triada | 8e23d2a47a28f012c3a0f41657cab8ba3930a3f56786e7b12598b194f1721e01 | Triage

Submit
Reports

Overview

overview

Static

static

FMWhatsApp_v10.06.apk

android-9-x86

8

Sharing

General

Target

FMWhatsApp_v10.06.apk
Size

76.3MB
Sample

240601-vn4fhaaa85
MD5

bf97889a83a3502537b75a838e2dfbcb
SHA1

2fd399cdac741394ccfbc4c3b0830d224493b6f1
SHA256

8e23d2a47a28f012c3a0f41657cab8ba3930a3f56786e7b12598b194f1721e01
SHA512

2750cff9a4671609f7abec642f83def3aba81a3cdc179a1c507c0eb4d5e05265616f5b084f58cfe44ace746b0df2dfeaac74fc5ee5cd042cab858e7bfb351729
SSDEEP

1572864:V1oJUAOLAjIo0dVZPapJHhbozNd4TpQnJH/JgQhDJdVk:YNR0dTQJoRu8fSQhbVk

Score

10^/10

triada android discovery evasion execution impact persistence upx

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

FMWhatsApp_v10.06.apk

Resource

android-x86-arm-20240514-en

discovery evasion execution impact persistence upx

android-9-x86

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  FMWhatsApp_v10.06.apk
- Size
  
  76.3MB
- MD5
  
  bf97889a83a3502537b75a838e2dfbcb
- SHA1
  
  2fd399cdac741394ccfbc4c3b0830d224493b6f1
- SHA256
  
  8e23d2a47a28f012c3a0f41657cab8ba3930a3f56786e7b12598b194f1721e01
- SHA512
  
  2750cff9a4671609f7abec642f83def3aba81a3cdc179a1c507c0eb4d5e05265616f5b084f58cfe44ace746b0df2dfeaac74fc5ee5cd042cab858e7bfb351729
- SSDEEP
  
  1572864:V1oJUAOLAjIo0dVZPapJHhbozNd4TpQnJH/JgQhDJdVk:YNR0dTQJoRu8fSQhbVk
Score

8^/10

discovery evasion execution impact persistence upx
- Patched UPX-packed file
  Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.
- Checks memory information
  Checks memory information which indicate if the system is an emulator.
  evasion discovery
- Registers a broadcast receiver at runtime (usually for listening for system events)
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Acquires the wake lock
- Checks if the internet connection is available
  discovery
- Reads information about phone network operator.
  discovery
- Schedules tasks to execute at a specified time
  Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
  execution persistence
behavioral1

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

Persistence

Event Triggered Execution

Broadcast Receivers

Scheduled Task/Job

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

System Information Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

Tasks

static1

behavioral1

discoveryevasionexecutionimpactpersistenceupx

© 2018-2024

Terms | Privacy