ae0dd81cee1a2adc28f044d26ebe03914f82b422df334e977698b6e380c4f0af

Analysis

max time kernel
10s
max time network
132s
platform
android_x64
resource
android-33-x64-arm64-20240624-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system
submitted
05/01/2025, 22:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

WhatsApp_Gold_V11.80.apk
Size

88.6MB
MD5

7f1e2ad6847cee1d9dd354a375ccec54
SHA1

99c47d1d30be557ae259a8416ac3ba99ef1bf170
SHA256

ae0dd81cee1a2adc28f044d26ebe03914f82b422df334e977698b6e380c4f0af
SHA512

b5ac0ef523932d9ab642fc1815ea8958fa1476fca054df9d2f6272bd6e38323bb80b56929c2d52fd7ab784ca99bf448bfa80e43846197e287b2aa7874e07e877
SSDEEP

1572864:tgi+fcwomAgRnK4lVXueepw2s08xGPq7d1dDR5K4oRjxVuKY3Tg:t1+fH7h3VzepXs08x5B/DRgxVuKcg

Score

7^/10

discovery evasion

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 4 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/system_ext/framework/androidx.window.extensions.jar	4452	com.WhatsApp2Plus
/system_ext/framework/androidx.window.extensions.jar	4452	com.WhatsApp2Plus
/system_ext/framework/androidx.window.sidecar.jar	4452	com.WhatsApp2Plus
/system_ext/framework/androidx.window.sidecar.jar	4452	com.WhatsApp2Plus

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.WhatsApp2Plus

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.WhatsApp2Plus

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.WhatsApp2Plus

com.WhatsApp2Plus
1⤵
- Loads dropped Dex/Jar
- Acquires the wake lock
- Queries information about active data network
- Checks memory information
PID:4452

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.WhatsApp2Plus/databases/BTOR.DB

Filesize
20KB

MD5
6365b8be8792f9d6cdf02b86aac88673

SHA1
e9ea1b6b1db7bb348cfb63357c451215e2c016af

SHA256
63ccde4cb62894420110307fb114801ed6ea591182334a2c564187d7987648cd

SHA512
d53f6cc31df48c5ec099d7ee96465071aeffe2f1d06d0e31d9f326ebf846f72a5d4d7d1833999c5c7cbc36410a6422e0a7ea4411aaea9c75c7e55ef3eeee373c

Download Submit
/data/data/com.WhatsApp2Plus/databases/BTOR.DB-journal

Filesize
512B

MD5
0f916ba81b2382629e312df6082a0140

SHA1
d0279d78f2ec8b70acc33cba8546cacd626d4fa2

SHA256
8566d3a8b4bd267da1dccbb21d30175d24f2491054b78166642143d6cbe03d4d

SHA512
6b2d8c50657afdacc451be86e3ae44dc73b236b4116baa32100eabbdc7fedeb19503bededd67d3c4e6d7ae19753d187854e833e2b0fff7e577a34f5ba55e46ef

Download Submit
/data/data/com.WhatsApp2Plus/databases/BTOR.DB-journal

Filesize
8KB

MD5
5ab2b042e6eb87850973cb5dbc140a09

SHA1
1884c35f777e5144569276d5e3cdaf8d206c7c45

SHA256
563e9e8d264e5751d0c16cc32c5e6567f885c2d18b7dca1abe7e8c69fc1b6339

SHA512
4af4810139b5f66cfdcd0034417534e05edc5261cb7eb93db549478dcae305a8c03b1f786f021370c26fa75f618ec2a1f1ca0f5e986efd6afd0517fcd31e35e7

Download Submit
/data/data/com.WhatsApp2Plus/databases/BTOR.DB-journal

Filesize
8KB

MD5
22372f438fbbca7acf9f7e2e854ba1e6

SHA1
2249a191a69d3689608062f4593ec48049a64708

SHA256
ad37e90b454cf1dc9dec6c53b3a353b4b58a42d118a7e73cc417a6258283d0d0

SHA512
fba446fa23590be57c1d5eadef0cfa2c1b7ab72474b0c66105d1cf6b0d99acb32daa5eaed5af37b6a7cc6d60c3fdc70a0a70a0331cdff04d973d25dc368961a1

Download Submit
/data/data/com.WhatsApp2Plus/databases/EHS.DB

Filesize
20KB

MD5
99ec46d097aef5a501f736e3a9ef3c93

SHA1
8841b4a35ab07c54b1a74a25072b30be07d91737

SHA256
23e7a6a290051d24cb4bc5155efb386bbc77796e4322bd6df4e07106370c93e4

SHA512
b63d8115c9dfcef2b960e22f7f1864357dd33471bf2041e104dabb09600cf8a692e7ad312855902ec36fd18679ee8e012511ff15c36a16bcf8c6b751228ec7b2

Download Submit
/data/data/com.WhatsApp2Plus/databases/EHS.DB-journal

Filesize
512B

MD5
bcd619200481c6ba96a73860d2bc2508

SHA1
f3155aa02cd71146a849574c4e4cf4e94f2b28dc

SHA256
28943912aeff11173826912457999cc733b8b37cf7f91fe7ad4cff5bfbc0090d

SHA512
a0da74694eb0abb103ca1947a58ac2e85e7dec726f1b93c3221723764f6fcd14afeb6d8a245aef3045a4f75780a148d42fac6af9438f5616a8957a4f69825d38

Download Submit
/data/data/com.WhatsApp2Plus/databases/EHS.DB-journal

Filesize
8KB

MD5
199a90f0ea32425bb2c44366accba5f1

SHA1
527ec9ce7c6a431fa96d3eedf4feb694e60fd409

SHA256
b20be03ebff1120f66ea85c2108ac36a735cf81860121d4e4be7921b37a70c18

SHA512
12acb8c479bbaa09d18d7ccf05a57173feb06a1d8824656dc6e16a65388d755ee186e022f5f28e57e3bb519b824f97ac71bdbba6c2410fd6fe2b54cf528604dd

Download Submit
/data/data/com.WhatsApp2Plus/databases/EHS.DB-journal

Filesize
8KB

MD5
451cf4b29ebaabc6c20d8bf7408770f1

SHA1
9a07fcef6af492f41035308c56230b5bd96d12aa

SHA256
03553e2767d621cc7cab7023f5aa3ac078784de2ba8f9a0d293131db9bfc83d1

SHA512
984b389a1438004488ddff59a2ba83c28349f9485dfb732e01d65b7a1b991eb44f1ce77f2cb0b7d9df553918a73b7d5e1de7fe939608b69c9678af793270ecd5

Download Submit
/data/data/com.WhatsApp2Plus/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
1770a2a20eff28fdd5c5cf6fb1539922

SHA1
eb024cdbe84219a7c6fe84568972592cf57a0256

SHA256
e7d59af9ef1c59bfa16bda5dd2cfefb567cef30025249b29adae3db02fd9402e

SHA512
f203a2785534faad8c693694b77fbe5c7c8a6eae47994109c87710b2d8433bc2359ff02eab1d61b26f628cd03092207097e8b21b3c8bce69e854af09bce1e59a

Download Submit
/data/data/com.WhatsApp2Plus/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
a25a74a81c11724c4a0f45513b907642

SHA1
6d3fc702a67d55af3e307244633443686f0ded7b

SHA256
09e2f585b75fde41255e0fd54012397e21456c756e95b18192b67b7d79fea07a

SHA512
c8bf881a35a7ab8ac6d35a1bc1bd0e49f95847152dc0d3ea129bb45e9a9f23161e35fe61981a378c037df81d306a9145cae65984e41eaff7b468212a93284e61

Download Submit
/data/data/com.WhatsApp2Plus/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
e5d4889e99f0db3a98283a30f53e4549

SHA1
4ac3e920198706e5b87c0897c113396427477c03

SHA256
69757aeec8c436c5e848296a10e45e855522aedd32169559fae125f856603827

SHA512
be02e2f556206ff23215572fc0b29ac7383c1921e73b3ed65770f550db6261721b4ed87c8c75e89924e80ffdc3218aa095f7ea7d30ae5911c9b7922e2c188862

Download Submit
/data/data/com.WhatsApp2Plus/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
59db02585452b12f479ee47729458c70

SHA1
015f7ee2581e14f5b78cc8c603bc1c4a5aa7cc74

SHA256
3f407bc6e37e08a78d3124bf94a627229ab37bf6a01f5fb2c8afe19117352b11

SHA512
965b7fa032fc4508322905704e915314ec9e50832ea35ef906240723a4f9b8b9c17a65debc958c8a12b489ce5ba24c8e52b0fa3ae3126ed185300235d3012f12

Download Submit
/data/data/com.WhatsApp2Plus/databases/wa.db

Filesize
4KB

MD5
0eb157e1a86d4d00aa601dd2f6ff3ee3

SHA1
fee434f784e73cc7916322e949f727caf8363102

SHA256
b9a8194b71a046e8c0eb30995827b582b4bea834f630a5df2483b778a7d7d8a4

SHA512
b9b79b8c3af8a3f140df230fd89e95206358ba50ff214e7323a2dbbe2937b795f970e588302ffd5d721318bd597ce0a27af26d6cdb07f45569c30209845082a8

Download Submit
/data/data/com.WhatsApp2Plus/databases/wa.db-journal

Filesize
512B

MD5
7dd130198c5a308954cce9308d966892

SHA1
5386862912ef24c2a4be4c860ea033b4caf5eae5

SHA256
0f8076fe5b6db307bda6fd3dc7142961f380fb0b42d30571759d38a38a532f26

SHA512
0d214767d7a48f7fec8cb3c64d1b44a517fd6346a145ff93a36b4eea9fe3b244e8228deeeef03327d7f30ed3ec80f060c72e56a4ff6b0de7b09ad6a9d189883b

Download Submit
/data/data/com.WhatsApp2Plus/databases/wa.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.WhatsApp2Plus/databases/wa.db-wal

Filesize
16KB

MD5
be4c0b370a1f8898f6709d6e0f0ef112

SHA1
e4650ff5e990815fd256b9fcb30a0f553905f372

SHA256
29d57d3e38c45da71ac9d3f1093064991c277ebdae96e90d145ef24a52cd9368

SHA512
cf23cd04ebc0bbb5b0460a87df46858c91a97a9066478bced2a4788ac6d34c6cd58908e27508969cd3f3e6f3e62de69a3b632b0f38edbb2162fc653a72b11c8b

Download Submit
/data/data/com.WhatsApp2Plus/files/Logs/whatsapp.log

Filesize
5KB

MD5
b28d4bef3f075b6784f10a7613b0feb4

SHA1
19be34bdf7e074e4dac8aada62e55e0120130d05

SHA256
5bef57c0aad8824f5176872181dfeb135d261377381aa14c92a60059cc634933

SHA512
2fcb3df8c232a18db0617fcbdcc54e6715b04cf4bef0bdfb0c5be9bd65d938c7078d92c24656e96c941485d90f7ed803d868a80127f6141e7514a2957d520dfb

Download Submit
/data/data/com.WhatsApp2Plus/files/PersistedInstallation4849943568181979441tmp

Filesize
114B

MD5
bf94d3e220d3eb9b29128317ff4e407d

SHA1
f607f620c078422fd09c6f8221bf0140b4b30f39

SHA256
a9e59df10d4b6cc1c6b65afcb75c3c96bdf9b3f00a63a17b0a5207988bdcbba3

SHA512
9ac41a99a3d4070031e721f7f50093f8b53c0e65343a5589fa285287268defba47133af1132e8ffea71076bf93ccac75ee04fc0e398a960cf85a08b1b6b2e96b

Download Submit
/data/data/com.WhatsApp2Plus/files/PersistedInstallation576049215839673923tmp

Filesize
90B

MD5
2997872e33c4a0e4b2d35c9319e599d8

SHA1
f2e4283f9f224e5f7e0e750c7cf27cbeaf1692e6

SHA256
88c4564f66df6b280b5997c75745628674c4c27152eeeab0fb3b65f47dc0d105

SHA512
6771906eb04cbdf6e0cde3395d52dfd3530ee726ba98aaa568e23172b1308d9d8435055adafcfeccb3e0657bbd2d4ef16888ae85a74467417defe88cdf659657

Download Submit
/data/data/com.WhatsApp2Plus/files/decompressed/libs.spo/.superpack_version

Filesize
31B

MD5
9b94bb35d83a8b15a0caffd3d4fe0324

SHA1
39eeb39d045cf8f870213897049d3a5a9ee5642d

SHA256
1c33fb69a3898ea844f888ed33f6e0a6057e9e4259f29089acc17ecbdb9064ba

SHA512
615987a9fe393a85aed8894d2191e6f19fb9e77cfb1bb3bffe40a561f94646f2a4b3bb73a7bcfff5b0d5f3241ea7f954dddc8d42b11707274d940551e768df1a

Download Submit
/data/data/com.WhatsApp2Plus/lib-main/dso_deps

Filesize
396B

MD5
cd8887dc07f7135a3912b2461ba06dfa

SHA1
2cfe1ba5d417abdcf975f581c60d97105f3b4502

SHA256
4fae4edf1cfbfc01a5cd27fa119583267cfb5d42040969a10015d1c0969e04db

SHA512
295e6f5ce7da71fa0ee980f33a5a1f0d7eca99dbea8284d6c75070404e35a2537ab80df7f4d00c72f1f6b32a091168f8622f2219c5b23d9916e0b845fe79c3ed

Download Submit
/data/data/com.WhatsApp2Plus/lib-main/dso_manifest

Filesize
5B

MD5
c06857e9ea338f3f3a24bb78f8fbdf6f

SHA1
c5a0a2529d2deb60fec041b4fbd722a2ebe31702

SHA256
957b88b12730e646e0f33d3618b77dfa579e8231e3c59c7104be7165611c8027

SHA512
29f61516876c25379a7bf4faa2b3ca6f6b53eac90e7de47671fec4a818d51441b4025cd7909f7c0a0d113ab6c5ff00cb3700c286bac7319185b77905feec4fb1

Download Submit
/data/data/com.WhatsApp2Plus/lib-main/dso_state

Filesize
1B

MD5
93b885adfe0da089cdf634904fd59f71

SHA1
5ba93c9db0cff93f52b521d7420e43f6eda2784f

SHA256
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

SHA512
b8244d028981d693af7b456af8efa4cad63d282e19ff14942c246e50d9351d22704a802a71c3580b6370de4ceb293c324a8423342557d4e5c38438f0e36910ee

Download Submit
/data/data/com.WhatsApp2Plus/lib-main/dso_state

Filesize
1B

MD5
55a54008ad1ba589aa210d2629c1df41

SHA1
bf8b4530d8d246dd74ac53a13471bba17941dff7

SHA256
4bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a

SHA512
7b54b66836c1fbdd13d2441d9e1434dc62ca677fb68f5fe66a464baadecdbd00576f8d6b5ac3bcc80844b7d50b1cc6603444bbe7cfcf8fc0aa1ee3c636d9e339

Download Submit
/system_ext/framework/androidx.window.extensions.jar

Filesize
123KB

MD5
3056e1bdb7d4e19789d0319eff484bd0

SHA1
6791ae47aa9466fe0bca27ad6643f846853bbee4

SHA256
8e6331a07c9f2ac139214c527dcaff2c82d126bbe7bd3420cdc36d6a8c9204b0

SHA512
c790980fd68d9f89e32743bc28846807d5e5947c555f494de47714dec5cbd0c08d81c3260fa463759d1b17a953af3c44ec30b14fb08bf6b29db3837346c9f658

Download Submit
/system_ext/framework/androidx.window.sidecar.jar

Filesize
25KB

MD5
29469324e59dfcc052f24b5af4e7b2c4

SHA1
10c1e17ac6f598037bb51baa07945663645de4eb

SHA256
9195dc6a1c75a841384050240dfc972e48178964993fba6619788625f4b40d1a

SHA512
5e27c2b1431369a248298f2f749136a575005584f9999f2a4c204a0c47adce2e33c8df9f058bdafa1bde1c99e46d175560cedfcddcd8581718ed1d9973c37cc2

Download Submit