529db9024ac270087cef13924eb2f4a0a47e9f10a8bcb62c77c84d7b9ab776fd

Analysis

max time kernel
5s
max time network
132s
platform
android_x64
resource
android-33-x64-arm64-20240624-de
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-delocale:de-deos:android-13-x64system
submitted
10-09-2024 16:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

GBWhatsApp_v37.00_Developer_Abu_Arab.apk
Size

82.6MB
MD5

9e03bef6b8add72146097db67439c300
SHA1

662ac27678390b72e20aa9c8861e5103371b1aa7
SHA256

529db9024ac270087cef13924eb2f4a0a47e9f10a8bcb62c77c84d7b9ab776fd
SHA512

643c9360e99e9a2ea56161d0a0af458d74d53246fd102be989d7e063d1b91d95eb80a1d9408ab4dfb94949c784a031443b230108bc10e94a2972534641393f21
SSDEEP

1572864:Stm6F5vMmOTRS8FuPbrT9lQHMejaYVPapJHVrUVxDtH:SVFJqyPbrT2MQa4QVrUVz

Score

7^/10

discovery evasion

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 4 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

Processes:

com.gbwhatsapp

ioc	pid	process
/system_ext/framework/androidx.window.extensions.jar	4454	com.gbwhatsapp
/system_ext/framework/androidx.window.extensions.jar	4454	com.gbwhatsapp
/system_ext/framework/androidx.window.sidecar.jar	4454	com.gbwhatsapp
/system_ext/framework/androidx.window.sidecar.jar	4454	com.gbwhatsapp

Acquires the wake lock 1 IoCs

Processes:

com.gbwhatsapp

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.gbwhatsapp
Queries information about active data network 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.gbwhatsapp

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.gbwhatsapp
Checks memory information 2 TTPs 1 IoCs

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.gbwhatsapp

description ioc process

File opened for read /proc/meminfo com.gbwhatsapp

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.gbwhatsapp

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.gbwhatsapp

description	ioc	process
File opened for read	/proc/meminfo	com.gbwhatsapp

com.gbwhatsapp
1⤵
- Loads dropped Dex/Jar
- Acquires the wake lock
- Queries information about active data network
- Checks memory information
PID:4454

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.gbwhatsapp/databases/BTOR.DB

Filesize
20KB

MD5
6365b8be8792f9d6cdf02b86aac88673

SHA1
e9ea1b6b1db7bb348cfb63357c451215e2c016af

SHA256
63ccde4cb62894420110307fb114801ed6ea591182334a2c564187d7987648cd

SHA512
d53f6cc31df48c5ec099d7ee96465071aeffe2f1d06d0e31d9f326ebf846f72a5d4d7d1833999c5c7cbc36410a6422e0a7ea4411aaea9c75c7e55ef3eeee373c

Download Submit
/data/data/com.gbwhatsapp/databases/BTOR.DB-journal

Filesize
512B

MD5
f515122155eecea0b83a7cb5a19b5e9a

SHA1
29a17bd341fde77fc9bb837d0eb0794102ffc108

SHA256
00294ec9b98b60bc09fe3e787985eada919151d94bf7b4967fa5c25fd9fb1f8b

SHA512
a9f6fba661aa238a4471ce3bf37d76b43e93523ac17988b1e1a6508c71f2d19ac6bfab4b2f671742ea1983c6aa50434b2b1f84e88990deb4e68bf57d69ba1538

Download Submit
/data/data/com.gbwhatsapp/databases/BTOR.DB-journal

Filesize
8KB

MD5
b83838006cb83adae20628d532ade815

SHA1
e93d23586cd97234ca0f33b12d8620e1798dfa19

SHA256
df8c441001c048e39aea4a0152a9ef4b40ef1c92b454a330802cb220a75ee7f9

SHA512
f131f2260d0ce25246a653c9c8473dcedd2f65c4e68de3d14365b53ba721c47b28bc6800d453a8692452d465663c2c846ff9830f8f6bde2081f7a84e6284ff0b

Download Submit
/data/data/com.gbwhatsapp/databases/BTOR.DB-journal

Filesize
8KB

MD5
7bdd81bc5f7ced93dfa247d023ba763f

SHA1
72d1ebc4e41bb302b486310b37eb374a49f41a0d

SHA256
ae104cde628a1793fea34cf2706e82033a0e23cb392c6a925a4b0de808c0509f

SHA512
19e970c218ce67cf5b13c5ba7072fd82ec691260cb4ce40e5a383168a54df22d9fb6a8a094fce4a32c9464e7fe1cbec8ef199545a02e42b1ec01c12320c2c6e8

Download Submit
/data/data/com.gbwhatsapp/databases/EHS.DB

Filesize
20KB

MD5
b48f7ffd789fab6a4600554e8c474935

SHA1
6c6896fd3437878a91b014c74bfe2b2c83c2b4ee

SHA256
fdb4a80bb6a82170b194773754f858b74915ae61cf6995ccf149f55b167c7b28

SHA512
43802b7b7adafaba9231d0aac2fc659461c2f3f71cd0e89f5bf1ed54535866f6700364b9a42a269dba0346987cc8a47c031edf8709ee5543ff17aeab82148403

Download Submit
/data/data/com.gbwhatsapp/databases/EHS.DB-journal

Filesize
512B

MD5
8c765878498aa69384c1d97f46d07705

SHA1
2e29fcf317d4bfa9cc2ba35af3bd117cd0164b91

SHA256
3232a888da6c0f300f387193e6b81596bb7f3bf258d9726df8c882654a4d1551

SHA512
d1c863eaf33313e32053304f048ae61d5b05651c0e57ee3a7aaccd58d3413c4623f8faa50b2530ff01baf1a4a25fc85181234cffa1293e463d8079af2b8f7fc6

Download Submit
/data/data/com.gbwhatsapp/databases/EHS.DB-journal

Filesize
8KB

MD5
3eb520c658065edf98b8c23de2ebfe8a

SHA1
14c34c1b6fab35470aa2b9c2a9928ab62ee8858f

SHA256
481c6d026a74d71c5a7557c72111db8be2c42c71b63d62fc4838df8fd83c177f

SHA512
d3cea7d619487258663861e7f79f0060e23ca131ad5f39c5615362ebdd2c3719fb562f879c1488f0243b831cac10c76f29d3d10b63e5243eff3264afccbc06f0

Download Submit
/data/data/com.gbwhatsapp/databases/EHS.DB-journal

Filesize
8KB

MD5
3e78159355b1637195ed62acef81e14d

SHA1
89dcf049446dd1708a8bddd40fd70386bfcd8598

SHA256
b013d779ff8c4e92429eda50e3ef5316705aed91e9ac932d181c96c5a65ce28a

SHA512
981aaaf25d77b235a34477e9e1655213b4ece0edfb2420df17b54f240a72d570f4749ec6fcd12e20649bdef098a081f52bb0fdcc4da805da7acd6879e793a737

Download Submit
/data/data/com.gbwhatsapp/files/Logs/whatsapp.log

Filesize
4KB

MD5
4343dbeb027e79000ab54499a3d1b92d

SHA1
ddd34589b52fd14ca382637855dc335dc695c4c2

SHA256
1fda285202b96948cd09bd3bdf1c643ba8058dd1c289df6601f19101643fa7b6

SHA512
c46817ffc5732823a607936cf688b49e669bba87ea8836b71fe2d0f9f684ce5f859e9596b6d2ad1167475830a0657b91d4632a07948e7bad50033716f7dc0410

Download Submit
/data/data/com.gbwhatsapp/files/decompressed/libs.spo/.superpack_version

Filesize
30B

MD5
3053e7cb97f4b7db813b71a3dab768e4

SHA1
6969b519f3693839a9680cc0ebe3c6dba1ea1c32

SHA256
a1af437a6e02563d489d83a338788b95d32e82c9ffc96bdb628ce63500f54bcf

SHA512
160cb8fe0c75446176fa34ed5e562492c743d9dd686662297b817ee5cd608a2ea1273ef3fac3aa7ca4008077357ad38cf3f13b283c51f34761a39c1a0da9f4b2

Download Submit
/data/data/com.gbwhatsapp/lib-main/dso_deps

Filesize
384B

MD5
40476064d1607d7b851f23a147c5b142

SHA1
820b08c737ec4d9fad8435a0c32fcfce55cc3d38

SHA256
248f1cfd7732e78f76091e3394c8361a81bfb74850fd18c68d6b058b7fa83e10

SHA512
e7ee5ac5d2a2b52884bdfe70dc8683d5c2da67a26f3bf46cf1122aecf30984a9ade799d6aaf9f2d8fbc9afe3bbc4a9106d843f1307548166dac40605de82d563

Download Submit
/data/data/com.gbwhatsapp/lib-main/dso_manifest

Filesize
5B

MD5
c06857e9ea338f3f3a24bb78f8fbdf6f

SHA1
c5a0a2529d2deb60fec041b4fbd722a2ebe31702

SHA256
957b88b12730e646e0f33d3618b77dfa579e8231e3c59c7104be7165611c8027

SHA512
29f61516876c25379a7bf4faa2b3ca6f6b53eac90e7de47671fec4a818d51441b4025cd7909f7c0a0d113ab6c5ff00cb3700c286bac7319185b77905feec4fb1

Download Submit
/data/data/com.gbwhatsapp/lib-main/dso_state

Filesize
1B

MD5
93b885adfe0da089cdf634904fd59f71

SHA1
5ba93c9db0cff93f52b521d7420e43f6eda2784f

SHA256
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

SHA512
b8244d028981d693af7b456af8efa4cad63d282e19ff14942c246e50d9351d22704a802a71c3580b6370de4ceb293c324a8423342557d4e5c38438f0e36910ee

Download Submit
/data/data/com.gbwhatsapp/lib-main/dso_state

Filesize
1B

MD5
55a54008ad1ba589aa210d2629c1df41

SHA1
bf8b4530d8d246dd74ac53a13471bba17941dff7

SHA256
4bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a

SHA512
7b54b66836c1fbdd13d2441d9e1434dc62ca677fb68f5fe66a464baadecdbd00576f8d6b5ac3bcc80844b7d50b1cc6603444bbe7cfcf8fc0aa1ee3c636d9e339

Download Submit
/data/data/com.gbwhatsapp/no_backup/com.google.InstanceId.properties

Filesize
63B

MD5
6e0d1bd8efe298177f0136ea95ac71fd

SHA1
3f8d961b458581aba1edc2000ba212cbba5e1d7e

SHA256
a8887eba361c0ddf36ce6759f396435e7efcf95229f2ead5aa92dd4b5126eef6

SHA512
060e33495cccf7b8a538e2ddd7556b918150b21b2319aed377ec6905dd7f9ca515b48aa8c5d60c67244829171e88badacc003bbf7417a42f9a47c7f4c3e17c66

Download Submit
/system_ext/framework/androidx.window.extensions.jar

Filesize
123KB

MD5
3056e1bdb7d4e19789d0319eff484bd0

SHA1
6791ae47aa9466fe0bca27ad6643f846853bbee4

SHA256
8e6331a07c9f2ac139214c527dcaff2c82d126bbe7bd3420cdc36d6a8c9204b0

SHA512
c790980fd68d9f89e32743bc28846807d5e5947c555f494de47714dec5cbd0c08d81c3260fa463759d1b17a953af3c44ec30b14fb08bf6b29db3837346c9f658

Download Submit
/system_ext/framework/androidx.window.sidecar.jar

Filesize
25KB

MD5
29469324e59dfcc052f24b5af4e7b2c4

SHA1
10c1e17ac6f598037bb51baa07945663645de4eb

SHA256
9195dc6a1c75a841384050240dfc972e48178964993fba6619788625f4b40d1a

SHA512
5e27c2b1431369a248298f2f749136a575005584f9999f2a4c204a0c47adce2e33c8df9f058bdafa1bde1c99e46d175560cedfcddcd8581718ed1d9973c37cc2

Download Submit