Analysis Overview
Threat Level: Known bad
The file https://web.archive.org/web/20230706214541/https://download1587.mediafire.com/t1vdad3xufngg6CCX1k5jtiFJ0YYnHArLuX2ldpUW45Y7C5_ICaaMoj15-uYrQ6IH4D6uZD0Xn-dcHnvDAXCw1fpmTc_0gQtEgldscAvESOiKjQXCpk1VPUISW0N9EJwVOMwZfG74yKr06krisXQH9u4s95Hp7LFqY-oMYQYAG2yBcY/12o45hf43lvv6az/fnaf2+aptoide.apk was found to be: Known bad.
Malicious Activity Summary
Wipelock
Wipelock Android payload
Declares broadcast receivers with permission to handle system events
Requests dangerous framework permissions
Checks memory information
Checks CPU information
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-06 18:31
Signatures
Analysis: behavioral3
Detonation Overview
Submitted
2024-08-06 18:31
Reported
2024-08-06 18:35
Platform
android-x64-arm64-20240624-en
Max time kernel
132s
Max time network
165s
Command Line
Signatures
Wipelock
Wipelock Android payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Declares broadcast receivers with permission to handle system events
| Description | Indicator | Process | Target |
| Required by device admin receivers to bind with the system. Allows apps to manage device administration features. | android.permission.BIND_DEVICE_ADMIN | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read or write the system settings. | android.permission.WRITE_SETTINGS | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.206:443 | tcp | |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.180.14:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | web.archive.org | udp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| GB | 74.125.71.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | web.archive.org | udp |
| US | 207.241.237.3:443 | web.archive.org | tcp |
| GB | 74.125.71.84:443 | accounts.google.com | tcp |
| US | 207.241.237.3:443 | web.archive.org | tcp |
| US | 207.241.237.3:443 | web.archive.org | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.187.232:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | archive.org | udp |
| US | 1.1.1.1:53 | web-static.archive.org | udp |
| US | 207.241.224.2:443 | archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 1.1.1.1:53 | wayback-api.archive.org | udp |
| US | 207.241.224.2:443 | archive.org | tcp |
| US | 207.241.237.8:443 | wayback-api.archive.org | tcp |
| US | 1.1.1.1:53 | athena.archive.org | udp |
| US | 207.241.225.195:443 | athena.archive.org | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 142.250.179.227:443 | update.googleapis.com | tcp |
| GB | 142.250.179.228:443 | tcp | |
| GB | 142.250.179.228:443 | tcp | |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| US | 1.1.1.1:53 | web.archive.org | udp |
| US | 1.1.1.1:53 | web.archive.org | udp |
| US | 1.1.1.1:53 | web.archive.org | udp |
| US | 207.241.237.3:443 | web.archive.org | tcp |
Files
/storage/emulated/0/Download/.pending-1723573929-fnaf2 aptoide.apk (deleted)
| MD5 | 02d0af2e4cc5ab32680fc925c317ab52 |
| SHA1 | 1b60df6df7f6d8cadc4f45e90cd342d7a96b6333 |
| SHA256 | 42bb9bfd9df3b9bea58b86da927e0feb6abb79f8893feac6a3708ea772bab4f8 |
| SHA512 | 3778057d834ea013e15d962c373182faad1f0e5d4a1c4929a20aa4c8f9a74cdc0ed3df6e9915ebc3305237c688975c9645e65449fb3916f834f05dbf67559c56 |
/storage/emulated/0/Download/.pending-1723573929-fnaf2 aptoide.apk
| MD5 | 0741df517d4ec32497edc0b83ac8c9a4 |
| SHA1 | 46da1293e08c032d527a8b28255bafa6fd6bc242 |
| SHA256 | 566fb12031042c5f04d796471f9f640fdcdc103320fb5ce657102f71173acc9a |
| SHA512 | dc217074e405938841ee909821fa217f62bd2de733b0a3c82ca0b46b7ed186d3421f46088ee3e2855e947b465576e85d56cc9f4ae172d95cb8fb0ccdf4215d14 |
files/dom-0.html
| MD5 | 834a7b4679cd8f67f473b44946a7a23d |
| SHA1 | b38c69720e6e65aad514ecdfcac92feedf6f3386 |
| SHA256 | 258693f9cef8604131d97a938ac7371e24fcbd38a9f0dcd89bf9c89cc8ad5f55 |
| SHA512 | db153f3115ad2d4d5ab223e4e954ca2dc56ca4f6c30a407ffae0b44350fa8d19102ad4795975f887012697b71f1d17ef0bbe10f8af63faf3460ebf71c3595fe5 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-06 18:31
Reported
2024-08-06 18:33
Platform
android-x86-arm-20240624-en
Max time kernel
115s
Max time network
110s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | web.archive.org | udp |
| US | 207.241.237.3:443 | web.archive.org | tcp |
| US | 207.241.237.3:443 | web.archive.org | tcp |
| US | 1.1.1.1:53 | archive.org | udp |
| US | 1.1.1.1:53 | web-static.archive.org | udp |
| US | 207.241.224.2:443 | archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 1.1.1.1:53 | wayback-api.archive.org | udp |
| US | 207.241.224.2:443 | archive.org | tcp |
| US | 207.241.237.8:443 | wayback-api.archive.org | tcp |
| US | 1.1.1.1:53 | athena.archive.org | udp |
| US | 207.241.225.195:443 | athena.archive.org | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 216.58.212.227:443 | update.googleapis.com | tcp |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.46:443 | android.apis.google.com | tcp |
| GB | 216.58.204.74:443 | tcp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| GB | 172.217.169.10:443 | semanticlocation-pa.googleapis.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.200.4:443 | www.google.com | udp |
| GB | 142.250.200.4:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
Files
/storage/emulated/0/Download/.com.google.Chrome.sOS64Q
| MD5 | 8ae370494e539291344925e9a7c6598c |
| SHA1 | 80622cc6583048548393185992b74eceb7f0e7eb |
| SHA256 | a4ba493fa425d42ea933514b8e4bba225cfaffdba89c3bc963cc2ea823d32874 |
| SHA512 | 09bc5e711e440fcc779ec547721670af33c9052f980996eb22907cf12fa057c5cab8cfeaa6d7230001c6d1d6c786651761ee3687668466c34a4246cbdd3e17a5 |
/storage/emulated/0/Download/Unconfirmed 772431.crdownload
| MD5 | 06d47ef8c6b95dc181787d9d37f22c83 |
| SHA1 | 9603c192e78f1891bd4a054045e71b5ae512b461 |
| SHA256 | 913637f82603e242655ac10278e87f3b21366dad40c09dded407d7bb5d21b175 |
| SHA512 | 0a42894d2c0c7f55570ea9a426037beadc99a529cd8aa6bd78db8c52e5a09343b9baf9378caad7bf076db448d72c0a24ce6fb328858b31bf1f4237ca8d45c51a |
files/dom-0.html
| MD5 | 53a3f02a3b5f01b07ad7078b8e2a5b1c |
| SHA1 | 2f3fef9858b448ee1f0279b60cce101c2c19854b |
| SHA256 | bd6f177e7b82a7b8facf4c06df031b042416c63c2a7684b5ef6e7d838fec0d5d |
| SHA512 | 2034124f3b2ed1634f661e138938676d52bb291ffd4c55d1093e31230527706e10083b342107f7275c5685673f91642b6244658f7706da2df9ff0407cfddff94 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-08-06 18:31
Reported
2024-08-06 18:35
Platform
android-x64-20240624-en
Max time kernel
116s
Max time network
174s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 64.233.184.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | web.archive.org | udp |
| US | 207.241.237.3:443 | web.archive.org | tcp |
| US | 207.241.237.3:443 | web.archive.org | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.178.8:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | archive.org | udp |
| US | 1.1.1.1:53 | web-static.archive.org | udp |
| US | 1.1.1.1:53 | archive.org | udp |
| US | 1.1.1.1:53 | web-static.archive.org | udp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 1.1.1.1:53 | archive.org | udp |
| US | 207.241.224.2:443 | archive.org | tcp |
| US | 207.241.224.2:443 | archive.org | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 172.217.16.227:443 | update.googleapis.com | tcp |
| US | 1.1.1.1:53 | wayback-api.archive.org | udp |
| US | 207.241.224.2:443 | archive.org | tcp |
| US | 207.241.237.8:443 | wayback-api.archive.org | tcp |
| US | 1.1.1.1:53 | athena.archive.org | udp |
| US | 207.241.225.195:443 | athena.archive.org | tcp |
| GB | 142.250.179.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.46:443 | android.apis.google.com | tcp |
| GB | 172.217.16.234:443 | tcp | |
| GB | 142.250.179.228:443 | tcp | |
| GB | 142.250.179.228:443 | tcp |
Files
/storage/emulated/0/Android/data/com.android.chrome/files/Download/Unconfirmed 749865.crdownload
| MD5 | dc98efd71997adb619bfc6e09b3df258 |
| SHA1 | 50d0d722d4af4a863a19749dd7ef680c67662aa2 |
| SHA256 | d6c670c7a27105f082108d89c6d6b983bdeba6cef36d357b2c4c2bfbc4189aab |
| SHA512 | 1903987f5cd074bb672cf335442178a0820bce6e02dc5a04bbbd894c2048bcb068c85e6cefd3663bd0505a20c0651dcfcbb60760f2c5744e344af6f7a627ade7 |
files/dom-0.html
| MD5 | 76bc33678b59d885c594562c7982013c |
| SHA1 | 5a8af5b937b8e66a18b193d390f4d454e0975892 |
| SHA256 | afeb3e590e043e97ab3e0f6c729763fecc78aae84e4763c0937eedc69c41a1d2 |
| SHA512 | 3258511179e3f5ebabe6277b38d4a2ab14cc28d53a31e1442a09503fb6b7de24bcaf8c1c8de60faca1c303190d1218e2aef8448ee5777a7938da71b97be3b2ce |