobManager-wal

Filesize
28KB

MD5
b6edc6d0a7849b45bd59599c4cc407b7

SHA1
ffbe26f7bb4bc0aa9d4a4f1491efe29d15d35061

SHA256
07c58ff761f232764fd32d34104ac7f1d12919c6518f8ba38bca22d495e52def

SHA512
14f34e2bf1c3c8924f0f043c7745feda08d5438c8d20cf77c657ec7e4ca33c1f5af47b87aeeb634ca1361996fa6de8e1f45327170371af33b9ca2e79ba820c83

Download Submit
/data/data/com.whatsapp/databases/axolotl.db-journal

Filesize
512B

MD5
11d758a87aae3a6dfe672eaba354eb70

SHA1
926d9d2b12cdecd220875399ced25de80713c08f

SHA256
c8969aafca129c8b127f92e2160a5b3c24f1f27698a45cb21aca6545ee342492

SHA512
41902b592b20c17667d80b0ae3d77fdfcce2b6983c7774b5a1eb27d6be025d699bda88d256a77beb8d4be3c17f0f5cb28f60ad37aef68b173a81c49a7e655330

Download Submit
/data/data/com.whatsapp/databases/axolotl.db-wal

Filesize
16KB

MD5
da7b4d96ad76d2f08db189c405c4f8d8

SHA1
a59bc72ca3810f8e29021239b5357a42749d75ee

SHA256
087df1e525445a6fabbc9e238dcfdf896ff8a5cafb6106ae9d139817812dd883

SHA512
352fb35c5a58f61ec73742441f9ef8823ec2a864b4d94dd9c8cf6fbf08b82a058d639722b82aa4305435e6d18545429f6535a7b509e4cdd928201f711d339175

Download Submit
/data/data/com.whatsapp/databases/sync.db-journal

Filesize
512B

MD5
1ba79958e9f51a1d213f72591d80de66

SHA1
ca09d7615d0b0491cb155fd59cddcd24316b6517

SHA256
8b99e5f965910caafbd4732fd4a73bc0715b82f55d1142e8a0e3c76bde7b98a9

SHA512
ba2705e34a3b516ab582ba2ad6ee56a8a6f5dbd04f4ceb0d55e6cb096c6e6bfb62f0996f64c548d6c414f28b75bf64918d66571a80b490563cc740fd2329c440

Download Submit
/data/data/com.whatsapp/databases/sync.db-wal

Filesize
16KB

MD5
28d12316773fe634c66ed1d7462eb614

SHA1
05042737a31ebe255b02d38012261e1208ece016

SHA256
1b077cfdafdd8ed032dd39a9252f0b7ecc529786614737d25ba9949b648d8495

SHA512
cdd2a56bc212d228f7bdd867f27ffbf44cff07cfe95ad535b6a179b8bfbd9f4a8878f5b95d84535b76df12593742276851d7061af1dba97e946ebcff4bb01fca

Download Submit
/data/data/com.whatsapp/files/Logs/whatsapp.log

Filesize
4KB

MD5
f2d1cc5bd5c706031c799bb119b95640

SHA1
52b9d74c46f4253352e7e2723338679314f6f7a9

SHA256
e626fb6f0d1fbb418ccadfcd1d80e4625ffb4889463a0348a8bff70e0f4c225b

SHA512
0e5f8ba8f6f031f3c4d0070cda02cbf80c4539dbea5d08083ed59db877e05afb444266af6ce2df45d9a6820250d81270effdb10370c452074365bfa839417eca

Download Submit
/data/data/com.whatsapp/files/decompressed/libs.spk.zst/libaom.so

Filesize
1.3MB

MD5
41ece02f7ab21718b8f4f9915ef98a5e

SHA1
b8b45c6774a68a625697c93b43ce8156f8d13e71

SHA256
0e277b375010e80b36a7efcae0b9344e939a11fb0a8c2ec3ce910fcc654abfd3

SHA512
2b54bf3e08640017fc9b5933af33d65f5574c0f5c97e83fae6a4458e5b84d885d4927a569dd0be83197b24d2bdaf8c416fd9b1c8dbb0353615acd2117f340f9d

Download Submit
/data/data/com.whatsapp/files/decompressed/libs.spk.zst/libcurve25519.so

Filesize
128KB

MD5
1ed861b7bb9eb7d9ce16d9125d3cf88e

SHA1
ac18feb40bd8f7c526a15da9ad668615903ae9e0

SHA256
3f87ea915f7e177074daa255a9e5fe8797cd9407140f5efaba164e8a7778ab7a

SHA512
fe511bc84a556ba28c2da1ad91ac33bd9fac9b09886373bf633fa804e6815f7159e0004c8ff4be3a4a87a3f716498d4887ca74b4febb3748266969827f341098

Download Submit
/data/data/com.whatsapp/files/decompressed/libs.spk.zst/libgifimage.so

Filesize
26KB

MD5
c5c6d02253b63c0b92c7c72bfbc511af

SHA1
12816158b89ec871db8e0a0f38ec73bae0bdf1eb

SHA256
3c2390143f9aefc97930a284a685e4852e41d916af37bee29047671d10184311

SHA512
d140d9f9317b7c6eb22e092540c04c9a6398c7bd342f1c4fed3b5725cd9add5aa45747749cab513cc366d5b61dcb048163b7a1a2fed2a75c6eda58b447d4dcc3

Download Submit
/data/data/com.whatsapp/files/decompressed/libs.spk.zst/libmagi.so

Filesize
141KB

MD5
df90d1057b0b6464d94fb4b3492a5e6f

SHA1
f50b1e25f35c0d6152f4ad198219e82556b9a539

SHA256
755b95bd16b4109b1123a43e07903475e72f8bcf4c6328dde1d168ccfc6276cc

SHA512
ccc5fa1652a85184d0a0012ed71a401fd7220c7e76bd336e3b0390cdd01fc90a3a3fcbff6cccf90eca40e6cb1b42293c8c2115471542816ad5c4d2fa1ab02ed8

Download Submit
/data/data/com.whatsapp/files/decompressed/libs.spk.zst/libvlc.so

Filesize
3KB

MD5
cfaac46a9b3c925a53382f453c8c0d81

SHA1
8e82c86b6d77d7e1ef003aa7796b83ccc5efab7b

SHA256
0d87625993ef963e9bebf8f21f22525807d48dc26b3195fe94bedfe877f376e7

SHA512
22c8297645c4ffb8ba08e44e1136dcc3b3c16100ff837d7e3ae7bf3a1f181c12e9aa33f3f598d6d7e001536b9812106b4785c01f91a76874cd220a6229e787a2

Download Submit
/data/data/com.whatsapp/files/decompressed/libs.spk.zst/libwhatsapp.so

Filesize
6.2MB

MD5
d30ef6d482f228d307abc37194976927

SHA1
76c05111cc5396e59ebd497733b0eec3c9a96b8a

SHA256
4ef4c861d1a142bd09437e468ccf61492222f65349f4ba22cff00cbd2298201d

SHA512
930db55df927921f0a97e9dd0b75e4b3885f58b2e45725c96db92f19a8348809626715099f8d56af90af7b397f02c76fcbf114f51e96a7a38b92aed24f0123b3

Download Submit
/data/data/com.whatsapp/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
62174775bc373a32900a7cc76763506b

SHA1
45731766399c5783c6e2cf77e7b32099bba99c0b

SHA256
3d0afb296f19e5da4e5ff1276d44da5f1c4dcf8382a5f16c683a8c0b120b4e19

SHA512
264f0e7fb9f9a63a98893c12c3caa36dbadc86c38655268bc61d19c73c5d45361f4a8aefdfc37a020c559d85daaec807baaec171601212089436f03971551bfc

Download Submit
/data/data/com.whatsapp/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
7a35b34f78572e2b175e62f4a6ad3115

SHA1
79d2d3e32d16c67c486f6971792c78180371d985

SHA256
89715feb22561e2192149c44808c5dacd7bf0c14277d1964af366921540b82a1

SHA512
c84a3ebf570ba6c7fe43c77e9924786c0f66bb048ff5a0b223576b853228b1e7ac9fe64bf7014d967b5d12ac151dd9ead41674e8feb883da0b31a6a25bacb7fc

Download Submit
/data/data/com.whatsapp/no_backup/androidx.work.workdb-wal

Filesize
112KB

MD5
a2e95f893dbad3b740dcc7c78f4b6057

SHA1
561f37dc0ad5e0dbe5aa53713919f9285869f3d7

SHA256
64bb0aee07afd201c65219c28abcb98f44a8d30923a6cb7f47229776af3e0352

SHA512
f65a87718a5a9f0fe27f6ebb4681b680ba321309089fbe4ca5bcd0bebf9f91158b5d988a65952689dbeea2b8e32a525b95b67fc85b31d4e2e74322da3eafdd62

Download Submit
/data/data/com.whatsapp/no_backup/com.google.InstanceId.properties

Filesize
63B

MD5
a387f3c5f30042d1293a40ee17201be3

SHA1
857ea80d2c77158a2a9b484ccfda1a2383732299

SHA256
26d90692ef9960d7d5bbb4c86fffd6d71e350a9bd3c487b675afb6a2a65a6092

SHA512
9e59f435e26af888a344660c90b9de8d8c90f56d129aa1dbac6609f27b44c827f077c25b3845d6e0b62d6b7682a539f2022799bdc83408f35a73bad5c475bb73

Download Submit