Overview

overview

10

Static

static

6

Whatsapp-C...17.apk

android-9-x86

10

Analysis

  • max time kernel
    9s
  • max time network
    16s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    01-09-2024 13:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Whatsapp-CuBlack-Clone-v17.apk

  • Size

    80.2MB

  • MD5

    e6ff31beccb7ef842cbb08d117c44ba6

  • SHA1

    8049a79abace487104507cf38f562912162a5244

  • SHA256

    75372e4899e8b4074cfa2ff2fa51ae30c7a9f9c82f01bfeedf77d5b07d9038a0

  • SHA512

    cbcba307f52d684d4bfa92344a0cf32887bc6fcafcbbc3eb16595263d6920273dbffbe71df2e9936fb99f85a38ce220f7eb74dc643749812df70f322a9222072

  • SSDEEP

    1572864:P3uGZsJCC55suWYahu4H2U+X2itPwpJhq0Xe910KSY8EvlOjAQixW0MmDq3F:WhCaWY2zNoGqe410QOIW0rDq3F

Score
10/10
triadabankerevasionimpactinfostealertrojan

Malware Config

Signatures

  • Android Triada payload 1 IoCs
  • Triada

    Triada is an Android banking trojan first seen in 2016.

    trojaninfostealerbankertriada
  • Loads dropped Dex/Jar 1 TTPs 5 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • com.arcwhatsapw
    1⤵
    • Loads dropped Dex/Jar
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4374
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.arcwhatsapw/app_ded/stgWRyuguBPxyUJNTQyFVnZZrhRBPGSq.dex --output-vdex-fd=45 --oat-fd=46 --oat-location=/data/user/0/com.arcwhatsapw/app_ded/oat/x86/stgWRyuguBPxyUJNTQyFVnZZrhRBPGSq.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4416
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.arcwhatsapw/app_ded/IMyeDbCRaRDmxQ1zFUMIJ6yaVcJoF4fM.dex --output-vdex-fd=45 --oat-fd=46 --oat-location=/data/user/0/com.arcwhatsapw/app_ded/oat/x86/IMyeDbCRaRDmxQ1zFUMIJ6yaVcJoF4fM.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4445

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.arcwhatsapw/app_ded/99daAMsVnrSJSIuCefondPVhIAyX5bgR.dex
    Filesize

    43KB

    MD5

    49be1ffb509d608a1f3947061e656551

    SHA1

    7fa85882a8a8b2a2ea8e0441d23243d2085c2fb2

    SHA256

    2d3ee0173cb86f68195b7ad9d523c810ba05a831f443eeac5826b725431a8cb3

    SHA512

    cbf49bf899b4ec97ba70ac76e071b4da37ab0dd9f6f4ea30d6f2104058df31de0a9dd32914bfb28f39f4cce9e56cf2570946419b25e58ed012f34eaf2f16a8f8

    Download Submit

  • /data/data/com.arcwhatsapw/app_ded/IMyeDbCRaRDmxQ1zFUMIJ6yaVcJoF4fM.dex
    Filesize

    5.0MB

    MD5

    5e5de1633a226a4c41368bc6bf510802

    SHA1

    36fa67d1b782cae4b06b6521e4be2e5cfe262f32

    SHA256

    7eaff2a1bdd697bae780c69dffa4d33ae65ab468937267679aad18eaa5a4a5c3

    SHA512

    05486b13b98456de80ca2eebdf7f28062266beac230eced5ad5af58136e01c293dc4bf5501476960ae4cb664f0811d8897a0285b0ec203893c5a0edd5859762f

    Download Submit

  • /data/data/com.arcwhatsapw/app_ded/MjRcgtJUdmCkfDwYZXSfLvmzm6TxERrz.dex
    Filesize

    748KB

    MD5

    a9c97eca84d988fb67d6a7d83dbc6537

    SHA1

    712f2b64dd56755c0399a14af5cd104f735b8e1b

    SHA256

    ee7af870242184cc588d5ab8576960085c59147fa80869f127e903849e96a8bb

    SHA512

    a35673528b91ddc3b5c1edf73fbeae803a82f581a8cb719e6b597eb97df74d170a57b9810bccbaabd6f14f6d78ea1e52f9c340ecd7529fa3ae18fdd843eb1d3b

    Download Submit

  • /data/data/com.arcwhatsapw/app_ded/hj0WyZjJDyLFMYtE4ayV0Vy3Yye5ZIEy.dex
    Filesize

    10.7MB

    MD5

    ce068a21e6127100c318dc49823169ac

    SHA1

    3a7d3c767140aead23cd5baecfc9db2f8d8adff2

    SHA256

    81b52d6b70ecb73edde0903170e4129b0ea869ac47c11d1778a8479295498145

    SHA512

    b77956f9f2510d6f40af634c52d6a3dcd8bef39138c021e9e56e4e876535ac3719e83c0a8de48d99b8a27debffa7eeddb51ca167637f5a08080d4aa8697dc026

    Download Submit

  • /data/data/com.arcwhatsapw/app_ded/hnOGAEKjQ97QOGZH9m7L1ELv4vl9Egag.dex
    Filesize

    5.9MB

    MD5

    fd0e75d1eb86b6b9f6fd25b99e75b1ca

    SHA1

    26b60d5e6f73eed3127c398f18e8515354540a6a

    SHA256

    d32a5a378b6c9e61cc3ea8884ddd7971672a373b0ce20eaef90ab2837e6cb66c

    SHA512

    eee17207e29990d13f48c25e7079c724bbd32da5cdd604d154a9d0eaa97935bc9fae39c58d82dc457c828d0aaf665e5ce8945baa3886c2d28fb8884135e5e8d8

    Download Submit

  • /data/data/com.arcwhatsapw/app_ded/nlZU8ZcDi0SCyEO71pAVWz4rHEfSsHVx.dex
    Filesize

    3.8MB

    MD5

    f35872136c131143928a6064de089f6f

    SHA1

    d06f6e66ecaa36eaad1127b69d332209ec8c53c3

    SHA256

    4639cd64b435cfc00f535b8cb0ada57952a297e8a7ba74d31617b6bebdd5798c

    SHA512

    4fdcdf6f957ed1fce3ecf338f8feae8ca7c7054d05553a92179c231a58370fc50fc51fa75c73a6fca9ab57b96eef10e0ba0ac1d2e89b13e05a16d87fbc958e94

    Download Submit

  • /data/data/com.arcwhatsapw/app_ded/stgWRyuguBPxyUJNTQyFVnZZrhRBPGSq.dex
    Filesize

    503KB

    MD5

    edc95ea28f474c3f8ff226218b762372

    SHA1

    2ebf6f635174a625bb358ee075b7ed5d8cf1e190

    SHA256

    ba7dab168ea46901118da55969829b91b50581c8f4109a4f1e5848f7334eae7b

    SHA512

    5a3b5f957c18b1c13081b73824dd7f6695855bc8b9c33641b25c68185738e190f7de5561956e54336cd3e191c3631568214433873b201d6d395c242c5d628c2d

    Download Submit

  • /data/data/com.arcwhatsapw/app_ded/wE13l12axFF9spuzVWUWebjO7REFFVmn.dex
    Filesize

    4.5MB

    MD5

    b7581420f049ce46a4c5a0fcfd096f7c

    SHA1

    4d811749ca1603c1d3a2e8d2c81f18328a13934e

    SHA256

    9aec396fe61b3eddfd5d919a80e707a9677afbea76cfc51be2e2541b68c2c13b

    SHA512

    46f1d76bf28fef839e290d89f11cdee44b0fe6413b0d382ab0cdce56b37c01ca143d0a83e2039a6a8b71ba26e2f2dba2537e163652636d5ed23ab5eecd72df32

    Download Submit

  • /data/user/0/com.arcwhatsapw/app_ded/stgWRyuguBPxyUJNTQyFVnZZrhRBPGSq.dex
    Filesize

    503KB

    MD5

    159d1bbab3edfbdec1a221f3d7fe365a

    SHA1

    d8994b06d211c14cab03f42c5da665f60d8fa873

    SHA256

    1d766a4d75435f9300e54af5e3cf494bafade7b52a3c0495b617ce74c7913118

    SHA512

    94019d851e6479c94fb6b5408d0fc0fb599949f917ab429c5e5e1cb6ef6c86996e5200f73cbb5f21d4944c3b69a42f5fc9613c428643d7dcf4af70aa6cc1501d

    Download Submit