triada | WA4_Abo3rab_v11[.]40[.]apk

Sharing

Copy URL

Twitter E-mail

General

Target

WA4_Abo3rab_v11.40.apk
Size

67.9MB
MD5

835ce398cce8fe68abc3a6dd7634a70a
SHA1

86682ea04b350f82d2797e87c7d66431342cde74
SHA256

0aa20e01c87af4403c3beabde4e48e077cb8f4d6958c994d77f36c170f2ef2a7
SHA512

aab081850a54c34660097e09de83305e1c6c2ca97219720a928ea4facdc36be9ed151f0eb48c0e8eae997e61efec826c67a3fea73f9dd532f2c8966bc0070b30
SSDEEP

1572864:4lw4/YgDPapJH6WUT01gu7TbZW1neyGuCetFl:ibQ6LTagI3ENQs

Score

10^/10

triada

Malware Config

Signatures

Android Triada payload 1 IoCs

Processes:

resource yara_rule

sample family_triada
Triada family
triada

resource	yara_rule
sample	family_triada

Declares services with permission to bind to the system 3 IoCs

Processes:

description	ioc
Required by remote views services to bind with the system. Allows apps to share and display views across different processes.	android.permission.BIND_REMOTEVIEWS
Required by chooser target services to bind with the system. Allows apps to modify targets that handle user actions.	android.permission.BIND_CHOOSER_TARGET_SERVICE
Required by telecom connection services to bind with the system. Allows apps to manage phone call aspects such as call setup and notifications.	android.permission.BIND_TELECOM_CONNECTION_SERVICE

Requests dangerous framework permissions 26 IoCs

Processes:

description	ioc
Allows an application a broad access to external storage in scoped storage.	android.permission.MANAGE_EXTERNAL_STORAGE
Allows an app to access approximate location.	android.permission.ACCESS_COARSE_LOCATION
Allows an app to access precise location.	android.permission.ACCESS_FINE_LOCATION
Allows an application to access any geographic locations persisted in the user's shared collection.	android.permission.ACCESS_MEDIA_LOCATION
Required to be able to access the camera device.	android.permission.CAMERA
Allows an application to read the user's contacts data.	android.permission.READ_CONTACTS
Allows read access to the device's phone number(s).	android.permission.READ_PHONE_NUMBERS
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to receive SMS messages.	android.permission.RECEIVE_SMS
Allows an application to record audio.	android.permission.RECORD_AUDIO
Allows applications to use exact alarm APIs.	android.permission.SCHEDULE_EXACT_ALARM
Allows an application to send SMS messages.	android.permission.SEND_SMS
Allows an application to write the user's contacts data.	android.permission.WRITE_CONTACTS
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to read audio files from external storage.	android.permission.READ_MEDIA_AUDIO
Allows an application to read image files from external storage.	android.permission.READ_MEDIA_IMAGES
Allows an application to read video files from external storage.	android.permission.READ_MEDIA_VIDEO
Allows an application to read image or video files from external storage that a user has selected via the permission prompt photo picker.	android.permission.READ_MEDIA_VISUAL_USER_SELECTED
Allows an app to post notifications.	android.permission.POST_NOTIFICATIONS
Allows an application to request installing packages.	android.permission.REQUEST_INSTALL_PACKAGES
Allows access to the list of accounts in the Accounts Service.	android.permission.GET_ACCOUNTS
Required to be able to connect to paired Bluetooth devices.	android.permission.BLUETOOTH_CONNECT
Required to be able to advertise and connect to nearby devices via Wi-Fi.	android.permission.NEARBY_WIFI_DEVICES
Required to be able to discover and pair nearby Bluetooth devices.	android.permission.BLUETOOTH_SCAN
Required to be able to advertise to nearby Bluetooth devices.	android.permission.BLUETOOTH_ADVERTISE

Files

WA4_Abo3rab_v11.40.apk
.apk android arch:arm64

com.WhatsApp4Plus

androidx.test.core.app.InstrumentationActivityInvoker$BootstrapActivity

Activities

com.WhatsApp4Plus.VoiceMessagingActivity

com.google.android.voicesearch.SEND_MESSAGE_TO_CONTACTS

androidx.test.core.app.InstrumentationActivityInvoker$BootstrapActivity

android.intent.action.MAIN

androidx.test.core.app.InstrumentationActivityInvoker$EmptyActivity

android.intent.action.MAIN

androidx.test.core.app.InstrumentationActivityInvoker$EmptyFloatingActivity

android.intent.action.MAIN

com.WhatsApp4Plus.waquickpromotionclient.ui.PushPsaNotificationActivity

com.WhatsApp4Plus.waquickpromotionclient.ui.PushPsaNotificationAction

com.WhatsApp4Plus.contact.picker.ContactPicker

android.intent.action.PICK
android.intent.action.SEND
android.intent.action.SEND_MULTIPLE
android.intent.action.CREATE_SHORTCUT

com.WhatsApp4Plus.camera.CameraActivity

android.intent.action.CREATE_SHORTCUT

com.whatsapp.stickers.thirdparty.AddThirdPartyStickerPackActivity

com.whatsapp.intent.action.ENABLE_STICKER_PACK

com.WhatsApp4Plus.payments.receiver.IndiaUpiPayIntentReceiverActivity

android.intent.action.VIEW

org.npci.upi.security.pinactivitycomponent.GetCredential

org.npci.upi.security.pinactivitycomponent.GetCredential

com.WhatsApp4Plus.Conversation

android.intent.action.VIEW
android.intent.action.SENDTO
com.WhatsApp4Plus.Conversation

com.WhatsApp4Plus.accountsync.LoginActivity

android.intent.action.VIEW

com.WhatsApp4Plus.accountsync.ProfileActivity

android.intent.action.VIEW

com.WhatsApp4Plus.accountsync.CallContactLandingActivity

android.intent.action.VIEW

com.WhatsApp4Plus.authentication.AppAuthenticationActivity

android.appwidget.action.APPWIDGET_CONFIGURE

com.WhatsApp4Plus.registration.verifyphone.VerifyPhoneNumber

android.intent.action.VIEW

com.WhatsApp4Plus.registration.MaacGrantConsentActivity

com.WhatsApp4Plus.intent.action.maac.consent

com.WhatsApp4Plus.HomeActivity

android.nfc.action.NDEF_DISCOVERED
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW

com.WhatsApp4Plus.Main

android.intent.action.MAIN

com.whatsapp.plus.XMLXplorerActivity

android.intent.action.GET_CONTENT

com.WhatsApp4Plus.identity.IdentityVerificationActivity

android.nfc.action.NDEF_DISCOVERED

com.WhatsApp4Plus.identity.ScanQrCodeActivity

android.nfc.action.NDEF_DISCOVERED

Permissions

android.permission.USE_EXACT_ALARM
android.permission.MANAGE_EXTERNAL_STORAGE
android.permission.KILL_BACKGROUND_PROCESSES
android.permission.ACCESS_COARSE_LOCATION
android.permission.ACCESS_FINE_LOCATION
android.permission.ACCESS_MEDIA_LOCATION
android.permission.ACCESS_NETWORK_STATE
android.permission.ACCESS_WIFI_STATE
android.permission.BLUETOOTH
android.permission.BROADCAST_STICKY
android.permission.CAMERA
android.permission.CHANGE_NETWORK_STATE
android.permission.CHANGE_WIFI_STATE
android.permission.FOREGROUND_SERVICE_DATA_SYNC
android.permission.FOREGROUND_SERVICE_LOCATION
android.permission.GET_TASKS
android.permission.INSTALL_SHORTCUT
android.permission.INTERNET
android.permission.MANAGE_ACCOUNTS
android.permission.MANAGE_OWN_CALLS
android.permission.MODIFY_AUDIO_SETTINGS
android.permission.NFC
android.permission.READ_CONTACTS
android.permission.READ_PHONE_NUMBERS
android.permission.READ_PHONE_STATE
android.permission.READ_PROFILE
android.permission.READ_SYNC_SETTINGS
android.permission.READ_SYNC_STATS
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.RECEIVE_SMS
android.permission.RECORD_AUDIO
android.permission.SCHEDULE_EXACT_ALARM
android.permission.SEND_SMS
android.permission.USE_CREDENTIALS
android.permission.USE_FINGERPRINT
android.permission.USE_BIOMETRIC
android.permission.VIBRATE
android.permission.WAKE_LOCK
android.permission.WRITE_CONTACTS
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.READ_EXTERNAL_STORAGE
android.permission.READ_MEDIA_AUDIO
android.permission.READ_MEDIA_IMAGES
android.permission.READ_MEDIA_VIDEO
android.permission.READ_MEDIA_VISUAL_USER_SELECTED
android.permission.POST_NOTIFICATIONS
android.permission.WRITE_SYNC_SETTINGS
android.permission.REQUEST_INSTALL_PACKAGES
android.permission.FOREGROUND_SERVICE
android.permission.USE_FULL_SCREEN_INTENT
com.android.launcher.permission.INSTALL_SHORTCUT
com.android.launcher.permission.UNINSTALL_SHORTCUT
com.google.android.c2dm.permission.RECEIVE
com.google.android.gms.permission.AD_ID
com.google.android.providers.gsf.permission.READ_GSERVICES
com.sec.android.provider.badge.permission.READ
com.sec.android.provider.badge.permission.WRITE
com.htc.launcher.permission.READ_SETTINGS
com.htc.launcher.permission.UPDATE_SHORTCUT
com.sonyericsson.home.permission.BROADCAST_BADGE
com.sonymobile.home.permission.PROVIDER_INSERT_BADGE
com.huawei.android.launcher.permission.READ_SETTINGS
com.huawei.android.launcher.permission.WRITE_SETTINGS
com.huawei.android.launcher.permission.CHANGE_BADGE
com.WhatsApp4Plus.permission.BROADCAST
com.WhatsApp4Plus.permission.MAPS_RECEIVE
com.WhatsApp4Plus.permission.REGISTRATION
com.WhatsApp4Plus.sticker.READ
com.WhatsApp4Plus.DYNAMIC_RECEIVER_NOT_EXPORTED_PERMISSION
android.permission.AUTHENTICATE_ACCOUNTS
android.permission.GET_ACCOUNTS
com.facebook.services.identity.FEO2
android.permission.RUN_USER_INITIATED_JOBS
android.permission.REORDER_TASKS
com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE
android.permission.FOREGROUND_SERVICE_MICROPHONE
android.permission.FOREGROUND_SERVICE_CAMERA
android.permission.FOREGROUND_SERVICE_MEDIA_PROJECTION
android.permission.FOREGROUND_SERVICE_PHONE_CALL
android.permission.BLUETOOTH_CONNECT
android.permission.NEARBY_WIFI_DEVICES
android.permission.BLUETOOTH_ADMIN
android.permission.BLUETOOTH_SCAN
android.permission.BLUETOOTH_ADVERTISE

Receivers

com.WhatsApp4Plus.appwidget.WidgetProvider

android.appwidget.action.APPWIDGET_UPDATE

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryChargingProxy

android.intent.action.ACTION_POWER_CONNECTED
android.intent.action.ACTION_POWER_DISCONNECTED

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryNotLowProxy

android.intent.action.BATTERY_OKAY
android.intent.action.BATTERY_LOW

androidx.work.impl.background.systemalarm.ConstraintProxy$StorageNotLowProxy

android.intent.action.DEVICE_STORAGE_LOW
android.intent.action.DEVICE_STORAGE_OK

androidx.work.impl.background.systemalarm.ConstraintProxy$NetworkStateProxy

android.net.conn.CONNECTIVITY_CHANGE

androidx.work.impl.background.systemalarm.RescheduleReceiver

android.intent.action.BOOT_COMPLETED
android.intent.action.TIME_SET
android.intent.action.TIMEZONE_CHANGED

androidx.work.impl.background.systemalarm.ConstraintProxyUpdateReceiver

androidx.work.impl.background.systemalarm.UpdateProxies

androidx.work.impl.diagnostics.DiagnosticsReceiver

androidx.work.diagnostics.REQUEST_DIAGNOSTICS

com.WhatsApp4Plus.systemreceivers.boot.BootReceiver

android.intent.action.BOOT_COMPLETED

com.WhatsApp4Plus.systemreceivers.appupdated.AppUpdatedReceiver

android.intent.action.MY_PACKAGE_REPLACED

com.WhatsApp4Plus.push.WAFbnsPreloadReceiver

com.facebook.rti.fbns.intent.RECEIVE

com.google.firebase.iid.FirebaseInstanceIdReceiver

com.google.android.c2dm.intent.RECEIVE

com.WhatsApp4Plus.phoneid.PhoneIdRequestReceiver

com.facebook.GET_PHONE_ID

com.WhatsApp4Plus.accounttransfer.AccountTransferReceiver

com.google.android.gms.auth.START_ACCOUNT_EXPORT

com.WhatsApp4Plus.ExternalMediaManager$ExternalMediaStateReceiver

android.intent.action.MEDIA_BAD_REMOVAL
android.intent.action.MEDIA_EJECT
android.intent.action.MEDIA_MOUNTED
android.intent.action.MEDIA_REMOVED
android.intent.action.MEDIA_SHARED
android.intent.action.MEDIA_UNMOUNTED

com.WhatsApp4Plus.registration.directmigration.MigrationProviderOrderedBroadcastReceiver

com.WhatsApp4Plus.registration.directmigration.initialMigrationInfoAction
com.WhatsApp4Plus.registration.directmigration.recoveryTokenAction
com.WhatsApp4Plus.registration.directmigration.setMigrationStateOnProviderSide

com.WhatsApp4Plus.registration.directmigration.MigrationRequesterBroadcastReceiver

com.WhatsApp4Plus.registration.directmigration.providerIsLoggedOutAction
com.WhatsApp4Plus.registration.directmigration.providerAppMigrationSpaceNeededAction

com.WhatsApp4Plus.accountswitching.notifications.InactiveAccountNotificationReceiver

com.WhatsApp4Plus.accountswitching.inactiveaccount.IgnoreCall

androidx.profileinstaller.ProfileInstallReceiver

androidx.profileinstaller.action.INSTALL_PROFILE
androidx.profileinstaller.action.SKIP_FILE
androidx.profileinstaller.action.SAVE_PROFILE
androidx.profileinstaller.action.BENCHMARK_OPERATION

com.WhatsApp4Plus.registration.RegistrationCompletedReceiver

com.WhatsApp4Plus.SMBRegistrationCompleted

com.WhatsApp4Plus.registration.notifications.RegRetryVerificationReceiver

com.WhatsApp4Plus.alarm.REGISTRATION_RETRY

com.WhatsApp4Plus.registration.notifications.OnboardingIncompleteReceiver

com.WhatsApp4Plus.alarm.ONBOARDING_INCOMPLETE

com.abuarab.gold.WidgetSeen

android.appwidget.action.APPWIDGET_UPDATE

com.abuarab.gold.Receiver

android.intent.action.BOOT_COMPLETED

com.abuarab.gold.scheduler.Receiver

android.intent.action.BOOT_COMPLETED

com.WhatsApp4Plus.migration.android.api.DeferredRestoreBroadcastReceiver

com.google.android.apps.pixelmigrate.IOS_APP_DATA_AVAILABLE

com.WhatsApp4Plus.otp.OtpRequestedReceiver

com.WhatsApp4Plus.otp.OTP_REQUESTED

com.WhatsApp4Plus.otp.OtpIdentityHashRequestedReceiver

com.WhatsApp4Plus.otp.ID_HASH_REQUESTED

Services

com.WhatsApp4Plus.push.GcmListenerService

com.google.firebase.MESSAGING_EVENT

com.google.firebase.messaging.FirebaseMessagingService

com.google.firebase.MESSAGING_EVENT

androidx.sharetarget.ChooserTargetServiceCompat

android.service.chooser.ChooserTargetService

com.whatsapp.calling.telecom.SelfManagedConnectionService

android.telecom.ConnectionService

com.WhatsApp4Plus.contact.sync.ContactsSyncAdapterService

android.content.SyncAdapter

org.npci.upi.security.pinactivitycomponent.CLRemoteServiceImpl

org.npci.upi.security.services.CLRemoteService

com.WhatsApp4Plus.accountsync.AccountAuthenticatorService

android.accounts.AccountAuthenticator

com.WhatsApp4Plus.instrumentation.api.InstrumentationService

com.WhatsApp4Plus.instrumentation.REQUEST

com.WhatsApp4Plus.wearos.WearOsListenerService

com.google.android.gms.wearable.BIND_LISTENER
com.google.android.gms.wearable.MESSAGE_RECEIVED

Android Permissions

WA4_Abo3rab_v11.40.apk

Permissions

android.permission.USE_EXACT_ALARM

android.permission.MANAGE_EXTERNAL_STORAGE

android.permission.KILL_BACKGROUND_PROCESSES

android.permission.ACCESS_COARSE_LOCATION

android.permission.ACCESS_FINE_LOCATION

android.permission.ACCESS_MEDIA_LOCATION

android.permission.ACCESS_NETWORK_STATE

android.permission.ACCESS_WIFI_STATE

android.permission.BLUETOOTH

android.permission.BROADCAST_STICKY

android.permission.CAMERA

android.permission.CHANGE_NETWORK_STATE

android.permission.CHANGE_WIFI_STATE

android.permission.FOREGROUND_SERVICE_DATA_SYNC

android.permission.FOREGROUND_SERVICE_LOCATION

android.permission.GET_TASKS

android.permission.INSTALL_SHORTCUT

android.permission.INTERNET

android.permission.MANAGE_ACCOUNTS

android.permission.MANAGE_OWN_CALLS

android.permission.MODIFY_AUDIO_SETTINGS

android.permission.NFC

android.permission.READ_CONTACTS

android.permission.READ_PHONE_NUMBERS

android.permission.READ_PHONE_STATE

android.permission.READ_PROFILE

android.permission.READ_SYNC_SETTINGS

android.permission.READ_SYNC_STATS

android.permission.RECEIVE_BOOT_COMPLETED

android.permission.RECEIVE_SMS

android.permission.RECORD_AUDIO

android.permission.SCHEDULE_EXACT_ALARM

android.permission.SEND_SMS

android.permission.USE_CREDENTIALS

android.permission.USE_FINGERPRINT

android.permission.USE_BIOMETRIC

android.permission.VIBRATE

android.permission.WAKE_LOCK

android.permission.WRITE_CONTACTS

android.permission.WRITE_EXTERNAL_STORAGE

android.permission.READ_EXTERNAL_STORAGE

android.permission.READ_MEDIA_AUDIO

android.permission.READ_MEDIA_IMAGES

android.permission.READ_MEDIA_VIDEO

android.permission.READ_MEDIA_VISUAL_USER_SELECTED

android.permission.POST_NOTIFICATIONS

android.permission.WRITE_SYNC_SETTINGS

android.permission.REQUEST_INSTALL_PACKAGES

android.permission.FOREGROUND_SERVICE

android.permission.USE_FULL_SCREEN_INTENT

Sharing

General

Malware Config

Signatures

Files

com.WhatsApp4Plus

androidx.test.core.app.InstrumentationActivityInvoker$BootstrapActivity

Activities

com.WhatsApp4Plus.VoiceMessagingActivity

androidx.test.core.app.InstrumentationActivityInvoker$BootstrapActivity

androidx.test.core.app.InstrumentationActivityInvoker$EmptyActivity

androidx.test.core.app.InstrumentationActivityInvoker$EmptyFloatingActivity

com.WhatsApp4Plus.waquickpromotionclient.ui.PushPsaNotificationActivity

com.WhatsApp4Plus.contact.picker.ContactPicker

com.WhatsApp4Plus.camera.CameraActivity

com.whatsapp.stickers.thirdparty.AddThirdPartyStickerPackActivity

com.WhatsApp4Plus.payments.receiver.IndiaUpiPayIntentReceiverActivity

org.npci.upi.security.pinactivitycomponent.GetCredential

com.WhatsApp4Plus.Conversation

com.WhatsApp4Plus.accountsync.LoginActivity

com.WhatsApp4Plus.accountsync.ProfileActivity

com.WhatsApp4Plus.accountsync.CallContactLandingActivity

com.WhatsApp4Plus.authentication.AppAuthenticationActivity

com.WhatsApp4Plus.registration.verifyphone.VerifyPhoneNumber

com.WhatsApp4Plus.registration.MaacGrantConsentActivity

com.WhatsApp4Plus.HomeActivity

com.WhatsApp4Plus.Main

com.whatsapp.plus.XMLXplorerActivity

com.WhatsApp4Plus.identity.IdentityVerificationActivity

com.WhatsApp4Plus.identity.ScanQrCodeActivity

Permissions

Receivers

com.WhatsApp4Plus.appwidget.WidgetProvider

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryChargingProxy

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryNotLowProxy

androidx.work.impl.background.systemalarm.ConstraintProxy$StorageNotLowProxy

androidx.work.impl.background.systemalarm.ConstraintProxy$NetworkStateProxy

androidx.work.impl.background.systemalarm.RescheduleReceiver

androidx.work.impl.background.systemalarm.ConstraintProxyUpdateReceiver

androidx.work.impl.diagnostics.DiagnosticsReceiver

com.WhatsApp4Plus.systemreceivers.boot.BootReceiver

com.WhatsApp4Plus.systemreceivers.appupdated.AppUpdatedReceiver

com.WhatsApp4Plus.push.WAFbnsPreloadReceiver

com.google.firebase.iid.FirebaseInstanceIdReceiver

com.WhatsApp4Plus.phoneid.PhoneIdRequestReceiver

com.WhatsApp4Plus.accounttransfer.AccountTransferReceiver

com.WhatsApp4Plus.ExternalMediaManager$ExternalMediaStateReceiver

com.WhatsApp4Plus.registration.directmigration.MigrationProviderOrderedBroadcastReceiver

com.WhatsApp4Plus.registration.directmigration.MigrationRequesterBroadcastReceiver

com.WhatsApp4Plus.accountswitching.notifications.InactiveAccountNotificationReceiver

androidx.profileinstaller.ProfileInstallReceiver

com.WhatsApp4Plus.registration.RegistrationCompletedReceiver

com.WhatsApp4Plus.registration.notifications.RegRetryVerificationReceiver

com.WhatsApp4Plus.registration.notifications.OnboardingIncompleteReceiver

com.abuarab.gold.WidgetSeen

com.abuarab.gold.Receiver

com.abuarab.gold.scheduler.Receiver

com.WhatsApp4Plus.migration.android.api.DeferredRestoreBroadcastReceiver

com.WhatsApp4Plus.otp.OtpRequestedReceiver

com.WhatsApp4Plus.otp.OtpIdentityHashRequestedReceiver

Services

com.WhatsApp4Plus.push.GcmListenerService

com.google.firebase.messaging.FirebaseMessagingService

androidx.sharetarget.ChooserTargetServiceCompat

com.whatsapp.calling.telecom.SelfManagedConnectionService

com.WhatsApp4Plus.contact.sync.ContactsSyncAdapterService

org.npci.upi.security.pinactivitycomponent.CLRemoteServiceImpl

com.WhatsApp4Plus.accountsync.AccountAuthenticatorService

com.WhatsApp4Plus.instrumentation.api.InstrumentationService

com.WhatsApp4Plus.wearos.WearOsListenerService

Android Permissions

WA4_Abo3rab_v11.40.apk