wipelock | hxxps://web[.]archive[.]org/web/20230706214529/hxxps://download1587[.]mediafire[.]com/t1vdad3xufngg6CCX1k5jtiFJ0YYnHArLuX2ldpUW45Y7C5_ICaaMoj15-uYrQ6IH4D6uZD0Xn-dcHnvDAXCw1fpmTc_0gQtEgldscAvESOiKjQXCpk1VPUISW0N9EJwVOMwZfG74yKr06krisXQH9u4s95Hp7LFqY-oMYQYAG2yBcY/12o45hf43lvv6az/fnaf2+aptoide[.]apk

Analysis

max time kernel
1824s
max time network
1831s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
11-08-2024 09:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://web.archive.org/web/20230706214529/https://download1587.mediafire.com/t1vdad3xufngg6CCX1k5jtiFJ0YYnHArLuX2ldpUW45Y7C5_ICaaMoj15-uYrQ6IH4D6uZD0Xn-dcHnvDAXCw1fpmTc_0gQtEgldscAvESOiKjQXCpk1VPUISW0N9EJwVOMwZfG74yKr06krisXQH9u4s95Hp7LFqY-oMYQYAG2yBcY/12o45hf43lvv6az/fnaf2+aptoide.apk

Score

10^/10

wipelock infostealer trojan

Malware Config

Signatures

Wipelock
Wipelock is an Android trojan with multiple capabilities, such as wiping data, reading and sending SMS messages without the victim's knowledge.
trojan infostealer wipelock

Wipelock Android payload 1 IoCs

resource	yara_rule
behavioral3/files/fstream-5.dat	family_wipelock

Declares broadcast receivers with permission to handle system events 1 IoCs

description	ioc
Required by device admin receivers to bind with the system. Allows apps to manage device administration features.	android.permission.BIND_DEVICE_ADMIN

Requests dangerous framework permissions 8 IoCs

description	ioc
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to receive SMS messages.	android.permission.RECEIVE_SMS
Allows an application to send SMS messages.	android.permission.SEND_SMS
Allows an application to read SMS messages.	android.permission.READ_SMS
Allows an application to read the user's contacts data.	android.permission.READ_CONTACTS
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an application to read or write the system settings.	android.permission.WRITE_SETTINGS

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.android.chrome

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.android.chrome

com.android.chrome
1⤵
- Checks CPU information
- Checks memory information
PID:4478

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

files/dom-0.html

Filesize
2KB

MD5
33fbb1969f342bf2b634f1b4d00c33d8

SHA1
c055601048b43a298728d5e2f810d6e09940b88a

SHA256
2724f85b1f1de77d51ed2aecd31f6f6a3ff7b7db75c01bd300edec6fdb59caf9

SHA512
b0369f3dc6f39dccc40d38cde8a9ba040fb4f62eef82f62dee58f122c1698788f04d7202d7ba32dcd6f61ab4ada599ac00f60bac9c8ff48d8d4e49e5879342bb

Download Submit
/storage/emulated/0/Download/.pending-1723974796-fnaf2 aptoide.apk

Filesize
549KB

MD5
6d0ec374933c03bd528071f6e512edce

SHA1
bef1db98bbf79a3d4d8f4814dca9b4671cf55df9

SHA256
0d1232477b80873f6445a6c9e9582ad6a3203621558f6105fe4e61837ebe2da6

SHA512
d5f9d07e2aa8bfc5c17a5f6e134519823959a1452dba2081a7ae21709d90d88358aa3b6547cf771f0ba0312275a29bc39d3ad8de336c899636b6504d5fc52e76

Download Submit
/storage/emulated/0/Download/.pending-1723974796-fnaf2 aptoide.apk (deleted)

Filesize
525KB

MD5
960732cac9b21c0af5fc96dbe9b13d5a

SHA1
1595a654c3643dbeab94aa20066b91a2e189ac33

SHA256
a69803455fdcb2ac7ee98181508612855ba07b8fce971ec3df5f0171bc415d45

SHA512
96ccf5ea3d15463804d7caeef5c07e956efeb3f2cef35556df2cbe7ebdcc1d1c27dad955fcefac66710ba7f8557b3a03a8e8b03a322aa1a8666912d0e4c243a6

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads