203f76141b22ecce26beb7b5f5244c6da345be7d95b6da841d9c099d52ef1f09

Analysis

max time kernel
3s
max time network
127s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
02-07-2024 10:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

[com.wa]FouadWA+iOS+v9.93+by+stefanoYG.apk
Size

85.3MB
MD5

7402a7d92183b99faeac2967fe7570de
SHA1

cadb0118049928a80369ab2301cbb1ef1f6832ef
SHA256

203f76141b22ecce26beb7b5f5244c6da345be7d95b6da841d9c099d52ef1f09
SHA512

98b52bb44b84ed0518bbd931f5f30dd9f1a1ae14b70920b631b0fda70a7a92655f6c8f4a32525cc9f9d22a53ebadbb635a6eac6bf0007257a1373fda70b86655
SSDEEP

1572864:4PqVvW+QcQIE1c4sU0MmDhPwpJcyDOzWHDMX+MtYPlpHq1sNrxT:4YWDWEF0rDZwHDy+k8pTx

Score

6^/10

discovery persistence

Malware Config

Signatures

Acquires the wake lock 1 IoCs

Processes:

com.whatsapp

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.whatsapp
Queries information about active data network 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.whatsapp

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.whatsapp
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

com.whatsapp

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.whatsapp

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.whatsapp

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.whatsapp

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.whatsapp

com.whatsapp
1⤵
- Acquires the wake lock
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4278

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.whatsapp/databases/BTOR.DB
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.whatsapp/databases/BTOR.DB-journal
Filesize
512B

MD5
99fbbcc04373e5078630a972b6fe263d

SHA1
3f46b4341efdc301625d2c7f3e53a44a384d3ff3

SHA256
274f6ecccd2d9987ae9dc9e4ac53dfe319090845ff57d0eed38cf227d43c7890

SHA512
61869f7d9e79567c3fa8931d670f9805d9417591e001c2f0ff7b1a0e6a4bb8372d82ee6173e4133c7e3e811420fa5449a987e70ea04ff80f01783427f59a8f77

Download Submit
/data/data/com.whatsapp/databases/BTOR.DB-wal
Filesize
32KB

MD5
6d6d8f01f9d150d2d18d3389b03b8fba

SHA1
1fc73bd96a037c953564a117da8c02cfd14efd2f

SHA256
6f96aaa201de6981f3cc3a4b8ac3b0e7d1519359f719be22d6d443e7299b7dfb

SHA512
28eb31526a09a6f8c9470d1c255812cd353def3eaf1a08b74a0af19223f2e3a07be573f6f26a13e3df03ae1a3f9e58148fdca03e538d24f68ae99a3d7d224098

Download Submit
/data/data/com.whatsapp/databases/EHS.DB-journal
Filesize
512B

MD5
aa2ebbe72beb29c9d9579cfca6a74df4

SHA1
092ae1f6217eaa611c2e2ae5c09c1c95e4616a3a

SHA256
b4dac9dcdaa95ebacb36feda8d4104a023fc3d2a6af854d0419c0c7a63c32ab9

SHA512
f93ae553289b7e9cb54438b6e1eb900887d95bb0debc0a1e4a8171c1e689f0e3c22621392bdd0c8077dfe6b8f8da8325c714c054bab6dea9a46202a55ad64ff6

Download Submit
/data/data/com.whatsapp/databases/EHS.DB-wal
Filesize
32KB

MD5
17636354b5b9d86ce1d68ce87b051967

SHA1
b3b67dcdb3af2f33350ab6fb71aba9bb2fcebd6d

SHA256
b474148e68c96e17664d5fa8a999324ff132a0f5cc32cc3e636ac046f8e168b7

SHA512
11044892829b6d6a6bcc013dc9a8501bedc68b9584e583895c36595aab8997cb4e8dfab8ecc2a8b22201e99e8746d379ee06ffe003e962a060827a9f6f7d897a

Download Submit
/data/data/com.whatsapp/files/Logs/whatsapp.log
Filesize
187B

MD5
50d88980a78f8056fe5b262ff06dd878

SHA1
bdaa715e616fd3bd74b42ec823c96ebf7da14b6c

SHA256
46a186377ab8c3da530377388641711be6bd1f291bb25c443c7ffc3fb6f19813

SHA512
a0818009ed5e7702e0683452bd5898bfd78b5400ed55e3eae59e92a0954ae12fc9cf0db1aab57372cfa8c1b70250135b7d08f074118e5a28a746ded7b64c279b

Download Submit
/data/data/com.whatsapp/files/light_stock.xml
Filesize
20KB

MD5
90ad3f9271671e93260080c65770932c

SHA1
c42d3797096a0deed4a6ba22fec177d18dc04646

SHA256
819a237bb8bbbbfa3d1566526ef519bb3a5db1dca3f4fd6caf63aa75940d3d07

SHA512
bb8fd1c8067aff6d1ade15b377d61849b9dd26733881bca17228a15c9ca7daffb30107194f5bb672c31d0f873230bf1192af0dafc181821c9fc4e750a1b10298

Download Submit
/data/data/com.whatsapp/files/night_stock.xml
Filesize
20KB

MD5
c2d0679fea746990936232a7169768bd

SHA1
28b1eda655b657343ca277aec0d537fcf59004bd

SHA256
812503a9c3eb0f1d6bb40ab7d7b05c8ae77b6cade4563f06f36b0e144a80c08a

SHA512
217660b9fa3b96331a554a9bb82f93c3c5d87f7b9ed65a299f2dc4474ab830692ecca9159eab2e39397c9d29407ab667a29b531978af4fdb4965357d2064811d

Download Submit
/data/data/com.whatsapp/no_backup/com.google.InstanceId.properties
Filesize
63B

MD5
8c7b714f7dd1b3d8efd5f87fd71edd9a

SHA1
dbab039060d9dd13fa0026f5a02cc9f8e206c5b8

SHA256
859e68d6a4471d36ca5c1132f0add542a368e16494c077531e9bb71b5ab2c6de

SHA512
5874c0719fc8a3d6723cc8bf68b6e692b0c4986750de858ee26b242397dd027bd188bf894428d8853fd33ad2d06e70bc79fa74c10d88ad44985c84d19b62cd2b

Download Submit