wipelock | hxxps://web[.]archive[.]org/web/20230706214541/hxxps://download1587[.]mediafire[.]com/t1vdad3xufngg6CCX1k5jtiFJ0YYnHArLuX2ldpUW45Y7C5_ICaaMoj15-uYrQ6IH4D6uZD0Xn-dcHnvDAXCw1fpmTc_0gQtEgldscAvESOiKjQXCpk1VPUISW0N9EJwVOMwZfG74yKr06krisXQH9u4s95Hp7LFqY-oMYQYAG2yBcY/12o45hf43lvv6az/fnaf2+aptoide[.]apk

Analysis

max time kernel
18s
max time network
28s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
04-08-2024 08:10

Target

https://web.archive.org/web/20230706214541/https://download1587.mediafire.com/t1vdad3xufngg6CCX1k5jtiFJ0YYnHArLuX2ldpUW45Y7C5_ICaaMoj15-uYrQ6IH4D6uZD0Xn-dcHnvDAXCw1fpmTc_0gQtEgldscAvESOiKjQXCpk1VPUISW0N9EJwVOMwZfG74yKr06krisXQH9u4s95Hp7LFqY-oMYQYAG2yBcY/12o45hf43lvv6az/fnaf2+aptoide.apk

Score

10^/10

Wipelock
Wipelock is an Android trojan with multiple capabilities, such as wiping data, reading and sending SMS messages without the victim's knowledge.
trojan infostealer wipelock

Wipelock Android payload 1 IoCs

Processes:

resource	yara_rule
/storage/emulated/0/Download/.pending-1723363882-fnaf2 aptoide.apk	family_wipelock

Declares broadcast receivers with permission to handle system events 1 IoCs

Processes:

description	ioc
Required by device admin receivers to bind with the system. Allows apps to manage device administration features.	android.permission.BIND_DEVICE_ADMIN

Requests dangerous framework permissions 8 IoCs

Processes:

description	ioc
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to receive SMS messages.	android.permission.RECEIVE_SMS
Allows an application to send SMS messages.	android.permission.SEND_SMS
Allows an application to read SMS messages.	android.permission.READ_SMS
Allows an application to read the user's contacts data.	android.permission.READ_CONTACTS
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an application to read or write the system settings.	android.permission.WRITE_SETTINGS

Checks CPU information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

com.android.chrome

description ioc process

File opened for read /proc/cpuinfo com.android.chrome
Checks memory information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

com.android.chrome

description ioc process

File opened for read /proc/meminfo com.android.chrome

description	ioc	process
File opened for read	/proc/cpuinfo	com.android.chrome

description	ioc	process
File opened for read	/proc/meminfo	com.android.chrome

com.android.chrome
1⤵
- Checks CPU information
- Checks memory information
PID:4471

/storage/emulated/0/Download/.pending-1723363882-fnaf2 aptoide.apk
Filesize
549KB

MD5
e6ce1cfb216674cb596755aa9d140d8c

SHA1
2382796c65e281be4fa6078e59aeaaa64eaa89a7

SHA256
1b657f86ede3cabddbeee5ebcd6460c052f87d285f550cadff84cd39be01faf7

SHA512
f8d0461d2664030818103559b3cda3ac857cb921dbb78c18f95a85c1aa2220705bb2db7c22e3c06f39a60f088eeaa477bc56920c2597270829a1e5277126c5f1

Download Submit
/storage/emulated/0/Download/.pending-1723363882-fnaf2 aptoide.apk (deleted)
Filesize
541KB

MD5
0e7a5b3a6fb5d5339f3ec3e794c2257d

SHA1
094b3330492d4eafb300e69bceb5b805880e343e

SHA256
e0c034d01500e99c4c57867a72ff09ef230ff7572d4bd3f58bacbb704e4c408b

SHA512
b405f3047ac8e3f9f5b58110ba7ed3addd1b8bfd5539ad9681689ad238ff6c3c0628661002a9ac5430b33ccf2078b683fec97344232dcc5c7838c3b5013b1cd7

Download Submit