wipelock | hxxps://web[.]archive[.]org/web/20230706214529/hxxps://download1587[.]mediafire[.]com/t1vdad3xufngg6CCX1k5jtiFJ0YYnHArLuX2ldpUW45Y7C5_ICaaMoj15-uYrQ6IH4D6uZD0Xn-dcHnvDAXCw1fpmTc_0gQtEgldscAvESOiKjQXCpk1VPUISW0N9EJwVOMwZfG74yKr06krisXQH9u4s95Hp7LFqY-oMYQYAG2yBcY/12o45hf43lvv6az/fnaf2+aptoide[.]apk

Analysis

max time kernel
1804s
max time network
1830s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
11-08-2024 10:02

Target

https://web.archive.org/web/20230706214529/https://download1587.mediafire.com/t1vdad3xufngg6CCX1k5jtiFJ0YYnHArLuX2ldpUW45Y7C5_ICaaMoj15-uYrQ6IH4D6uZD0Xn-dcHnvDAXCw1fpmTc_0gQtEgldscAvESOiKjQXCpk1VPUISW0N9EJwVOMwZfG74yKr06krisXQH9u4s95Hp7LFqY-oMYQYAG2yBcY/12o45hf43lvv6az/fnaf2+aptoide.apk

Score

10^/10

Wipelock
Wipelock is an Android trojan with multiple capabilities, such as wiping data, reading and sending SMS messages without the victim's knowledge.
trojan infostealer wipelock

Wipelock Android payload 1 IoCs

Processes:

resource	yara_rule
/storage/emulated/0/Download/.pending-1723976746-fnaf2 aptoide.apk	family_wipelock

Declares broadcast receivers with permission to handle system events 1 IoCs

Processes:

description	ioc
Required by device admin receivers to bind with the system. Allows apps to manage device administration features.	android.permission.BIND_DEVICE_ADMIN

Requests dangerous framework permissions 8 IoCs

Processes:

description	ioc
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to receive SMS messages.	android.permission.RECEIVE_SMS
Allows an application to send SMS messages.	android.permission.SEND_SMS
Allows an application to read SMS messages.	android.permission.READ_SMS
Allows an application to read the user's contacts data.	android.permission.READ_CONTACTS
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an application to read or write the system settings.	android.permission.WRITE_SETTINGS

Checks CPU information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

com.android.chrome

description ioc process

File opened for read /proc/cpuinfo com.android.chrome
Checks memory information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

com.android.chrome

description ioc process

File opened for read /proc/meminfo com.android.chrome

description	ioc	process
File opened for read	/proc/cpuinfo	com.android.chrome

description	ioc	process
File opened for read	/proc/meminfo	com.android.chrome

com.android.chrome
1⤵
- Checks CPU information
- Checks memory information
PID:4340

files/dom-0.html
Filesize
2KB

MD5
3cb82a7d4d0ee212e4df431cf64e6f6c

SHA1
b0b4e9c4546f345edaf1cb187a5dc56db4497631

SHA256
529f47c1dab6ed0b2f2f289ffc3043c1f4d2a5ab2a28db4adf64d088be8eab79

SHA512
eae676fdff9adf5b044b15506f0349658981d7caa280f5fdb8d1b2b37e5d11bb61cced2aba6d4181d380553166647a4bb05cdb39f5697441093628aeff3dc82f

Download Submit
/storage/emulated/0/Download/.pending-1723976746-fnaf2 aptoide.apk
Filesize
549KB

MD5
d7224fefc668cd6c672c3930b988b180

SHA1
18fe07b4c76edbfc961ac7cb0db0f072a0942975

SHA256
584b2232e6e6f1b2f5de74110b2429a4bce52f402f86868d0cd220bebd6c0f60

SHA512
302fd5c9e8d7f9aef76451d510ca86f1022c02ac07138503d552586f4f01e317e7f0ac15f3e7ac301c0372895be730a7a845cf28fbd2f7ae948c67bf0d079c50

Download Submit
/storage/emulated/0/Download/.pending-1723976746-fnaf2 aptoide.apk (deleted)
Filesize
541KB

MD5
8ee5139d1bf116a56b8e11b5eff06afd

SHA1
6fa68ada075e3084fa0c5c11719c6e5d425d2623

SHA256
9f5e69c7df5eeb053816fe31c732c46f6f266015097e81e048f64ec26a0881f3

SHA512
edfe422e5e7eccdf03a30afdd578fde5440b3b00c1cad2f467c78bab1ccc18e1600f11ac925fb25a5b9bbc6b9cc51946d023e6a5725d88aede6d691112e42f2d

Download Submit