Malware Analysis Report

2024-10-16 05:28

Sample ID 240804-j4shds1ajl
Target fnaf2+aptoide.apk
SHA256 a57cd5e6da100b43b807552f98fc2ff97308ca4b777656e7cc3c8146781f8003
Tags
wipelock infostealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

a57cd5e6da100b43b807552f98fc2ff97308ca4b777656e7cc3c8146781f8003

Threat Level: Known bad

The file fnaf2+aptoide.apk was found to be: Known bad.

Malicious Activity Summary

wipelock infostealer trojan

Wipelock

Wipelock Android payload

Declares broadcast receivers with permission to handle system events

Requests dangerous framework permissions

Checks CPU information

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-04 08:13

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-04 08:13

Reported

2024-08-04 08:20

Platform

android-x64-arm64-20240624-en

Max time kernel

285s

Max time network

349s

Command Line

com.android.chrome

Signatures

Wipelock

trojan infostealer wipelock

Wipelock Android payload

Description Indicator Process Target
N/A N/A N/A N/A

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.android.chrome

com.android.chrome

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.179.238:443 tcp
GB 142.250.179.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.201.110:443 android.apis.google.com tcp
US 1.1.1.1:53 accounts.google.com udp
GB 64.233.167.84:443 accounts.google.com tcp
US 1.1.1.1:53 accounts.google.com udp
GB 74.125.71.84:443 accounts.google.com tcp
US 1.1.1.1:53 web-static.archive.org udp
US 207.241.237.2:443 web-static.archive.org tcp
US 207.241.237.2:443 web-static.archive.org tcp
US 207.241.237.2:443 web-static.archive.org tcp
US 207.241.237.2:443 web-static.archive.org tcp
US 1.1.1.1:53 wayback-api.archive.org udp
US 1.1.1.1:53 archive.org udp
US 1.1.1.1:53 web.archive.org udp
US 207.241.237.8:443 wayback-api.archive.org tcp
US 207.241.224.2:443 archive.org tcp
US 207.241.224.2:443 archive.org tcp
US 207.241.224.2:443 archive.org tcp
US 207.241.237.3:443 web.archive.org tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.40:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 142.250.200.3:443 update.googleapis.com tcp
GB 142.250.187.196:443 tcp
GB 142.250.187.196:443 tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 142.250.187.227:443 update.googleapis.com tcp
GB 142.250.180.2:443 tcp
GB 142.250.179.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.169.14:443 android.apis.google.com tcp
US 1.1.1.1:53 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
US 1.1.1.1:53 www.google.com udp
GB 172.217.16.227:443 tcp
GB 142.250.187.228:443 www.google.com tcp
GB 142.250.187.228:443 www.google.com tcp
GB 142.250.187.228:443 www.google.com tcp
US 1.1.1.1:53 www.youtube.com udp
GB 142.250.180.14:443 www.youtube.com tcp

Files

/storage/emulated/0/Download/.pending-1723364082-fnaf2 aptoide.apk (deleted)

MD5 331e4f99d41d7db1cc44be5b727f33a1
SHA1 6f564ab9b37defde856000d560bea1302d8eb0f5
SHA256 a5d19591866152c85880ef57e2c4032a68cf2415533b1e2fc6ff155dab7a53e3
SHA512 4c0b621dde0618f1d65d71105079d004bd0663f6bfbc0100742db3d6e4bb337e621055c3f2f5dff0d5e515150ed5406dd8d7d0436489656f9d9d22466678ae4f

/storage/emulated/0/Download/.pending-1723364082-fnaf2 aptoide.apk

MD5 ae820287dc6569612a633bcc117edd99
SHA1 7f5473a9ea4a7b62cc28197ae29404e54c51b1ce
SHA256 4100a80aaca087183918975f93f2702b3df24b7e604b52908aea209ad88e67c0
SHA512 47e8b5d36b6de7c693acf3365171c8b1ef8ce82dc4457c6c7c898b79a7fb97020ada45401f95c2113becc3514905d8779c60811986788f221128fe63d5f55a35