Analysis Overview
Threat Level: Known bad
The file https://web.archive.org/web/20230706214541/https://download1587.mediafire.com/t1vdad3xufngg6CCX1k5jtiFJ0YYnHArLuX2ldpUW45Y7C5_ICaaMoj15-uYrQ6IH4D6uZD0Xn-dcHnvDAXCw1fpmTc_0gQtEgldscAvESOiKjQXCpk1VPUISW0N9EJwVOMwZfG74yKr06krisXQH9u4s95Hp7LFqY-oMYQYAG2yBcY/12o45hf43lvv6az/fnaf2+aptoide.apk was found to be: Known bad.
Malicious Activity Summary
Wipelock
Wipelock Android payload
Declares broadcast receivers with permission to handle system events
Requests dangerous framework permissions
Checks CPU information
Checks memory information
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-04 16:05
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-08-04 16:05
Reported
2024-08-04 17:22
Platform
android-x64-20240624-en
Max time kernel
1769s
Max time network
1793s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 74.125.133.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | web.archive.org | udp |
| US | 207.241.237.3:443 | web.archive.org | tcp |
| US | 207.241.237.3:443 | web.archive.org | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 216.58.201.104:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | archive.org | udp |
| US | 207.241.224.2:443 | archive.org | tcp |
| US | 1.1.1.1:53 | web-static.archive.org | udp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 1.1.1.1:53 | wayback-api.archive.org | udp |
| US | 207.241.224.2:443 | archive.org | tcp |
| US | 207.241.237.8:443 | wayback-api.archive.org | tcp |
| US | 1.1.1.1:53 | athena.archive.org | udp |
| US | 207.241.225.195:443 | athena.archive.org | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 142.250.178.3:443 | update.googleapis.com | tcp |
| GB | 142.250.179.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.14:443 | android.apis.google.com | tcp |
| GB | 142.250.179.228:443 | tcp | |
| GB | 142.250.179.228:443 | tcp | |
| GB | 216.58.212.227:443 | tcp | |
| GB | 172.217.169.74:443 | tcp | |
| GB | 142.250.200.34:443 | tcp | |
| GB | 216.58.212.227:443 | tcp | |
| GB | 216.58.212.227:443 | tcp | |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 142.250.200.35:443 | update.googleapis.com | tcp |
| GB | 216.58.204.78:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.201.110:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| BE | 108.177.15.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.200.4:443 | www.google.com | tcp |
Files
/storage/emulated/0/Android/data/com.android.chrome/files/Download/Unconfirmed 849321.crdownload
| MD5 | dc98efd71997adb619bfc6e09b3df258 |
| SHA1 | 50d0d722d4af4a863a19749dd7ef680c67662aa2 |
| SHA256 | d6c670c7a27105f082108d89c6d6b983bdeba6cef36d357b2c4c2bfbc4189aab |
| SHA512 | 1903987f5cd074bb672cf335442178a0820bce6e02dc5a04bbbd894c2048bcb068c85e6cefd3663bd0505a20c0651dcfcbb60760f2c5744e344af6f7a627ade7 |
files/dom-0.html
| MD5 | be13aef92617f11e06868e34dd03d7f2 |
| SHA1 | 70214bdd21058c225b69458bd397438a2e264762 |
| SHA256 | 03915f9532cc41b217cfb5f51a7b864a6ba0eb881219facc26e0960168e0e47a |
| SHA512 | a378205fc68b715b416cfabcb6a9aa3d1ae140a9dc7f956d9823a33edd0b01d48ebb38182d337cce60bcc50c636f90ebf97eb3c225997d6c37689d26291c4df2 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-08-04 16:05
Reported
2024-08-04 17:22
Platform
android-x64-arm64-20240624-en
Max time kernel
1805s
Max time network
1827s
Command Line
Signatures
Wipelock
Wipelock Android payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Declares broadcast receivers with permission to handle system events
| Description | Indicator | Process | Target |
| Required by device admin receivers to bind with the system. Allows apps to manage device administration features. | android.permission.BIND_DEVICE_ADMIN | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read or write the system settings. | android.permission.WRITE_SETTINGS | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.180.14:443 | tcp | |
| GB | 142.250.180.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.46:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | web.archive.org | udp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| GB | 173.194.76.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 74.125.206.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | web.archive.org | udp |
| US | 207.241.237.3:443 | web.archive.org | tcp |
| US | 1.1.1.1:53 | archive.org | udp |
| US | 1.1.1.1:53 | web-static.archive.org | udp |
| US | 207.241.224.2:443 | archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.180.8:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | wayback-api.archive.org | udp |
| US | 207.241.224.2:443 | archive.org | tcp |
| US | 207.241.237.8:443 | wayback-api.archive.org | tcp |
| US | 1.1.1.1:53 | athena.archive.org | udp |
| US | 207.241.225.195:443 | athena.archive.org | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 142.250.180.3:443 | update.googleapis.com | tcp |
| GB | 142.250.179.228:443 | tcp | |
| GB | 142.250.179.228:443 | tcp | |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 142.250.187.227:443 | update.googleapis.com | tcp |
| US | 1.1.1.1:53 | web.archive.org | udp |
| US | 1.1.1.1:53 | web.archive.org | udp |
| US | 207.241.237.3:443 | web.archive.org | tcp |
| GB | 142.250.187.227:443 | update.googleapis.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.212.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 216.58.212.228:443 | www.google.com | tcp |
| GB | 172.217.169.78:443 | tcp |
Files
/storage/emulated/0/Download/.pending-1723395116-fnaf2 aptoide.apk (deleted)
| MD5 | 02d0af2e4cc5ab32680fc925c317ab52 |
| SHA1 | 1b60df6df7f6d8cadc4f45e90cd342d7a96b6333 |
| SHA256 | 42bb9bfd9df3b9bea58b86da927e0feb6abb79f8893feac6a3708ea772bab4f8 |
| SHA512 | 3778057d834ea013e15d962c373182faad1f0e5d4a1c4929a20aa4c8f9a74cdc0ed3df6e9915ebc3305237c688975c9645e65449fb3916f834f05dbf67559c56 |
/storage/emulated/0/Download/.pending-1723395116-fnaf2 aptoide.apk
| MD5 | 0741df517d4ec32497edc0b83ac8c9a4 |
| SHA1 | 46da1293e08c032d527a8b28255bafa6fd6bc242 |
| SHA256 | 566fb12031042c5f04d796471f9f640fdcdc103320fb5ce657102f71173acc9a |
| SHA512 | dc217074e405938841ee909821fa217f62bd2de733b0a3c82ca0b46b7ed186d3421f46088ee3e2855e947b465576e85d56cc9f4ae172d95cb8fb0ccdf4215d14 |
files/dom-0.html
| MD5 | ce4846fcb8867259f793576419b1529f |
| SHA1 | 0148a095c9d90b50178fb0f21a6bfe5a64b831fc |
| SHA256 | fa163c8cf55a4036c8bc717c2f41a47f3aaa1e597a06c5bf21daa95de5a237b7 |
| SHA512 | 501492bbb02ba4b0d7e251500d39e0f0713476341d8ebdf6f150cff11964e6f85cb3cf8403aea282bf8284cb9295590ea7de2ce2278c68385c8b888e9d464362 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-04 16:05
Reported
2024-08-04 17:22
Platform
android-x86-arm-20240624-en
Max time kernel
1662s
Max time network
1830s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | web.archive.org | udp |
| US | 207.241.237.3:443 | web.archive.org | tcp |
| US | 207.241.237.3:443 | web.archive.org | tcp |
| US | 1.1.1.1:53 | archive.org | udp |
| US | 1.1.1.1:53 | web-static.archive.org | udp |
| US | 207.241.224.2:443 | archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 1.1.1.1:53 | wayback-api.archive.org | udp |
| US | 207.241.224.2:443 | archive.org | tcp |
| US | 207.241.237.8:443 | wayback-api.archive.org | tcp |
| US | 1.1.1.1:53 | athena.archive.org | udp |
| US | 207.241.225.195:443 | athena.archive.org | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 142.250.180.3:443 | update.googleapis.com | tcp |
| GB | 142.250.200.46:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.201.110:443 | android.apis.google.com | tcp |
| GB | 216.58.213.10:443 | tcp | |
| GB | 142.250.187.227:80 | tcp | |
| GB | 216.58.204.68:443 | tcp | |
| GB | 172.217.169.34:443 | tcp | |
| GB | 142.250.200.46:443 | tcp | |
| GB | 142.250.178.3:443 | tcp | |
| GB | 142.250.178.3:443 | tcp | |
| GB | 142.250.200.46:443 | tcp | |
| GB | 142.250.178.3:443 | tcp | |
| GB | 142.250.178.3:443 | tcp | |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 216.58.204.67:443 | update.googleapis.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.14:443 | android.apis.google.com | tcp |
| BE | 74.125.71.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.180.14:443 | tcp |
Files
files/dom-0.html
| MD5 | 1a819e5222381875a9e07400790ebd73 |
| SHA1 | d906e6e442671fd6c074f51ec06d564dfd1bd412 |
| SHA256 | 12e515b169b88ff556729395bee11fe603d058f0211bc9dd972275bb27b5d949 |
| SHA512 | 6ab91248336e838444939873a49d66b7da81e04af3a52d12bde4393d10c555bc2df9e079db28d0502e2b0dc82e75461c634bd0dfedd0369de27654bedb6a1ccc |