wipelock | a57cd5e6da100b43b807552f98fc2ff97308ca4b777656e7cc3c8146781f8003

Resubmissions

04-08-2024 10:32

04-08-2024 08:13

03-08-2024 04:16

03-08-2024 04:14

max time kernel
285s
max time network
349s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
04-08-2024 08:13

Target

fnaf2+aptoide.html
Size

11KB
MD5

195bf5601ee1ca1974d4b9260215c604
SHA1

d864e3fefa7b0d4bbce2dccd06403ea24b6cf1ad
SHA256

a57cd5e6da100b43b807552f98fc2ff97308ca4b777656e7cc3c8146781f8003
SHA512

1a4b09be1a6be945f3c9dbabe23127fa0ef7663f8b352fa26fe6b1036cc51a60aee58d23edf60a9e9ea9e178b172def488d6c602205b19a0ce691ed00f987d34
SSDEEP

96:gUg6wHCR+g5UKgbbaHMLASWbDQkMbDq1WSVzD5pW72udJ6/k3bDBubKdbhS3CPHK:8HsLUiHVy8LVzD5pW7229Iy7HLlDn8

Score

10^/10

Wipelock
Wipelock is an Android trojan with multiple capabilities, such as wiping data, reading and sending SMS messages without the victim's knowledge.
trojan infostealer wipelock

Wipelock Android payload 1 IoCs

Processes:

resource	yara_rule
/storage/emulated/0/Download/.pending-1723364082-fnaf2 aptoide.apk	family_wipelock

Declares broadcast receivers with permission to handle system events 1 IoCs

Processes:

description	ioc
Required by device admin receivers to bind with the system. Allows apps to manage device administration features.	android.permission.BIND_DEVICE_ADMIN

Requests dangerous framework permissions 8 IoCs

Processes:

description	ioc
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to receive SMS messages.	android.permission.RECEIVE_SMS
Allows an application to send SMS messages.	android.permission.SEND_SMS
Allows an application to read SMS messages.	android.permission.READ_SMS
Allows an application to read the user's contacts data.	android.permission.READ_CONTACTS
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an application to read or write the system settings.	android.permission.WRITE_SETTINGS

Checks CPU information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

com.android.chrome

description ioc process

File opened for read /proc/cpuinfo com.android.chrome
Checks memory information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

com.android.chrome

description ioc process

File opened for read /proc/meminfo com.android.chrome

description	ioc	process
File opened for read	/proc/cpuinfo	com.android.chrome

description	ioc	process
File opened for read	/proc/meminfo	com.android.chrome

com.android.chrome
1⤵
- Checks CPU information
- Checks memory information
PID:4301

/storage/emulated/0/Download/.pending-1723364082-fnaf2 aptoide.apk
Filesize
549KB

MD5
ae820287dc6569612a633bcc117edd99

SHA1
7f5473a9ea4a7b62cc28197ae29404e54c51b1ce

SHA256
4100a80aaca087183918975f93f2702b3df24b7e604b52908aea209ad88e67c0

SHA512
47e8b5d36b6de7c693acf3365171c8b1ef8ce82dc4457c6c7c898b79a7fb97020ada45401f95c2113becc3514905d8779c60811986788f221128fe63d5f55a35

Download Submit
/storage/emulated/0/Download/.pending-1723364082-fnaf2 aptoide.apk (deleted)
Filesize
701KB

MD5
331e4f99d41d7db1cc44be5b727f33a1

SHA1
6f564ab9b37defde856000d560bea1302d8eb0f5

SHA256
a5d19591866152c85880ef57e2c4032a68cf2415533b1e2fc6ff155dab7a53e3

SHA512
4c0b621dde0618f1d65d71105079d004bd0663f6bfbc0100742db3d6e4bb337e621055c3f2f5dff0d5e515150ed5406dd8d7d0436489656f9d9d22466678ae4f

Download Submit