529db9024ac270087cef13924eb2f4a0a47e9f10a8bcb62c77c84d7b9ab776fd

Analysis

max time kernel
6s
max time network
136s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
09/08/2024, 07:24

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

GBWhatsApp_v37.00_Developer_Abu_Arab.apk
Size

82.6MB
MD5

9e03bef6b8add72146097db67439c300
SHA1

662ac27678390b72e20aa9c8861e5103371b1aa7
SHA256

529db9024ac270087cef13924eb2f4a0a47e9f10a8bcb62c77c84d7b9ab776fd
SHA512

643c9360e99e9a2ea56161d0a0af458d74d53246fd102be989d7e063d1b91d95eb80a1d9408ab4dfb94949c784a031443b230108bc10e94a2972534641393f21
SSDEEP

1572864:Stm6F5vMmOTRS8FuPbrT9lQHMejaYVPapJHVrUVxDtH:SVFJqyPbrT2MQa4QVrUVz

Score

7^/10

discovery evasion

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/system_ext/framework/androidx.window.sidecar.jar	4491	com.gbwhatsapp
/system_ext/framework/androidx.window.sidecar.jar	4491	com.gbwhatsapp

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.gbwhatsapp

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.gbwhatsapp

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.gbwhatsapp

com.gbwhatsapp
1⤵
- Loads dropped Dex/Jar
- Acquires the wake lock
- Queries information about active data network
- Checks memory information
PID:4491

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.gbwhatsapp/databases/BTOR.DB

Filesize
20KB

MD5
0618ac070d3d6310bf93d308bf221ee1

SHA1
4af3cfaeca579d0451e25541b6269689f0e446e9

SHA256
dd98241974487ce11a331a28a6eafb2f01b7eeb50ab579af07fce08ad6b076d5

SHA512
d355d807e6a8e48264cd5b372f8b434133532a8e366f38a546c4e8de54fa125d1281d73bbf246aed3cca75ced39d70cb20c2a8b4a134d09ad3e7c35344a3a93f

Download Submit
/data/data/com.gbwhatsapp/databases/BTOR.DB-journal

Filesize
512B

MD5
39a461e0a779d645d16d10f37f5fb432

SHA1
465bd3db357d2c03d990a17297125118ae26141a

SHA256
9f630ccd4d7726773a63aa981c43337f5eb2d735a3eed32c56e8898f7090dcbf

SHA512
8bfe9a4f43ad9f2ef9deebae2949278dde126a7f0be5a8e61d04330d8e2530292618549c8af085407755d1da75602721b0d8a9382a7134c3d66de92d4025a834

Download Submit
/data/data/com.gbwhatsapp/databases/BTOR.DB-journal

Filesize
8KB

MD5
ab225a357093fe9cedf74602607ab0ea

SHA1
8323754aefcb5e23a01fc96546c4fc3d6ba37918

SHA256
f0eebde867db3bc28208eb2fd56e02bb7ef3c36f76c51fcf5d26465c1a3951f7

SHA512
e7dcd5b0a40ae18039237e57749fa71ab5a3ef28a99b0c863d60d537d55d6f40a4d0a5706daac07be7d67a75f74d23000b2fe199a38aeb02283f8f7401b80716

Download Submit
/data/data/com.gbwhatsapp/databases/BTOR.DB-journal

Filesize
8KB

MD5
2b045a7872c2d477e5a9e940c53b77a2

SHA1
cea3fb79a1b2c470e5bfa6b98c0385cc5d548de6

SHA256
179eccd10bdc0b8b9a2d72f909b1ccb178e58f70d81743903d8f1521c84c5b89

SHA512
0182bf95f332f8952063b1c71cac9466822981ef51f90686586b2ed1679fd258700dc80e5ea87367d6eeba9b343b644e42b2540fc5b399e0815e711550fd35c5

Download Submit
/data/data/com.gbwhatsapp/databases/EHS.DB

Filesize
20KB

MD5
d982b1c1329f068bbbfacc27cf733ea1

SHA1
c8bfee353ce9fa381460ce2b9bff84beb42e1ade

SHA256
9e395623e7b156745bf31034c702e0522e69e23c498714f9013011b531d347d2

SHA512
af9e8ade7f94b6437ea74035caded807e969af322514e278d0a8a91860c06cb6cf1ba1e1923a174cc6df4a309fdf78061c96fc1cdaaca0a103565ec69e34bafe

Download Submit
/data/data/com.gbwhatsapp/databases/EHS.DB-journal

Filesize
512B

MD5
3cf797252478538de84d505ef04a9689

SHA1
8e0a987c2bc8dfca7ee894d493d0bb98421d8e73

SHA256
c9cd1163ef781d0b1034a033d0319448ea53137272f806af5dd67fe3bf4a7d4c

SHA512
1da4cb705e7eb8690d9fe4e15dc18728ee14737eb545c13841ec883bd7b6b19c3f7e3be20013047716143caa7429fd5de0a8fba6191c07f3507aa952833ee72a

Download Submit
/data/data/com.gbwhatsapp/databases/EHS.DB-journal

Filesize
8KB

MD5
60658763bf16e92ec26dadf658813b6e

SHA1
e7802083beda513c1ff2034b76a449e48102e8b0

SHA256
10e0ddbb08c928ffc422c3fe5dba887afcaecf52bea306971b52001b36e3b5d6

SHA512
0f2d5cb3ea29e6822a8cd3539cbb330f82680c1fb3b29e70e58b86c1436a0ea3dcae0ddaa4d9c49a1b8dda145628ebd9f80c2aff77dad0b89b3119d3e4f5a662

Download Submit
/data/data/com.gbwhatsapp/databases/EHS.DB-journal

Filesize
8KB

MD5
6131b6eeef3345dbfd4f3628d60b1912

SHA1
43ae1047e7e7848084b95573f0ae36d44269d8b5

SHA256
ef5477c2a6394bf100ad12fc19890465ddfaf3480e55c8c60ce55a34e9872e53

SHA512
6aa9c1577e77660962ae612d91e4cb8985cb6e0bdd3fb80012dcb70f4abfe95278737cc0aecae483a13a78cd403f34b7fce90e6129cb4a170a9e617a18407e35

Download Submit
/data/data/com.gbwhatsapp/files/Logs/whatsapp.log

Filesize
5KB

MD5
e0d54da732e68d257c9d5b7f9cb97319

SHA1
d54d4f63352241b71258e7f45de2cf3c2d28a394

SHA256
4b7246c7c9edabb229bc0536dc5956ab9bd3f596d8d53649157479cc8b85cbc6

SHA512
cb6a0ebe4130960894739456e07e7affefdb24ec8d508a1a2482d42eda71133d7f48852f1c4c50bc803cd5777a2608460df25c1e52edc87a747f1b1045877ebf

Download Submit
/data/data/com.gbwhatsapp/files/decompressed/libs.spo/.superpack_version

Filesize
30B

MD5
7bd9e8460d3a1ce16c568c3308df9665

SHA1
67363c9a7d8f46eaf6533b9a63101217cd98c7df

SHA256
7b2075c28956032e52df16326796de66733dfde56b2d70c5d82c401d951eeef6

SHA512
392a1d92a05d29844cb29c4a8983aeb79bab61df2fbc03edfeda591cd0e24c322eaa44cf0d8c53d101e1506c921feaf4658b2dbcb8d5da9ffd6c463c52701375

Download Submit
/data/data/com.gbwhatsapp/lib-main/dso_deps

Filesize
384B

MD5
ec25c15a8c8b3cf62d4fb0143082d47e

SHA1
2772e6e4aeee14128ac9a40dd085292bc1e1afbb

SHA256
df4d74e23141794d4c9e68d5534b4789032dc34177410199da3dfa367d63c5ae

SHA512
8f4c9c3b848c4c097f5edbfe8a0964a74770e4548e03acd1b6a84cc3789235567d83fd2905bfa008b84f9e96ac87e2141ed76fccc9612fb4e053532aecdf2123

Download Submit
/data/data/com.gbwhatsapp/lib-main/dso_manifest

Filesize
5B

MD5
c06857e9ea338f3f3a24bb78f8fbdf6f

SHA1
c5a0a2529d2deb60fec041b4fbd722a2ebe31702

SHA256
957b88b12730e646e0f33d3618b77dfa579e8231e3c59c7104be7165611c8027

SHA512
29f61516876c25379a7bf4faa2b3ca6f6b53eac90e7de47671fec4a818d51441b4025cd7909f7c0a0d113ab6c5ff00cb3700c286bac7319185b77905feec4fb1

Download Submit
/data/data/com.gbwhatsapp/lib-main/dso_state

Filesize
1B

MD5
93b885adfe0da089cdf634904fd59f71

SHA1
5ba93c9db0cff93f52b521d7420e43f6eda2784f

SHA256
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

SHA512
b8244d028981d693af7b456af8efa4cad63d282e19ff14942c246e50d9351d22704a802a71c3580b6370de4ceb293c324a8423342557d4e5c38438f0e36910ee

Download Submit
/data/data/com.gbwhatsapp/lib-main/dso_state

Filesize
1B

MD5
55a54008ad1ba589aa210d2629c1df41

SHA1
bf8b4530d8d246dd74ac53a13471bba17941dff7

SHA256
4bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a

SHA512
7b54b66836c1fbdd13d2441d9e1434dc62ca677fb68f5fe66a464baadecdbd00576f8d6b5ac3bcc80844b7d50b1cc6603444bbe7cfcf8fc0aa1ee3c636d9e339

Download Submit
/data/data/com.gbwhatsapp/no_backup/com.google.InstanceId.properties

Filesize
63B

MD5
8e41e8b9b852807f1e7c9a5fca830f75

SHA1
b09c886a6e3dcdbefea559e0ba44b2b972ea7367

SHA256
5db1954ed6b81aa1dcb3c4f219e09e55c9de26d942c2342adb1228ddf833d76a

SHA512
23d2507e4447b607dd19ec23678ba003b5632be762e680a0083ce5953bf826bec02a449665371c23dd3484769d2f32d5c51c631e182060d3a55ab5cda8cf6cbf

Download Submit
/system_ext/framework/androidx.window.sidecar.jar

Filesize
12KB

MD5
bdf3529e80318eb14e53a5bf3720c10d

SHA1
25c9ace4b1af6e80ebb2572345972c56505969ba

SHA256
bbc8300dd1e9cd08de8f66560c1ac2c928615b72b51cef9649f88974f586d64b

SHA512
48b9c2d01171bb651b9b54826baa51f4add48431a3efd8ceb5f7cc3bcd6f8f37edf47fabb24349dd15b3a02329cd450f90a8d164bf4f8dfae554bf3b35a8a55b

Download Submit