9a007f218e542878f34f732377311e2942c947bc00f3f996870d89fee7cdeedc

Analysis

max time kernel
3879178s
max time network
130s
platform
android_x86
resource
android-x86-arm-20220823-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20220823-enlocale:en-usos:android-9-x86system
submitted
06/12/2022, 12:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2be811eb52bc400.apk
Size

9.8MB
MD5

991f9e33f9c04ab115ec32b6e9a495ed
SHA1

cbcb8cf2f8e7686e93bbaf6d3b5e16f03420d9db
SHA256

9a007f218e542878f34f732377311e2942c947bc00f3f996870d89fee7cdeedc
SHA512

50dfaa901cdf589bb437797cfff480259818cac24f43b2e509bde153e1f306f46e25d5979671c5b918f8eddc8e39a083b1bfbe96a37d1cfae9480a73e2e1a5da
SSDEEP

196608:ueSu/WALr3vVU6r6I5MBOPbjimjehWynoyGG0BOA6aIzHPbmYdCtMC2u9wx3:dSKP326rM8amjBNFBI7bmUEPZ9wF

Score

7^/10

evasion

Malware Config

Signatures

Checks Android system properties for emulator presence. 1 IoCs

description	ioc	Process
Accessed system property	key: ro.product.model	com.fast.zebrafastvpn.unblock.nordvpn.vpnproxy.zebrafastvpn.supervpnfree.es

Loads dropped Dex/Jar 1 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.fast.zebrafastvpn.unblock.nordvpn.vpnproxy.zebrafastvpn.supervpnfree.esayvpnfree.zebrafastvpn/files/audience_network.dex	4133	com.fast.zebrafastvpn.unblock.nordvpn.vpnproxy.zebrafastvpn.supervpnfree.es

Looks up external IP address via web service 5 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
48	api64.ipify.org
50	api64.ipify.org
51	api64.ipify.org
52	api64.ipify.org
53	api64.ipify.org

Removes a system notification. 1 IoCs

evasion

description	ioc	Process
Framework service call	android.app.INotificationManager.cancelNotificationWithTag	com.fast.zebrafastvpn.unblock.nordvpn.vpnproxy.zebrafastvpn.supervpnfree.es

com.fast.zebrafastvpn.unblock.nordvpn.vpnproxy.zebrafastvpn.supervpnfree.es
1⤵
- Checks Android system properties for emulator presence.
- Loads dropped Dex/Jar
- Removes a system notification.
PID:4133

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.fast.zebrafastvpn.unblock.nordvpn.vpnproxy.zebrafastvpn.supervpnfree.esayvpnfree.zebrafastvpn/app_webview/Cookies

Filesize
64KB

MD5
cb7543c4df600f2af58097cce0e334ba

SHA1
83cc92f38c27fdb4fa519b1ce2f37912f24af1f0

SHA256
64c022ae708f94ffde986e105d88f708884de325720bfb9925c4160a6d417233

SHA512
ad51cad0472327bd68aa2d791341cfafed58971752352537bb603ed18b15a3f9185e9150983a28ecd09606e8dcaef6d1c9d93213dd246ef7720f39842eb3d980

Download Submit
/data/user/0/com.fast.zebrafastvpn.unblock.nordvpn.vpnproxy.zebrafastvpn.supervpnfree.esayvpnfree.zebrafastvpn/app_webview/Cookies-journal

Filesize
1KB

MD5
cda2e56d85a1aa1f67e1e358c8298f18

SHA1
1b5836b3421d59f7370fa840078ec2f4533c3fcf

SHA256
77f8739a2d9b8111d2b72d8d2c07545cdbba81113e5b5d7bb49adf32cd7efc4e

SHA512
3409304b889e55c37119b06e537ab2fd3afdc62b31bf1ce42645ca98292e86a28e7d43b6f5c801fc8959d5289a61064b2e6698cfed6171950e036129e090eaa0

Download Submit
/data/user/0/com.fast.zebrafastvpn.unblock.nordvpn.vpnproxy.zebrafastvpn.supervpnfree.esayvpnfree.zebrafastvpn/app_webview/GPUCache/index

Filesize
20B

MD5
93027d42b314432c4216e6cfca48b384

SHA1
43448dd8102979c3926828182579691945eedd4e

SHA256
3cda72e67c62e52a342309c44f2cb3b6c1019c7b11822e2f628e48e254e2b41c

SHA512
a52d13cf7f5be196d1e2f135b8a010f80558c5d35e90e7792441d1c976517d55cf1c9587949db69ebef294cc6ef79529a65e7d779964793016efecacd152f70e

Download Submit
/data/user/0/com.fast.zebrafastvpn.unblock.nordvpn.vpnproxy.zebrafastvpn.supervpnfree.esayvpnfree.zebrafastvpn/app_webview/GPUCache/index-dir/temp-index

Filesize
48B

MD5
99d35e207d03d5d112ad07a62994999f

SHA1
05ae19da50fe0ff023d3eb4184c9670d35bcf757

SHA256
b5d945d318a0f2e28d95e355f2fae9a989aaeefb384f8836cc832d9e3e2fdbb2

SHA512
78427e7749b1d7dfe36f70f1254ddb77c35846387fc6d3d1efd1f517be55652404ffda72a14ab0e021d4ca49ae5170439fd4d0c9d11d42434777fad0b7440705

Download Submit
/data/user/0/com.fast.zebrafastvpn.unblock.nordvpn.vpnproxy.zebrafastvpn.supervpnfree.esayvpnfree.zebrafastvpn/app_webview/Web Data

Filesize
104KB

MD5
dc79f9ce5f3ab5270b33e61119dfc959

SHA1
1844bf222a5144b513dcf2fb50a18c011701c647

SHA256
47e65f4de08deabfd52ecdb8b0a29c61c482188b92c36182e2112ca0a8f4ff65

SHA512
18b8894a7f35df516f423bbdebf1e05ce09eaf4345b139e59e603cadb81f8d1fa20f793438c28e8fd9a64e64f0684223d90ce6f10d3f93cb0c781049a8cff03e

Download Submit
/data/user/0/com.fast.zebrafastvpn.unblock.nordvpn.vpnproxy.zebrafastvpn.supervpnfree.esayvpnfree.zebrafastvpn/app_webview/Web Data-journal

Filesize
1KB

MD5
21134b8ab43a092782ebf8379368142e

SHA1
083844bd74970413a815f0189b67b68b90fa4c0f

SHA256
32006dee557b0bd2f9112b39182e351478955f93b87a2062fe95b6ea05eeca3f

SHA512
84616b98454f5354eb3c282a00f11c0be817cce29fbb13d372dfdd1b671650f9688e624573d664f85e771d2048eb3072f24ea5a6ee6eba885f8d846ffbde7150

Download Submit
/data/user/0/com.fast.zebrafastvpn.unblock.nordvpn.vpnproxy.zebrafastvpn.supervpnfree.esayvpnfree.zebrafastvpn/app_webview/metrics_guid

Filesize
36B

MD5
1911d6d5b969dee3f05ef639c0f131e9

SHA1
1a0cef22058989fe685c14052fd2e25b884f70d1

SHA256
067f1a67f2bb16de20784824c312675ae2d8ed45e28e2d55f707a2ee152dedc7

SHA512
a14e4cce0ffe74c45d0f220093260fbe9608c74fd07fb2d45cb8cd7963b37e81602581dad2991492a116a6d51e5f703b0972d43fad0dee9a20a986a002d4f3e0

Download Submit
/data/user/0/com.fast.zebrafastvpn.unblock.nordvpn.vpnproxy.zebrafastvpn.supervpnfree.esayvpnfree.zebrafastvpn/cache/org.chromium.android_webview/f038e94cb33282ab_0

Filesize
116B

MD5
53da81b219050c535b6d1831f7b2f441

SHA1
4200422f1953bbb7e4a5b5da993c4ec705c690aa

SHA256
c904e172820cd709cb74c69dbe76c3f0d1c55609989c01b7c0eb3b1291742118

SHA512
2c62fb6a21bfc59788be20db34bfe9165a88338b29e61b0a0fd84f21dc944d40e1bf5e38f2b0f702669555e86c0af28e6dc4266430b2290e5ec194108a4b9f3b

Download Submit
/data/user/0/com.fast.zebrafastvpn.unblock.nordvpn.vpnproxy.zebrafastvpn.supervpnfree.esayvpnfree.zebrafastvpn/cache/org.chromium.android_webview/index

Filesize
20B

MD5
93027d42b314432c4216e6cfca48b384

SHA1
43448dd8102979c3926828182579691945eedd4e

SHA256
3cda72e67c62e52a342309c44f2cb3b6c1019c7b11822e2f628e48e254e2b41c

SHA512
a52d13cf7f5be196d1e2f135b8a010f80558c5d35e90e7792441d1c976517d55cf1c9587949db69ebef294cc6ef79529a65e7d779964793016efecacd152f70e

Download Submit
/data/user/0/com.fast.zebrafastvpn.unblock.nordvpn.vpnproxy.zebrafastvpn.supervpnfree.esayvpnfree.zebrafastvpn/cache/org.chromium.android_webview/index-dir/temp-index

Filesize
48B

MD5
027920ad235cd06c6d12c9ca810651de

SHA1
f05ff202b9ba72af39d2765b60becbaf287f8fc2

SHA256
ea9da6e48527e4912939c38f348729f273260a0cbc10ab0a1143ccd86211e1b1

SHA512
823c2326e0125e2fe4ff66bd3b2716e4b57bb4318cecea52471d8c82b0364141a41ba18143c4fdd1a7386f4d0ac25edc5e881b5eb5c3f8c76949b009267152d6

Download Submit
/data/user/0/com.fast.zebrafastvpn.unblock.nordvpn.vpnproxy.zebrafastvpn.supervpnfree.esayvpnfree.zebrafastvpn/cache/org.chromium.android_webview/index-dir/temp-index

Filesize
72B

MD5
67878a207bc54fbd3d4b200676583f97

SHA1
f4f9a2408b0180a3151e29e7f1a5faffd0022ac0

SHA256
96d7fd979a7f6364c50057990f6a74c15462f5de83ca4acaa565506e7639e17a

SHA512
7aa326df476780f32b9d7b12b1ca9b35a74d6e1e08949247f2540826c158dbbe67c8cf8f4cb25cb48f4e94d0e4a107d126ed87c29f446307454f06cf3802f9b4

Download Submit
/data/user/0/com.fast.zebrafastvpn.unblock.nordvpn.vpnproxy.zebrafastvpn.supervpnfree.esayvpnfree.zebrafastvpn/cache/rndseq

Filesize
48B

MD5
616cc7d84c486e90f2cc211916c0af82

SHA1
d2153f7fcd9caa6b69b1441f269b0f4dbebc9fab

SHA256
3102b2ebeaad2698ef920a86398afc223af5f61167af6ca18e661af0753890b3

SHA512
cf909d4b3d0d86bb52b9679896c63fda392f134ad05183386e3b85a7dad4dcf65f253e5bc68577c76c7fbd39cd47540ea0b8cb3ca8309b317811306e0fe4de99

Download Submit
/data/user/0/com.fast.zebrafastvpn.unblock.nordvpn.vpnproxy.zebrafastvpn.supervpnfree.esayvpnfree.zebrafastvpn/databases/anchorfree-ucr.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/user/0/com.fast.zebrafastvpn.unblock.nordvpn.vpnproxy.zebrafastvpn.supervpnfree.esayvpnfree.zebrafastvpn/databases/anchorfree-ucr.db-journal

Filesize
524B

MD5
6014b074bb84a7b6ecdf9acdb1076c43

SHA1
582726e7bda5e95fd870ec85a1aec8e98261b185

SHA256
edef8db3b8afdf81886b41c4dc5a96950335635aeecf8dee88a5cf7a0cbc8f4f

SHA512
27bf1f4fe33e985e66d02342d096ea3ab48ab24df72c18ed8b450db4bd440507d63c05049fd4268e182e028ce3b80d3e8d01691976620815dc48bdf7070cad45

Download Submit
/data/user/0/com.fast.zebrafastvpn.unblock.nordvpn.vpnproxy.zebrafastvpn.supervpnfree.esayvpnfree.zebrafastvpn/databases/anchorfree-ucr.db-shm

Filesize
8B

MD5
7dea362b3fac8e00956a4952a3d4f474

SHA1
05fe405753166f125559e7c9ac558654f107c7e9

SHA256
af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc

SHA512
1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

Download Submit
/data/user/0/com.fast.zebrafastvpn.unblock.nordvpn.vpnproxy.zebrafastvpn.supervpnfree.esayvpnfree.zebrafastvpn/databases/anchorfree-ucr.db-wal

Filesize
32KB

MD5
4490b1890179f9fdd5c453953f9cd287

SHA1
d5857a07abfbae2bcb64a5a0d6cb5bb285e17dc5

SHA256
17d4caeb6add7d57325b21cb789c22cbe3c5bac4512a199f4f1568da169af668

SHA512
c48379bc9691bb6d6136576cd4d408c6bfa86e20023acf2420d0bf12de05f4cd55e293f90da6f60627a04c74e3229032ca2f4700a914b98fb7b28d7028579ab6

Download Submit
/data/user/0/com.fast.zebrafastvpn.unblock.nordvpn.vpnproxy.zebrafastvpn.supervpnfree.esayvpnfree.zebrafastvpn/databases/key_value_store.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/user/0/com.fast.zebrafastvpn.unblock.nordvpn.vpnproxy.zebrafastvpn.supervpnfree.esayvpnfree.zebrafastvpn/databases/key_value_store.db-journal

Filesize
524B

MD5
dbf0f8d04ffce15a1d73d9ebdbc01a21

SHA1
81fc2ca5aebf4ffd82429e686c3c711c056a7dd8

SHA256
72a171a749aadb4532432e57de82e91e1257b7ad195f2ffe917546cb5d9519ee

SHA512
5ac1c7ce38ffcde7647d50cb8a90fe8f2d87d15abc46d85e536a56fabc0b24d868288d4e2447c84275f22615661b277f446933cf93e1f86658192b2666ae3f11

Download Submit
/data/user/0/com.fast.zebrafastvpn.unblock.nordvpn.vpnproxy.zebrafastvpn.supervpnfree.esayvpnfree.zebrafastvpn/databases/key_value_store.db-shm

Filesize
8B

MD5
7dea362b3fac8e00956a4952a3d4f474

SHA1
05fe405753166f125559e7c9ac558654f107c7e9

SHA256
af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc

SHA512
1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

Download Submit
/data/user/0/com.fast.zebrafastvpn.unblock.nordvpn.vpnproxy.zebrafastvpn.supervpnfree.esayvpnfree.zebrafastvpn/databases/key_value_store.db-wal

Filesize
185KB

MD5
79fbbcf3725d312a298e3d13b6fb675d

SHA1
0d16ecdbf39d1c99c33223640b8aeb2bf5ca9b42

SHA256
475f0e3f5d99b2b904e0745063326074db549db3f61e5956ffc8f99e2ef7fdb3

SHA512
79e4ec64fef1875fd248c88b91d8cdd78741fcd5214bc59967089ee55ba1a8802138daee848931e2e80273356db9a2bccff0991d2e2d4bedc14207dd5a24939b

Download Submit
/data/user/0/com.fast.zebrafastvpn.unblock.nordvpn.vpnproxy.zebrafastvpn.supervpnfree.esayvpnfree.zebrafastvpn/files/audience_network.dex

Filesize
3.0MB

MD5
b18ab03453d5d70113873d8c45c10d2f

SHA1
ad3c48b1ca11b9c84f380b9ae7a025f957f3d02b

SHA256
bee390afa2267bc48829ee7a0f4286895bf32ba2443ff447451f515818f7203b

SHA512
63e75b38dd472b2de19f6e513026e732ca040699437be4a1684827ab2ba4baf2077b053c0ccc4a702b72bfbc2ed7e343296b9a9f85ba906be37bdd6f905694c8

Download Submit
/data/user/0/com.fast.zebrafastvpn.unblock.nordvpn.vpnproxy.zebrafastvpn.supervpnfree.esayvpnfree.zebrafastvpn/files/audience_network.dex

Filesize
3.0MB

MD5
b18ab03453d5d70113873d8c45c10d2f

SHA1
ad3c48b1ca11b9c84f380b9ae7a025f957f3d02b

SHA256
bee390afa2267bc48829ee7a0f4286895bf32ba2443ff447451f515818f7203b

SHA512
63e75b38dd472b2de19f6e513026e732ca040699437be4a1684827ab2ba4baf2077b053c0ccc4a702b72bfbc2ed7e343296b9a9f85ba906be37bdd6f905694c8

Download Submit
/data/user/0/com.fast.zebrafastvpn.unblock.nordvpn.vpnproxy.zebrafastvpn.supervpnfree.esayvpnfree.zebrafastvpn/no_backup/androidx.work.workdb

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/user/0/com.fast.zebrafastvpn.unblock.nordvpn.vpnproxy.zebrafastvpn.supervpnfree.esayvpnfree.zebrafastvpn/no_backup/androidx.work.workdb-journal

Filesize
524B

MD5
5be2b2692ec30e580e99320f34336632

SHA1
7e7198b95f3a60fa964bc1b7f7b4330b88a9e2ca

SHA256
ce4224532ad93d6e1b96df23fe158810700059dce59f59dfa79358c0804def11

SHA512
e2b31a874c08ef9ea961d1e7e557b1dd0e0e115f8590f1b2e2541608424c38ed3ba4f142f30ebd8dcb7aebe2b1f49a25eb037e4126db2fc28a93211b7ae24ff1

Download Submit
/data/user/0/com.fast.zebrafastvpn.unblock.nordvpn.vpnproxy.zebrafastvpn.supervpnfree.esayvpnfree.zebrafastvpn/no_backup/androidx.work.workdb-shm

Filesize
8B

MD5
7dea362b3fac8e00956a4952a3d4f474

SHA1
05fe405753166f125559e7c9ac558654f107c7e9

SHA256
af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc

SHA512
1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

Download Submit
/data/user/0/com.fast.zebrafastvpn.unblock.nordvpn.vpnproxy.zebrafastvpn.supervpnfree.esayvpnfree.zebrafastvpn/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
b3ccacac98672de1e5e61b2391041b1d

SHA1
d7a205d39ff8c188b4b0e1339850bfb08cc36c62

SHA256
009e34532d4f10e62df78261b6a24208d8be21d3243d3fbf22157cc51b7f0b37

SHA512
f11e7957271d1a6db579e244c04e1c7288ba9e4a58d388e2b7689a7420b9aba6efa3740ef3fb5b73d843bdeba98b20f0361f29b6b48d972e3fedf753d889ea05

Download Submit
/data/user/0/com.fast.zebrafastvpn.unblock.nordvpn.vpnproxy.zebrafastvpn.supervpnfree.esayvpnfree.zebrafastvpn/shared_prefs/WebViewChromiumPrefs.xml

Filesize
127B

MD5
21223e9184445fe043476484cd8cb1f9

SHA1
2b4813f849121d60ba35eb0889080668bb62c778

SHA256
bb61b7c087c2ae2de93a7740ff75707342940557146366e92b840284cd9446af

SHA512
be21408de0cc643650e5d9ab9057a8f9de88e37fbdc6417cfeba160402ec4cd14fccbc82cbbfd941ecfc0bb3d4056ee61ac199efdc99d647d53e65818835fd48

Download Submit
/data/user/0/com.fast.zebrafastvpn.unblock.nordvpn.vpnproxy.zebrafastvpn.supervpnfree.esayvpnfree.zebrafastvpn/shared_prefs/com.fast.zebrafastvpn.unblock.nordvpn.vpnproxy.zebrafastvpn.supervpnfree.esayvpnfree.zebrafastvpn_preferences.xml

Filesize
146B

MD5
c4d1540ca20c75dd722321410c009734

SHA1
4bf40da8bbca5f4abcffb0e23f5e3dd077acd1ad

SHA256
a7f72af798f07abe178d9164579c77d1c8d15d8f7a024729bbc3f635fc63907c

SHA512
9df2f05eb40aaf42017cf5155b9a82a173413e73fc1fa5fa3cf444f360a1da6387b540f68b11ba76a24e3e249ef817425bac60b645999c7582e0d9f712db7fa1

Download Submit
/data/user/0/com.fast.zebrafastvpn.unblock.nordvpn.vpnproxy.zebrafastvpn.supervpnfree.esayvpnfree.zebrafastvpn/shared_prefs/com.google.android.gms.measurement.prefs.xml

Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit