Overview

overview

10

Static

static

6

whatsapp_P...rg.apk

android-10-x64

1

whatsapp_P...rg.apk

android-11-x64

7

whatsapp_P...rg.apk

android-13-x64

7

whatsapp_P...rg.apk

android-9-x86

10

Resubmissions

15-09-2024 13:05

240915-qbk16swaqk 10

11-08-2024 03:45

240811-ebk6dstdrq 6

10-08-2024 18:57

240810-xlxahssgrj 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    whatsapp_Plus_17.85_whatsapplus.org.apk

  • Size

    114.8MB

  • Sample

    240810-xlxahssgrj

  • MD5

    56ccacc70ccc328698edc296e183e9c8

  • SHA1

    5c9bfdd00ae326c766611ed26770a1fd4acff73a

  • SHA256

    329ccadb1f5a9027f7c85061cb5d2137343749f585120ce339e437ef2ccd18f9

  • SHA512

    accbf2510ff0eb3dada21a001c5fc1eb8f66e9583ee270745eecfc9262d6adf120de38ec6feecd1ac188cdcb52babf8d54803ab9464729585d16f1f49a1666b6

  • SSDEEP

    1572864:df3YFq69wcVm6+i5AEhKr+4QDuUaJRKfyMuK0aPKIUsqGM7UgolqKWG40rAIZBS/:dvYFHnKbEQWsGXuK0EHMJGWp0fZMd1

Score
10/10
triadaandroidbankerdiscoveryevasionexecutionimpactinfostealerpersistencetrojanupx

Malware Config

Targets

    • Target

      whatsapp_Plus_17.85_whatsapplus.org.apk

    • Size

      114.8MB

    • MD5

      56ccacc70ccc328698edc296e183e9c8

    • SHA1

      5c9bfdd00ae326c766611ed26770a1fd4acff73a

    • SHA256

      329ccadb1f5a9027f7c85061cb5d2137343749f585120ce339e437ef2ccd18f9

    • SHA512

      accbf2510ff0eb3dada21a001c5fc1eb8f66e9583ee270745eecfc9262d6adf120de38ec6feecd1ac188cdcb52babf8d54803ab9464729585d16f1f49a1666b6

    • SSDEEP

      1572864:df3YFq69wcVm6+i5AEhKr+4QDuUaJRKfyMuK0aPKIUsqGM7UgolqKWG40rAIZBS/:dvYFHnKbEQWsGXuK0EHMJGWp0fZMd1

    Score
    10/10
    evasiontriadabankerdiscoveryexecutionimpactinfostealerpersistencetrojanupx

    • Android Triada payload

    • Triada

      Triada is an Android banking trojan first seen in 2016.

      trojaninfostealerbankertriada

    • Checks if the Android device is rooted.

      evasion

    • Patched UPX-packed file

      Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Acquires the wake lock

    • Queries information about active data network

      discovery

    • Queries the mobile country code (MCC)

      discovery

    • Reads information about phone network operator.

      discovery

    • Checks the presence of a debugger

      evasion

    • Listens for changes in the sensor environment (might be used to detect emulation)

      evasion
    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Mobile v15

Tasks