b55863753f676d99ddc897acb1a0e715ba18834d87299de9beac0eeb11847a2f

Analysis

max time kernel
4s
max time network
133s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
01-09-2024 12:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

WhatsApp.apk
Size

96.9MB
MD5

3b07900d25e55d03f6a630858b24b0dc
SHA1

adc8b3102b577097dbf56c324d857b61a63464ca
SHA256

b55863753f676d99ddc897acb1a0e715ba18834d87299de9beac0eeb11847a2f
SHA512

8550ced79a62a5c7ae8b47db3b6e6e1db90133bbc971843e32115f461c329e0dcc05c9590974e4f308a51c45b70d0874c5f2ce81bbe0913df1528862e166e2aa
SSDEEP

3145728:FSSsHNvcyEuKAXBXq/Co0Lj8ip/l8PdR5kBGt:OpxXm0Lj8W6dowt

Score

6^/10

discovery

Malware Config

Signatures

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.whatsapp

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.whatsapp

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.whatsapp

com.whatsapp
1⤵
- Acquires the wake lock
- Queries information about active data network
- Checks memory information
PID:4290

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.whatsapp/databases/com.google.android.datatransport.events

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.whatsapp/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
a577324179f1ad0f969315454fe5cc68

SHA1
a155de68db0c934abf71d37e798651baebb3adb7

SHA256
7fd97b8eb777bc40743cafe8e17aed2b28eb8c5f93d2a0917e21abf20c5ccd7f

SHA512
ad567bc243ff2b5de58616bdeb966ae33fe20c72c29fd5aa65cbbd666ecd7af6c8f1e2d9400cc1c2a5c1be311bd80ffb7755b8293fe142b6d1e6179e01b775b3

Download Submit
/data/data/com.whatsapp/databases/com.google.android.datatransport.events-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.whatsapp/databases/com.google.android.datatransport.events-wal

Filesize
68KB

MD5
cebc6622737554411771bce18b3208d5

SHA1
150efd0f54c612de5aa6be6a0b1c732d69c07758

SHA256
adb51d3818003c3128f91cea83a25c1f3084979248a014d6a81a12ce1ad619b9

SHA512
fa4d6f51259808d668b38c7410762ac8737cfd4c5b7e99cbb0b517ec2eb7cb45d1f1207bd618a480770e94752c8fc4c16b1ac600b8c617db807a5dfd8bcb3109

Download Submit
/data/data/com.whatsapp/files/Logs/whatsapp.log

Filesize
857B

MD5
0392ad7a6fd09f049920e94cf2871f23

SHA1
0d6ab660f3c8a83beb85b2e25e259aef2ed2238a

SHA256
c071362bf7e758be59464ba113c39283b79e025bcebc38183ad6ca394c91c297

SHA512
db6694bcb9167e1e151ba38265cfe4683af1d50f7e982f5264fc01da29ca972ee0684b42d13a86a4db0b4dfdc367198700d1e1da1b70590accc087b5f15aa65d

Download Submit
/data/data/com.whatsapp/files/PersistedInstallation5250046934340645050tmp

Filesize
90B

MD5
65c783de2688db39c24fa830aee51750

SHA1
f872f8ef9d3f9016425a993c085c921656f35d48

SHA256
1a60f2b2f4c98b2f3e9668ef3ca4920565be3aa7a3fd6828be8f93c4066084e6

SHA512
b569a06f2bd6c3295f7b44e0d9579bb2d6399a7fd6518efd9099982fa80b09b039511b7fffee5eee364797e2ac91348458ef62719516617a3d3d816dddf05ceb

Download Submit