529db9024ac270087cef13924eb2f4a0a47e9f10a8bcb62c77c84d7b9ab776fd

Analysis

max time kernel
6s
max time network
134s
platform
android_x64
resource
android-33-x64-arm64-20240624-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system
submitted
09/08/2024, 07:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

GBWhatsApp_v37.00_Developer_Abu_Arab.apk
Size

82.6MB
MD5

9e03bef6b8add72146097db67439c300
SHA1

662ac27678390b72e20aa9c8861e5103371b1aa7
SHA256

529db9024ac270087cef13924eb2f4a0a47e9f10a8bcb62c77c84d7b9ab776fd
SHA512

643c9360e99e9a2ea56161d0a0af458d74d53246fd102be989d7e063d1b91d95eb80a1d9408ab4dfb94949c784a031443b230108bc10e94a2972534641393f21
SSDEEP

1572864:Stm6F5vMmOTRS8FuPbrT9lQHMejaYVPapJHVrUVxDtH:SVFJqyPbrT2MQa4QVrUVz

Score

7^/10

discovery evasion

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 4 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/system_ext/framework/androidx.window.extensions.jar	4482	com.gbwhatsapp
/system_ext/framework/androidx.window.extensions.jar	4482	com.gbwhatsapp
/system_ext/framework/androidx.window.sidecar.jar	4482	com.gbwhatsapp
/system_ext/framework/androidx.window.sidecar.jar	4482	com.gbwhatsapp

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.gbwhatsapp

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.gbwhatsapp

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.gbwhatsapp

com.gbwhatsapp
1⤵
- Loads dropped Dex/Jar
- Acquires the wake lock
- Queries information about active data network
- Checks memory information
PID:4482

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.gbwhatsapp/databases/BTOR.DB

Filesize
20KB

MD5
6365b8be8792f9d6cdf02b86aac88673

SHA1
e9ea1b6b1db7bb348cfb63357c451215e2c016af

SHA256
63ccde4cb62894420110307fb114801ed6ea591182334a2c564187d7987648cd

SHA512
d53f6cc31df48c5ec099d7ee96465071aeffe2f1d06d0e31d9f326ebf846f72a5d4d7d1833999c5c7cbc36410a6422e0a7ea4411aaea9c75c7e55ef3eeee373c

Download Submit
/data/data/com.gbwhatsapp/databases/BTOR.DB-journal

Filesize
512B

MD5
6d87ad2d04aaa762e1e32fbe9065eab8

SHA1
e0aa929c33a020b8d968121e023d783d492d8002

SHA256
09242dec983d0108afccd1ea505a85f189a9421fa8ba891559654a735e2db4ed

SHA512
e14519b1cd6bbe7e264ad21a8baf5315c48b4766d5dbcf1a157caccf9a10ce7c3ecdaf87e4dd01424cdd90df453b6c3d59f316326e6f53301004854ff09b3abd

Download Submit
/data/data/com.gbwhatsapp/databases/BTOR.DB-journal

Filesize
8KB

MD5
d828b07f59b27cb04b61a46dfd652f76

SHA1
20bd3f3f072f9d9d444087e50a79f76e860ee446

SHA256
db26c8e431664e2779ae8515bed91153d84ad9dc4f90d2827dbb458d3794e3d5

SHA512
3e5a5d4fb37897dd5dc1f27393910e2cb46157ecba45cdafb574b180816cff5c512435300950fc7e879817361b038fe0826774d2e0976b943357870079e7d2e9

Download Submit
/data/data/com.gbwhatsapp/databases/BTOR.DB-journal

Filesize
8KB

MD5
f0a05c05c58e593b283b098afccb3b2d

SHA1
1954d57013572de28a8f7cff8c77ba321d2b2b49

SHA256
131e7a7d31e7fc57028f2d9482978b235a6568f55059f41d1b291402afcf2629

SHA512
11a1aeb4e6328e0a5242faefada1f5bbf56be1810f503b14b0813cc49c29b13781e53dd7aba147312ec9a0d3087840a8dfcf70c593d6b42bdcbbb0e3409c72ee

Download Submit
/data/data/com.gbwhatsapp/databases/EHS.DB

Filesize
20KB

MD5
b48f7ffd789fab6a4600554e8c474935

SHA1
6c6896fd3437878a91b014c74bfe2b2c83c2b4ee

SHA256
fdb4a80bb6a82170b194773754f858b74915ae61cf6995ccf149f55b167c7b28

SHA512
43802b7b7adafaba9231d0aac2fc659461c2f3f71cd0e89f5bf1ed54535866f6700364b9a42a269dba0346987cc8a47c031edf8709ee5543ff17aeab82148403

Download Submit
/data/data/com.gbwhatsapp/databases/EHS.DB-journal

Filesize
8KB

MD5
bf516fc8a5b9cf0460e7140b3427fce0

SHA1
a69bfcfadb5c1c847945d6a667266306a42cf66f

SHA256
6046d2eb079d35c2721177d6acbbd43370914e2a10b226de7ee9cd8998844e20

SHA512
5853ce43426669db0b5cbc00026ed00d57c505a4b22a6f3d4689c22cce22817422043bc0f4612c3c7cdc2b548946b782a4de552b717b351feab5879c1ec01dc5

Download Submit
/data/data/com.gbwhatsapp/databases/EHS.DB-journal

Filesize
512B

MD5
2dfc6a72224f44ba65325fa633b2cde6

SHA1
aed05b8766e5a8cb4d3c47e1cf148152eef58410

SHA256
b77e2dabaa194bdb048712a6cdf8862054b6e2b27a6c533ae8e568fcbbe0ffed

SHA512
225e2b91230d91e2c4b386daa020b6b3070a63a3cc77488504b60d9091f8e69c874f2585c89301e99c3976dd2ffb4541242bcaa71d9fb7dff07aca1c1497872a

Download Submit
/data/data/com.gbwhatsapp/databases/EHS.DB-journal

Filesize
8KB

MD5
65696e0e5fe13aa032469aef50dc9557

SHA1
62802ea4acf6c2fc156b90511146b4e3bd33cc69

SHA256
eb7db034ad46ffce47b13919ac7e2f545094a6449734c828cba33f08535dff8e

SHA512
4448837d525d5e908910e156ae34cc4aedae60cadf38a6598c44092f06ec37bf23d7534642f9857164763973975d92bb437953e6b2adec31563f272d5f0ad1dc

Download Submit
/data/data/com.gbwhatsapp/files/Logs/whatsapp.log

Filesize
5KB

MD5
69b313233cd5bb418cef4addd0f52d45

SHA1
a5acc77037553b855ce926aca26223c09531da14

SHA256
91a9f773da721f9f0be4afd30e882ff2eb8f619cd07ad1bbf39ce3dc17491451

SHA512
f1e1f7405705a5421af64c4a665b6bfb36050e4de5835746d782696f3edf34d6bc209bc89eab3150a5e65b0f9a74f1ea04b0b6358d74e75432c6eecff48e9122

Download Submit
/data/data/com.gbwhatsapp/files/decompressed/libs.spo/.superpack_version

Filesize
30B

MD5
0031cf9a4968f20269371bbd19a0b70c

SHA1
7901f8d69ca90559b7d93e32a33028e130d41672

SHA256
69b53fe86c031046205ee9e8e5be9e82ad4de9ce60932c2080a5ab9137af133d

SHA512
a72543823bcac9fc9001b3894fdfeaeadea0cabe224ff1d4f687afd5672e244548af4fc4844b4e74eb29dcae09a621252cdfdae6c45729a476be37e50eb35c2b

Download Submit
/data/data/com.gbwhatsapp/lib-main/dso_deps

Filesize
384B

MD5
d46a675da5377bd99dd96423d2090639

SHA1
cb7b56bbc5550a1cd416c2810b02912cf43a5b51

SHA256
34aaac5d8d4681ed3df9258b4d9c4a1c5332da4d10987969a4f24df797122adb

SHA512
1ab87a82cd9defc910b1908e9510ddf8871adf88912af0e2f9fa3884947e68f4009f259d246f2f387f6f10b8e52061c14bb9538464a2246f00f0616f0ee2ba82

Download Submit
/data/data/com.gbwhatsapp/lib-main/dso_manifest

Filesize
5B

MD5
c06857e9ea338f3f3a24bb78f8fbdf6f

SHA1
c5a0a2529d2deb60fec041b4fbd722a2ebe31702

SHA256
957b88b12730e646e0f33d3618b77dfa579e8231e3c59c7104be7165611c8027

SHA512
29f61516876c25379a7bf4faa2b3ca6f6b53eac90e7de47671fec4a818d51441b4025cd7909f7c0a0d113ab6c5ff00cb3700c286bac7319185b77905feec4fb1

Download Submit
/data/data/com.gbwhatsapp/lib-main/dso_state

Filesize
1B

MD5
93b885adfe0da089cdf634904fd59f71

SHA1
5ba93c9db0cff93f52b521d7420e43f6eda2784f

SHA256
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

SHA512
b8244d028981d693af7b456af8efa4cad63d282e19ff14942c246e50d9351d22704a802a71c3580b6370de4ceb293c324a8423342557d4e5c38438f0e36910ee

Download Submit
/data/data/com.gbwhatsapp/lib-main/dso_state

Filesize
1B

MD5
55a54008ad1ba589aa210d2629c1df41

SHA1
bf8b4530d8d246dd74ac53a13471bba17941dff7

SHA256
4bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a

SHA512
7b54b66836c1fbdd13d2441d9e1434dc62ca677fb68f5fe66a464baadecdbd00576f8d6b5ac3bcc80844b7d50b1cc6603444bbe7cfcf8fc0aa1ee3c636d9e339

Download Submit
/data/data/com.gbwhatsapp/no_backup/com.google.InstanceId.properties

Filesize
63B

MD5
6503516c9d847599c770fa605e35a5e8

SHA1
5b8e1b6156e7ea23dda6b125fdf0e66bb631e00c

SHA256
3e98d9035c80dabad5601830783bdd22d6237f763a417e5e63091af264ebfa1e

SHA512
fb0f172240d53a9f68ce93b98bd0fd82246bc2680ace0206d4c220986f1b90556965aba16d9ada766ca5364b09ad6b665f1cfaeef90d9e295c2d119729aff4e1

Download Submit
/system_ext/framework/androidx.window.extensions.jar

Filesize
123KB

MD5
3056e1bdb7d4e19789d0319eff484bd0

SHA1
6791ae47aa9466fe0bca27ad6643f846853bbee4

SHA256
8e6331a07c9f2ac139214c527dcaff2c82d126bbe7bd3420cdc36d6a8c9204b0

SHA512
c790980fd68d9f89e32743bc28846807d5e5947c555f494de47714dec5cbd0c08d81c3260fa463759d1b17a953af3c44ec30b14fb08bf6b29db3837346c9f658

Download Submit
/system_ext/framework/androidx.window.sidecar.jar

Filesize
25KB

MD5
29469324e59dfcc052f24b5af4e7b2c4

SHA1
10c1e17ac6f598037bb51baa07945663645de4eb

SHA256
9195dc6a1c75a841384050240dfc972e48178964993fba6619788625f4b40d1a

SHA512
5e27c2b1431369a248298f2f749136a575005584f9999f2a4c204a0c47adce2e33c8df9f058bdafa1bde1c99e46d175560cedfcddcd8581718ed1d9973c37cc2

Download Submit