General

  • Target

    FMWhatsApp_v10.06.apk

  • Size

    76.3MB

  • Sample

    240601-vn4fhaaa85

  • MD5

    bf97889a83a3502537b75a838e2dfbcb

  • SHA1

    2fd399cdac741394ccfbc4c3b0830d224493b6f1

  • SHA256

    8e23d2a47a28f012c3a0f41657cab8ba3930a3f56786e7b12598b194f1721e01

  • SHA512

    2750cff9a4671609f7abec642f83def3aba81a3cdc179a1c507c0eb4d5e05265616f5b084f58cfe44ace746b0df2dfeaac74fc5ee5cd042cab858e7bfb351729

  • SSDEEP

    1572864:V1oJUAOLAjIo0dVZPapJHhbozNd4TpQnJH/JgQhDJdVk:YNR0dTQJoRu8fSQhbVk

Malware Config

Targets

    • Target

      FMWhatsApp_v10.06.apk

    • Size

      76.3MB

    • MD5

      bf97889a83a3502537b75a838e2dfbcb

    • SHA1

      2fd399cdac741394ccfbc4c3b0830d224493b6f1

    • SHA256

      8e23d2a47a28f012c3a0f41657cab8ba3930a3f56786e7b12598b194f1721e01

    • SHA512

      2750cff9a4671609f7abec642f83def3aba81a3cdc179a1c507c0eb4d5e05265616f5b084f58cfe44ace746b0df2dfeaac74fc5ee5cd042cab858e7bfb351729

    • SSDEEP

      1572864:V1oJUAOLAjIo0dVZPapJHhbozNd4TpQnJH/JgQhDJdVk:YNR0dTQJoRu8fSQhbVk

    • Patched UPX-packed file

      Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.

    • Checks memory information

      Checks memory information which indicate if the system is an emulator.

    • Registers a broadcast receiver at runtime (usually for listening for system events)

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Acquires the wake lock

    • Checks if the internet connection is available

    • Reads information about phone network operator.

    • Schedules tasks to execute at a specified time

      Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

MITRE ATT&CK Mobile v15

Tasks