triada | fdca92e24d5e181a4b48ab2961aa8351f8ceac481df6007846265c5d307e3763 | Triage

Submit
Reports

Overview

overview

Static

static

WhatsApp.apk

android-13-x64

8

Resubmissions

28-04-2024 19:18

240428-x1flbaeh75 10

28-04-2024 19:11

240428-xv6kjseg46 10

Sharing

General

Target

WhatsApp.apk
Size

93.6MB
Sample

240428-x1flbaeh75
MD5

ce992bcef1d2241ccf76b22c2e9707e4
SHA1

09da006da60dcc560f524a696505a2d4aae3a7e9
SHA256

fdca92e24d5e181a4b48ab2961aa8351f8ceac481df6007846265c5d307e3763
SHA512

dbcda274fe7a0d9302d0fbf220e18a91de3be711e85777ec574835e90dc9af57b462a241db3543360e4f31f6f54019f733498e0a0504db2e3ee12f030d071cbc
SSDEEP

1572864:3T9l6HMejaYsPapJHzbqY31tQbUJNTMu0ixWaaqy8AP9g0hOtxUnmwUC:3TYMQadQzbqY3DN/T10vaE8APi0hOjUD

Score

10^/10

triada android discovery evasion impact upx

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

WhatsApp.apk

Resource

android-33-x64-arm64-20240229-en

discovery evasion impact upx

android-13-x64

8 signatures

300 seconds

Malware Config

Targets

- Target
  
  WhatsApp.apk
- Size
  
  93.6MB
- MD5
  
  ce992bcef1d2241ccf76b22c2e9707e4
- SHA1
  
  09da006da60dcc560f524a696505a2d4aae3a7e9
- SHA256
  
  fdca92e24d5e181a4b48ab2961aa8351f8ceac481df6007846265c5d307e3763
- SHA512
  
  dbcda274fe7a0d9302d0fbf220e18a91de3be711e85777ec574835e90dc9af57b462a241db3543360e4f31f6f54019f733498e0a0504db2e3ee12f030d071cbc
- SSDEEP
  
  1572864:3T9l6HMejaYsPapJHzbqY31tQbUJNTMu0ixWaaqy8AP9g0hOtxUnmwUC:3TYMQadQzbqY3DN/T10vaE8APi0hOjUD
Score

8^/10

discovery evasion impact upx
- Patched UPX-packed file
  Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.
- Checks memory information
  Checks memory information which indicate if the system is an emulator.
  evasion discovery
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Acquires the wake lock
- Reads information about phone network operator.
  discovery
- Checks the presence of a debugger
  evasion
behavioral1

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

System Information Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

Tasks

static1

behavioral1

discoveryevasionimpactupx

© 2018-2024

Terms | Privacy