wipelock | a57cd5e6da100b43b807552f98fc2ff97308ca4b777656e7cc3c8146781f8003

Resubmissions

04-08-2024 10:32

04-08-2024 08:13

03-08-2024 04:16

03-08-2024 04:14

max time kernel
166s
max time network
184s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
03-08-2024 04:16

Target

fnaf2+aptoide.html
Size

11KB
MD5

195bf5601ee1ca1974d4b9260215c604
SHA1

d864e3fefa7b0d4bbce2dccd06403ea24b6cf1ad
SHA256

a57cd5e6da100b43b807552f98fc2ff97308ca4b777656e7cc3c8146781f8003
SHA512

1a4b09be1a6be945f3c9dbabe23127fa0ef7663f8b352fa26fe6b1036cc51a60aee58d23edf60a9e9ea9e178b172def488d6c602205b19a0ce691ed00f987d34
SSDEEP

96:gUg6wHCR+g5UKgbbaHMLASWbDQkMbDq1WSVzD5pW72udJ6/k3bDBubKdbhS3CPHK:8HsLUiHVy8LVzD5pW7229Iy7HLlDn8

Score

10^/10

Wipelock
Wipelock is an Android trojan with multiple capabilities, such as wiping data, reading and sending SMS messages without the victim's knowledge.
trojan infostealer wipelock

Wipelock Android payload 1 IoCs

Processes:

resource	yara_rule
/storage/emulated/0/Download/.pending-1723263459-fnaf2 aptoide.apk	family_wipelock

Declares broadcast receivers with permission to handle system events 1 IoCs

Processes:

description	ioc
Required by device admin receivers to bind with the system. Allows apps to manage device administration features.	android.permission.BIND_DEVICE_ADMIN

Requests dangerous framework permissions 8 IoCs

Processes:

description	ioc
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to receive SMS messages.	android.permission.RECEIVE_SMS
Allows an application to send SMS messages.	android.permission.SEND_SMS
Allows an application to read SMS messages.	android.permission.READ_SMS
Allows an application to read the user's contacts data.	android.permission.READ_CONTACTS
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an application to read or write the system settings.	android.permission.WRITE_SETTINGS

Checks CPU information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

com.android.chrome

description ioc process

File opened for read /proc/cpuinfo com.android.chrome
Checks memory information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

com.android.chrome

description ioc process

File opened for read /proc/meminfo com.android.chrome

description	ioc	process
File opened for read	/proc/cpuinfo	com.android.chrome

description	ioc	process
File opened for read	/proc/meminfo	com.android.chrome

com.android.chrome
1⤵
- Checks CPU information
- Checks memory information
PID:4259

/storage/emulated/0/Download/.pending-1723263459-fnaf2 aptoide.apk
Filesize
549KB

MD5
743ae762afa19ec3862caf1747a0a520

SHA1
41686484e6b8c0038dd574e74f78ae8890efd84d

SHA256
0a87854528f9086dc46f4ddd0fba4f053610d696f7d93d9289064970b73d8f51

SHA512
1f6e266741a2675a586ad54465b67dd580e91ca2ca02eea0537b59353c28677271222d82bf863ae2854742d23b9f5f14d954d1121f60b81f6293f27d65077555

Download Submit
/storage/emulated/0/Download/.pending-1723263459-fnaf2 aptoide.apk (deleted)
Filesize
541KB

MD5
f28af430e642d139b2132c37587a6eed

SHA1
88ffee4bf68949e923c7faf1427ad4d01d4e4d63

SHA256
03219f86a80911c4cb92e7cc6f18dd2f006d38e43cbfccc3e5f389ea03686adb

SHA512
8f995503125695e92cc74b7d2786110925b05457b9f5f461ebcfaf35bac533b0596eacb6bc4dee2ba8fc6e76463f2f4e0e8d853840008ba5fc3be8721d4f2354

Download Submit