triada | hxxps://www[.]baixaki[.]com[.]br/apps/comunicacao/whatsapp-plus/android

Analysis

max time kernel
335s
max time network
359s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
20-01-2025 16:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.baixaki.com.br/apps/comunicacao/whatsapp-plus/android

Score

10^/10

triada banker infostealer motw phishing trojan

Malware Config

Signatures

Android Triada payload 1 IoCs

resource	yara_rule
behavioral1/files/fstream-5.dat	family_triada

Triada
Triada is an Android banking trojan first seen in 2016.
trojan infostealer banker triada
Triada family
triada

Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs

phishing motw

flow	ioc
390	https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.android.chrome

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.android.chrome

com.android.chrome
1⤵
- Checks CPU information
- Checks memory information
PID:4313

com.android.chrome
1⤵
PID:6083

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

files/dom-0.html

Filesize
151KB

MD5
6db6502cac2eb8ec0bffd333ccdba54c

SHA1
66b86bac4e02cdb0557516736bbb33480b37c211

SHA256
7c79e53513ea8a8fbc8e20e520bb19ce355106f18df98f0903056f606fa9fdc4

SHA512
18d93efe05aadae6b992503fba78a5188dca6248f5deada39319e252c8d57f26440735444e656936d78ee46fd1c041f3d1b696dc6ad1ac385786def5d4f4019a

Download Submit
/storage/emulated/0/Download/.pending-1737994843-WhatsApp_Beta_v2.23.7.14.apk

Filesize
78.0MB

MD5
bdb07d7a47681eccdbf81f4e1196f221

SHA1
e19e221148148dddfc2235c2182a5de6a5e032a3

SHA256
e6a69c0b3f7bfaabdab6f8ae6a93b419d69707179254bf4f1f417d6f7cfaf6ca

SHA512
294d4b79158ac136c6f5748b66d523757426b86445a0e19b64481012b4b85dc625d28a068518c776452d8547dec14df32c5943c0c1c3415106e31c0fa1b9185b

Download Submit
/storage/emulated/0/Download/.pending-1737994843-WhatsApp_Beta_v2.23.7.14.apk (deleted)

Filesize
623KB

MD5
bc95986e5ce3c2ceace03c44a872d1b2

SHA1
d2e787e66fab88522eb857cd24416e3603ad3950

SHA256
9f1d6147bbfb23d2fc3ba60d1eecb8b1d6f9e57baaca39ca1f1cb4ab486ac192

SHA512
867c2859061d5837a4d5f42379e4ddabc6545ae746556b97e7d622b7ce1def426e69cfe01ee182ad0ec6a43f499b4efc9312ccaf73e5183872287622d61c77dc

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads