e82485e1a587d5ab5004cefb214d3cc0635309816c505bb542b28dc9c2c6f27f

Analysis

max time kernel
9s
max time network
60s
platform
android_x64
resource
android-33-x64-arm64-20240624-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system
submitted
19-09-2024 18:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

OGWhatsApp_Pro_v20.85.apk
Size

90.7MB
MD5

cfb809f6b6583924ac3028f65fde7edd
SHA1

6c722fd47a1bdbd2c4d4a25f6a6d047e26ad5582
SHA256

e82485e1a587d5ab5004cefb214d3cc0635309816c505bb542b28dc9c2c6f27f
SHA512

4f2a8131aae1b890e8d7900487d8fc1065b69b10f8e58f5a5a0c10c862237069705ec9e73d9c50f2bb27c7b49168d53687b54bd02e35b4232403f01265c76df6
SSDEEP

1572864:dUxuK95aiftMn31Jo3qnZbcZT9fX1EgC3NADI24ehVGHfbn30HrF/OR:SuKmiFM31JgqJ0B1FC36I24dHfb3UZ/O

Score

7^/10

discovery evasion

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 4 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/system_ext/framework/androidx.window.extensions.jar	4392	com.gbwhatsapp3
/system_ext/framework/androidx.window.extensions.jar	4392	com.gbwhatsapp3
/system_ext/framework/androidx.window.sidecar.jar	4392	com.gbwhatsapp3
/system_ext/framework/androidx.window.sidecar.jar	4392	com.gbwhatsapp3

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.gbwhatsapp3

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.gbwhatsapp3

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.gbwhatsapp3

com.gbwhatsapp3
1⤵
- Loads dropped Dex/Jar
- Acquires the wake lock
- Queries information about active data network
- Checks memory information
PID:4392

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.gbwhatsapp3/databases/BTOR.DB

Filesize
20KB

MD5
6365b8be8792f9d6cdf02b86aac88673

SHA1
e9ea1b6b1db7bb348cfb63357c451215e2c016af

SHA256
63ccde4cb62894420110307fb114801ed6ea591182334a2c564187d7987648cd

SHA512
d53f6cc31df48c5ec099d7ee96465071aeffe2f1d06d0e31d9f326ebf846f72a5d4d7d1833999c5c7cbc36410a6422e0a7ea4411aaea9c75c7e55ef3eeee373c

Download Submit
/data/data/com.gbwhatsapp3/databases/BTOR.DB-journal

Filesize
512B

MD5
9aa173ed225c9483f99c708df6124ff1

SHA1
2e6d94ba774a102ca57fb9a6bdf4321c4e59529a

SHA256
85ae8aa5585fa7f720dca3174cadf698ee064b2850ad7ef8e41fcf671075d4da

SHA512
d8f670f81b6780e193d15ad91f234fb082a658a6d5873581261deed74e03c66c19a4f66e6bfd78a33dfae77c153f1ff7fda8f462d3d06807b687df596c583647

Download Submit
/data/data/com.gbwhatsapp3/databases/BTOR.DB-journal

Filesize
8KB

MD5
c80a28164c1ddf5d349d2f59cc3ccb1f

SHA1
693c54c8d5368fa2dc656943a7d7f1301bd52ab7

SHA256
fe6fe23fdf50f5633ca3d03e2d56369fec59348418c58d332f6170850c721df1

SHA512
c4fe89c67021cb86163e8d1c88b6034b0b534e830e687180ae221c636fb3f4f0000204255a8aa9fc304eeeda0b5102231b0e8c9ecc2a6e1c62fefc3db6abb77d

Download Submit
/data/data/com.gbwhatsapp3/databases/BTOR.DB-journal

Filesize
8KB

MD5
d26c98ad5e9bdf17d03c29038ed18e99

SHA1
2326cdba28b4f83009f892cd7ca3370cabfa066f

SHA256
2f47bbf76399f19d80738cc0430422dc405fb10740bfce6d664859bb4dc00d27

SHA512
debbc6acffb620e8e3dedcf5f839064bd178efc73d9dc1cc4d099a6deb6d87de7129502df6ec310d16e64de5b5717f38d66205b285c13678fcc214356e5b7fa5

Download Submit
/data/data/com.gbwhatsapp3/databases/EHS.DB

Filesize
20KB

MD5
b48f7ffd789fab6a4600554e8c474935

SHA1
6c6896fd3437878a91b014c74bfe2b2c83c2b4ee

SHA256
fdb4a80bb6a82170b194773754f858b74915ae61cf6995ccf149f55b167c7b28

SHA512
43802b7b7adafaba9231d0aac2fc659461c2f3f71cd0e89f5bf1ed54535866f6700364b9a42a269dba0346987cc8a47c031edf8709ee5543ff17aeab82148403

Download Submit
/data/data/com.gbwhatsapp3/databases/EHS.DB-journal

Filesize
512B

MD5
fdd2fbc09ce08f23244214c1e1071158

SHA1
074207a19db7dc4d2929725ef9bb3cb894c9022c

SHA256
1b5f467105c0360a18275db79b666c7bbd1ba4859403558b4619d8de566b8dbf

SHA512
ad8606de48effe2f9dbacf7ae0db6f7f8c888d74ae77c3d8f47f5ba40abd2ce440425fd22bb949ece733c8650d5e7f4f1d7e900ceb4b15f1a18283d6d822509a

Download Submit
/data/data/com.gbwhatsapp3/databases/EHS.DB-journal

Filesize
8KB

MD5
8cd1ad5159ac919afdea244dcc25f1f9

SHA1
f073b61da03228451db85800185b581f22be795f

SHA256
ea2673e22f5145866e9c93882384d9b0a2dc1b6c836ecd576030752f99787ae9

SHA512
e4ff1f393eeb1984cbddee9e200ad99945bbed7e2b92a519b33e1328fbc06aee940d5283497d400d8fc8b544ddbb8df249cac1a39e44a192abbf0a4b29ab19b2

Download Submit
/data/data/com.gbwhatsapp3/databases/EHS.DB-journal

Filesize
8KB

MD5
ab1c7bdbd1a07c62b1c2493e47cd93ea

SHA1
a23de0dee448e2034db6c91e20b2efa35d41c383

SHA256
070f7ebd180f74ffed750d631412c6cf37685ee754a9903252a1a86283016a48

SHA512
5139a22928f4e207849ccc777ce278e158b21c868639eb4633c0d14c92c8feda38788cd3d7b41c7f8dd18553fa8eef770525173df7e92c954bbeb06dc79a98a1

Download Submit
/data/data/com.gbwhatsapp3/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
4d684b982775799330b081c9ac812caf

SHA1
8faccd04fa5d8b159b0cb78dee5c8fa0f46e6251

SHA256
3dd98d59da038a7642b756a0f9d2f7af92f57f0ecfb21e8f8d735bacf605256a

SHA512
47d7ebdfbb849dbb7aa4404c42f3b2c4a8d071128f854d14dd0715c24e60b6f04a1c448fe3b95b3a9698443fd6348d63822a591cc8477176b5d81ed0860c1793

Download Submit
/data/data/com.gbwhatsapp3/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
adb8a8ca12d8529674338c4f8a246353

SHA1
91f75cc0e0c8c872a12bcd99c7a3830655a57d81

SHA256
38a7bd90ccf1615a730d2f9b064c36b0e47ef7f8d2ed974762080901497fce2d

SHA512
84dc5971531dd4a8e28d6048c902d1d5d6f3198bf79e8f20612e5f46aa1d031e0d5b5078f0f047ca08ad4f68ca4a804c2737d493672b1289cf0ef9d2a56e5891

Download Submit
/data/data/com.gbwhatsapp3/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
4a589ecfc871a28264eca6a3c534920a

SHA1
beae0d2ac2b04a951640d41059cf88e0c33aba74

SHA256
11393c45fb0fa074047f80d2b6130b3a254c8044dbdcca66eb2bf09a82d9da39

SHA512
12c7b328686b37e399a2c0c4b81e4eddee70f6fc3c186ced9198b85de5f7141d6e9f32766387419ec303351058da390eb5893f3a81672260ce73f6093883a839

Download Submit
/data/data/com.gbwhatsapp3/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
cee8c569258f12c0f1094d2cd082d60e

SHA1
b98a29e678b84f0a01d9e0116fccb152eeed4550

SHA256
7584d64a7f3a17aa12df39d713b870ed7f700aa7fa7492947a7e47390dd52929

SHA512
485fa4f6ab46eef2b699adbb9993fba6c889171ddd7eeda51a80a9911d76997d8106e207c679e373d335a156c091dc8d06e45d196f9ecc182159da858f6e5fd5

Download Submit
/data/data/com.gbwhatsapp3/databases/wa.db

Filesize
4KB

MD5
0eb157e1a86d4d00aa601dd2f6ff3ee3

SHA1
fee434f784e73cc7916322e949f727caf8363102

SHA256
b9a8194b71a046e8c0eb30995827b582b4bea834f630a5df2483b778a7d7d8a4

SHA512
b9b79b8c3af8a3f140df230fd89e95206358ba50ff214e7323a2dbbe2937b795f970e588302ffd5d721318bd597ce0a27af26d6cdb07f45569c30209845082a8

Download Submit
/data/data/com.gbwhatsapp3/databases/wa.db-journal

Filesize
512B

MD5
52a08b61c2a6a086e8ebd2433ff62245

SHA1
d777c1baf805e54ce9b0cf142af575546c1887fc

SHA256
dfa23abcb9ba49f7a30bd219cda7c108d54ce4227a090087e74ecdce8ba485c9

SHA512
8540233d860a68131cc3676d4a07ae45600815a785c76f82907d4cc1f0318323950671abfb2a220fd2931b20074812d7ab546db5e55b41ab01e62230dd8e7efa

Download Submit
/data/data/com.gbwhatsapp3/databases/wa.db-wal

Filesize
16KB

MD5
27fe64232f169512a48f061c9896096e

SHA1
987da1f52ddbfe18c3fe31a0e09e6e7d9f70575c

SHA256
ba8749a540d27ecacc2c6473a23ef590db680a887d40c55fedb51c52e792685c

SHA512
fa70bd3b6179891d89e3368db707664a860b4fc7f1923c9cdedd96992ee7625512f6ad52696050ccf269a107f05ad1c0cf1e72700b581d4efec1a78c4a66df18

Download Submit
/data/data/com.gbwhatsapp3/files/Logs/whatsapp.log

Filesize
5KB

MD5
2b7892ec481304a54d37087f67da57d2

SHA1
eb2978ef76f3c0d070ba4c984e27a7598c78c7df

SHA256
6297cda4c2f41f2165bcabe84ec18d5724372746279a724b43b744671fff2eec

SHA512
139781e9510f5a15c3ac3243fa938780d5d00eb2dcb2e860ad49a9848ae029755e5a7ccffe44d8d2e7af2aef41b84e268c9a3b45bfd5467473bf8849d159679c

Download Submit
/data/data/com.gbwhatsapp3/files/PersistedInstallation1076238314396755364tmp

Filesize
114B

MD5
b8acd7f3b33b615ede8b22fe20508ca5

SHA1
93582820a2620a8f084f4c56338471813229f38c

SHA256
5bb4f612c13f5fdf7184c45f578638c5873b60f3ad483e937b20e0bf83789efb

SHA512
6010501c923ae20d6678b6b5995407a28b53bf6654b490c30de5f6951f781afd9a8d583ca431010523e393df60b86ce2004c43f1f0bab6d0003de97e26207697

Download Submit
/data/data/com.gbwhatsapp3/files/PersistedInstallation6973179369604908587tmp

Filesize
90B

MD5
0c7d7657e47a0d46505ad6d94b4a45a5

SHA1
2c8daf1d9c1348f87071e808f71c18fe10937dba

SHA256
001b2f1d1389626b04e99e6467301dcd7d7f970b503c7d239e6de401406547d3

SHA512
0fbf72e442d0cdc1c367586490b5ae45131bb10821125bf8a35d4ee152326e3cd0c2181fcec4131bd8e08c37e9e93244be0d9184012700bf5463366d29caf640

Download Submit
/data/data/com.gbwhatsapp3/files/decompressed/libs.spo/.superpack_version

Filesize
31B

MD5
bc92311fc46cd2c6d3147cc81d9f4838

SHA1
e8d637790481c0bedae736950694a8461c71e91d

SHA256
d71011ad0f8428f0a2abb5b6cf75091c5637a61e62e2d5502ed18311dc5d8dd4

SHA512
822fa68a9e611cf4414a44fa5e021bbcf320bcbc1263cd3c552d2139228460d4b15b663aa7722ad5f036f12d9cf59f46aadb6b748f3d3f1d8c673939b61ece51

Download Submit
/data/data/com.gbwhatsapp3/lib-main/dso_deps

Filesize
388B

MD5
b73ea585187da4fb9ff1ca2ee4aa4643

SHA1
aeb16b16571c2aebb2b24118f6d58fc82810d0f8

SHA256
88c29006e3c53cac8871dae058d143005e79f3a006541623a8ce179c62b2eb74

SHA512
9414ee4a40f4947db186ff01328ed0e00e18bcfa2cd771838a4636ec3468583dcd5379066d56973d29ec9d4fe54783abfcdb96ab1190050e5a874d5a30d204f5

Download Submit
/data/data/com.gbwhatsapp3/lib-main/dso_manifest

Filesize
5B

MD5
c06857e9ea338f3f3a24bb78f8fbdf6f

SHA1
c5a0a2529d2deb60fec041b4fbd722a2ebe31702

SHA256
957b88b12730e646e0f33d3618b77dfa579e8231e3c59c7104be7165611c8027

SHA512
29f61516876c25379a7bf4faa2b3ca6f6b53eac90e7de47671fec4a818d51441b4025cd7909f7c0a0d113ab6c5ff00cb3700c286bac7319185b77905feec4fb1

Download Submit
/data/data/com.gbwhatsapp3/lib-main/dso_state

Filesize
1B

MD5
93b885adfe0da089cdf634904fd59f71

SHA1
5ba93c9db0cff93f52b521d7420e43f6eda2784f

SHA256
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

SHA512
b8244d028981d693af7b456af8efa4cad63d282e19ff14942c246e50d9351d22704a802a71c3580b6370de4ceb293c324a8423342557d4e5c38438f0e36910ee

Download Submit
/data/data/com.gbwhatsapp3/lib-main/dso_state

Filesize
1B

MD5
55a54008ad1ba589aa210d2629c1df41

SHA1
bf8b4530d8d246dd74ac53a13471bba17941dff7

SHA256
4bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a

SHA512
7b54b66836c1fbdd13d2441d9e1434dc62ca677fb68f5fe66a464baadecdbd00576f8d6b5ac3bcc80844b7d50b1cc6603444bbe7cfcf8fc0aa1ee3c636d9e339

Download Submit
/system_ext/framework/androidx.window.extensions.jar

Filesize
123KB

MD5
3056e1bdb7d4e19789d0319eff484bd0

SHA1
6791ae47aa9466fe0bca27ad6643f846853bbee4

SHA256
8e6331a07c9f2ac139214c527dcaff2c82d126bbe7bd3420cdc36d6a8c9204b0

SHA512
c790980fd68d9f89e32743bc28846807d5e5947c555f494de47714dec5cbd0c08d81c3260fa463759d1b17a953af3c44ec30b14fb08bf6b29db3837346c9f658

Download Submit
/system_ext/framework/androidx.window.sidecar.jar

Filesize
25KB

MD5
29469324e59dfcc052f24b5af4e7b2c4

SHA1
10c1e17ac6f598037bb51baa07945663645de4eb

SHA256
9195dc6a1c75a841384050240dfc972e48178964993fba6619788625f4b40d1a

SHA512
5e27c2b1431369a248298f2f749136a575005584f9999f2a4c204a0c47adce2e33c8df9f058bdafa1bde1c99e46d175560cedfcddcd8581718ed1d9973c37cc2

Download Submit