a40c7cabf874517f5d3d069e0377fa9348e10344000e39717c1a6571939ba7c0

Analysis

max time kernel
2889632s
max time network
165s
platform
android_x64
resource
android-x64-arm64-20220823-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20220823-enlocale:en-usos:android-11-x64system
submitted
25-11-2022 00:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a40c7cabf874517f5d3d069e0377fa9348e10344000e39717c1a6571939ba7c0.apk
Size

29.1MB
MD5

54a85378f28085923115ee44f540ff8a
SHA1

2e40f7fd49fa8538879f90a85300247fbf2f8f67
SHA256

a40c7cabf874517f5d3d069e0377fa9348e10344000e39717c1a6571939ba7c0
SHA512

853d315b460f899c3b4e7e2d6e071763dea1f4c58f8ea1547d8a234eda12e7ee8a1b2c4c5f51f7f4074061f3c50dc5e1892e33520d0b7eec3a82e3f1c4c74917
SSDEEP

393216:bjd8b3Stod1v3uFwCPwmSPk3biaOhECW1Fypl+W9ESATkXQY0/rBxqHoyvc2IG6a:ZbKhE3cYQAYA/q3Qq2w2AA+1Aphm

Score

8^/10

ransomware

Malware Config

Signatures

Makes use of the framework's Accessibility service. 1 IoCs

Processes:

com.secure.vpn

description	ioc	process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.secure.vpn

Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
ransomware

Processes:

com.secure.vpn

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.secure.vpn

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.secure.vpn

com.secure.vpn
1⤵
- Makes use of the framework's Accessibility service.
- Uses Crypto APIs (Might try to encrypt user data).
PID:4422

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.secure.vpn/cache/rndseq
Filesize
48B

MD5
365c1c50c82b024db33057c916a278d9

SHA1
903dd1eb623786c704e17af5942dc215b7f33b57

SHA256
e9ebde3a87ae0bd09fb1f26a7e74cdc0dd55322053969c66f551ea1bb5af32d8

SHA512
6076b5583450b8359a8e0011b79511461cee8a5144a0521fe9524f1eed2829efa79f7884580c3b9fff8d8e5aa00d4e5aea0569fb938768753f7ebe68037b6b3c

Download Submit
/data/user/0/com.secure.vpn/databases/MonDB
Filesize
4KB

MD5
7e858c4054eb00fcddc653a04e5cd1c6

SHA1
2e056bf31a8d78df136f02a62afeeca77f4faccf

SHA256
9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad

SHA512
d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

Download Submit
/data/user/0/com.secure.vpn/databases/MonDB-journal
Filesize
524B

MD5
45657e601923a989f5940d3b8334b60e

SHA1
9ebd25913e1e8403bc743b7cad6a331ea65b5e17

SHA256
e1c8d5e1f4c513cd797f093446d225ecfc0a66384de13f822e3de239f7a85116

SHA512
6c07ced079685794de851f269f7b237c9becd772b7db4b6d3687b27d672c3dddb8128de29a2fe2a799c5a575e3e4d5b5a89ea4c281881f2cd785ee03631ac93e

Download Submit
/data/user/0/com.secure.vpn/databases/MonDB-shm
Filesize
8B

MD5
7dea362b3fac8e00956a4952a3d4f474

SHA1
05fe405753166f125559e7c9ac558654f107c7e9

SHA256
af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc

SHA512
1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

Download Submit
/data/user/0/com.secure.vpn/databases/MonDB-wal
Filesize
398KB

MD5
2ad23f241e6e024c2b94bf33068b2b89

SHA1
c18ed253dfabf6ecad72ad1e8c648676e3e77434

SHA256
6882f67a49116936ae504151bca7388af8543e142464403d6bcdf3112603322d

SHA512
79f1194b206854b2bb3acfe41a6392b00b7f9a79c2fd36cca973284c8d18658fb15e68b79fee1532f1f2bce95d3fba299f2b4935adc864102ad44df8858b76fa

Download Submit
/data/user/0/com.secure.vpn/databases/anchorfree-ucr.db
Filesize
36KB

MD5
f84f363f6af3f7d190529471d30d3125

SHA1
99666e1b3b88aaa58c48b7cfad7e50f3ee03ce46

SHA256
f0a14c06914ca70c302c88473905e9839d63f17f56debfd7ce033a433b3db935

SHA512
0b944d016a5e0a848100529ab6c18a626e50fb17197483622a69b4c8cbb75f831362bb8cc60bf20df1c4cc4095f400e487b15fcaba9d3d5b80d57d20250f1ae1

Download Submit
/data/user/0/com.secure.vpn/databases/anchorfree-ucr.db-journal
Filesize
524B

MD5
46ad37e6939bb9e5a4eb6845448067ab

SHA1
685a4d2f9fd008a4e73be16fc30ed5be7b90871a

SHA256
81adea1307fd5cf59de5d401db4ffc5b7f5bb6d56e7b17ecadad8db2ba81312d

SHA512
f6f6f82c57f6f7725c57d961320bef9f1b891786d69273f7f56017bdc9ab88598cdee8bb560a77e9a73f0d4c7b2ff9cb8bb788b3da2ee1ec4fa6ec762860a821

Download Submit
/data/user/0/com.secure.vpn/databases/key_value_store.db
Filesize
312KB

MD5
13ed3e39c6051802871de0be6df96200

SHA1
365e0a9aec1cc47215bfc1d455b5ca6593c859e2

SHA256
fe2e2830393a01a2b1b53585f52a3084832a3a935ce0d15153ee70cc1a0b13ff

SHA512
3e71fb43b61ad8b5e4f75ff991cbed867132c98017fd9a97158eb54d64bc220380cb12f8f5832057f0ab568a7a6f2ca3e8a9d3bc0f52d4d0e5894d82a91a9633

Download Submit
/data/user/0/com.secure.vpn/databases/key_value_store.db-journal
Filesize
524B

MD5
a1402d3e67deac5793f767dee92658c4

SHA1
b308641ae8daae6910622b65d486d467fcdadf16

SHA256
824934d0ea236984a4c7e00dead06bdc3e37f73aae0b708a3461d37fa5da9fa1

SHA512
5902e276ef1381bc6f6ddc25abd16ffe323a9ccb46cd51a81445d992764009b859a697c20c45ab88d1603fd49a890b73975c2584f2158841aebe3ff31d50cee0

Download Submit
/data/user/0/com.secure.vpn/no_backup/androidx.work.workdb
Filesize
4KB

MD5
7e858c4054eb00fcddc653a04e5cd1c6

SHA1
2e056bf31a8d78df136f02a62afeeca77f4faccf

SHA256
9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad

SHA512
d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

Download Submit
/data/user/0/com.secure.vpn/no_backup/androidx.work.workdb-journal
Filesize
524B

MD5
045a364d34f750ef4a8a3f153a42bf24

SHA1
e8caa4013cfd521ad4e291006775bb438449185a

SHA256
7106e413506360b592e24dd27c5b132d5e80be472368e76039a8cd402988ba76

SHA512
b67cb121c57d02635a95535b0e18d2e97a32361afe1bc5307c2d15a2d2a6dae68a4396fa34eb17f5ae1a2decef28064eac7af118a351219bc74064d0d1b66598

Download Submit
/data/user/0/com.secure.vpn/no_backup/androidx.work.workdb-shm
Filesize
8B

MD5
7dea362b3fac8e00956a4952a3d4f474

SHA1
05fe405753166f125559e7c9ac558654f107c7e9

SHA256
af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc

SHA512
1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

Download Submit
/data/user/0/com.secure.vpn/no_backup/androidx.work.workdb-wal
Filesize
189KB

MD5
c4606db4db638e1de21411cec723d340

SHA1
dc97bc187594d87387948b8dddf771dc2624cf76

SHA256
ed3216a245f021d75274b5f1f7d75e6528af66471e7aaabb33a2dc5e2a157f8d

SHA512
2bac43496e86cfcee8a8ea4c310e71160005b249d8d3b0a5075ca86c4f1128170fccbcb82a2d216997f3e5472b57604895a444ee9824d9c31410d403bb2ff3fe

Download Submit