wipelock | hxxps://web[.]archive[.]org/web/20230706214529/hxxps://download1587[.]mediafire[.]com/t1vdad3xufngg6CCX1k5jtiFJ0YYnHArLuX2ldpUW45Y7C5_ICaaMoj15-uYrQ6IH4D6uZD0Xn-dcHnvDAXCw1fpmTc_0gQtEgldscAvESOiKjQXCpk1VPUISW0N9EJwVOMwZfG74yKr06krisXQH9u4s95Hp7LFqY-oMYQYAG2yBcY/12o45hf43lvv6az/fnaf2+aptoide[.]apk

Analysis

max time kernel
1804s
max time network
1830s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
11-08-2024 10:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://web.archive.org/web/20230706214529/https://download1587.mediafire.com/t1vdad3xufngg6CCX1k5jtiFJ0YYnHArLuX2ldpUW45Y7C5_ICaaMoj15-uYrQ6IH4D6uZD0Xn-dcHnvDAXCw1fpmTc_0gQtEgldscAvESOiKjQXCpk1VPUISW0N9EJwVOMwZfG74yKr06krisXQH9u4s95Hp7LFqY-oMYQYAG2yBcY/12o45hf43lvv6az/fnaf2+aptoide.apk

Score

10^/10

wipelock infostealer trojan

Malware Config

Signatures

Wipelock
Wipelock is an Android trojan with multiple capabilities, such as wiping data, reading and sending SMS messages without the victim's knowledge.
trojan infostealer wipelock

Wipelock Android payload 1 IoCs

resource	yara_rule
behavioral3/files/fstream-5.dat	family_wipelock

Declares broadcast receivers with permission to handle system events 1 IoCs

description	ioc
Required by device admin receivers to bind with the system. Allows apps to manage device administration features.	android.permission.BIND_DEVICE_ADMIN

Requests dangerous framework permissions 8 IoCs

description	ioc
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to receive SMS messages.	android.permission.RECEIVE_SMS
Allows an application to send SMS messages.	android.permission.SEND_SMS
Allows an application to read SMS messages.	android.permission.READ_SMS
Allows an application to read the user's contacts data.	android.permission.READ_CONTACTS
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an application to read or write the system settings.	android.permission.WRITE_SETTINGS

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.android.chrome

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.android.chrome

com.android.chrome
1⤵
- Checks CPU information
- Checks memory information
PID:4340

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

files/dom-0.html

Filesize
2KB

MD5
3cb82a7d4d0ee212e4df431cf64e6f6c

SHA1
b0b4e9c4546f345edaf1cb187a5dc56db4497631

SHA256
529f47c1dab6ed0b2f2f289ffc3043c1f4d2a5ab2a28db4adf64d088be8eab79

SHA512
eae676fdff9adf5b044b15506f0349658981d7caa280f5fdb8d1b2b37e5d11bb61cced2aba6d4181d380553166647a4bb05cdb39f5697441093628aeff3dc82f

Download Submit
/storage/emulated/0/Download/.pending-1723976746-fnaf2 aptoide.apk

Filesize
549KB

MD5
d7224fefc668cd6c672c3930b988b180

SHA1
18fe07b4c76edbfc961ac7cb0db0f072a0942975

SHA256
584b2232e6e6f1b2f5de74110b2429a4bce52f402f86868d0cd220bebd6c0f60

SHA512
302fd5c9e8d7f9aef76451d510ca86f1022c02ac07138503d552586f4f01e317e7f0ac15f3e7ac301c0372895be730a7a845cf28fbd2f7ae948c67bf0d079c50

Download Submit
/storage/emulated/0/Download/.pending-1723976746-fnaf2 aptoide.apk (deleted)

Filesize
541KB

MD5
8ee5139d1bf116a56b8e11b5eff06afd

SHA1
6fa68ada075e3084fa0c5c11719c6e5d425d2623

SHA256
9f5e69c7df5eeb053816fe31c732c46f6f266015097e81e048f64ec26a0881f3

SHA512
edfe422e5e7eccdf03a30afdd578fde5440b3b00c1cad2f467c78bab1ccc18e1600f11ac925fb25a5b9bbc6b9cc51946d023e6a5725d88aede6d691112e42f2d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads