529db9024ac270087cef13924eb2f4a0a47e9f10a8bcb62c77c84d7b9ab776fd

Analysis

max time kernel
7s
max time network
129s
platform
android_x64
resource
android-x64-arm64-20240624-de
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-delocale:de-deos:android-11-x64system
submitted
10-09-2024 16:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

GBWhatsApp_v37.00_Developer_Abu_Arab.apk
Size

82.6MB
MD5

9e03bef6b8add72146097db67439c300
SHA1

662ac27678390b72e20aa9c8861e5103371b1aa7
SHA256

529db9024ac270087cef13924eb2f4a0a47e9f10a8bcb62c77c84d7b9ab776fd
SHA512

643c9360e99e9a2ea56161d0a0af458d74d53246fd102be989d7e063d1b91d95eb80a1d9408ab4dfb94949c784a031443b230108bc10e94a2972534641393f21
SSDEEP

1572864:Stm6F5vMmOTRS8FuPbrT9lQHMejaYVPapJHVrUVxDtH:SVFJqyPbrT2MQa4QVrUVz

Score

7^/10

discovery evasion

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/system_ext/framework/androidx.window.sidecar.jar	4580	com.gbwhatsapp
/system_ext/framework/androidx.window.sidecar.jar	4580	com.gbwhatsapp

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.gbwhatsapp

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.gbwhatsapp

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.gbwhatsapp

com.gbwhatsapp
1⤵
- Loads dropped Dex/Jar
- Acquires the wake lock
- Queries information about active data network
- Checks memory information
PID:4580

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.gbwhatsapp/databases/BTOR.DB

Filesize
20KB

MD5
0618ac070d3d6310bf93d308bf221ee1

SHA1
4af3cfaeca579d0451e25541b6269689f0e446e9

SHA256
dd98241974487ce11a331a28a6eafb2f01b7eeb50ab579af07fce08ad6b076d5

SHA512
d355d807e6a8e48264cd5b372f8b434133532a8e366f38a546c4e8de54fa125d1281d73bbf246aed3cca75ced39d70cb20c2a8b4a134d09ad3e7c35344a3a93f

Download Submit
/data/data/com.gbwhatsapp/databases/BTOR.DB-journal

Filesize
512B

MD5
f2a7169f23b0a52e88a3ef13d0110869

SHA1
1416e4a70f41b7354e3d4b920a22e8d4b5eec808

SHA256
b279bfc1beb66027b082bb654597c77b24e8f421b447a3969d5c8da5c42d04d8

SHA512
ce95ac487da95debda23a89161c11a8953ba6b3481994187ab6472ad42ddb8dd9a355a5729ff3a7eeec9a20e976dd1af133cff2e0848d7f72be3ff055fa9cec2

Download Submit
/data/data/com.gbwhatsapp/databases/BTOR.DB-journal

Filesize
8KB

MD5
1bd1bf91d3fae48765580e272c3c4767

SHA1
888347559f0c9b2e3fc6eac08e5dd5c72619b636

SHA256
f132f41022599352d7d7b2aff86970055876fd26780367b54b203636a410c4a7

SHA512
b0623e497f7eb54692cf8878c325a768373ffe404db8066ae5a712772143a9e612bac4bd1e6c8abbbdabdd9df113bd91c710dfab27b9e65a1fd21d3954da1345

Download Submit
/data/data/com.gbwhatsapp/databases/BTOR.DB-journal

Filesize
8KB

MD5
6752585886eb0157ee4e3790129d0e94

SHA1
a66f81d5b12b39b4522a4a1f152439475412b21a

SHA256
5e798ceb997e2ec1d93e28cfee04f2fc08de24685a6121988a973b499212a74d

SHA512
9714463f262128765fc211cd2d2f25ccf1e2b18fbe1f8c8fb15c38fe12c742f5f23f30406ff01c8520951a2fdfa83d2e43a4f1b0915fa211fd257a2c1bff70c9

Download Submit
/data/data/com.gbwhatsapp/databases/EHS.DB

Filesize
20KB

MD5
d982b1c1329f068bbbfacc27cf733ea1

SHA1
c8bfee353ce9fa381460ce2b9bff84beb42e1ade

SHA256
9e395623e7b156745bf31034c702e0522e69e23c498714f9013011b531d347d2

SHA512
af9e8ade7f94b6437ea74035caded807e969af322514e278d0a8a91860c06cb6cf1ba1e1923a174cc6df4a309fdf78061c96fc1cdaaca0a103565ec69e34bafe

Download Submit
/data/data/com.gbwhatsapp/databases/EHS.DB-journal

Filesize
512B

MD5
76954c46a2d4f18ed86647f908baf7a8

SHA1
75a661f1d088bd9dc6d7b1807cdc9148866a33d7

SHA256
803e66777d2af861115918363fef31b39d4015006f766ec94be1974c784f8b58

SHA512
df46910d2d1e00442ec91777e9b8f598847d1fd5b958041ad6604622148db2fd6b1e04a5ceeb64d09aff7f493dafec84c6cdfdedec9d30248821223a69b2bc6a

Download Submit
/data/data/com.gbwhatsapp/databases/EHS.DB-journal

Filesize
8KB

MD5
84a33bc06abcf35cf4d2332e40ca9348

SHA1
6940be2b4dc9c9b462132da3b4ed4775d4bf38dc

SHA256
cb6528df80f547e300dde6ee0dd69b76e6800d93a6fadcfc1430e587a238ee72

SHA512
1523d8c51217bc6cd50f73ed78f0f508a52261da248af3ea1b6d79b6b7602a9814894e021d97a002197f13aea2b496f0eaa089e0a1bd43524a18b08caddc76d6

Download Submit
/data/data/com.gbwhatsapp/databases/EHS.DB-journal

Filesize
8KB

MD5
c707335017db71b3e212dd8831d4b3ae

SHA1
ca0034374acb61f89b7c92bd27cf42561ec85422

SHA256
a9521a429ab3a65d1fdd97f6e515bce4864ab630a207521dcaa8d859f1907218

SHA512
6be500c08f8d1177e859c42a7490ee8b46f2ff1543e7e24a0147b944a8f07b56061585c7e8e8bb6292ef27d7316e0c5f07a8dd736e36212437f4f8234c7d15fa

Download Submit
/data/data/com.gbwhatsapp/files/Logs/whatsapp.log

Filesize
5KB

MD5
b0755c81f635bd437661494544185606

SHA1
ccd1c7deab5e1f257de58f8ea34fa446d0be280b

SHA256
a1d40583a1258753ed74421593316feaac4e88e1aac491ae290bd0039c368297

SHA512
7657d71fd12f161bc8c75eeeb68592f7f3e9cf9a0dcfe1d0efa09ac32a35d6b2c7924a6a20363b671890bd3f48f96c0017c207751b69026e31ddfb28353f44da

Download Submit
/data/data/com.gbwhatsapp/files/decompressed/libs.spo/.superpack_version

Filesize
30B

MD5
1ec60ebd012db595adf6841db052a426

SHA1
a1dd5d93103cf52569ce426fbed0b0663fc42cbb

SHA256
3eb3339b9998d1aeabe0890dec4baf81a1289fdc26148986ac3c23af75f4f706

SHA512
8961c33a9cc3f6a3de6ad5d64483c1e3b84e3bf5ccb20f106e1a24fabfd2e349cae83da2a0bdc61749314eced2c9ea1c0fa061569396e19c99d2aab743526aef

Download Submit
/data/data/com.gbwhatsapp/lib-main/dso_deps

Filesize
384B

MD5
bf5c55ba55fb16ee01e0d054d1601be0

SHA1
91ed469558ea24bb68a6fe2f9a756c22da52b5da

SHA256
ec2dd4217e2026cbec1ea4f5e25707fcddde29f3e515e42f0c484d6de36e1d29

SHA512
5c90023c1ca4019786c2f1423e192be2ce6fe7e9c4985db33715c9045bfe6be39b7ab3abef52289e824fdb0ebf86973ad6a8b04fc34878ba83764dc201190a98

Download Submit
/data/data/com.gbwhatsapp/lib-main/dso_manifest

Filesize
5B

MD5
c06857e9ea338f3f3a24bb78f8fbdf6f

SHA1
c5a0a2529d2deb60fec041b4fbd722a2ebe31702

SHA256
957b88b12730e646e0f33d3618b77dfa579e8231e3c59c7104be7165611c8027

SHA512
29f61516876c25379a7bf4faa2b3ca6f6b53eac90e7de47671fec4a818d51441b4025cd7909f7c0a0d113ab6c5ff00cb3700c286bac7319185b77905feec4fb1

Download Submit
/data/data/com.gbwhatsapp/lib-main/dso_state

Filesize
1B

MD5
93b885adfe0da089cdf634904fd59f71

SHA1
5ba93c9db0cff93f52b521d7420e43f6eda2784f

SHA256
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

SHA512
b8244d028981d693af7b456af8efa4cad63d282e19ff14942c246e50d9351d22704a802a71c3580b6370de4ceb293c324a8423342557d4e5c38438f0e36910ee

Download Submit
/data/data/com.gbwhatsapp/lib-main/dso_state

Filesize
1B

MD5
55a54008ad1ba589aa210d2629c1df41

SHA1
bf8b4530d8d246dd74ac53a13471bba17941dff7

SHA256
4bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a

SHA512
7b54b66836c1fbdd13d2441d9e1434dc62ca677fb68f5fe66a464baadecdbd00576f8d6b5ac3bcc80844b7d50b1cc6603444bbe7cfcf8fc0aa1ee3c636d9e339

Download Submit
/data/data/com.gbwhatsapp/no_backup/com.google.InstanceId.properties

Filesize
63B

MD5
93df855f484536644917e74a338d3153

SHA1
c6a5b57d709def413ab77fd3f8cfbb985b76f062

SHA256
96c712ad329260cddd28a70d28881d5b7c6dfc77d159a916e5e5e54e88c0d2af

SHA512
8a0fbf045d664e96df5daeeafc062fa8135f31c1699761095fc9c67c2e7670d18cde5d4365671f36afd54df8be0a2e010b223056e7a630afbf9fb5863ae4bfa7

Download Submit
/system_ext/framework/androidx.window.sidecar.jar

Filesize
12KB

MD5
bdf3529e80318eb14e53a5bf3720c10d

SHA1
25c9ace4b1af6e80ebb2572345972c56505969ba

SHA256
bbc8300dd1e9cd08de8f66560c1ac2c928615b72b51cef9649f88974f586d64b

SHA512
48b9c2d01171bb651b9b54826baa51f4add48431a3efd8ceb5f7cc3bcd6f8f37edf47fabb24349dd15b3a02329cd450f90a8d164bf4f8dfae554bf3b35a8a55b

Download Submit