b420db3dff4637f07caaa145b634106e4c2fc559ae1b4b692271cedbe21b62c8

Analysis

max time kernel
2889230s
max time network
148s
platform
android_x64
resource
android-x64-arm64-20220823-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20220823-enlocale:en-usos:android-11-x64system
submitted
25-11-2022 00:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b420db3dff4637f07caaa145b634106e4c2fc559ae1b4b692271cedbe21b62c8.apk
Size

29.1MB
MD5

548674d18b82bc0d58a1b7722029a156
SHA1

c74b006badbb3844843609dd5811ab2cef16d63b
SHA256

b420db3dff4637f07caaa145b634106e4c2fc559ae1b4b692271cedbe21b62c8
SHA512

76fda6a5c9475a8d4a367649002f7875b9be434d3e28fd370a46e3b83d2aefd60ce24693bc1151dc4f8f18519e03f23cccf4e19c7366055aa803015b298a924a
SSDEEP

393216:z3J8b3SRZd1v3uFwCPwmSP8VbiaOhECW1Fypl+W9ESAHRDQ60/rBxqHoyvc2IGpI:+bKhE/cYxU6A/q3lq2sDIMe+1AppO

Score

8^/10

ransomware

Malware Config

Signatures

Makes use of the framework's Accessibility service. 1 IoCs

Processes:

com.secure.vpn

description	ioc	process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.secure.vpn

Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
ransomware

Processes:

com.secure.vpn

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.secure.vpn

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.secure.vpn

com.secure.vpn
1⤵
- Makes use of the framework's Accessibility service.
- Uses Crypto APIs (Might try to encrypt user data).
PID:4403

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.secure.vpn/cache/rndseq
Filesize
48B

MD5
2fdc1452233b6d65eb50e121cd025e81

SHA1
90db23ead9dad71dd85631d484076ae493bfa835

SHA256
825cdd982909dd5d1192ac3175105b15905ee979f31515bdde25c2fae863a702

SHA512
338b875966bbb0a70e5a3a9e8c1ac28cc0f7fd72ca4530f0bf421bf2bf08695a6ba20b35ff961d79bfbe7b686d81496d361cb5a9b0645ecea3efdf09062f5f71

Download Submit
/data/user/0/com.secure.vpn/databases/MonDB
Filesize
4KB

MD5
7e858c4054eb00fcddc653a04e5cd1c6

SHA1
2e056bf31a8d78df136f02a62afeeca77f4faccf

SHA256
9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad

SHA512
d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

Download Submit
/data/user/0/com.secure.vpn/databases/MonDB-journal
Filesize
524B

MD5
dc08879a59cf6d024510b7a4df9ef0c6

SHA1
89c431d5bedb4c8974c013b89f50cfbf44f63c1b

SHA256
620aec82723e86e104423ad019a2f03bd2db98e47bcde33b12ad50a3e113099b

SHA512
f8b3eb1450fe5bf742020cc4b08455672652f3b4e3ae354a9f5e8fe1dae907e7a6530855941b99751b9dcb55445d3fa70418c20248de0ea7e0e73e01abb655dd

Download Submit
/data/user/0/com.secure.vpn/databases/MonDB-shm
Filesize
8B

MD5
7dea362b3fac8e00956a4952a3d4f474

SHA1
05fe405753166f125559e7c9ac558654f107c7e9

SHA256
af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc

SHA512
1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

Download Submit
/data/user/0/com.secure.vpn/databases/MonDB-wal
Filesize
386KB

MD5
e164e2ff04337d79891e917ddd7e7011

SHA1
9d20beac844a246a5a2588cbdf7d3e28365a2175

SHA256
3acc416182a2dc2f3774e5e9592d3305ac1f7ff5366c56014f0c253bf73877c5

SHA512
59f1d358d4a1d2bf20e73d7d32ec3a0d952657eb7c98b0f2b9fe541c8065d01adebb515b8d1b7fd7e09ff7af0b8e881431a7c38b3b6a36309ff6f281c7f501da

Download Submit
/data/user/0/com.secure.vpn/databases/anchorfree-ucr.db
Filesize
36KB

MD5
f84f363f6af3f7d190529471d30d3125

SHA1
99666e1b3b88aaa58c48b7cfad7e50f3ee03ce46

SHA256
f0a14c06914ca70c302c88473905e9839d63f17f56debfd7ce033a433b3db935

SHA512
0b944d016a5e0a848100529ab6c18a626e50fb17197483622a69b4c8cbb75f831362bb8cc60bf20df1c4cc4095f400e487b15fcaba9d3d5b80d57d20250f1ae1

Download Submit
/data/user/0/com.secure.vpn/databases/anchorfree-ucr.db-journal
Filesize
524B

MD5
791036ed232eb146b29ab4ed4ef9346f

SHA1
3fcdf9a0053b9cff0564dd36d4da9844232ace10

SHA256
ec6cd2b65759ad3891fc8aa19981b147e4862a6a11c68a82714081de5316a1b2

SHA512
09267b2aef8fdf765b0c84b45e8affa7437567dfef4340514c930ed35d0a74ca273aa729b8dc7be005e00322ff94f39d07ff278ac6c6c8b559ee0be2bac263e7

Download Submit
/data/user/0/com.secure.vpn/databases/key_value_store.db
Filesize
324KB

MD5
0353a718fdb9b37f014222c384ad893e

SHA1
707d203d4d302224230e145528da67bc24a619c3

SHA256
c2703d0b003f85c95653de8086c2882c20993ab28be1faf57a09650f504bf540

SHA512
654faa0e41bd4d699fac5d04eff0be15ce79d9ea52938142e41d17fb074cb2a22b59f17515f73bbfe9ef739a6c093a7670115bae430cdcf20f34328a5ba89140

Download Submit
/data/user/0/com.secure.vpn/databases/key_value_store.db-journal
Filesize
524B

MD5
b45e5de2c4bda3e6e6362368d9038cfd

SHA1
71a3aafab9c03a57ac0a96c9a7a744bad68963c8

SHA256
32890fc40f5b032018b6092718bf9bf42f630e6c7f2e2b31441da49180cb7c83

SHA512
4c23c455aa5fd095ae44afa4b1bd4733ad0d082bc1a0b1679fe29dd7361d07b6bc66c98697a04774d86fec2e9e33edbc252f24f53263373781bc06a4854915dc

Download Submit
/data/user/0/com.secure.vpn/no_backup/androidx.work.workdb
Filesize
4KB

MD5
7e858c4054eb00fcddc653a04e5cd1c6

SHA1
2e056bf31a8d78df136f02a62afeeca77f4faccf

SHA256
9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad

SHA512
d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

Download Submit
/data/user/0/com.secure.vpn/no_backup/androidx.work.workdb-journal
Filesize
524B

MD5
021665340e827724d53d01de7b4baf73

SHA1
00f86e77436bb1d9f2c750bc0ed73335f7065630

SHA256
e0087a721b835264a599a1d6f2ce97f12e4424a9de76f868da119d034db2eedb

SHA512
42c288b2a85ebd67a4e940da8b191ea0d64dd79c2d12752866d7237a5f4bbe3ffcd88afa35a9cc5641551e3f05a0e296022fbdb58bb40b598e5fafe5f388ee5a

Download Submit
/data/user/0/com.secure.vpn/no_backup/androidx.work.workdb-shm
Filesize
8B

MD5
7dea362b3fac8e00956a4952a3d4f474

SHA1
05fe405753166f125559e7c9ac558654f107c7e9

SHA256
af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc

SHA512
1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

Download Submit
/data/user/0/com.secure.vpn/no_backup/androidx.work.workdb-wal
Filesize
189KB

MD5
e4754bbe70f2e74d3250db98c68e8713

SHA1
c9fdc2fef478149b41ab400f35eb1ba39731a4fc

SHA256
31d2488e9e9d858466b6a7cbb956a7d20712a3bc2840d4ec7355953d308f09a9

SHA512
ba581c7915b797d3e12fbf3fac6c760166576a7e68150905d05af06f744b3540a791d1427b5d6c8fe2fe8da25937f1084625427c7874fb13c013f9dcebebff19

Download Submit