triada | 6aa7080e3f6c476a074535d9e22bcf9de35932ef114ae59603243f738f9cfef1 | Triage

Submit
Reports

Overview

overview

Static

static

WhatsApp P...ds.apk

android-9-x86

8

Sharing

General

Target

WhatsApp Plus V20.04 YesiiMods.apk
Size

117.7MB
Sample

240428-21p7zabd37
MD5

8288f0fa652e1d87e25cd01817efff23
SHA1

c1b0f835946fabac2680984452d09bc5958539f1
SHA256

6aa7080e3f6c476a074535d9e22bcf9de35932ef114ae59603243f738f9cfef1
SHA512

4167cc8185a4cee749c5354203a36b56392daf45ead30db66e6f3c257fc69a876f12e10ba3fe5cc92db09a29a953001028e470d42b7f0dd18349722d4e738bf9
SSDEEP

1572864:aB/h1DsxdAMKdPwpJGLLrS0MmD5lttob1VKSY8dXLFB6wrxKEBtfI+7CsJCVhzCh:whRVn00rDftab1V9RwSJC+CW

Score

10^/10

triada android discovery evasion impact persistence upx

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

WhatsApp Plus V20.04 YesiiMods.apk

Resource

android-x86-arm-20240221-en

discovery evasion impact persistence upx

android-9-x86

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  WhatsApp Plus V20.04 YesiiMods.apk
- Size
  
  117.7MB
- MD5
  
  8288f0fa652e1d87e25cd01817efff23
- SHA1
  
  c1b0f835946fabac2680984452d09bc5958539f1
- SHA256
  
  6aa7080e3f6c476a074535d9e22bcf9de35932ef114ae59603243f738f9cfef1
- SHA512
  
  4167cc8185a4cee749c5354203a36b56392daf45ead30db66e6f3c257fc69a876f12e10ba3fe5cc92db09a29a953001028e470d42b7f0dd18349722d4e738bf9
- SSDEEP
  
  1572864:aB/h1DsxdAMKdPwpJGLLrS0MmD5lttob1VKSY8dXLFB6wrxKEBtfI+7CsJCVhzCh:whRVn00rDftab1V9RwSJC+CW
Score

8^/10

discovery evasion impact persistence upx
- Patched UPX-packed file
  Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.
- Checks CPU information
  Checks CPU information which indicate if the system is an emulator.
  evasion discovery
- Checks memory information
  Checks memory information which indicate if the system is an emulator.
  evasion discovery
- Registers a broadcast receiver at runtime (usually for listening for system events)
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Acquires the wake lock
- Checks if the internet connection is available
  discovery
behavioral1

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

System Information Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

Tasks

static1

behavioral1

discoveryevasionimpactpersistenceupx

© 2018-2024

Terms | Privacy