e31a9bce6dd93cc4782df79e8694907e6af96123d4457793054ca754bb61991e | Triage

Analysis

max time kernel
8s
max time network
82s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
02/01/2025, 05:50

Sharing

Report Analysis Logs

General

Target

com.whatsapp2plus-41.00.apk
Size

86.7MB
MD5

c6853d19fcf29b23c4d73a527d0c6926
SHA1

3fbd8503c12f5057c9ad4386c5bda13f6297d6c0
SHA256

e31a9bce6dd93cc4782df79e8694907e6af96123d4457793054ca754bb61991e
SHA512

d7a2bf00353f256e94d958b60ed3a1dda1d4b9353f9459ef6aa4e646b4c3573d1cfcc5badc027109c4d32c919dd818ffb2065d9d444054c451736ec1c9c1548a
SSDEEP

1572864:u4jTgH9ojBGXHqzDExuKuScdctX5vllAU9h1UWz4yldV:6dojAKzIuKbcYX5teuA1wL

Score

6^/10

discovery persistence

Malware Config

Signatures

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.WhatsApp2Plus

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

flow	ioc
5	raw.githubusercontent.com
6	raw.githubusercontent.com
13	raw.githubusercontent.com

Queries information about active data network 1 TTPs 1 IoCs

System Network Connections Discovery

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.WhatsApp2Plus

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

Broadcast Receivers

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.WhatsApp2Plus

Checks memory information 2 TTPs 1 IoCs

System Checks

System Information Discovery

description	ioc	Process
File opened for read	/proc/meminfo	com.WhatsApp2Plus

com.WhatsApp2Plus
1⤵
- Acquires the wake lock
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks memory information
PID:4286

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

System Information Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.WhatsApp2Plus/databases/BTOR.DB-journal

Filesize
512B

MD5
7a92306601fa6c1f6fab2844db1d5adf

SHA1
62d4fca60635d439407a0ad93ced383f081a4cfe

SHA256
8e29b89a991c2afedda0d8e47b1a346734807ad0b81a7117a3a9a892489339d7

SHA512
8f52222fb50334b80fe3ba4b4032fb882b3664af267bf6f8dc05a57457727fb02918ed6be1ea93082a2ec67b1ae31ffc94de564a48cab5ff6a12cf032c0c955f

Download Submit
/data/data/com.WhatsApp2Plus/databases/BTOR.DB-wal

Filesize
32KB

MD5
1b810187e30058a884796f59899b333c

SHA1
68993ec3c520ab023f3d024274643401be56493e

SHA256
45f2aa436520895313df3d1839792c77a1ed056845525e7a84215df31f1ed17e

SHA512
55d827d6133e6d4a7d94c2fb5f2373456a7306909d1152aaea9e3de43aaf2e70b150566796ca7b18af37cac0469b9de9304daa477742581fb892f425438d3abb

Download Submit
/data/data/com.WhatsApp2Plus/databases/EHS.DB-journal

Filesize
512B

MD5
2e3ef5605d05f20d72f41a39e1aae657

SHA1
15cb473c92dd9a0715136a4f68f43c7e09ced7af

SHA256
e93c93b94516649328eccebe8bbf706c4eac08e2d030f557f762ac0ba6a65beb

SHA512
af94f5b7a4b1af3dd32c9126a8c2f519bfbbeff175a821296a0699b1d5c88311c8f04e63b59c708a4a8858c914bfc13d2a630de199125607485a6ed3d75d6471

Download Submit
/data/data/com.WhatsApp2Plus/databases/EHS.DB-wal

Filesize
32KB

MD5
78a20fe90945b85ee0931d1ae349ca51

SHA1
94fd1efb7d4bb2b88574192504a1b6f8f7621dd0

SHA256
714921abcb77c78a2543638973d9ef92f71e67ced8dad3f423308d3074aa3a5f

SHA512
db4ccf7a8b2425439d8eae54835306a2de4063a024592470397fac06106ce6b17131e256e8829d499c12826ff7e00c9e72b6b4bf88f8e4de5daf72fa6b5872b3

Download Submit
/data/data/com.WhatsApp2Plus/databases/com.google.android.datatransport.events

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.WhatsApp2Plus/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
121f0092a4d2b97e905d315e4278f573

SHA1
be5bfecfd686c28da5192cbe75de7aa1bbaf7a5e

SHA256
5516f43aa49af5f3eff597dcc395b83f89f196493ed8f183a47ce69b1279eeb0

SHA512
e0ca840330deb329f2a60aedd74b54e3586a91990ba346b49dd1f7ee81b00d85f159abcf772d8ac1f05e9482d4a2bbd9b453a2a1a9b6c0d5475c359e27edafdb

Download Submit
/data/data/com.WhatsApp2Plus/databases/com.google.android.datatransport.events-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.WhatsApp2Plus/databases/com.google.android.datatransport.events-wal

Filesize
68KB

MD5
a3b826c088d9cb3a2ccb55cdab0ee61a

SHA1
dc45bd18b67c9b99121ccc712846235cc11d9f5e

SHA256
d0e50182ddc7437a3aad22f5e5c3ebd53c96b07161f14b4e3a4dae410858180b

SHA512
5404f6cd032792a132e94fd9add75ae07c264bcb7a4fce9b5c1078185ac308fd90d1d1bb614787f6632382a96d40efdef116a6873f1916ca4abbb77d9f596a12

Download Submit
/data/data/com.WhatsApp2Plus/databases/wa.db-journal

Filesize
512B

MD5
cb80a25dcda21cef78f4cd3d6c134b81

SHA1
2c720482f27c9cbcae8096c6dec3be9b69bb721c

SHA256
50d3d21fbdae66cdd1cc9a73759e07246a1d7e7dded40213e14ff4d2e1ec30d9

SHA512
d2b23dbab5544011b75a46ef0e435e16f4b0c460a8d6ef42273efe76c6a00007125b2015ffda63457fc6d8264aa89f0b5f0ec8007904ae043d2db1cbd580b7ef

Download Submit
/data/data/com.WhatsApp2Plus/databases/wa.db-wal

Filesize
16KB

MD5
4692d0170579f793a889c6308dceef6c

SHA1
1da3aaac6d32bd27492db9094fa82c7845d24c3f

SHA256
00577058755d3ad4add3d43357444735ffbef203434bbd9b9c630b8ad71285a7

SHA512
5fe9421392247f25e4e8a884fb0e78ade7e16b9f421e6fd448de50ebedfea89af696b527d810d9ac1235c09decc9f717c98bf4022fcda6723f8cacf421284e9a

Download Submit
/data/data/com.WhatsApp2Plus/files/Logs/whatsapp.log

Filesize
6KB

MD5
bbfa425d87370b6ef152afaed7892bf9

SHA1
29dbdbe62337afb73f6159f96d30c2b18832b33b

SHA256
8e64f997cdc6801df1dc9cfa861e936eb95135907c9d0800fe05dd993b43d696

SHA512
b5716f8cb8a0a94e0108660a4b3d1505aebfa6aa215a42aa5fe1247c57f370a75d1bc5038c377b84ce39b37fbba563657f29a66181d8c20f05e3d7259013c478

Download Submit
/data/data/com.WhatsApp2Plus/files/PersistedInstallation1689769011677727296tmp

Filesize
114B

MD5
29ffc16a126cc19989f98810fa0bf565

SHA1
06554d69ed4fbc3e1b6c671e28a4717b2e9be29f

SHA256
8baf53715e0406ecfa44f1217c9736f603ebe5ac9eb42bc84893c1871a98ba65

SHA512
130794106601ba58554f55eacce21e0bb43878371ae361d7bf8bdc7aeb76e6418db74a7c200a0e1bf30a53dfbd781245480dd376c14e3a5a2ce83a7007e2e887

Download Submit
/data/data/com.WhatsApp2Plus/files/PersistedInstallation6098716272169671547tmp

Filesize
90B

MD5
58a90ac01e5bfb410c0048b533a270d5

SHA1
61fc84f559d1fa0d7cdac3942707e37701e5d6cc

SHA256
4f4745291c647af3a67a6993f454093fd3b041fee7bab47b747845fbe3a0bc7e

SHA512
1282e78ce660382c25e3bd3ba0cec0283426d99377ca2c505a1acc3b65808b186038e510627d7792ba558c5c93855c3973de9f3db50a0db52723da3bc3c50b29

Download Submit
/data/data/com.WhatsApp2Plus/files/decompressed/libs.spo/libaom.so

Filesize
1.6MB

MD5
9b215c3ae08d28b2accb085e577f2a40

SHA1
a42b5c59746e61f144826cd7dfd4774c11b1db17

SHA256
b38567eb88ff4bcb160c1a1a42fa1519bc0c3920fbdd13609d8537fa7ebf605b

SHA512
96396b5654e60d928d49955bd296ae33f0c01b1bde7763ed5998dab65ccd3a2ca1ce7ac86f8594b9e5b4b33770fa28aab44b2ac4a938cac790918580517820ae

Download Submit
/data/data/com.WhatsApp2Plus/files/decompressed/libs.spo/libc++_shared.so

Filesize
595KB

MD5
5609469cc0f3b31f5ceca38827b01a2a

SHA1
ab3628eef8db643d910d0c3a88a54b590caa0c50

SHA256
f3e5f8a568704079033d05a98c7c7e4f95fe057220953111857ed8d7e4180b34

SHA512
4bdcf8c648dfa765a09efbda7cb1df286d9a57c1d3106a93bfeb7adbdc7e8aea03965df8bac804157b2216820c4de7912a626b412811a058969ae4247eb4f938

Download Submit
/data/data/com.WhatsApp2Plus/files/decompressed/libs.spo/libcurve25519.so

Filesize
206KB

MD5
5c8f9ee259ad4cc2f117b3a4ccf64a24

SHA1
b0b7db06a85a41b765ebe6bdc3be10e7f5504bc5

SHA256
e42e197770cf1cf956dbff18e0c06c776ee2a1efcf0d0d0226b61ec8de5b97b5

SHA512
77bb8fb4801ad6fb95ef80e3c6ca79c6813a19ea9eeead26d3a2a0ac1bedaf11dcf90c070bbec711c880ba79c4ba258d930f066714318cbdbfa671a1e2b43223

Download Submit
/data/data/com.WhatsApp2Plus/files/decompressed/libs.spo/libessential.so

Filesize
287KB

MD5
be7e0154f78262f1383ab322c3a3aa9a

SHA1
51ec8cdf27c9f015927f40703ee196567b2a3898

SHA256
49fdb4b580ca7046cb10e0b5727d97fa89dfb77930c2d1bff108e97c4f37000d

SHA512
18ab3629d51d8d242aabd8a6a1e994d1317fff2b31255590d1b1d80ee6a9ce9b02de7c236ac44433e73fb50f781a47e3d72a08866f78ed42ffe01f076fbec669

Download Submit
/data/data/com.WhatsApp2Plus/files/decompressed/libs.spo/libfb.so

Filesize
209KB

MD5
9524420f85b509d2d8e55a7c77b39097

SHA1
8692aa5dcba67eb48af916870737c90c53d20f6b

SHA256
0a5895c53cccdb93ad1fc4ed478a61fa374f7740630903f8ac3507fac68f7e0d

SHA512
1dc98ec2179ccb10250898c9ef393aa75bab7a71aa475d65c3d6a182073771b9ba77f114ee9eca819e3746e4c20f9dabd6c917428d98691ecb5729d9dc3bc577

Download Submit
/data/data/com.WhatsApp2Plus/files/decompressed/libs.spo/libfbjni.so

Filesize
412KB

MD5
07463b4eca152d440f092b4aa71a94d4

SHA1
416565d849a5d95a6901c01fcb5da1340734555f

SHA256
aac79f789526510c3985477053cb24fb48b11a707caf82495d1ae1d29f820d25

SHA512
9aa92388578a14e9b1423b06e7c516ae648a3698818abfd7e0bea0e9684725680a0f1f4d7c96f20b7746bb8d48b0cae8770e222f67d52147dfe894d6f837c621

Download Submit
/data/data/com.WhatsApp2Plus/files/decompressed/libs.spo/libglog.so

Filesize
150KB

MD5
e61c2a51c34ad22af12b788debfcd2be

SHA1
1f5f90e39fe0b7907005024d038785b968a50a0f

SHA256
2e1068f14fdd8811d0e0f61a1b6246cb3f4b788f200fa26165556c366e162cf5

SHA512
bdec37337912e43955c3b0ec79cbd292600bc508e83447b66474d02fefc2099d91b4cc7122010d8a76e7a6c5e77f3a56a1cffa2357d6c1b74b7cf18cf7265731

Download Submit
/data/data/com.WhatsApp2Plus/files/decompressed/libs.spo/libhiddenapis2.so

Filesize
124KB

MD5
f2f415dbb375e02e9859099cb10e40c9

SHA1
711edbabfb8a789613adf48d540103ffb0b2430e

SHA256
af44edb015cfed9ee301cb4cbc13c4841a925d382d5c27ac389735a54859230b

SHA512
0b1f16217d115c048972a5d6f90ae7e9327f2abecabc36dad68f74308c44d872b587cbd81705219b175c81e32769a2e563126a39be310b86ceb4b49ff9708aa0

Download Submit
/data/data/com.WhatsApp2Plus/files/decompressed/libs.spo/libvlc.so

Filesize
5KB

MD5
f6c4257bdacfba3572ec555c393d6a9a

SHA1
26386c9d04ef852b7f354b44a227f599be4bbd6d

SHA256
daa982785dacd2a92a18d44b73419cee56d6766afa46320633b822a7a169fb3c

SHA512
31575e6f533a3c6d3ba8715b48ea25dbbda16455dba429507d372804ab9b684f28ef3f40aac7b3f1027717279fb2404e31ac676ed08eaca6834ad26c758be95c

Download Submit
/data/data/com.WhatsApp2Plus/files/decompressed/libs.spo/libwa_log.so

Filesize
15KB

MD5
a7ac985216b419f5f64024cdd86f1f74

SHA1
82119e34b4f31f9b6bc5c2f4d49c761025adc71a

SHA256
155bd97af6304aba0c1be4bc9874665362d552ae381bf18824ba61c99cfeacbf

SHA512
140b2d92f3a817d0fb1d4df79a86338486a87626021a6709c7dcdf49eaae53970df238a974d62e665d6d46082054492809734f453b96dac5905c3c1a48dccc41

Download Submit
/data/data/com.WhatsApp2Plus/files/decompressed/libs.spo/libwhatsapp.so

Filesize
14.2MB

MD5
d0869ddfb2d7e8b49dd34d3e6f4a5ea3

SHA1
19b831ad522ea48a5c4575a358a761230351ec20

SHA256
17dab5b8c260fc0ab964ae51db3db9ce3470fa98431915bfdb147dd3b321efc9

SHA512
cb17d74fb7307d187bee4e7078005b48238a40ecad02741e6225fe58c500c7002c2e07438ee84e88d41a8e09571aede361ce2fbd3ac50476dd28892ed60f4e34

Download Submit
/data/data/com.WhatsApp2Plus/files/prm.json

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
/data/data/com.WhatsApp2Plus/files/prm.json

Filesize
131B

MD5
3f814ee8b984f1f5c2ba777ede84fa5d

SHA1
f042f512c7382fd95dba876a205404f42f81d0e6

SHA256
359f42d8d3890cefaef4c0e109b0691c6d516271074048cae2927af4760a4bfe

SHA512
61e0b95c3bb9a6e9f2ff5e4a0e8f9e1ed88484fd9185ece9e6d170df9ad95ed042c88c0024bf8b367812b939efa9de158e0910c61413811fd25c17dc98cba88d

Download Submit
/data/data/com.WhatsApp2Plus/files/prm.json

Filesize
131B

MD5
119cc4a84a047e0344c783ec27a62b8f

SHA1
7ad65f020f44214d26f05f86fea49bb6fdba1fd9

SHA256
5a0658596f13d132328b9acc44594ec9627a5f8d2d2348c630c48885de8a79c5

SHA512
d27f22a2586be48cdd2075ef0f51d9645feeac48ce7703b1f9d91d82100c36297ac022d695c0b6e610cb88c4bdd684a90aad9f3f1ed778d92f7356e725a55ec0

Download Submit
/data/data/com.WhatsApp2Plus/lib-main/dso_deps

Filesize
284B

MD5
0bb7cb7ef6d8598f11854ee5c69905ba

SHA1
306a3de1bf77315d179cd983d3e888dcf671b33f

SHA256
ca5523e3523845c612142a5cd82d1be8df8a8a388d8f62185dd683fd7650d0f5

SHA512
85cec3be7fe4e120fb3e5228938395a51d9f930e4fb1fcee4362a4b300308ba3e76a74840668d83034faa7b88bbd9a54779e9713e6067e587b2a2c326aaca43f

Download Submit
/data/data/com.WhatsApp2Plus/lib-main/dso_manifest

Filesize
5B

MD5
c06857e9ea338f3f3a24bb78f8fbdf6f

SHA1
c5a0a2529d2deb60fec041b4fbd722a2ebe31702

SHA256
957b88b12730e646e0f33d3618b77dfa579e8231e3c59c7104be7165611c8027

SHA512
29f61516876c25379a7bf4faa2b3ca6f6b53eac90e7de47671fec4a818d51441b4025cd7909f7c0a0d113ab6c5ff00cb3700c286bac7319185b77905feec4fb1

Download Submit
/data/data/com.WhatsApp2Plus/lib-main/dso_state

Filesize
1B

MD5
93b885adfe0da089cdf634904fd59f71

SHA1
5ba93c9db0cff93f52b521d7420e43f6eda2784f

SHA256
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

SHA512
b8244d028981d693af7b456af8efa4cad63d282e19ff14942c246e50d9351d22704a802a71c3580b6370de4ceb293c324a8423342557d4e5c38438f0e36910ee

Download Submit
/data/data/com.WhatsApp2Plus/lib-main/dso_state

Filesize
1B

MD5
55a54008ad1ba589aa210d2629c1df41

SHA1
bf8b4530d8d246dd74ac53a13471bba17941dff7

SHA256
4bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a

SHA512
7b54b66836c1fbdd13d2441d9e1434dc62ca677fb68f5fe66a464baadecdbd00576f8d6b5ac3bcc80844b7d50b1cc6603444bbe7cfcf8fc0aa1ee3c636d9e339

Download Submit