a71290070f826292c0ce907f21280e46cb4b800163ca3b81301c75710387ff1b

Analysis

max time kernel
2889356s
max time network
166s
platform
android_x64
resource
android-x64-arm64-20220823-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20220823-enlocale:en-usos:android-11-x64system
submitted
25-11-2022 00:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a71290070f826292c0ce907f21280e46cb4b800163ca3b81301c75710387ff1b.apk
Size

29.1MB
MD5

7ac30a4488748e4be24c04325f147c9f
SHA1

b54fff5a7f0a279040a4499d5aabce41ea1840fb
SHA256

a71290070f826292c0ce907f21280e46cb4b800163ca3b81301c75710387ff1b
SHA512

2bde3d4bb8a5df81f1e0230cf6e1464853bb52c104ce3da594a0218fee62b83610d673b999c186b158b469c50213be4057c8a23aea2b693fd9083293db44cc9c
SSDEEP

393216:bjd8b3Stod1v3uFwCPwmSPkkbiaOhECW1Fypl+W9ESATJXQY0/rBxqHoyvc2IGif:SbKhE3cYFAYA/q3Yq2w2AEZ+1AphH

Score

8^/10

ransomware

Malware Config

Signatures

Makes use of the framework's Accessibility service. 1 IoCs

Processes:

com.secure.vpn

description	ioc	process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.secure.vpn

Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
ransomware

Processes:

com.secure.vpn

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.secure.vpn

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.secure.vpn

com.secure.vpn
1⤵
- Makes use of the framework's Accessibility service.
- Uses Crypto APIs (Might try to encrypt user data).
PID:4683

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.secure.vpn/cache/rndseq
Filesize
48B

MD5
89f5191ff5247b19cb970e3984fbeb32

SHA1
3bce7a160f4b9fe152d62487737f027bfad3bc55

SHA256
586c6547dd4d6897ad84f8dde02d037328ec9c45cdb07f87ad1c94515daa6c80

SHA512
d158393d7a4f66fad32979800ee7d52ba35072cd6dcb4f3160e972364d9ac558815e7b2a380acd8f727d6fb56f4cc4306a6682810f7999c43fee115601f52648

Download Submit
/data/user/0/com.secure.vpn/databases/MonDB
Filesize
4KB

MD5
7e858c4054eb00fcddc653a04e5cd1c6

SHA1
2e056bf31a8d78df136f02a62afeeca77f4faccf

SHA256
9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad

SHA512
d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

Download Submit
/data/user/0/com.secure.vpn/databases/MonDB-journal
Filesize
524B

MD5
955d4b2c74acd13a09f5821f4cd50f22

SHA1
eee14b924f37dd1714b97148b7a38a8bce44a53b

SHA256
0faee57bc89e66a85c27d98790d9fa7c781c678ec66b888c69210443971fdab3

SHA512
76ba5e70e4c7d4f7f8ca89078dcb3042846612ed460971fc96dd9b5c9b8c6139c7d174424014c3b5280bed73be8c3a9aaa34fd6ce9ad0e26354f1f67dae22300

Download Submit
/data/user/0/com.secure.vpn/databases/MonDB-shm
Filesize
8B

MD5
7dea362b3fac8e00956a4952a3d4f474

SHA1
05fe405753166f125559e7c9ac558654f107c7e9

SHA256
af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc

SHA512
1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

Download Submit
/data/user/0/com.secure.vpn/databases/MonDB-wal
Filesize
386KB

MD5
9378e28f0d95da45d186142acfa5bbe7

SHA1
396b13cecbc231bb52487666e6f415c1466be448

SHA256
27752d52dfbd47e0a4d171c10af33f5b139cfcbfb9a762af8de04f1faa5c7af9

SHA512
1f5aa91bd258b2f149442751669899afe1ffa174b4c16bf6d7087c239a910a9fb117bc821de2ceb993ca89a9112532ebc90d50e5f942147613785d52fe8850dd

Download Submit
/data/user/0/com.secure.vpn/databases/anchorfree-ucr.db
Filesize
36KB

MD5
f84f363f6af3f7d190529471d30d3125

SHA1
99666e1b3b88aaa58c48b7cfad7e50f3ee03ce46

SHA256
f0a14c06914ca70c302c88473905e9839d63f17f56debfd7ce033a433b3db935

SHA512
0b944d016a5e0a848100529ab6c18a626e50fb17197483622a69b4c8cbb75f831362bb8cc60bf20df1c4cc4095f400e487b15fcaba9d3d5b80d57d20250f1ae1

Download Submit
/data/user/0/com.secure.vpn/databases/anchorfree-ucr.db-journal
Filesize
524B

MD5
a117da8b1d98254a21ed2ecf2d906653

SHA1
7aced6b70fed728a16652e18fc21f201e00ffc5a

SHA256
8fcc13218d982dbe50321bcd4d0afb7fb7ce107484c5c9b7882c0674b55775c2

SHA512
7f6bda6aa37953fbace240b606de67c1b50678dfabc1abf6ec3c74319b38ca484b4950a722e7d10f5062f871865333f34f204bdee8f25223b00126efe0f9ed2a

Download Submit
/data/user/0/com.secure.vpn/databases/key_value_store.db
Filesize
348KB

MD5
f8cd3be52872103aa7de8747e9b5eb14

SHA1
ce28dd481514cfbc562a2db96c747549832b5fc1

SHA256
352827029bf62eb4319d12b49ec93ccaa861aa3caf10ba9224656ecace5ae87c

SHA512
2afd193e2a39094e11676ce3825f0d0f55eb2463342155a92fc4b0eeb68295667a4e09ffac7a450436798aa834309e42753151ff1ab994d51a4e230f9e15fbdb

Download Submit
/data/user/0/com.secure.vpn/databases/key_value_store.db-journal
Filesize
524B

MD5
188126f0415a0644c5dee80b8a291a4e

SHA1
a5bc87d84f3b35f54f8fe41cecbc82d956bd9e6d

SHA256
84c154ad61d1390f98d86a07baf166019808ae1c689afb2fe49f0839284741c1

SHA512
c7fd1d493babd3f50e2b8705d3c93e262bef89483f60d9aeb914a8ed6dd3e647c5720b8465654e7b5d49d1fe07000f51375f7e574b471985884b1b1982deadd0

Download Submit
/data/user/0/com.secure.vpn/no_backup/androidx.work.workdb
Filesize
4KB

MD5
7e858c4054eb00fcddc653a04e5cd1c6

SHA1
2e056bf31a8d78df136f02a62afeeca77f4faccf

SHA256
9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad

SHA512
d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

Download Submit
/data/user/0/com.secure.vpn/no_backup/androidx.work.workdb-journal
Filesize
524B

MD5
ece06354d9d279121157e6368e136e12

SHA1
248c33092f0de31cb806666bb3136a73164095b5

SHA256
1b566a19370f71c1c050ae2c6df94dd1b785e15088997154e8fe4ec9f7770ea1

SHA512
a28f7d3388c0f81b9113652d50ccd17cc5b7c1d9f846d7edbb8f6d72f73972cc786aa69f9464a770043cec341174bcd5e6097b56462d143c31f195da5703ac51

Download Submit
/data/user/0/com.secure.vpn/no_backup/androidx.work.workdb-shm
Filesize
8B

MD5
7dea362b3fac8e00956a4952a3d4f474

SHA1
05fe405753166f125559e7c9ac558654f107c7e9

SHA256
af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc

SHA512
1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

Download Submit
/data/user/0/com.secure.vpn/no_backup/androidx.work.workdb-wal
Filesize
189KB

MD5
843312b2f3078def459f30e727725bea

SHA1
acac84045ef29794ea0c815b0e0bcf8a19d43f43

SHA256
c50ba11e2e584b47c8b7fa9e62798556b376006319ef9e9037d44662bf9d0605

SHA512
a7f2231f6b746c4136324ce928ccb95e0cc8c1276c9a498b96e055b4166b65ffdbc7063cda9e514cdb7c5ff75e3f728b6bde304d1cb9ada45a59915a456093cb

Download Submit