Analysis Overview
Threat Level: Known bad
The file https://web.archive.org/web/20230706214541/https://download1587.mediafire.com/t1vdad3xufngg6CCX1k5jtiFJ0YYnHArLuX2ldpUW45Y7C5_ICaaMoj15-uYrQ6IH4D6uZD0Xn-dcHnvDAXCw1fpmTc_0gQtEgldscAvESOiKjQXCpk1VPUISW0N9EJwVOMwZfG74yKr06krisXQH9u4s95Hp7LFqY-oMYQYAG2yBcY/12o45hf43lvv6az/fnaf2+aptoide.apk was found to be: Known bad.
Malicious Activity Summary
Wipelock
Wipelock Android payload
Declares broadcast receivers with permission to handle system events
Requests dangerous framework permissions
Checks CPU information
Checks memory information
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-06 01:21
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-06 01:21
Reported
2024-10-06 01:24
Platform
android-x86-arm-20240624-en
Max time kernel
116s
Max time network
110s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | web.archive.org | udp |
| US | 207.241.237.3:443 | web.archive.org | tcp |
| US | 207.241.237.3:443 | web.archive.org | tcp |
| US | 1.1.1.1:53 | archive.org | udp |
| US | 1.1.1.1:53 | web-static.archive.org | udp |
| US | 207.241.224.2:443 | archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 1.1.1.1:53 | athena.archive.org | udp |
| US | 207.241.225.195:443 | athena.archive.org | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 142.250.200.3:443 | update.googleapis.com | tcp |
| GB | 142.250.200.46:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.180.14:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| GB | 216.58.201.106:443 | semanticlocation-pa.googleapis.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.178.8:443 | ssl.google-analytics.com | tcp |
| GB | 216.58.213.14:443 | tcp | |
| US | 1.1.1.1:53 | www.youtube.com | udp |
| GB | 142.250.187.238:443 | www.youtube.com | tcp |
Files
/storage/emulated/0/Download/.com.google.Chrome.PfRh6X
| MD5 | 72f45111bd4547d8d2cd5ec1e602e922 |
| SHA1 | e46a4440b99bbb2f982ac311d04c4fed11b50cf5 |
| SHA256 | 6a0a258fe39519029a077e976be71f0bb1ff51e281ebc0f5a734d0fd37273d73 |
| SHA512 | ba49a42f5f1ba23f49e316d849a3ac7baf00e8678d51a5eb365632bcb4287a78c0e225b3e6ce65f4f4e7f715971d47ed6fa294b13d1535a23873226c1e2427c7 |
/storage/emulated/0/Download/Unconfirmed 702596.crdownload
| MD5 | dc1f66fb83a9f562e8228cb2a6fba5ac |
| SHA1 | 13f15c55122ae10bf8c7739ded88e22d0d000532 |
| SHA256 | 62991b9b29c715f55c1a23b56806fe5a6ce149f44429d8dcf5ccb4f7308ed32c |
| SHA512 | 4f005ffa23aade29f774babbfb588943496d2d56bbf7fe0cc66d297659c4ab015564bcb9196b3e0af94e3a68556c1592add0ac852708b4a0d51a24aa589fca40 |
files/dom-0.html
| MD5 | ac0198532c245feee3e5da7adc4c87b0 |
| SHA1 | a13d16f9519ef32c9418454a64c72b0b0396af4d |
| SHA256 | 9ea5dd672e0940378f5abc1fca2bf3e9472ef0ec7169c368225d2368a143bfac |
| SHA512 | 41330e86d220ab938f304e6c7c2450745592d0a2d0aa9898470c902407bec18c2e020460f41fa115fb74002d29c070525b76f80e839fef099fc6155fad394179 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-06 01:21
Reported
2024-10-06 01:24
Platform
android-x64-20240624-en
Max time kernel
116s
Max time network
155s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 108.177.15.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | web.archive.org | udp |
| US | 207.241.237.3:443 | web.archive.org | tcp |
| US | 207.241.237.3:443 | web.archive.org | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.180.8:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | archive.org | udp |
| US | 207.241.224.2:443 | archive.org | tcp |
| US | 1.1.1.1:53 | web-static.archive.org | udp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 1.1.1.1:53 | athena.archive.org | udp |
| US | 1.1.1.1:53 | clients1.google.com | udp |
| US | 207.241.225.195:443 | athena.archive.org | tcp |
| GB | 216.58.201.110:443 | clients1.google.com | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 216.58.201.99:443 | update.googleapis.com | tcp |
| GB | 142.250.179.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.46:443 | android.apis.google.com | tcp |
| GB | 142.250.200.36:443 | tcp | |
| GB | 142.250.200.36:443 | tcp |
Files
/storage/emulated/0/Android/data/com.android.chrome/files/Download/.com.google.Chrome.jlQ4H7
| MD5 | 521103945ce2e47d9b0738cfb8b2a939 |
| SHA1 | a8ebe9cdde33389f531bb04f345aa992d808164b |
| SHA256 | 9415b8a076722d675492e61016b8e0e6d8b2f4fb52687a915c4e0a13e8717117 |
| SHA512 | eb0d5a20e58ed34cf673710a8621862d922f7224cf1cb64488430c0fcc065eabc9e40f8318691954f824b07e2d079b0491a0ab3968acacb0b5cfaf2b9a2c2142 |
/storage/emulated/0/Android/data/com.android.chrome/files/Download/Unconfirmed 202010.crdownload
| MD5 | 6ce098137f4048beba3515dab496539c |
| SHA1 | 6dde3660deafdcf596eff1ee5a80099db6c912c3 |
| SHA256 | b2606f6530c7671f38df156e6b92b362ccceedb5cac0dc06a902d8555043f238 |
| SHA512 | 0b54282c5e1be177c8bb61c64b9ce31428a6ba5bd10324678705e24afee47e90124012e0e12b4e560f8bb3df0875917a956caeb399f4067b3cf941756bf95bd5 |
files/dom-0.html
| MD5 | 5cebf2abea18c226ffacece3127ba821 |
| SHA1 | 35cd9927a01a96ab02965bd08cd6b380932b8a7d |
| SHA256 | 423b105604548a79c8408673c4cdcda01409d895d384cd5beb313f9c63452df3 |
| SHA512 | 2df24ddeb25e1e1221ccf096efec3ddada309514b20635528e4dc25a94742ba7ec69afeef3f51ed486a100757b197ea3227d2b0d6cb1d6a088bafb2c289020de |
Analysis: behavioral3
Detonation Overview
Submitted
2024-10-06 01:21
Reported
2024-10-06 01:24
Platform
android-x64-arm64-20240624-en
Max time kernel
124s
Max time network
150s
Command Line
Signatures
Wipelock
Wipelock Android payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Declares broadcast receivers with permission to handle system events
| Description | Indicator | Process | Target |
| Required by device admin receivers to bind with the system. Allows apps to manage device administration features. | android.permission.BIND_DEVICE_ADMIN | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read or write the system settings. | android.permission.WRITE_SETTINGS | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.187.238:443 | tcp | |
| GB | 142.250.187.238:443 | tcp | |
| GB | 142.250.187.238:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.180.14:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | web.archive.org | udp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 108.177.15.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| US | 1.1.1.1:53 | web.archive.org | udp |
| BE | 142.251.168.84:443 | accounts.google.com | tcp |
| US | 207.241.237.3:443 | web.archive.org | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| US | 1.1.1.1:53 | archive.org | udp |
| US | 1.1.1.1:53 | web-static.archive.org | udp |
| US | 207.241.224.2:443 | archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 1.1.1.1:53 | wayback-api.archive.org | udp |
| US | 207.241.224.2:443 | archive.org | tcp |
| US | 207.241.237.8:443 | wayback-api.archive.org | tcp |
| US | 1.1.1.1:53 | athena.archive.org | udp |
| US | 207.241.225.195:443 | athena.archive.org | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 142.250.187.227:443 | update.googleapis.com | tcp |
| GB | 142.250.200.36:443 | tcp | |
| GB | 142.250.200.36:443 | tcp | |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 216.58.204.67:443 | update.googleapis.com | tcp |
| US | 1.1.1.1:53 | web.archive.org | udp |
Files
/storage/emulated/0/Download/.pending-1728782533-fnaf2 aptoide.apk (deleted)
| MD5 | e353795658248b84a9031faf916e099c |
| SHA1 | fdfcceb08cf1c749e468421db99ecb36e8af933d |
| SHA256 | 23f4243f96d622feb3abc23f78d49b629d38f8ec5f597c6a2b363969a06e87fd |
| SHA512 | 9843562017c958523a672fbb237fcc44f227af808fd2b5ebd7a498ec0f88fdb84aedee8a933e688be801a8edc66dc334bda13ae500d5d578f08313f1ea0fb1ad |
/storage/emulated/0/Download/.pending-1728782533-fnaf2 aptoide.apk
| MD5 | 62056e57d82edbaeacbfbd770d33f853 |
| SHA1 | d0c0ccb171d9ca4a3cd65a71805fe35f1bcd197d |
| SHA256 | 7d1b0708e8f41e160362a16e3017ee5b98a1260345b51d72d0e75b5ee8ac17ab |
| SHA512 | 382756b026bfde1249c94a2a11957e2955c46844e780b506e2ad762547f3de8381f0f6e8bf1a7c9dbede846a90531a3168bcb41a8816cc9249e43e556cb15d46 |
files/dom-0.html
| MD5 | 1fccfab94e4c69df6c79b669f2a88148 |
| SHA1 | 87d262c0a470897eaba2fb334920b64877c0812a |
| SHA256 | 9b5bd0d464ed59eda7aaa140fa71fb3e8237bee28b554a9b0647708af5b71333 |
| SHA512 | 444e3b17ba162a8157241ab237cdd097cd96988dbc7e4a677d91d41dde5ba6acb6416572d80537df0cf29f658250f30d8369ebcaa924408911e96d8852d6018e |