57f05904ecf681f7aa89588d3a3d60cd06476970c251a34a00988d7616e92239

Analysis

max time kernel
11s
max time network
131s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
25-05-2024 04:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

70e5055b5ad248d8dbd42042212550c6_JaffaCakes118.apk
Size

17.7MB
MD5

70e5055b5ad248d8dbd42042212550c6
SHA1

4bfc7e9217bfce33381cc2c8200b5d2cc80f9e7f
SHA256

57f05904ecf681f7aa89588d3a3d60cd06476970c251a34a00988d7616e92239
SHA512

92efc58bcf9a13099552d078e898331ce5a78834369c6140cabd9b70f350fbe5beef03a67aeb0cde01b0eb1a2439895b074f60fd53db0ad01f4312001c1ce71a
SSDEEP

393216:7JDS1frDIF4YoMFFd4gCWJh/y/+ylkTh4rUe:7JudoFFmBl6WrUe

Score

8^/10

collection discovery evasion persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/bin/su	com.whatsapp
/system/xbin/su	com.whatsapp

Checks known Qemu files. 1 TTPs 1 IoCs

Checks for known Qemu files that exist on Android virtual device images.

evasion

System Checks

T1633.001

ioc	Process
/system/lib/libc_malloc_debug_qemu.so	com.whatsapp

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/product/framework/com.google.android.maps.jar	5125	com.whatsapp
/product/framework/com.google.android.maps.jar	5125	com.whatsapp

Queries account information for other applications stored on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect account information stored on the device.

collection

Stored Application Data

T1409

description	ioc	Process
Framework service call	android.accounts.IAccountManager.getAccountsAsUser	com.whatsapp

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.whatsapp

Reads the contacts stored on the device. 1 TTPs 1 IoCs

collection

Contact List

T1636.003

description	ioc	Process
URI accessed for read	content://com.android.contacts/contacts	com.whatsapp

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.whatsapp

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422
Checks the presence of a debugger
evasion

com.whatsapp
1⤵
- Checks if the Android device is rooted.
- Checks known Qemu files.
- Loads dropped Dex/Jar
- Queries account information for other applications stored on the device
- Queries information about running processes on the device
- Reads the contacts stored on the device.
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:5125

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Protected User Data

T1636

Contact List

T1636.003

Stored Application Data

T1409

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.whatsapp/files/Logs/whatsapp.log

Filesize
10KB

MD5
56d62ebb65b9f53792f7dc0c8fca6ef0

SHA1
7debd8a3adeb61d7cf5f4e370ec0dd33dbf0c298

SHA256
8ec1c03dd329c5cce3f8b9475ddd87a5559e6ff50fc692a4ad2d673da10b23a9

SHA512
8875c88780d30b460ff63c15fc143913055c2901799e16762a457be364ad71a299b502e059d21712bd2e40dbbb527bd3f4b710dc81850fb6c758097a6d77130f

Download Submit
/data/data/com.whatsapp/files/wastats.dims

Filesize
246B

MD5
81ba401f0c29a20f472c4e8d74075658

SHA1
ce0e38f53bcf31f925c131c002fc63b8007f34ab

SHA256
d7b64a7ea1ae90e75713c18a12fcdd007f0a914cbaa508f528e3a5fbd1f453e3

SHA512
084b22577f29cde4d1dd05c87269c1b87c3dbd23c7c3ead4d95e371d64e4c6fd59ef9d87126ebc1ac3b966f72ebb4036331be8904a19ba74d6c23ede806a6200

Download Submit
/data/data/com.whatsapp/files/wastats.dims

Filesize
754B

MD5
53b3f5b05fe176c75fed295f085b1581

SHA1
d01ce8917e5b90e24c626de253cfd4189c2c184b

SHA256
bd35e30f59cb2ac2d3396408ce9c969ec2887595b66e19744b79dc86c328b8c3

SHA512
1a0d5d2197d7cb7a317a5a9db463403d5155c96f1d52a9b6098612bece10088839d77a2de90ed98ef5c9b815f9d7c18d16fd64f5f7e84ee92eb53989ddd904b0

Download Submit
/data/data/com.whatsapp/files/wastats.log

Filesize
308B

MD5
df6d38b3ed1798f41833ab24089013e9

SHA1
214cec157c5215ebdf41795f7926305e0931debe

SHA256
653baa6f8c097dc6a09c1823761a61e95395deb2115a9103ce29eaa66ed7d33f

SHA512
d2ebd8f275d6d12c99a97ebed0b2fabc64112c34f5a5c333dfdb8faef1bf8533ae30555a71b067f15d5d3741ab8c6aded3f657c601a6f34a9a4ef193c9649719

Download Submit
/product/framework/com.google.android.maps.jar

Filesize
315KB

MD5
4899aca36d1ed747a447dcac0d101a62

SHA1
32e43edc0bf3e036683ea8639472e6cd31ab9929

SHA256
67a651acd867e046fb4463b31ea584c1468f7243a9d1e2efd34059e8ee2f130f

SHA512
50b23dd279a9efba566c6a6523c7537723c0cd6dd3e4871f1cbdb8d5bc355caa3ddea99452b1c8e5356802f812b3768066a9848b93d715bb8bdfa455b704285f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads