wipelock | a57cd5e6da100b43b807552f98fc2ff97308ca4b777656e7cc3c8146781f8003

Resubmissions

04-08-2024 10:32

240804-mle15atbkm 1

04-08-2024 08:13

240804-j4shds1ajl 10

03-08-2024 04:16

240803-ev3jsaxfpe 10

03-08-2024 04:14

240803-et3hdsxfmf 1

Analysis

max time kernel
166s
max time network
184s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
03-08-2024 04:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fnaf2+aptoide.html
Size

11KB
MD5

195bf5601ee1ca1974d4b9260215c604
SHA1

d864e3fefa7b0d4bbce2dccd06403ea24b6cf1ad
SHA256

a57cd5e6da100b43b807552f98fc2ff97308ca4b777656e7cc3c8146781f8003
SHA512

1a4b09be1a6be945f3c9dbabe23127fa0ef7663f8b352fa26fe6b1036cc51a60aee58d23edf60a9e9ea9e178b172def488d6c602205b19a0ce691ed00f987d34
SSDEEP

96:gUg6wHCR+g5UKgbbaHMLASWbDQkMbDq1WSVzD5pW72udJ6/k3bDBubKdbhS3CPHK:8HsLUiHVy8LVzD5pW7229Iy7HLlDn8

Score

10^/10

wipelock infostealer trojan

Malware Config

Signatures

Wipelock
Wipelock is an Android trojan with multiple capabilities, such as wiping data, reading and sending SMS messages without the victim's knowledge.
trojan infostealer wipelock

Wipelock Android payload 1 IoCs

resource	yara_rule
behavioral3/files/fstream-5.dat	family_wipelock

Declares broadcast receivers with permission to handle system events 1 IoCs

description	ioc
Required by device admin receivers to bind with the system. Allows apps to manage device administration features.	android.permission.BIND_DEVICE_ADMIN

Requests dangerous framework permissions 8 IoCs

description	ioc
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to receive SMS messages.	android.permission.RECEIVE_SMS
Allows an application to send SMS messages.	android.permission.SEND_SMS
Allows an application to read SMS messages.	android.permission.READ_SMS
Allows an application to read the user's contacts data.	android.permission.READ_CONTACTS
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an application to read or write the system settings.	android.permission.WRITE_SETTINGS

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.android.chrome

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.android.chrome

com.android.chrome
1⤵
- Checks CPU information
- Checks memory information
PID:4259

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/storage/emulated/0/Download/.pending-1723263459-fnaf2 aptoide.apk

Filesize
549KB

MD5
743ae762afa19ec3862caf1747a0a520

SHA1
41686484e6b8c0038dd574e74f78ae8890efd84d

SHA256
0a87854528f9086dc46f4ddd0fba4f053610d696f7d93d9289064970b73d8f51

SHA512
1f6e266741a2675a586ad54465b67dd580e91ca2ca02eea0537b59353c28677271222d82bf863ae2854742d23b9f5f14d954d1121f60b81f6293f27d65077555

Download Submit
/storage/emulated/0/Download/.pending-1723263459-fnaf2 aptoide.apk (deleted)

Filesize
541KB

MD5
f28af430e642d139b2132c37587a6eed

SHA1
88ffee4bf68949e923c7faf1427ad4d01d4e4d63

SHA256
03219f86a80911c4cb92e7cc6f18dd2f006d38e43cbfccc3e5f389ea03686adb

SHA512
8f995503125695e92cc74b7d2786110925b05457b9f5f461ebcfaf35bac533b0596eacb6bc4dee2ba8fc6e76463f2f4e0e8d853840008ba5fc3be8721d4f2354

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads