087988a6259e8fd826f8cd54ea22f12c74037eb00b1ffcfe9e8473def4fd06d9

Analysis

max time kernel
8s
max time network
134s
platform
android_x64
resource
android-33-x64-arm64-20240624-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system
submitted
07-11-2024 17:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

com.whatsapp2plus-39.00.apk
Size

85.3MB
MD5

cfeb62a7a0106ceecafe9fbbe13fa444
SHA1

690b71675b9331f35a0bc88d50e28e03354069e0
SHA256

087988a6259e8fd826f8cd54ea22f12c74037eb00b1ffcfe9e8473def4fd06d9
SHA512

180db60f94cad1e0707ea593a4547bfa89c43a4d5eed6c2541fab1efa7185341cf2e9712c8844b1e4f1d6bbbdadf4ff373c55997a0d5d8cd435e5b1f51c655e1
SSDEEP

1572864:+ZCEKEu51mcWvgekZ+VwZuKh2s08xGP52hG7d1dDR5K4oRjxXB:+1O1mLoeDGuKss08xjhGB/DRgxXB

Score

7^/10

discovery evasion

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 4 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/system_ext/framework/androidx.window.extensions.jar	4418	com.WhatsApp2Plus
/system_ext/framework/androidx.window.extensions.jar	4418	com.WhatsApp2Plus
/system_ext/framework/androidx.window.sidecar.jar	4418	com.WhatsApp2Plus
/system_ext/framework/androidx.window.sidecar.jar	4418	com.WhatsApp2Plus

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.WhatsApp2Plus

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.WhatsApp2Plus

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.WhatsApp2Plus

com.WhatsApp2Plus
1⤵
- Loads dropped Dex/Jar
- Acquires the wake lock
- Queries information about active data network
- Checks memory information
PID:4418

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.WhatsApp2Plus/databases/BTOR.DB

Filesize
20KB

MD5
6365b8be8792f9d6cdf02b86aac88673

SHA1
e9ea1b6b1db7bb348cfb63357c451215e2c016af

SHA256
63ccde4cb62894420110307fb114801ed6ea591182334a2c564187d7987648cd

SHA512
d53f6cc31df48c5ec099d7ee96465071aeffe2f1d06d0e31d9f326ebf846f72a5d4d7d1833999c5c7cbc36410a6422e0a7ea4411aaea9c75c7e55ef3eeee373c

Download Submit
/data/data/com.WhatsApp2Plus/databases/BTOR.DB-journal

Filesize
512B

MD5
48e716e896b32b7eaa7723f0bfc81d26

SHA1
58d97c1997791a23fe20a85b2a1c17de3ace19b4

SHA256
e51da9f6b0c1dc3569bcbd9abd22ec0d6f9d011b5b754d9cc6c6f6afc9daa368

SHA512
3d2c18a77e28a95c12283cb9e41b2f09147f6155f2ffd0f891dc85c90d7b77a3a745a5f51ffa278e4fd98f804b898b63f433876a905d5e14f9405f5224f0e510

Download Submit
/data/data/com.WhatsApp2Plus/databases/BTOR.DB-journal

Filesize
8KB

MD5
108e044e4b025bdb87aa0e11a7281621

SHA1
e6f389d7620cbee065f6f9ecc170dd0afb5dcbe9

SHA256
975beb184b013676b48c1937bbaef47d2094bd24683d2a6cb7a60e03779132cd

SHA512
c69f88a067d5013feb271c31c45a60cd4a1c6768b32e4ba9f85d1de5e65c4f87bb99bae522d92398b30419b4bfa9b093a40977ca2e15a69eef5ba66dc30e2b97

Download Submit
/data/data/com.WhatsApp2Plus/databases/BTOR.DB-journal

Filesize
8KB

MD5
09b61a0e0c1ecb0cafdcf670f75b7b67

SHA1
ea3a5116925e6a6e8626a33c626a1c1bf3661c18

SHA256
cee8d44e6dde0b5bc44ba4b06a835b322c302bf1c6ccbc54a7cdf5404e0285aa

SHA512
a314dc1c4ee5c9d9f072ec5fd7ec0a3ba601a0e0dda72b849a72c0a11b7997bcc9c2b7823f75f914d8a5204f0571cf0b2df0e800dcbe4fbb19cc049d418a9fb9

Download Submit
/data/data/com.WhatsApp2Plus/databases/EHS.DB

Filesize
20KB

MD5
b48f7ffd789fab6a4600554e8c474935

SHA1
6c6896fd3437878a91b014c74bfe2b2c83c2b4ee

SHA256
fdb4a80bb6a82170b194773754f858b74915ae61cf6995ccf149f55b167c7b28

SHA512
43802b7b7adafaba9231d0aac2fc659461c2f3f71cd0e89f5bf1ed54535866f6700364b9a42a269dba0346987cc8a47c031edf8709ee5543ff17aeab82148403

Download Submit
/data/data/com.WhatsApp2Plus/databases/EHS.DB-journal

Filesize
512B

MD5
d0ce2d6772a8a79a316a5aef5658040e

SHA1
c17416a3cc72971298b1da832ff6a82c41132e2c

SHA256
aba3b75ae6f516779265a5b71ffe0b0b4e91028b4e5119299150331c5a218695

SHA512
7b7a4a01579c30cab25f2671e9b497ed23b80aa9c13b6e338bf2fb75efcc1421317e0719f945841546fc1b8a7d5f508918c651ae674215436991a7d553bd98be

Download Submit
/data/data/com.WhatsApp2Plus/databases/EHS.DB-journal

Filesize
8KB

MD5
5e4a68717a0aebba6fb6b6cd43ceadcf

SHA1
6dc0b1b3abaa5ba794e4e5593f6b2e7a19d6e665

SHA256
03c31a51e48264bd96c0bc1b8162d13e791122a96d2cd75a7372457029fb11b7

SHA512
d52de2a4cb8c1a89d2542f63ee7d3b9b79e63e89be347013639b188c70ab465f9154104afafa66cab68e992eadc2a8a9b3ffb6fa33f133b8b5f0103e12472994

Download Submit
/data/data/com.WhatsApp2Plus/databases/EHS.DB-journal

Filesize
8KB

MD5
f53924776f1ffcf13272e0dbd015073f

SHA1
cf67983c4117774c1f323ea1c2e468c1ff4d77a3

SHA256
0023a79238ce076d3904133c515ed848ff27e49635175e655badc550436a2d82

SHA512
d9d3cb7bd1fa914188d132338ff10e4fc1a3711c1ba206228d36374ceb740023a2ff485c6bd2ba96b1114d56a77b2fd89b59d1f0c35df1e0038fbf970aa16d2c

Download Submit
/data/data/com.WhatsApp2Plus/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
bf587536bb0750f66c7718c8204c9fb3

SHA1
b9fc9635a7a009ca0c06b35b86b020dd6743a3c7

SHA256
7e49cd11d75e9adae6d9dee0819d8968336a3a6905f4b310753085a6d348dc08

SHA512
02392665aea20cb222953868342f295b06867c866ba65f1f59945eb66de52412c0b25367832a92f7d5870d56e587d129a1fe265689f53fac203b0b406b54b730

Download Submit
/data/data/com.WhatsApp2Plus/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
8f0f8de38af4931dfb8baa15e988003c

SHA1
eb70de009b0e0b406fbed7fadb9db79df9be3707

SHA256
1ead98ac94087f0157893eca7cf3bbe00b31070c763fe96df094e5f9fa4e3af9

SHA512
4bbf5157637db086aab86410b8729448a28662a4d38e416b0f7925970bc37eef4dec9e91095c7aa6d47befb48341be2aff2305dfead733771df8ca824c8f4cae

Download Submit
/data/data/com.WhatsApp2Plus/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
a0d0cf368c33653958b18368d03d890d

SHA1
0fd3314a5c4284a14bd528aadcd3f8752c705a69

SHA256
158105996db7066499d7698558521f74ef94d5f211bf9742d76bd0d9974e37d0

SHA512
b2ab117e0c626c3f03c9c518340a09b1e397bc206adf3bc32a9a53317be6096fe4f7becd8148c558babf0a40ba2e6aba6eb9b941adc3e12eb05b97908701a89c

Download Submit
/data/data/com.WhatsApp2Plus/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
c6d220f799c65cef66e1a4bedaebdafc

SHA1
205324a03254e77a1b45b3a484cc4b3629afde71

SHA256
63e4e0e8c3af0ce1fa5a3b056262fea5a48c4bddbf201cb4ccc9855e6c21cdbb

SHA512
28ae34b37c600690e213aa4bd053caa09a13019bce5a27e5b7f42745c19a14415736834c44a22f134181a60812a2e4cbb0fc5d09112210c66170f43167c4b0c2

Download Submit
/data/data/com.WhatsApp2Plus/databases/wa.db

Filesize
4KB

MD5
0eb157e1a86d4d00aa601dd2f6ff3ee3

SHA1
fee434f784e73cc7916322e949f727caf8363102

SHA256
b9a8194b71a046e8c0eb30995827b582b4bea834f630a5df2483b778a7d7d8a4

SHA512
b9b79b8c3af8a3f140df230fd89e95206358ba50ff214e7323a2dbbe2937b795f970e588302ffd5d721318bd597ce0a27af26d6cdb07f45569c30209845082a8

Download Submit
/data/data/com.WhatsApp2Plus/databases/wa.db-journal

Filesize
512B

MD5
b63c4f4a8738bd58194ecd5331ecd8c9

SHA1
2f3f92f494fde8cf4887bade6ac62eda18e68dc7

SHA256
53e95eec4de55e478ad881b18ca4bf8827d674417bc841f4110ad683f7bb8582

SHA512
31538bd21d7b1edeba0973dfe1a20a6ffd087eed550903d6bbcadc08071156df880b9f0e628adfd835eda4c60915ca1a7dc9c598367823024f14f4bb606d668f

Download Submit
/data/data/com.WhatsApp2Plus/databases/wa.db-wal

Filesize
16KB

MD5
892d02b39612601698f5d2fa50085733

SHA1
a3ce0d5f23dfe6ee1e391c0d204a524f1d8f12b7

SHA256
d63fa42848bfa521b53167cbaeb2ea754be79da42fb848f189d2b81063f8f1b0

SHA512
e492db24e2e6d92c8d7e17d2c6bfbf89d71ab2d594356084d81868dffcab58a4e544899e06424a757f86051861d85aeb1ae37c2b1df86a7f2392dbaac5285be4

Download Submit
/data/data/com.WhatsApp2Plus/files/Logs/whatsapp.log

Filesize
5KB

MD5
eb0faca3770c76ad4eb6d6f501e09a98

SHA1
555f49a3f0a2ae1cf134a6e72a9a6f473125c442

SHA256
04445e3b90c746194fbd04c0ee39934fa9a7d894967d840c745a19214a4133f9

SHA512
416c4ed355af686d904aaef04fe3baa74c2c38582630473ca305d39ca33cd09ab9fb52811ece5b309946156afcaebde599f1e5a4e6197c9360744619a5294e91

Download Submit
/data/data/com.WhatsApp2Plus/files/PersistedInstallation1852966154554028856tmp

Filesize
114B

MD5
717086e64ec0c74c3e3f4c507f99fba5

SHA1
7cdec9a96c63658d6bc7469a98bf35b82e2fcca7

SHA256
b361a0f5aa28b0b5f7fa087cf34275761ab26ed22f6bfcacdb1cfb4cb59bfd41

SHA512
af5b957b24d516bdb8c8c811214fe9b9aa873ee264306d69b1633953bc1413475d88d6c035b81769c683883a5624c976763b56084f24cbd3345b1a8b0739f19f

Download Submit
/data/data/com.WhatsApp2Plus/files/PersistedInstallation5449512080563613740tmp

Filesize
90B

MD5
df2317851c25911d264e63102a8299bb

SHA1
1af6b2c83ccf594538f4ecb4c392e2b0eea40120

SHA256
7b9571d420a6c37565f610dee07ff8c3c933261de595a4b8017a29f4e4e5a242

SHA512
bee8ba7f91237cd13af721e6ec20da3324b933dd3fa2c3d707f39b8caae86ca724c8da0851a8db4b4ba3e4e7d614c10d440b46469c2371ad98213609d3d925c2

Download Submit
/data/data/com.WhatsApp2Plus/files/decompressed/libs.spo/.superpack_version

Filesize
31B

MD5
964ce4ab1927221e9402b23f0e7bf923

SHA1
d743a9d98c74dcd318f92fd17362edaedbbc5e86

SHA256
27cc937e06e2c3c35efe7bde50e5a57ff9cf9068b9fdb6526c40b12dd6085e87

SHA512
5e59aa6be8ee2d8d55ecc7f2ad6414721618eb3c7292eb0bf92b92af8706962c4129e4002d09c165734ecd4db283e2d7f554d6c760ea7b8aab20e870dcaf68cc

Download Submit
/data/data/com.WhatsApp2Plus/lib-main/dso_deps

Filesize
396B

MD5
7e08f3e619cface95d1c368657a8f875

SHA1
bd788f67ef6bdf740999389facf8e12f691bcd81

SHA256
aa95d14d2f96dae15b817c5815b118b0f15f16de7a37e8ecc10c9d837d96faef

SHA512
6aeaff661536da57147c28a4a7b959bb7de9507df47b91d823865e809b7e556ca268bdbfdd0fb957a7953369343b5d18b3365ba7856218a0df02ec17ca2e8044

Download Submit
/data/data/com.WhatsApp2Plus/lib-main/dso_manifest

Filesize
5B

MD5
c06857e9ea338f3f3a24bb78f8fbdf6f

SHA1
c5a0a2529d2deb60fec041b4fbd722a2ebe31702

SHA256
957b88b12730e646e0f33d3618b77dfa579e8231e3c59c7104be7165611c8027

SHA512
29f61516876c25379a7bf4faa2b3ca6f6b53eac90e7de47671fec4a818d51441b4025cd7909f7c0a0d113ab6c5ff00cb3700c286bac7319185b77905feec4fb1

Download Submit
/data/data/com.WhatsApp2Plus/lib-main/dso_state

Filesize
1B

MD5
93b885adfe0da089cdf634904fd59f71

SHA1
5ba93c9db0cff93f52b521d7420e43f6eda2784f

SHA256
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

SHA512
b8244d028981d693af7b456af8efa4cad63d282e19ff14942c246e50d9351d22704a802a71c3580b6370de4ceb293c324a8423342557d4e5c38438f0e36910ee

Download Submit
/data/data/com.WhatsApp2Plus/lib-main/dso_state

Filesize
1B

MD5
55a54008ad1ba589aa210d2629c1df41

SHA1
bf8b4530d8d246dd74ac53a13471bba17941dff7

SHA256
4bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a

SHA512
7b54b66836c1fbdd13d2441d9e1434dc62ca677fb68f5fe66a464baadecdbd00576f8d6b5ac3bcc80844b7d50b1cc6603444bbe7cfcf8fc0aa1ee3c636d9e339

Download Submit
/system_ext/framework/androidx.window.extensions.jar

Filesize
123KB

MD5
3056e1bdb7d4e19789d0319eff484bd0

SHA1
6791ae47aa9466fe0bca27ad6643f846853bbee4

SHA256
8e6331a07c9f2ac139214c527dcaff2c82d126bbe7bd3420cdc36d6a8c9204b0

SHA512
c790980fd68d9f89e32743bc28846807d5e5947c555f494de47714dec5cbd0c08d81c3260fa463759d1b17a953af3c44ec30b14fb08bf6b29db3837346c9f658

Download Submit
/system_ext/framework/androidx.window.sidecar.jar

Filesize
25KB

MD5
29469324e59dfcc052f24b5af4e7b2c4

SHA1
10c1e17ac6f598037bb51baa07945663645de4eb

SHA256
9195dc6a1c75a841384050240dfc972e48178964993fba6619788625f4b40d1a

SHA512
5e27c2b1431369a248298f2f749136a575005584f9999f2a4c204a0c47adce2e33c8df9f058bdafa1bde1c99e46d175560cedfcddcd8581718ed1d9973c37cc2

Download Submit