cf49be188e579435c3c8a63269489c85b4249eeefda9dda9c5f935958fc9d1ef

Analysis

max time kernel
7s
max time network
90s
platform
android_x64
resource
android-33-x64-arm64-20240624-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system
submitted
29-11-2024 06:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

GBWhatsApp_Mas_v21.20.apk
Size

88.4MB
MD5

e22e5360af9c847580970124b70af78e
SHA1

d8c2a2458dbd9cdfb41e87c5d9a3509893fe211e
SHA256

cf49be188e579435c3c8a63269489c85b4249eeefda9dda9c5f935958fc9d1ef
SHA512

9688dd1547f8d178695227684884123aa1d7f865e8206e03a04ee7737711d8e80982c01cbd2f4e689e0a22ee5bb4a667d1e83b0e0d0f74b3a75d971c4f71cade
SSDEEP

1572864:znuK4ZfcIkdIkBESA1P11qrREB8VUiiLbqfbAr8Hj9EH0Fd:TuKHIkhA1P11qiGZkWOAjGUX

Score

7^/10

discovery evasion

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 4 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

Processes:

com.universe.messenger

ioc	pid	Process
/system_ext/framework/androidx.window.extensions.jar	4501	com.universe.messenger
/system_ext/framework/androidx.window.extensions.jar	4501	com.universe.messenger
/system_ext/framework/androidx.window.sidecar.jar	4501	com.universe.messenger
/system_ext/framework/androidx.window.sidecar.jar	4501	com.universe.messenger

Acquires the wake lock 1 IoCs

Processes:

com.universe.messenger

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.universe.messenger

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

Processes:

com.universe.messenger

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.universe.messenger

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

Processes:

com.universe.messenger

description	ioc	Process
File opened for read	/proc/meminfo	com.universe.messenger

com.universe.messenger
1⤵
- Loads dropped Dex/Jar
- Acquires the wake lock
- Queries information about active data network
- Checks memory information
PID:4501

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.universe.messenger/databases/BTOR.DB

Filesize
20KB

MD5
6365b8be8792f9d6cdf02b86aac88673

SHA1
e9ea1b6b1db7bb348cfb63357c451215e2c016af

SHA256
63ccde4cb62894420110307fb114801ed6ea591182334a2c564187d7987648cd

SHA512
d53f6cc31df48c5ec099d7ee96465071aeffe2f1d06d0e31d9f326ebf846f72a5d4d7d1833999c5c7cbc36410a6422e0a7ea4411aaea9c75c7e55ef3eeee373c

Download Submit
/data/data/com.universe.messenger/databases/BTOR.DB-journal

Filesize
512B

MD5
f9b6d29f6ffe31888140dbb2d3d2cdb0

SHA1
53f2df792a53d25c67f797c0eef3f5b08cef3835

SHA256
4387117df6d609c7f418538d9734af538b490cbc0e0a981a6c484bc31f45b3e8

SHA512
e7dbe7b90482fd5145cd17bc1c162a8e7c00ff67f193048560c21561cf271956a43bf00bc7364771d19885188d95e4760aff9401ded906bdfb924c7a90f0e49d

Download Submit
/data/data/com.universe.messenger/databases/BTOR.DB-journal

Filesize
8KB

MD5
3c87f9db8cd91516dc81bd0c59f87c3e

SHA1
4eaf18b81726dcc9b66bd09286e90e5d6073d628

SHA256
4f930cf957d5eab734d2a399b274e1561f22772c869fbdaf2f6b83ea05381209

SHA512
593d3f728bdfc641b2761bd54a77661d1cffa2390b05de1b14b3739a93c0c6bd0fa5437f1f06394a4b1466c167c1e0b18929058a5f1d92c0c4a4462010de7920

Download Submit
/data/data/com.universe.messenger/databases/BTOR.DB-journal

Filesize
8KB

MD5
3532a3aa65831aee2d9ee5934e1301ff

SHA1
c2d31adc4bcf3a97e27c955a77e0ef5aee9c421b

SHA256
d8cea6391947bd55de1ca50681ededcd2e941f8f775cf082a697c7e7e2ec2d1d

SHA512
85d69985a8b08fdbfbab045fff56f26b8ecaef730220dceb5becc4f15db76f6c434c6620cf872447c2ad305198c74a63ff4ecb58efb81d986795df9406449969

Download Submit
/data/data/com.universe.messenger/databases/EHS.DB

Filesize
20KB

MD5
b48f7ffd789fab6a4600554e8c474935

SHA1
6c6896fd3437878a91b014c74bfe2b2c83c2b4ee

SHA256
fdb4a80bb6a82170b194773754f858b74915ae61cf6995ccf149f55b167c7b28

SHA512
43802b7b7adafaba9231d0aac2fc659461c2f3f71cd0e89f5bf1ed54535866f6700364b9a42a269dba0346987cc8a47c031edf8709ee5543ff17aeab82148403

Download Submit
/data/data/com.universe.messenger/databases/EHS.DB-journal

Filesize
512B

MD5
e69674ef8491cbe3306f246d275efa65

SHA1
a38a19ba803310adfb2eccf5eb1a7429cdecdb3a

SHA256
c6d8bb51eddcfbe4dec5bd17964677cd0966d652db7ea3f278c7b0bb57e5617a

SHA512
d28ed76d2598e3fdcd10b5ccc9c7df1e7f8e6a1b9cdbf5227f71ff359ab34eb9f4519d17997e38d24479112c1303f778ec1005be2713d61506593429fc249dfe

Download Submit
/data/data/com.universe.messenger/databases/EHS.DB-journal

Filesize
8KB

MD5
0402deda6e13ba8b39657341def6a38f

SHA1
5f83841cc6f6cb1c89372236a5100c8d52fb81c4

SHA256
4d1fb5d127cbe04f2ebe71c90c18518d9b1d80f230e3ee5372ab91f8cef6044f

SHA512
ae20e965af7d5b1afd5b74c0155504929a2078f9455f55afd63f404590348c38b7d4f12c52d99baffe8f2a497d939a6501c3dc455bc44c93921f9f9195c85cdf

Download Submit
/data/data/com.universe.messenger/databases/EHS.DB-journal

Filesize
8KB

MD5
0bdd74cc92e98208816dc7b577f6c33b

SHA1
17eca9e08eed140d65997fde5fc500c108f7f65c

SHA256
9f2bb93aa4a901f54df374847acbfd43adef8d15285efa12a7a1bf9ff462943f

SHA512
e9bb81a87ed76d0dc2bf55f72ef364aa30065a4a84af07f462b8caa6021a11e45179897e573192b81cf78d2d2df240c126fb74434d9fb995bebffcadf283f402

Download Submit
/data/data/com.universe.messenger/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
49816a61efa4ac237601b08ea7344131

SHA1
b7f917b6280df1ed7177f1a1cd155341c0e9a196

SHA256
3ebe252ba15d6edb2884b61a7f54254b205ce6beeb44378c7074a362fd4181ab

SHA512
6d127716c8389bbc379f19c885793b1d44c0a9d6a9823d78cae142b2255eaeb722b8a8e9567522c4730ea63fb60c0d9b8b14b3842388da2157d4e8640569125f

Download Submit
/data/data/com.universe.messenger/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
73aa6e6f4ce6f63c9799dc34142f1b16

SHA1
084fe3bb02bc15b69888f8309299131ce50c5b91

SHA256
87af93209bd8e14c81e621e256f8a64da29b68d6992e8be368a79801aa4f7694

SHA512
5b449978fd1ca0a3a6901cbe8882ea75ed9a01d5ddf611f586e6ce9955423612b4f82589d7a6991b51b65529c888b0e1d104ed22eae35593e2001c2f990893db

Download Submit
/data/data/com.universe.messenger/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
5c58dec338ec60ffecb10e5fad1a9a1a

SHA1
e5540a4c5188bcecd81bc9a11961dd0fa2ae919d

SHA256
56ed400221b7a87de2b01b69beab50bcc4d5602207e54b02a039b2aff1e0e02a

SHA512
93a944ed816e53b19ce916df0fa0b980259d6a4f4b90bd5cc10940be1bd12e5714115cffe61be661fee3bb66ac8ef29842ba7d4091913729ab20e9079b8474f3

Download Submit
/data/data/com.universe.messenger/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
9d66f176df5d5630b7ae057bce836a07

SHA1
9af8d252cc4177716a467249f9c57ec2c9405f30

SHA256
1f6c5e226bd9be9869cc7a3572cd6802f4249563253eb01ab766e6f0dde68ba2

SHA512
467b83834ce2ca7e4d1bd9d2c5856e5f2d1fba6e801ea313873c04ae244900b509e1ea3d0a026d432d88c2b6083e1424b70433852aa89aaac5bc43164b14a943

Download Submit
/data/data/com.universe.messenger/databases/wa.db

Filesize
4KB

MD5
0eb157e1a86d4d00aa601dd2f6ff3ee3

SHA1
fee434f784e73cc7916322e949f727caf8363102

SHA256
b9a8194b71a046e8c0eb30995827b582b4bea834f630a5df2483b778a7d7d8a4

SHA512
b9b79b8c3af8a3f140df230fd89e95206358ba50ff214e7323a2dbbe2937b795f970e588302ffd5d721318bd597ce0a27af26d6cdb07f45569c30209845082a8

Download Submit
/data/data/com.universe.messenger/databases/wa.db-journal

Filesize
512B

MD5
b6eb9f7492fb44b3f219a02a6a61cd4e

SHA1
ad64806dd132d904cca930b880c1c085fff89463

SHA256
aff174f216f4dea4efd0ebc543f60d52dc0e7d2ea259a8c4d19a0988c14e142f

SHA512
53b366d6cffb560374851f2ed0bf146fd3696b76fb270a83bae4f646a4a03a09416139da495d34db6def49e69032f37f497ffbabdfda44feef1a42b3441855b2

Download Submit
/data/data/com.universe.messenger/databases/wa.db-wal

Filesize
16KB

MD5
d7b254d0b951309bc47b8d4e8145b4f5

SHA1
5f619cac0fbd1343821279940b4d97455582992d

SHA256
413de36c0416468c13136dc6bbf47d465dbd0c9799540cde5c9d9022f393d554

SHA512
7831dd04b69e48d96556456617b477b5238210aa169b3cd6c38230de1c2861e3c51291da624f768fa6655ff95d8e33451b9805cf038b1ee5e6a821bd94a4e2e4

Download Submit
/data/data/com.universe.messenger/files/Logs/whatsapp.log

Filesize
6KB

MD5
96ef535e79951a9681a0594a000147de

SHA1
b533f9fca9ee339d42038bc1cb553ad4fc80f2e5

SHA256
158fa8b23fcf55095e7c266a2f72b5c2b1fae0484713afd251cb849f29c44659

SHA512
a811cf63d74df95bb218df3e6e720b551114a4da69d6fb93067a6af15abb77b7dd7074b2c6d716615bf562fe6f12b202ff9b42636832ce53a214290c3c5cb50d

Download Submit
/data/data/com.universe.messenger/files/PersistedInstallation4562895734870979963tmp

Filesize
114B

MD5
1061f7d6e386712f8dab3fe55f6d961c

SHA1
c460443745f7650da6fe1db08e3d0559320653bb

SHA256
e9ad783a4953f36dbb08c554c9529e0e5b043ef32ced62227b3ade00f07883a1

SHA512
8275ba775fa7c98a04dd9a329cc5d9b672af15ad209a5e84c0794a056506c5c03dc2364c617f8332d34f1658a3ade3fb0ed56e0b89d906cee696f3d72aa8cc3a

Download Submit
/data/data/com.universe.messenger/files/PersistedInstallation8250463813880297926tmp

Filesize
90B

MD5
e46d3285d25ac0176cc467319761f22a

SHA1
ae9dac69c04194b2e1a3031e4c28851caa1cc848

SHA256
1413b729b68c4044c802b1965158feffb02a35fe7f8acfaf53b589002ca5f369

SHA512
003733a4f1321737c5384cabe95f68e602705f157730685a3267397bcd5c86ac4682151cd32078b76b0abf3ba19815be9a0078640aa86b28d8f3775520ab8fec

Download Submit
/data/data/com.universe.messenger/lib-main/dso_deps

Filesize
416B

MD5
910299c00a357c98f16e271bec77db2d

SHA1
89ab136c880581e1918f593a1b6c63791985644c

SHA256
2af3ccc6ebf58b4bea2e4193a94e68c8e1d38bf51cb265f7388779fec68622ba

SHA512
00f2c6c23c3113c620b139838e77431e088680a26d31ce9c3ca58f31e28650fbe915d45699bfdde7ece8fe7866f47c9402d10d5555671236fa28372ddaeb2446

Download Submit
/data/data/com.universe.messenger/lib-main/dso_manifest

Filesize
5B

MD5
c06857e9ea338f3f3a24bb78f8fbdf6f

SHA1
c5a0a2529d2deb60fec041b4fbd722a2ebe31702

SHA256
957b88b12730e646e0f33d3618b77dfa579e8231e3c59c7104be7165611c8027

SHA512
29f61516876c25379a7bf4faa2b3ca6f6b53eac90e7de47671fec4a818d51441b4025cd7909f7c0a0d113ab6c5ff00cb3700c286bac7319185b77905feec4fb1

Download Submit
/data/data/com.universe.messenger/lib-main/dso_state

Filesize
1B

MD5
93b885adfe0da089cdf634904fd59f71

SHA1
5ba93c9db0cff93f52b521d7420e43f6eda2784f

SHA256
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

SHA512
b8244d028981d693af7b456af8efa4cad63d282e19ff14942c246e50d9351d22704a802a71c3580b6370de4ceb293c324a8423342557d4e5c38438f0e36910ee

Download Submit
/data/data/com.universe.messenger/lib-main/dso_state

Filesize
1B

MD5
55a54008ad1ba589aa210d2629c1df41

SHA1
bf8b4530d8d246dd74ac53a13471bba17941dff7

SHA256
4bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a

SHA512
7b54b66836c1fbdd13d2441d9e1434dc62ca677fb68f5fe66a464baadecdbd00576f8d6b5ac3bcc80844b7d50b1cc6603444bbe7cfcf8fc0aa1ee3c636d9e339

Download Submit
/system_ext/framework/androidx.window.extensions.jar

Filesize
123KB

MD5
3056e1bdb7d4e19789d0319eff484bd0

SHA1
6791ae47aa9466fe0bca27ad6643f846853bbee4

SHA256
8e6331a07c9f2ac139214c527dcaff2c82d126bbe7bd3420cdc36d6a8c9204b0

SHA512
c790980fd68d9f89e32743bc28846807d5e5947c555f494de47714dec5cbd0c08d81c3260fa463759d1b17a953af3c44ec30b14fb08bf6b29db3837346c9f658

Download Submit
/system_ext/framework/androidx.window.sidecar.jar

Filesize
25KB

MD5
29469324e59dfcc052f24b5af4e7b2c4

SHA1
10c1e17ac6f598037bb51baa07945663645de4eb

SHA256
9195dc6a1c75a841384050240dfc972e48178964993fba6619788625f4b40d1a

SHA512
5e27c2b1431369a248298f2f749136a575005584f9999f2a4c204a0c47adce2e33c8df9f058bdafa1bde1c99e46d175560cedfcddcd8581718ed1d9973c37cc2

Download Submit