Analysis Overview
Threat Level: Known bad
The file https://web.archive.org/web/20230706214541/https://download1587.mediafire.com/t1vdad3xufngg6CCX1k5jtiFJ0YYnHArLuX2ldpUW45Y7C5_ICaaMoj15-uYrQ6IH4D6uZD0Xn-dcHnvDAXCw1fpmTc_0gQtEgldscAvESOiKjQXCpk1VPUISW0N9EJwVOMwZfG74yKr06krisXQH9u4s95Hp7LFqY-oMYQYAG2yBcY/12o45hf43lvv6az/fnaf2+aptoide.apk was found to be: Known bad.
Malicious Activity Summary
Wipelock Android payload
Wipelock
Declares broadcast receivers with permission to handle system events
Requests dangerous framework permissions
Checks CPU information
Checks memory information
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-06 01:05
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-06 01:05
Reported
2024-10-06 01:19
Platform
android-x86-arm-20240624-en
Max time kernel
374s
Max time network
610s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | web.archive.org | udp |
| US | 207.241.237.3:443 | web.archive.org | tcp |
| US | 207.241.237.3:443 | web.archive.org | tcp |
| US | 1.1.1.1:53 | archive.org | udp |
| US | 1.1.1.1:53 | web-static.archive.org | udp |
| US | 207.241.224.2:443 | archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 1.1.1.1:53 | athena.archive.org | udp |
| US | 207.241.225.195:443 | athena.archive.org | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 216.58.212.227:443 | update.googleapis.com | tcp |
| GB | 142.250.200.46:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| GB | 172.217.169.14:443 | tcp | |
| GB | 142.250.187.194:443 | tcp | |
| GB | 172.217.169.68:443 | tcp | |
| GB | 172.217.16.227:80 | tcp | |
| GB | 142.250.179.238:443 | tcp | |
| GB | 142.250.187.195:443 | tcp | |
| GB | 142.250.187.195:443 | tcp | |
| GB | 142.250.179.238:443 | tcp | |
| GB | 142.250.187.195:443 | tcp | |
| GB | 142.250.187.195:443 | tcp | |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 216.58.212.227:443 | update.googleapis.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
Files
/storage/emulated/0/Download/.com.google.Chrome.x044VA
| MD5 | dc98efd71997adb619bfc6e09b3df258 |
| SHA1 | 50d0d722d4af4a863a19749dd7ef680c67662aa2 |
| SHA256 | d6c670c7a27105f082108d89c6d6b983bdeba6cef36d357b2c4c2bfbc4189aab |
| SHA512 | 1903987f5cd074bb672cf335442178a0820bce6e02dc5a04bbbd894c2048bcb068c85e6cefd3663bd0505a20c0651dcfcbb60760f2c5744e344af6f7a627ade7 |
files/dom-0.html
| MD5 | ba77a25ce87139424d2d63c05a4b4f2e |
| SHA1 | 0d47904947555cca8c45ae3a76c327b4c60fe8ee |
| SHA256 | 66233f8a98d4317258ccc0a67c58afd8cda9adc01bd36a4b3ee79b31aac45355 |
| SHA512 | f5a0be25b8ca1b8bf5dc322ea9619f91b1edf82ee8b9c08d2be7affc3674b62494fe4cfb6ac6d6fe514d9961f7f95a17312dcdb02a4835c682852c51d2d8097f |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-06 01:05
Reported
2024-10-06 01:08
Platform
android-x64-20240624-en
Max time kernel
116s
Max time network
147s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| GB | 74.125.71.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | web.archive.org | udp |
| US | 207.241.237.3:443 | web.archive.org | tcp |
| US | 207.241.237.3:443 | web.archive.org | tcp |
| US | 1.1.1.1:53 | archive.org | udp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 172.217.169.40:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | web-static.archive.org | udp |
| US | 207.241.224.2:443 | archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 1.1.1.1:53 | athena.archive.org | udp |
| US | 1.1.1.1:53 | clients1.google.com | udp |
| US | 207.241.225.195:443 | athena.archive.org | tcp |
| GB | 216.58.213.14:443 | clients1.google.com | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 142.250.200.35:443 | update.googleapis.com | tcp |
| GB | 142.250.180.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.213.14:443 | android.apis.google.com | tcp |
| GB | 216.58.213.10:443 | tcp | |
| GB | 172.217.16.228:443 | tcp | |
| GB | 172.217.16.228:443 | tcp |
Files
/storage/emulated/0/Android/data/com.android.chrome/files/Download/.com.google.Chrome.CoKw8l
| MD5 | 889b4a86113b0d878627027f8019b55a |
| SHA1 | a8461e411cf0afe58ec5d34edf5d5a0cf2451ad8 |
| SHA256 | 6fbfc05ea2a63750480959a4227305d6a7b2b8beba796ab68d889b007c963892 |
| SHA512 | 6f82962f0c49a3835b428299a7470ea69071860b01902d150b6543516bab9969148c8efcfcbba7adafa9b9f0de4a22f87d2bf26a6b292bed2bf8b6478dce1da9 |
/storage/emulated/0/Android/data/com.android.chrome/files/Download/Unconfirmed 117228.crdownload
| MD5 | 04f139cbf6d5922c0b0c362a813788a2 |
| SHA1 | 39e593d8c611adfc68a70c12e71e74a59d3ec741 |
| SHA256 | 11c4bfc4622f988c36f8bbc10166a9caf85af9c78b4d3f32c4bb3159bfb2fccb |
| SHA512 | 8601b4065759616d903b92deed91bcca1c011014a05274182985e94b9a2adefb0c42ba67ff43ea6408055a9c5b151f7ec7120d35122504537d3067972cecc466 |
files/dom-0.html
| MD5 | a05a19faf97c1204f9f9eb05acfdc3aa |
| SHA1 | d91bce87c576e33ce1ab0d10b070590a8c5f53a6 |
| SHA256 | ef86b02225c9c3a33fa65a7a5e7b3c4db5a95e43ec0a423ce1f3bdebc4266853 |
| SHA512 | 5069ae31012b64815438bc51c4c6c8c5bab1310fd92c47507b9a849ae218ba75a22f1edde1c10514c428146bd1b7d2fb02019e50ba2910a8c571e81f475cbef6 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-10-06 01:05
Reported
2024-10-06 01:08
Platform
android-x64-arm64-20240624-en
Max time kernel
124s
Max time network
151s
Command Line
Signatures
Wipelock
Wipelock Android payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Declares broadcast receivers with permission to handle system events
| Description | Indicator | Process | Target |
| Required by device admin receivers to bind with the system. Allows apps to manage device administration features. | android.permission.BIND_DEVICE_ADMIN | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read or write the system settings. | android.permission.WRITE_SETTINGS | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.16.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.178.14:443 | android.apis.google.com | tcp |
| GB | 142.250.178.14:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | web.archive.org | udp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| US | 1.1.1.1:53 | web.archive.org | udp |
| US | 207.241.237.3:443 | web.archive.org | tcp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 142.251.168.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | archive.org | udp |
| US | 1.1.1.1:53 | web-static.archive.org | udp |
| US | 207.241.224.2:443 | archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 172.217.169.72:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | wayback-api.archive.org | udp |
| US | 207.241.224.2:443 | archive.org | tcp |
| US | 207.241.237.8:443 | wayback-api.archive.org | tcp |
| US | 1.1.1.1:53 | athena.archive.org | udp |
| US | 207.241.225.195:443 | athena.archive.org | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 142.250.187.196:443 | tcp | |
| GB | 142.250.187.196:443 | tcp | |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 142.250.200.3:443 | update.googleapis.com | tcp |
| US | 1.1.1.1:53 | web.archive.org | udp |
| US | 1.1.1.1:53 | web.archive.org | udp |
Files
/storage/emulated/0/Download/.pending-1728781578-fnaf2 aptoide.apk (deleted)
| MD5 | d2a5a564f6e6f810e0df34b36099a2df |
| SHA1 | 7a138b8385cf84f87a749f994c5f84492c00a209 |
| SHA256 | 2fd5e4f63c1cbded025d7be39b3ccd5fff237c8f1615f8b3b6db2a7ff9a06d79 |
| SHA512 | aa5275a321fa90ae868bd69ceead9d018e517912fed57a9136971b01cc85b8e6e919feedc22674caba4d485906970f0a39bf20bbc02ffc569aef6be3e2e1c194 |
/storage/emulated/0/Download/.pending-1728781578-fnaf2 aptoide.apk
| MD5 | 62da81e2b3814236196861ed2ca4f692 |
| SHA1 | f81a7a2efed6198303a4511436990be0f8391600 |
| SHA256 | 9e1e505ef22e17bff8bc272045278703da6bd6583b4ae0e5dc5de75203bebe8e |
| SHA512 | a673d2d9bc3b455cee18e1925c3137d22eef7ee4e8bf25de05404b9c5c605eee9edd6488d524e4969689236fc7278179f3e344bc8c46078cb0c7c0d33a0485c4 |
files/dom-0.html
| MD5 | ff3b1591e700362ae0e58bc6cd49ef1a |
| SHA1 | 4f54434e3fdf6a2f6a4181ced3588fe76473f6d6 |
| SHA256 | 193d61f52970c99272c14938226c9b0d7012a0655da48f0ce7903a4bb12f8562 |
| SHA512 | 7006a3d1336d7c17849421fda9b77dc624ac36e031cacaf0f856c020a8bab055d7627654dae95bee291d8bd5f1efc5be5fd15f18b30afb439d74ae8bc4a4f18b |