wipelock | hxxps://web[.]archive[.]org/web/20230706214541/hxxps://download1587[.]mediafire[.]com/t1vdad3xufngg6CCX1k5jtiFJ0YYnHArLuX2ldpUW45Y7C5_ICaaMoj15-uYrQ6IH4D6uZD0Xn-dcHnvDAXCw1fpmTc_0gQtEgldscAvESOiKjQXCpk1VPUISW0N9EJwVOMwZfG74yKr06krisXQH9u4s95Hp7LFqY-oMYQYAG2yBcY/12o45hf43lvv6az/fnaf2+aptoide[.]apk

Resubmissions

06-10-2024 01:21

241006-bq5lsstamb 10

06-10-2024 01:05

241006-bfz9bssfqd 10

Analysis

max time kernel
124s
max time network
151s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
06-10-2024 01:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://web.archive.org/web/20230706214541/https://download1587.mediafire.com/t1vdad3xufngg6CCX1k5jtiFJ0YYnHArLuX2ldpUW45Y7C5_ICaaMoj15-uYrQ6IH4D6uZD0Xn-dcHnvDAXCw1fpmTc_0gQtEgldscAvESOiKjQXCpk1VPUISW0N9EJwVOMwZfG74yKr06krisXQH9u4s95Hp7LFqY-oMYQYAG2yBcY/12o45hf43lvv6az/fnaf2+aptoide.apk

Score

10^/10

wipelock infostealer trojan

Malware Config

Signatures

Wipelock
Wipelock is an Android trojan with multiple capabilities, such as wiping data, reading and sending SMS messages without the victim's knowledge.
trojan infostealer wipelock

Wipelock Android payload 1 IoCs

Processes:

resource	yara_rule
/storage/emulated/0/Download/.pending-1728781578-fnaf2 aptoide.apk	family_wipelock

Declares broadcast receivers with permission to handle system events 1 IoCs

Processes:

description	ioc
Required by device admin receivers to bind with the system. Allows apps to manage device administration features.	android.permission.BIND_DEVICE_ADMIN

Requests dangerous framework permissions 8 IoCs

Processes:

description	ioc
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to receive SMS messages.	android.permission.RECEIVE_SMS
Allows an application to send SMS messages.	android.permission.SEND_SMS
Allows an application to read SMS messages.	android.permission.READ_SMS
Allows an application to read the user's contacts data.	android.permission.READ_CONTACTS
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an application to read or write the system settings.	android.permission.WRITE_SETTINGS

Checks CPU information 2 TTPs 1 IoCs

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.android.chrome

description ioc process

File opened for read /proc/cpuinfo com.android.chrome
Checks memory information 2 TTPs 1 IoCs

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.android.chrome

description ioc process

File opened for read /proc/meminfo com.android.chrome

description	ioc	process
File opened for read	/proc/cpuinfo	com.android.chrome

description	ioc	process
File opened for read	/proc/meminfo	com.android.chrome

com.android.chrome
1⤵
- Checks CPU information
- Checks memory information
PID:4190

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

files/dom-0.html

Filesize
2KB

MD5
ff3b1591e700362ae0e58bc6cd49ef1a

SHA1
4f54434e3fdf6a2f6a4181ced3588fe76473f6d6

SHA256
193d61f52970c99272c14938226c9b0d7012a0655da48f0ce7903a4bb12f8562

SHA512
7006a3d1336d7c17849421fda9b77dc624ac36e031cacaf0f856c020a8bab055d7627654dae95bee291d8bd5f1efc5be5fd15f18b30afb439d74ae8bc4a4f18b

Download Submit
/storage/emulated/0/Download/.pending-1728781578-fnaf2 aptoide.apk

Filesize
549KB

MD5
62da81e2b3814236196861ed2ca4f692

SHA1
f81a7a2efed6198303a4511436990be0f8391600

SHA256
9e1e505ef22e17bff8bc272045278703da6bd6583b4ae0e5dc5de75203bebe8e

SHA512
a673d2d9bc3b455cee18e1925c3137d22eef7ee4e8bf25de05404b9c5c605eee9edd6488d524e4969689236fc7278179f3e344bc8c46078cb0c7c0d33a0485c4

Download Submit
/storage/emulated/0/Download/.pending-1728781578-fnaf2 aptoide.apk (deleted)

Filesize
525KB

MD5
d2a5a564f6e6f810e0df34b36099a2df

SHA1
7a138b8385cf84f87a749f994c5f84492c00a209

SHA256
2fd5e4f63c1cbded025d7be39b3ccd5fff237c8f1615f8b3b6db2a7ff9a06d79

SHA512
aa5275a321fa90ae868bd69ceead9d018e517912fed57a9136971b01cc85b8e6e919feedc22674caba4d485906970f0a39bf20bbc02ffc569aef6be3e2e1c194

Download Submit