Analysis Overview
Threat Level: Known bad
The file https://web.archive.org/web/20230706214529/https://download1587.mediafire.com/t1vdad3xufngg6CCX1k5jtiFJ0YYnHArLuX2ldpUW45Y7C5_ICaaMoj15-uYrQ6IH4D6uZD0Xn-dcHnvDAXCw1fpmTc_0gQtEgldscAvESOiKjQXCpk1VPUISW0N9EJwVOMwZfG74yKr06krisXQH9u4s95Hp7LFqY-oMYQYAG2yBcY/12o45hf43lvv6az/fnaf2+aptoide.apk was found to be: Known bad.
Malicious Activity Summary
Wipelock
Wipelock Android payload
Requests dangerous framework permissions
Declares broadcast receivers with permission to handle system events
Checks CPU information
Checks memory information
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-11 09:55
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-11 09:55
Reported
2024-08-11 11:36
Platform
android-x86-arm-20240624-en
Max time kernel
1664s
Max time network
1829s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | web.archive.org | udp |
| US | 207.241.237.3:443 | web.archive.org | tcp |
| US | 207.241.237.3:443 | web.archive.org | tcp |
| US | 1.1.1.1:53 | archive.org | udp |
| US | 1.1.1.1:53 | web-static.archive.org | udp |
| US | 207.241.224.2:443 | archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 1.1.1.1:53 | wayback-api.archive.org | udp |
| US | 207.241.224.2:443 | archive.org | tcp |
| US | 207.241.237.8:443 | wayback-api.archive.org | tcp |
| US | 1.1.1.1:53 | athena.archive.org | udp |
| US | 207.241.225.195:443 | athena.archive.org | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 172.217.169.3:443 | update.googleapis.com | tcp |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
| GB | 216.58.213.3:80 | tcp | |
| GB | 172.217.16.228:443 | tcp | |
| GB | 142.250.179.226:443 | tcp | |
| GB | 142.250.178.14:443 | tcp | |
| GB | 142.250.180.3:443 | tcp | |
| GB | 142.250.180.3:443 | tcp | |
| GB | 142.250.178.14:443 | tcp | |
| GB | 142.250.180.3:443 | tcp | |
| GB | 142.250.180.3:443 | tcp | |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 142.250.187.195:443 | update.googleapis.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
| BE | 64.233.167.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 172.217.169.36:443 | www.google.com | tcp |
| GB | 142.250.179.238:443 | tcp |
Files
files/dom-0.html
| MD5 | cae72ee0850a2819f49bfeec742c5aef |
| SHA1 | 85ab026e90fc40dc6abe01c6a6ee52c3b01f47d9 |
| SHA256 | 49f3087232708afa7d16b84182ea4179c422e1676b58945d9e16f9ed0d9bd69c |
| SHA512 | 7849a01a6b6939cc7fd94f15f05d45977dcc9812c912ebc93c344245ee368ede707cdccd1ef2bc1ce2d16f655a8d5b0503702322509debc62e4b0126c8c8bdb3 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-08-11 09:55
Reported
2024-08-11 11:36
Platform
android-x64-20240624-en
Max time kernel
1659s
Max time network
1792s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| GB | 64.233.166.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 66.102.1.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | web.archive.org | udp |
| US | 207.241.237.3:443 | web.archive.org | tcp |
| US | 207.241.237.3:443 | web.archive.org | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 216.58.204.72:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | archive.org | udp |
| US | 207.241.224.2:443 | archive.org | tcp |
| US | 1.1.1.1:53 | web-static.archive.org | udp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 1.1.1.1:53 | wayback-api.archive.org | udp |
| US | 207.241.224.2:443 | archive.org | tcp |
| US | 207.241.237.8:443 | wayback-api.archive.org | tcp |
| US | 1.1.1.1:53 | athena.archive.org | udp |
| US | 207.241.225.195:443 | athena.archive.org | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 172.217.16.227:443 | update.googleapis.com | tcp |
| GB | 142.250.200.46:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.204.78:443 | android.apis.google.com | tcp |
| GB | 142.250.200.10:443 | tcp | |
| GB | 142.250.187.228:443 | tcp | |
| GB | 142.250.187.228:443 | tcp | |
| GB | 172.217.169.10:443 | tcp | |
| GB | 142.250.178.2:443 | tcp | |
| GB | 172.217.16.227:443 | update.googleapis.com | tcp |
| GB | 216.58.213.14:443 | tcp | |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 142.250.180.3:443 | update.googleapis.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.14:443 | android.apis.google.com | tcp |
| BE | 142.251.173.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 216.58.212.228:443 | www.google.com | tcp |
Files
/storage/emulated/0/Android/data/com.android.chrome/files/Download/.com.google.Chrome.saK8HD
| MD5 | b014a614c6ecc588e0a2f1edd180f79b |
| SHA1 | 4497419dba2640ba4d05bd3b048401ff982b9acb |
| SHA256 | 341e77c9d2749a124497323fb5ad11f063d115fb9dfd9714198eb9e53e56d1d1 |
| SHA512 | f6cff8d9eb22102f01b29e24b47b9534b1152b8c4f6367aa1dc522cbc34b18d3af17a49f73d8d6cc331cb6e956a6cb46700a0644aaa3113c057058ec3f560dfe |
/storage/emulated/0/Android/data/com.android.chrome/files/Download/Unconfirmed 765753.crdownload
| MD5 | d72b2a5b0eba34c207fc551d56597371 |
| SHA1 | 8956593c32c44979a19958e5ae90319f28259717 |
| SHA256 | 524b3f2ddd63c6bb8bb3d88b84c3ce077ef28e70da5547bd45b7b02612c66778 |
| SHA512 | ee98f5b2305fc4e4fb702c17a10300455cbe0d405dd68834a9492461c016a0ba6cce79cdd3d4c4641e91866fc4f8ed5cf0677a86f14e78666471f85e081199bd |
files/dom-0.html
| MD5 | 4f1ba5be80df12ad587caef2eb8ea146 |
| SHA1 | f2f90ab68797cf9a4bc71dbd8454c911c7754664 |
| SHA256 | 9d2f4e88b619b5d8ec76366b0c7a0da0c99d3fefd912e81e7b33af27a9d63e67 |
| SHA512 | ed1f7775a3fec075ab3eda82c29cf7206ced1270ddf672ee2fc3a9b81e3bfeb430bce9325172a32763dab3abb9f329164397dea4d8373e014cb1b9cc2cb64b43 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-08-11 09:55
Reported
2024-08-11 11:36
Platform
android-x64-arm64-20240624-en
Max time kernel
1808s
Max time network
1824s
Command Line
Signatures
Wipelock
Wipelock Android payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Declares broadcast receivers with permission to handle system events
| Description | Indicator | Process | Target |
| Required by device admin receivers to bind with the system. Allows apps to manage device administration features. | android.permission.BIND_DEVICE_ADMIN | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read or write the system settings. | android.permission.WRITE_SETTINGS | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.180.14:443 | tcp | |
| GB | 142.250.180.14:443 | tcp | |
| GB | 142.250.180.14:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.179.238:443 | android.apis.google.com | tcp |
| GB | 142.250.179.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | web.archive.org | udp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| GB | 74.125.71.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| US | 1.1.1.1:53 | web.archive.org | udp |
| BE | 64.233.184.84:443 | accounts.google.com | tcp |
| US | 207.241.237.3:443 | web.archive.org | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.200.40:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 142.250.179.227:443 | update.googleapis.com | tcp |
| US | 1.1.1.1:53 | archive.org | udp |
| US | 1.1.1.1:53 | web-static.archive.org | udp |
| US | 207.241.224.2:443 | archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 1.1.1.1:53 | wayback-api.archive.org | udp |
| US | 207.241.224.2:443 | archive.org | tcp |
| US | 207.241.237.8:443 | wayback-api.archive.org | tcp |
| US | 1.1.1.1:53 | athena.archive.org | udp |
| US | 207.241.225.195:443 | athena.archive.org | tcp |
| US | 207.241.225.195:443 | athena.archive.org | tcp |
| GB | 142.250.200.36:443 | tcp | |
| GB | 142.250.200.36:443 | tcp | |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 216.58.204.67:443 | update.googleapis.com | tcp |
| US | 1.1.1.1:53 | web.archive.org | udp |
| US | 1.1.1.1:53 | web.archive.org | udp |
| US | 207.241.237.3:443 | web.archive.org | tcp |
| US | 1.1.1.1:53 | web.archive.org | udp |
| GB | 142.250.187.226:443 | tcp | |
| GB | 142.250.178.3:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.180.14:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.178.14:443 | android.apis.google.com | tcp |
| BE | 64.233.184.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 216.58.212.228:443 | www.google.com | tcp |
| GB | 142.250.187.206:443 | tcp |
Files
/storage/emulated/0/Download/.pending-1723979204-fnaf2 aptoide.apk (deleted)
| MD5 | dacb713500a17e6c3ca7e21e957b54a2 |
| SHA1 | f040b481adf978a2b707f0b50bbff50f7e5c4690 |
| SHA256 | b405bcaf8f8604d7ce24029a287bb1db48974c2326e022a60c3716f31ef1f506 |
| SHA512 | c9b1ec1b08e6aa4ba8d873dfa4023a00a05d13b33f4dbf71e37a3a3a7908fa27ada61c8a5e5aff7c32f29162862d3d88d1b363168cd2194844178647e73809f2 |
/storage/emulated/0/Download/.pending-1723979204-fnaf2 aptoide.apk
| MD5 | 49f23d5486e36de84c7dfcfc607497b1 |
| SHA1 | e89e9e34d9fe5203a733059e81d786a99988cb69 |
| SHA256 | fc6738c227d62d70515c6487b95ca9438c599722fff4590bb2bae81fae5986ca |
| SHA512 | 6fdceb43a6446a2109658f2fb0b5072eb7bb09a0691547372286531ae95c34ef09b0b43d40e5a4432ae62eca80c16f5d011dfb044295001496dd12d49e99756a |
files/dom-0.html
| MD5 | f6d75ded37efb2a2a23f4de42cef1daf |
| SHA1 | 60db87cde8f053e4b5da4c4706e662b6051deb4e |
| SHA256 | 94ba72978ebb0f13b191515dadbabc84419db55bc9428cae0d4edfade316dce1 |
| SHA512 | 2a2df3d45df2eab156e97d68e7152fe12a9f3940d539a2d075c7145aa2129c1dee2086d9f4b8192be4a2db1eb34684504feb8390246d109a258edba3b2dc5a78 |