bf99ecbe9d75ffa468884190be93a8020476e1e0fc7115574a3452111a349085

Resubmissions

09-04-2024 02:05

240409-chyzqabb83 10

08-04-2024 15:59

240408-tfhy6add25 10

Analysis

max time kernel
5s
max time network
310s
platform
android_x64
resource
android-33-x64-arm64-20240229-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240229-enlocale:en-usos:android-13-x64system
submitted
09-04-2024 02:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

[com.wa]FouadWA+iOS+v9.96+by+stefanoYG.apk
Size

86.6MB
MD5

57e49235f9691cd749e4b6f4377ffe5b
SHA1

3b081bb56d49cf8e9a013491c9773e8ad390468b
SHA256

bf99ecbe9d75ffa468884190be93a8020476e1e0fc7115574a3452111a349085
SHA512

dea9d1d3e45f7c96a5d8a5870a7379c6708bc15b03694c889984dfa054a2c7cb646f7d73b69eaa8c0f40d14c2c71edfdbed7cb6eb1de029633e06509a93a0a0c
SSDEEP

1572864:IQOYDBO1c4s10MmDDPwpJ5kyQyEXMu1pM/lAU2HuqaEBGtzMxx:POY0o0rDbbXMWp+/29rBGBs

Score

7^/10

evasion

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 4 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

Processes:

com.whatsapp

ioc	pid	process
/system_ext/framework/androidx.window.extensions.jar	4392	com.whatsapp
/system_ext/framework/androidx.window.extensions.jar	4392	com.whatsapp
/system_ext/framework/androidx.window.sidecar.jar	4392	com.whatsapp
/system_ext/framework/androidx.window.sidecar.jar	4392	com.whatsapp

Acquires the wake lock 1 IoCs

Processes:

com.whatsapp

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.whatsapp

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.whatsapp

com.whatsapp
1⤵
- Loads dropped Dex/Jar
- Acquires the wake lock
PID:4392

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.whatsapp/databases/BTOR.DB

Filesize
20KB

MD5
6365b8be8792f9d6cdf02b86aac88673

SHA1
e9ea1b6b1db7bb348cfb63357c451215e2c016af

SHA256
63ccde4cb62894420110307fb114801ed6ea591182334a2c564187d7987648cd

SHA512
d53f6cc31df48c5ec099d7ee96465071aeffe2f1d06d0e31d9f326ebf846f72a5d4d7d1833999c5c7cbc36410a6422e0a7ea4411aaea9c75c7e55ef3eeee373c

Download Submit
/data/data/com.whatsapp/databases/BTOR.DB-journal

Filesize
512B

MD5
c0f8764986e204917fd16d4ffc78788b

SHA1
1d5d2d666b9185a5dc6f95c0488007c046575924

SHA256
9b31a862c70a84e83784ea9c83156c15dbe4a4dd9fef4be64f2e2684455bd096

SHA512
9f8fb5691d2447bb518627205e1228fbe97db11c9f9e97410e78b996a5e280e91eebcb02f6a15c00630a7192c7aef8633f4c4ef44aa85bd407224a249c16367e

Download Submit
/data/data/com.whatsapp/databases/BTOR.DB-journal

Filesize
8KB

MD5
1415698cf9151702cfd054acf738fde3

SHA1
26e3edd52c14e3a465415d0649113248ee7e40a7

SHA256
2df03935c95f709c7fb3781ceaf320f011c1358a9e611fe763f8d6dda5f5a146

SHA512
40e65e9eb3b26d8a1e71e2a294eb99fcdd8038df9d1be2fcbb210ded0d7ab7bbb7c8f93eba789fd243d9d593642b4287baf5953498569cb8647d4a365e84cb2d

Download Submit
/data/data/com.whatsapp/databases/BTOR.DB-journal

Filesize
8KB

MD5
436874efed9bdc571fee0cf12c15548f

SHA1
39b5d313e104c2b870544bccb4e271a384449914

SHA256
1a33c824bd04ae5a27a9aad29815cce708d170d9a4a8318f1fad9d0342bc8899

SHA512
025857fd11e946180b86393d5a44cecd05ce62e74e2def0fe348ef26311a74ab601f9f5feae2ecef2d061c70db1b1085ef21fa498969adad44654d601dd10543

Download Submit
/data/data/com.whatsapp/databases/EHS.DB

Filesize
24KB

MD5
e12c4af22f896fec66974b126e3bddac

SHA1
6a5e5182f2e16ebd351232e5ca02fc50a799e3f3

SHA256
6824b06170aa4404c9af49052297c185eafac8c5dd5499215ab37cad75af59f8

SHA512
03cd790970776e9bcc9f212aa88783b96e6c9fa17659cf547cefd7a1b4acd9b7582706af68ee906a4fdd34d3a87bd49ab40691508c0e1bd55b80c5be41955b97

Download Submit
/data/data/com.whatsapp/databases/EHS.DB-journal

Filesize
512B

MD5
8f314ca7fea845d5c610d05bf01ff8e9

SHA1
3f73f71d07ff1903ba4a89eff57087c75a5232d1

SHA256
f09a32edefb59b97e82b82ecc39af2656052f34babe76f4044d8c349925ba8fd

SHA512
b5c82b1b8041f2a106f5935ebc5185fad07f2ff265da45b10c4bbde733dcbf20e9fdaeca11491fa5adb89eaa1db86db214f8a1fc9388ad54a8198530edf7aa7a

Download Submit
/data/data/com.whatsapp/databases/EHS.DB-journal

Filesize
8KB

MD5
d775b14f875d877d435199146225f384

SHA1
9d53f8f3fc7a79449d6531cc9974400951701eec

SHA256
09c9a118a8fe2a168ac1aca64f61acf6637eee6702f08fb9dafd8bd524318ee6

SHA512
5133fba00dce57a8df4591a19c822b25c82489e9a8a8a6aa56633a57ecf47627726e9fe83d0e91a27912792432bf87f3bc4e18b421113bbd9fc1f838f7c291da

Download Submit
/data/data/com.whatsapp/databases/EHS.DB-journal

Filesize
8KB

MD5
6cef74fe8741cdd89fd1ab33c28faf5f

SHA1
5619aee62ec76db39c036821c8c86c750c2f0e62

SHA256
d5d702965a0e9b6fbd98163531879b186e280f0234d3ac58e851358257c24db3

SHA512
f6f0505bf0ef3755964956d161ada91d7339591a5bdd1d6e937f78151e55114faef02bfc0ebf9385834c40414a9d2bfd6eceec781945226f8ade7a8b32b563ef

Download Submit
/data/data/com.whatsapp/files/Logs/whatsapp.log

Filesize
186B

MD5
dd046a8a6ed1562189c49dde0e5f36bc

SHA1
0c042c65cc398160dc2c6fd39fd4bad4c8646e0d

SHA256
caf79e560a318cd9562073d325b573dee4fd5c9d707614d511f1db3b466d7427

SHA512
4c3ab720d938a35f644ce989c13225bc711aa3dd019ad9fcbb6cd6c8cd5f601aa9a17d810b81d7f5ef89611f05e91492d22c4ff0993b887258878c313ef29d80

Download Submit
/data/data/com.whatsapp/files/light_stock.xml

Filesize
20KB

MD5
90ad3f9271671e93260080c65770932c

SHA1
c42d3797096a0deed4a6ba22fec177d18dc04646

SHA256
819a237bb8bbbbfa3d1566526ef519bb3a5db1dca3f4fd6caf63aa75940d3d07

SHA512
bb8fd1c8067aff6d1ade15b377d61849b9dd26733881bca17228a15c9ca7daffb30107194f5bb672c31d0f873230bf1192af0dafc181821c9fc4e750a1b10298

Download Submit
/data/data/com.whatsapp/files/night_stock.xml

Filesize
20KB

MD5
c2d0679fea746990936232a7169768bd

SHA1
28b1eda655b657343ca277aec0d537fcf59004bd

SHA256
812503a9c3eb0f1d6bb40ab7d7b05c8ae77b6cade4563f06f36b0e144a80c08a

SHA512
217660b9fa3b96331a554a9bb82f93c3c5d87f7b9ed65a299f2dc4474ab830692ecca9159eab2e39397c9d29407ab667a29b531978af4fdb4965357d2064811d

Download Submit
/data/data/com.whatsapp/no_backup/com.google.InstanceId.properties

Filesize
63B

MD5
ce98c13841c925864f1c5e80e60e216e

SHA1
521877ea063999762da36b0acb58b65e9cbc1fdc

SHA256
e82bf8352062ca24674e7a1deeee06b94fbef1f2137c068dcffdc7bf265dfece

SHA512
be2a359b53bba1f5dd78a524397584a7d04109f73ae9040476c43cd7602646ec0066114ffe29f207700c105c86131e8f0462155635e5898d087ba7d9a69e1ea6

Download Submit
/system_ext/framework/androidx.window.extensions.jar

Filesize
123KB

MD5
3056e1bdb7d4e19789d0319eff484bd0

SHA1
6791ae47aa9466fe0bca27ad6643f846853bbee4

SHA256
8e6331a07c9f2ac139214c527dcaff2c82d126bbe7bd3420cdc36d6a8c9204b0

SHA512
c790980fd68d9f89e32743bc28846807d5e5947c555f494de47714dec5cbd0c08d81c3260fa463759d1b17a953af3c44ec30b14fb08bf6b29db3837346c9f658

Download Submit
/system_ext/framework/androidx.window.sidecar.jar

Filesize
25KB

MD5
29469324e59dfcc052f24b5af4e7b2c4

SHA1
10c1e17ac6f598037bb51baa07945663645de4eb

SHA256
9195dc6a1c75a841384050240dfc972e48178964993fba6619788625f4b40d1a

SHA512
5e27c2b1431369a248298f2f749136a575005584f9999f2a4c204a0c47adce2e33c8df9f058bdafa1bde1c99e46d175560cedfcddcd8581718ed1d9973c37cc2

Download Submit