wipelock | hxxps://bit[.]ly/3ild93L

Resubmissions

29-12-2024 00:39

241229-azm8fawqhz 4

29-12-2024 00:36

29-12-2024 00:28

29-12-2024 00:28

29-12-2024 00:23

29-12-2024 00:19

29-12-2024 00:14

Analysis

max time kernel
146s
max time network
150s
platform
android-11_x64
resource
android-x64-arm64-20240910-en
resource tags

arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
submitted
29-12-2024 00:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://bit.ly/3ild93L

Score

10^/10

wipelock infostealer trojan

Malware Config

Signatures

Wipelock
Wipelock is an Android trojan with multiple capabilities, such as wiping data, reading and sending SMS messages without the victim's knowledge.
trojan infostealer wipelock

Wipelock Android payload 1 IoCs

resource	yara_rule
behavioral3/files/fstream-5.dat	family_wipelock

Wipelock family
wipelock

Declares broadcast receivers with permission to handle system events 1 IoCs

description	ioc
Required by device admin receivers to bind with the system. Allows apps to manage device administration features.	android.permission.BIND_DEVICE_ADMIN

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
26	raw.githubusercontent.com
27	raw.githubusercontent.com

Requests dangerous framework permissions 8 IoCs

description	ioc
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to receive SMS messages.	android.permission.RECEIVE_SMS
Allows an application to send SMS messages.	android.permission.SEND_SMS
Allows an application to read SMS messages.	android.permission.READ_SMS
Allows an application to read the user's contacts data.	android.permission.READ_CONTACTS
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an application to read or write the system settings.	android.permission.WRITE_SETTINGS

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.android.chrome

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.android.chrome

com.android.chrome
1⤵
- Checks CPU information
- Checks memory information
PID:4523

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

files/dom-0.html

Filesize
56B

MD5
cecb649cb1fb79c3736936fcbef3bbf2

SHA1
2c95183d7d2b0cd68d15b3c4115189351fc08720

SHA256
09bda72e7c32a69e3268e0ebd8caa33684cbc954dd00c7d93a38830e348ef324

SHA512
b8aca3cf0ea838093bd29b70ead608597260b0e35886d491d17c304878f99510fd885d96a191080acb5b706a642253bd9cbe5065ff234472b048fcce282061de

Download Submit
/storage/emulated/0/Download/.pending-1736036091-Elite.apk

Filesize
533KB

MD5
cb4c4ad2bb25fe01cd5ae84838209797

SHA1
2822d74c5bb73fc8a447e0d69f4df7fda6bf4f1b

SHA256
84aa38f32e38c89db97fc9cddf93384a9852c7e36b1e519d747577734ee4c02a

SHA512
fadb1ad6e35683da0d71e952a2e68e6caaa01bcdb3c346b28d788268a2820414939c0b5640d4d5ab88a22ac143a047eed02571f8963105c97ba85677df8f5ae6

Download Submit
/storage/emulated/0/Download/.pending-1736036091-Elite.apk (deleted)

Filesize
623KB

MD5
8d1d56039fdf3d45a68187c10227754c

SHA1
87a5afa4095bb68a95268f87429c4f8e68cc2ca5

SHA256
db9414860133a9a46313ec8e197c4bf855f56b063161002f27c4bb106b8b837f

SHA512
60270423383da12669f33d392566d17aaa07d517b7f317810a190204b744e30ec90cd8391fac7477d373d58b15a12b32bd4112cf61f55ec8828aac2759a42006

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads