bf99ecbe9d75ffa468884190be93a8020476e1e0fc7115574a3452111a349085

Resubmissions

09-04-2024 02:05

240409-chyzqabb83 10

08-04-2024 15:59

240408-tfhy6add25 10

Analysis

max time kernel
4s
max time network
314s
platform
android_x64
resource
android-x64-arm64-20240221-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240221-enlocale:en-usos:android-11-x64system
submitted
09-04-2024 02:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

[com.wa]FouadWA+iOS+v9.96+by+stefanoYG.apk
Size

86.6MB
MD5

57e49235f9691cd749e4b6f4377ffe5b
SHA1

3b081bb56d49cf8e9a013491c9773e8ad390468b
SHA256

bf99ecbe9d75ffa468884190be93a8020476e1e0fc7115574a3452111a349085
SHA512

dea9d1d3e45f7c96a5d8a5870a7379c6708bc15b03694c889984dfa054a2c7cb646f7d73b69eaa8c0f40d14c2c71edfdbed7cb6eb1de029633e06509a93a0a0c
SSDEEP

1572864:IQOYDBO1c4s10MmDDPwpJ5kyQyEXMu1pM/lAU2HuqaEBGtzMxx:POY0o0rDbbXMWp+/29rBGBs

Score

7^/10

evasion

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/system_ext/framework/androidx.window.sidecar.jar	4539	com.whatsapp
/system_ext/framework/androidx.window.sidecar.jar	4539	com.whatsapp

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.whatsapp

com.whatsapp
1⤵
- Loads dropped Dex/Jar
- Acquires the wake lock
PID:4539

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.whatsapp/databases/BTOR.DB

Filesize
20KB

MD5
0618ac070d3d6310bf93d308bf221ee1

SHA1
4af3cfaeca579d0451e25541b6269689f0e446e9

SHA256
dd98241974487ce11a331a28a6eafb2f01b7eeb50ab579af07fce08ad6b076d5

SHA512
d355d807e6a8e48264cd5b372f8b434133532a8e366f38a546c4e8de54fa125d1281d73bbf246aed3cca75ced39d70cb20c2a8b4a134d09ad3e7c35344a3a93f

Download Submit
/data/data/com.whatsapp/databases/BTOR.DB-journal

Filesize
512B

MD5
58c27e5fcd8b69f2466a67eb0e5c2888

SHA1
8fa52b36f3fbffcd781254be99453cbb0f4e8dc9

SHA256
4bc0bc463e6d567b1674c9c98770e2e42c3b46817587f0a3a50a53777b495759

SHA512
1f3f5e1f4ee9e367a2b5a20c8c17d2230e4054b6a4d6e0d5163bcc46fb2710a3e3041523869859b60099506b99cd0f39cc49a90d82f3a50626ca0484bcf0eee4

Download Submit
/data/data/com.whatsapp/databases/BTOR.DB-journal

Filesize
8KB

MD5
2be6be692d7ef339c984281ecd4b5c1e

SHA1
7e7832d06bb09fb859cceaaf7fc2aec3f67b1580

SHA256
7eb2af7ddd7b51d8df60255cf372cf30cffe797ef766dde0f060a7e87aa4ea4c

SHA512
42471f7c3db2aeb908533f1658b787b375e58960898e5a1b5c54f558089f2edf706a784c685d3c8965556a6a98791b7e79d3e6be333dc1d33dfe327abae9b6af

Download Submit
/data/data/com.whatsapp/databases/BTOR.DB-journal

Filesize
8KB

MD5
5f8e73bba308207390200d201cb147af

SHA1
64df0c62169216f5626b02f62cbe7cf1f5cf6ddb

SHA256
9396b126246ad3b191f72977f02b7ef3354216fd505d23b4a31065fb7bfe1fe7

SHA512
9bacc7d7aa4ec04cdd0cc802c9474b78ddc4c97d7fb6342e80f1a7467a383a352e7cc372f2c9fd4d82af0ad110351572425b43d47c71d1201089bd383cd905f8

Download Submit
/data/data/com.whatsapp/databases/EHS.DB

Filesize
24KB

MD5
a9aca62d689a55c96c5fe15a6acaac5d

SHA1
5ca8c2d334bf385dfd5f7a5953f55b96874c5fba

SHA256
67b1bfc15425162ff85f8a3972c6ded0b3a4cc76452682eb361780b7caeb3af1

SHA512
7ac9b5428a88a3a24b8f2d944f67da75e27e57225926c10c971e86519024d2a8ae067f2877ee43861b8fcca91eb1acb2da0af12a723a2111018aff549f63b15e

Download Submit
/data/data/com.whatsapp/databases/EHS.DB-journal

Filesize
512B

MD5
cd5394e9026f47bc70f41a8df1bcc6e6

SHA1
aec818b3a9c51dbbee4f8ef1d94068b40e04e44a

SHA256
c6a5624bb088d142e26f004f4d0e95fc0fe8fedf2aa59f32ca4dc356ab7b931c

SHA512
b2e4baafcd54acc9cb342514f91f6c3044af1faa637d9776762a436bd518d24ba6968157215b821b8e622736d85e76dee58527d30e1e1588d439141700e88c04

Download Submit
/data/data/com.whatsapp/databases/EHS.DB-journal

Filesize
8KB

MD5
c94c35c46e0653aa2946b4a59fb8b0d4

SHA1
fd6252ff8dfbbde0f983ab6dbaf184b45daf1689

SHA256
db178e4ab718acdba2587d3682d0ec4f1233697de9481e16934aa867d617ce94

SHA512
e314ae4b6f9f0994de762f26499b24e61873fe77e33b00e11f53ad247d0997793145e75669a4d7efbc0e9bb03ee00b5ada1dfa151232555000d63dcb8c4c7132

Download Submit
/data/data/com.whatsapp/databases/EHS.DB-journal

Filesize
8KB

MD5
55ee11ff53e17b4554a90144b6049adc

SHA1
90d39de78f06afd68cc5ffa06c07cf8530e68090

SHA256
7759a694ef70f134db55bbf9a327fb95ffd7d69580ae42f901f5d55c20321b01

SHA512
efd6f246f8143ef1fd189bc5ef4b9fa70bbf847099ae7c837c212afaba3e12f8de3c881d3c21eed1822ee80559f14eceb96debebcf52c081e50d3ead8b390b58

Download Submit
/data/data/com.whatsapp/files/Logs/whatsapp.log

Filesize
187B

MD5
cbaca03fadc2cd34359ee3039d439873

SHA1
9db66953b08da9099296285015bad78619b08b02

SHA256
74473e1c13309e90ed90b89a4cebe9bcb0916fb3c7edc8a9128c0082cd12ec17

SHA512
bce81544f21c99a28b9ab0433790b45250883db8c7af7a7e292d764ea87272e95824ba7b6326b17aa98b5449b20184964f4630586921ecea5b35a8240c95992a

Download Submit
/data/data/com.whatsapp/files/light_stock.xml

Filesize
20KB

MD5
90ad3f9271671e93260080c65770932c

SHA1
c42d3797096a0deed4a6ba22fec177d18dc04646

SHA256
819a237bb8bbbbfa3d1566526ef519bb3a5db1dca3f4fd6caf63aa75940d3d07

SHA512
bb8fd1c8067aff6d1ade15b377d61849b9dd26733881bca17228a15c9ca7daffb30107194f5bb672c31d0f873230bf1192af0dafc181821c9fc4e750a1b10298

Download Submit
/data/data/com.whatsapp/files/night_stock.xml

Filesize
20KB

MD5
c2d0679fea746990936232a7169768bd

SHA1
28b1eda655b657343ca277aec0d537fcf59004bd

SHA256
812503a9c3eb0f1d6bb40ab7d7b05c8ae77b6cade4563f06f36b0e144a80c08a

SHA512
217660b9fa3b96331a554a9bb82f93c3c5d87f7b9ed65a299f2dc4474ab830692ecca9159eab2e39397c9d29407ab667a29b531978af4fdb4965357d2064811d

Download Submit
/data/data/com.whatsapp/no_backup/com.google.InstanceId.properties

Filesize
63B

MD5
991fc358de1b2c0606554f1499e47cfc

SHA1
de6f8f0661537345643512cc1e576fc6c958cac6

SHA256
91bb1537f7ce863d14fa5c6a240abafa645142f53c8d4bfc2d321688d5109b13

SHA512
f3559cc253173ee0ce51659c07a15632d9bbe71fb1b9bca393fe3ea38e247a648186fc48b44796f8692b9d809ac9ecb710ddba3426e0dec1a624f87575e6e0b5

Download Submit
/system_ext/framework/androidx.window.sidecar.jar

Filesize
12KB

MD5
bdf3529e80318eb14e53a5bf3720c10d

SHA1
25c9ace4b1af6e80ebb2572345972c56505969ba

SHA256
bbc8300dd1e9cd08de8f66560c1ac2c928615b72b51cef9649f88974f586d64b

SHA512
48b9c2d01171bb651b9b54826baa51f4add48431a3efd8ceb5f7cc3bcd6f8f37edf47fabb24349dd15b3a02329cd450f90a8d164bf4f8dfae554bf3b35a8a55b

Download Submit