Analysis Overview
Threat Level: Known bad
The file https://web.archive.org/web/20230706214529/https://download1587.mediafire.com/t1vdad3xufngg6CCX1k5jtiFJ0YYnHArLuX2ldpUW45Y7C5_ICaaMoj15-uYrQ6IH4D6uZD0Xn-dcHnvDAXCw1fpmTc_0gQtEgldscAvESOiKjQXCpk1VPUISW0N9EJwVOMwZfG74yKr06krisXQH9u4s95Hp7LFqY-oMYQYAG2yBcY/12o45hf43lvv6az/fnaf2+aptoide.apk was found to be: Known bad.
Malicious Activity Summary
Wipelock
Wipelock Android payload
Declares broadcast receivers with permission to handle system events
Requests dangerous framework permissions
Checks CPU information
Checks memory information
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-11 09:52
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-11 09:52
Reported
2024-08-11 09:55
Platform
android-x86-arm-20240624-en
Max time kernel
74s
Max time network
124s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.android.chrome
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | web.archive.org | udp |
| US | 207.241.237.3:443 | web.archive.org | tcp |
| US | 207.241.237.3:443 | web.archive.org | tcp |
| US | 1.1.1.1:53 | archive.org | udp |
| US | 1.1.1.1:53 | web-static.archive.org | udp |
| US | 207.241.224.2:443 | archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 207.241.224.2:443 | archive.org | tcp |
| US | 1.1.1.1:53 | wayback-api.archive.org | udp |
| US | 207.241.224.2:443 | archive.org | tcp |
| US | 207.241.237.8:443 | wayback-api.archive.org | tcp |
| US | 1.1.1.1:53 | athena.archive.org | udp |
| US | 207.241.225.195:443 | athena.archive.org | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 142.250.187.227:443 | update.googleapis.com | tcp |
| GB | 216.58.204.78:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
| GB | 142.250.179.234:443 | tcp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.187.228:443 | www.google.com | udp |
| GB | 142.250.187.228:443 | www.google.com | tcp |
Files
/storage/emulated/0/Download/.com.google.Chrome.apFlHK
| MD5 | 48ebe4976719e8021c6ef85e6c836fad |
| SHA1 | 647e3f7542010f5fc6aab0a4d270af03c669aa1b |
| SHA256 | db609f92c7c96b5761a2b05e73aff301202f7bb5cfa0984544cf2f123f53fac6 |
| SHA512 | 79127234e0cc14849602b1b281ac724bc54098a23b806254885e2f99c88db64b0c2eb94aac2da2d0051de95fb526dcb41a2d2035a4b4136781e0e867241f9f9f |
/storage/emulated/0/Download/Unconfirmed 759943.crdownload
| MD5 | e988cf0c82c847edc2de4339f8b7e288 |
| SHA1 | d680efb9efaccd8ee01013f8a2b40d312773707e |
| SHA256 | eebb2234cc8a8ba3ef1050a4a074256e32a9128199dd219e3bcca04978be6129 |
| SHA512 | e0f625403f2f693dbf095410001c4e4bd0724296f6c9082f06dc95cc95866088fa37819851d15238c71e0c02f1e432d8f38fb9c1fa95bacbacb972c455f83310 |
files/dom-0.html
| MD5 | e2af299ecc22ed763e0b43993f045bd3 |
| SHA1 | f129f7d5fef561f13ca727f6d1ab1d09506d60df |
| SHA256 | 50cac12d183c0791e0469ea423bf6358d71222625911f354c7214ffcc7e619e8 |
| SHA512 | de6ce65f4781ec754244dae752edccc46725258de46cf59be403b6148c8d52fb8da93f7a6e4a10067e8b41ae8c23d51e5e8f9bdf14f667362f0035260437ffb3 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-08-11 09:52
Reported
2024-08-11 10:23
Platform
android-x64-20240624-en
Max time kernel
374s
Max time network
1791s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| GB | 173.194.76.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | web.archive.org | udp |
| US | 207.241.237.3:443 | web.archive.org | tcp |
| US | 207.241.237.3:443 | web.archive.org | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 172.217.16.232:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | archive.org | udp |
| US | 207.241.224.2:443 | archive.org | tcp |
| US | 1.1.1.1:53 | web-static.archive.org | udp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 1.1.1.1:53 | wayback-api.archive.org | udp |
| US | 207.241.224.2:443 | archive.org | tcp |
| US | 207.241.237.8:443 | wayback-api.archive.org | tcp |
| US | 1.1.1.1:53 | athena.archive.org | udp |
| US | 207.241.225.195:443 | athena.archive.org | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 142.250.180.3:443 | update.googleapis.com | tcp |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.204.78:443 | android.apis.google.com | tcp |
| GB | 216.58.201.100:443 | tcp | |
| GB | 216.58.201.100:443 | tcp | |
| GB | 216.58.204.74:443 | tcp | |
| GB | 142.250.180.3:443 | update.googleapis.com | tcp |
| GB | 216.58.201.98:443 | tcp | |
| GB | 142.250.180.3:443 | update.googleapis.com | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 142.250.200.35:443 | update.googleapis.com | tcp |
| GB | 172.217.16.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.14:443 | android.apis.google.com | tcp |
| BE | 142.251.168.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
Files
/storage/emulated/0/Android/data/com.android.chrome/files/Download/Unconfirmed 654752.crdownload
| MD5 | dc98efd71997adb619bfc6e09b3df258 |
| SHA1 | 50d0d722d4af4a863a19749dd7ef680c67662aa2 |
| SHA256 | d6c670c7a27105f082108d89c6d6b983bdeba6cef36d357b2c4c2bfbc4189aab |
| SHA512 | 1903987f5cd074bb672cf335442178a0820bce6e02dc5a04bbbd894c2048bcb068c85e6cefd3663bd0505a20c0651dcfcbb60760f2c5744e344af6f7a627ade7 |
files/dom-0.html
| MD5 | 1b70459c8041c7c34694a0051ed134c7 |
| SHA1 | b8ef773df39725538d5ce7de4830714c2c367893 |
| SHA256 | 4a4ae1b706c8a34548f8dcef277b331941a8fecf61a1138bbeb3dd38fa9f9f03 |
| SHA512 | c15b969f7c961b019165ba1a202d562f831e1bab08090fabe9692657c5268098a423574e9f52613c8311a63638eba6dc174fa84be59f2fb74e1381fa3630aa56 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-08-11 09:52
Reported
2024-08-11 10:23
Platform
android-x64-arm64-20240624-en
Max time kernel
1824s
Max time network
1831s
Command Line
Signatures
Wipelock
Wipelock Android payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Declares broadcast receivers with permission to handle system events
| Description | Indicator | Process | Target |
| Required by device admin receivers to bind with the system. Allows apps to manage device administration features. | android.permission.BIND_DEVICE_ADMIN | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read or write the system settings. | android.permission.WRITE_SETTINGS | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.187.238:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.238:443 | tcp | |
| GB | 142.250.187.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | web.archive.org | udp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 108.177.15.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| US | 1.1.1.1:53 | web.archive.org | udp |
| GB | 64.233.166.84:443 | accounts.google.com | tcp |
| US | 207.241.237.3:443 | web.archive.org | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 216.58.212.200:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | archive.org | udp |
| US | 1.1.1.1:53 | web-static.archive.org | udp |
| US | 207.241.224.2:443 | archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 1.1.1.1:53 | wayback-api.archive.org | udp |
| US | 207.241.224.2:443 | archive.org | tcp |
| US | 207.241.237.8:443 | wayback-api.archive.org | tcp |
| US | 1.1.1.1:53 | athena.archive.org | udp |
| US | 207.241.225.195:443 | athena.archive.org | tcp |
| US | 207.241.237.8:443 | wayback-api.archive.org | tcp |
| US | 207.241.224.2:443 | archive.org | tcp |
| US | 207.241.225.195:443 | athena.archive.org | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 216.58.204.67:443 | update.googleapis.com | tcp |
| GB | 142.250.200.36:443 | tcp | |
| GB | 142.250.200.36:443 | tcp | |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| US | 1.1.1.1:53 | web.archive.org | udp |
| US | 1.1.1.1:53 | web.archive.org | udp |
| US | 207.241.237.3:443 | web.archive.org | tcp |
| US | 1.1.1.1:53 | web.archive.org | udp |
| GB | 142.250.200.2:443 | tcp | |
| GB | 142.250.187.227:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.180.14:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.179.238:443 | android.apis.google.com | tcp |
| BE | 74.125.133.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 216.58.204.68:443 | www.google.com | tcp |
| GB | 142.250.187.238:443 | tcp |
Files
/storage/emulated/0/Download/.pending-1723974796-fnaf2 aptoide.apk (deleted)
| MD5 | 960732cac9b21c0af5fc96dbe9b13d5a |
| SHA1 | 1595a654c3643dbeab94aa20066b91a2e189ac33 |
| SHA256 | a69803455fdcb2ac7ee98181508612855ba07b8fce971ec3df5f0171bc415d45 |
| SHA512 | 96ccf5ea3d15463804d7caeef5c07e956efeb3f2cef35556df2cbe7ebdcc1d1c27dad955fcefac66710ba7f8557b3a03a8e8b03a322aa1a8666912d0e4c243a6 |
/storage/emulated/0/Download/.pending-1723974796-fnaf2 aptoide.apk
| MD5 | 6d0ec374933c03bd528071f6e512edce |
| SHA1 | bef1db98bbf79a3d4d8f4814dca9b4671cf55df9 |
| SHA256 | 0d1232477b80873f6445a6c9e9582ad6a3203621558f6105fe4e61837ebe2da6 |
| SHA512 | d5f9d07e2aa8bfc5c17a5f6e134519823959a1452dba2081a7ae21709d90d88358aa3b6547cf771f0ba0312275a29bc39d3ad8de336c899636b6504d5fc52e76 |
files/dom-0.html
| MD5 | 33fbb1969f342bf2b634f1b4d00c33d8 |
| SHA1 | c055601048b43a298728d5e2f810d6e09940b88a |
| SHA256 | 2724f85b1f1de77d51ed2aecd31f6f6a3ff7b7db75c01bd300edec6fdb59caf9 |
| SHA512 | b0369f3dc6f39dccc40d38cde8a9ba040fb4f62eef82f62dee58f122c1698788f04d7202d7ba32dcd6f61ab4ada599ac00f60bac9c8ff48d8d4e49e5879342bb |