wipelock | hxxps://web[.]archive[.]org/web/20230706214529/hxxps://download1587[.]mediafire[.]com/t1vdad3xufngg6CCX1k5jtiFJ0YYnHArLuX2ldpUW45Y7C5_ICaaMoj15-uYrQ6IH4D6uZD0Xn-dcHnvDAXCw1fpmTc_0gQtEgldscAvESOiKjQXCpk1VPUISW0N9EJwVOMwZfG74yKr06krisXQH9u4s95Hp7LFqY-oMYQYAG2yBcY/12o45hf43lvv6az/fnaf2+aptoide[.]apk

Analysis

max time kernel
1824s
max time network
1831s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
11-08-2024 09:52

Target

https://web.archive.org/web/20230706214529/https://download1587.mediafire.com/t1vdad3xufngg6CCX1k5jtiFJ0YYnHArLuX2ldpUW45Y7C5_ICaaMoj15-uYrQ6IH4D6uZD0Xn-dcHnvDAXCw1fpmTc_0gQtEgldscAvESOiKjQXCpk1VPUISW0N9EJwVOMwZfG74yKr06krisXQH9u4s95Hp7LFqY-oMYQYAG2yBcY/12o45hf43lvv6az/fnaf2+aptoide.apk

Score

10^/10

Wipelock
Wipelock is an Android trojan with multiple capabilities, such as wiping data, reading and sending SMS messages without the victim's knowledge.
trojan infostealer wipelock

Wipelock Android payload 1 IoCs

Processes:

resource	yara_rule
/storage/emulated/0/Download/.pending-1723974796-fnaf2 aptoide.apk	family_wipelock

Declares broadcast receivers with permission to handle system events 1 IoCs

Processes:

description	ioc
Required by device admin receivers to bind with the system. Allows apps to manage device administration features.	android.permission.BIND_DEVICE_ADMIN

Requests dangerous framework permissions 8 IoCs

Processes:

description	ioc
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to receive SMS messages.	android.permission.RECEIVE_SMS
Allows an application to send SMS messages.	android.permission.SEND_SMS
Allows an application to read SMS messages.	android.permission.READ_SMS
Allows an application to read the user's contacts data.	android.permission.READ_CONTACTS
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an application to read or write the system settings.	android.permission.WRITE_SETTINGS

Checks CPU information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

com.android.chrome

description ioc process

File opened for read /proc/cpuinfo com.android.chrome
Checks memory information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

com.android.chrome

description ioc process

File opened for read /proc/meminfo com.android.chrome

description	ioc	process
File opened for read	/proc/cpuinfo	com.android.chrome

description	ioc	process
File opened for read	/proc/meminfo	com.android.chrome

com.android.chrome
1⤵
- Checks CPU information
- Checks memory information
PID:4478

files/dom-0.html
Filesize
2KB

MD5
33fbb1969f342bf2b634f1b4d00c33d8

SHA1
c055601048b43a298728d5e2f810d6e09940b88a

SHA256
2724f85b1f1de77d51ed2aecd31f6f6a3ff7b7db75c01bd300edec6fdb59caf9

SHA512
b0369f3dc6f39dccc40d38cde8a9ba040fb4f62eef82f62dee58f122c1698788f04d7202d7ba32dcd6f61ab4ada599ac00f60bac9c8ff48d8d4e49e5879342bb

Download Submit
/storage/emulated/0/Download/.pending-1723974796-fnaf2 aptoide.apk
Filesize
549KB

MD5
6d0ec374933c03bd528071f6e512edce

SHA1
bef1db98bbf79a3d4d8f4814dca9b4671cf55df9

SHA256
0d1232477b80873f6445a6c9e9582ad6a3203621558f6105fe4e61837ebe2da6

SHA512
d5f9d07e2aa8bfc5c17a5f6e134519823959a1452dba2081a7ae21709d90d88358aa3b6547cf771f0ba0312275a29bc39d3ad8de336c899636b6504d5fc52e76

Download Submit
/storage/emulated/0/Download/.pending-1723974796-fnaf2 aptoide.apk (deleted)
Filesize
525KB

MD5
960732cac9b21c0af5fc96dbe9b13d5a

SHA1
1595a654c3643dbeab94aa20066b91a2e189ac33

SHA256
a69803455fdcb2ac7ee98181508612855ba07b8fce971ec3df5f0171bc415d45

SHA512
96ccf5ea3d15463804d7caeef5c07e956efeb3f2cef35556df2cbe7ebdcc1d1c27dad955fcefac66710ba7f8557b3a03a8e8b03a322aa1a8666912d0e4c243a6

Download Submit