a71290070f826292c0ce907f21280e46cb4b800163ca3b81301c75710387ff1b

Analysis

max time kernel
2657484s
max time network
132s
platform
android_x86
resource
android-x86-arm-20220823-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20220823-enlocale:en-usos:android-9-x86system
submitted
11-01-2023 02:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Bahamut.apk
Size

29.1MB
MD5

7ac30a4488748e4be24c04325f147c9f
SHA1

b54fff5a7f0a279040a4499d5aabce41ea1840fb
SHA256

a71290070f826292c0ce907f21280e46cb4b800163ca3b81301c75710387ff1b
SHA512

2bde3d4bb8a5df81f1e0230cf6e1464853bb52c104ce3da594a0218fee62b83610d673b999c186b158b469c50213be4057c8a23aea2b693fd9083293db44cc9c
SSDEEP

393216:bjd8b3Stod1v3uFwCPwmSPkkbiaOhECW1Fypl+W9ESATJXQY0/rBxqHoyvc2IGif:SbKhE3cYFAYA/q3Yq2w2AEZ+1AphH

Score

6^/10

ransomware

Malware Config

Signatures

Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
ransomware

Processes:

com.secure.vpn

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.secure.vpn

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.secure.vpn

com.secure.vpn
1⤵
- Uses Crypto APIs (Might try to encrypt user data).
PID:4051

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.secure.vpn/cache/rndseq
Filesize
48B

MD5
61caca49ec3109a9699517f690028fbe

SHA1
6a1636574215a6c5b2aa1e7ddc0508b8c3b054d0

SHA256
80508ce48d06a92f94a5337d3819e7136387a4b7712925e28ae4aa06b5f69572

SHA512
2574606d0d3236a948735d704b4794f35ac0e27f74ba0ed71a21fe9c87b97532dd167a98b5cb5d89f185f65fe4488b813dab0364eeee13132616cd7b7e43c534

Download Submit
/data/user/0/com.secure.vpn/databases/MonDB
Filesize
144KB

MD5
5674d3c690954fbe8c72d80fa19bc3c3

SHA1
2396ebc5b8104f116df13eb14dc8c3ba6a0bb3b0

SHA256
293eacc3966b98ea379268e98a5b657f709b8d1465d7070f9c0ad4d9e2d4734a

SHA512
6aca8d556021a10a06f9ed2e36fb3abe185369ce96b9e373f7f38832762735076a0d99d5a4723012d79fe36f529a89ad1b50ca065d8e00af31d704031b0ac5a0

Download Submit
/data/user/0/com.secure.vpn/databases/MonDB-journal
Filesize
524B

MD5
103035a576db0eb6af193064ea14c6c5

SHA1
ad7dd5699b109fc6991aa862e8b3acdd8b28b6e8

SHA256
0a13cec143a93869b059e18511894ed71048751345fcb7503f4a7a0d428a1a6e

SHA512
934f7a928daa7a1ab90dba9fba002713e06034126c34c6c4f8223e1686270d925285ca7101eb7cbcd4ec4839fb944fed3d399040da7b870cd7e3ffae5708183c

Download Submit
/data/user/0/com.secure.vpn/databases/MonDB-shm
Filesize
8B

MD5
7dea362b3fac8e00956a4952a3d4f474

SHA1
05fe405753166f125559e7c9ac558654f107c7e9

SHA256
af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc

SHA512
1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

Download Submit
/data/user/0/com.secure.vpn/databases/MonDB-wal
Filesize
410KB

MD5
8c9bdcd47e019ea3ac282cf96f0b9673

SHA1
0963272f5a4348d3e37be0082154430fef564f56

SHA256
265f47da2091f25e83cf74c4182e2f29f25ba3e7bea7b11b2a8eb524869cfaaf

SHA512
1985d82ad5951dd6ef4da4c00eb8a651429cb3ddadef739d98eae939e771db8d13679f8665f6d4ebbb40947077f519e737918603811606209b4d0e3b9db700fd

Download Submit
/data/user/0/com.secure.vpn/databases/anchorfree-ucr.db
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/user/0/com.secure.vpn/databases/anchorfree-ucr.db-journal
Filesize
524B

MD5
f0ece428f1b0669e5eb566114beb6e13

SHA1
63ade12a5cc8e635985100f4c93e6eeb38f5db5e

SHA256
7e08c5876fd0429f3bbc83c3c3377fc8a21b1e1aa8cde48c41df7ee85b77d4f4

SHA512
d81a4eafc7b5e65f9be31b141e00f5727c9a3c61519618460132b47a4579df6685c074b7f16f5385b0acc99cc65d40cae34a12ba024c1c6ec272f1fddda4e89c

Download Submit
/data/user/0/com.secure.vpn/databases/anchorfree-ucr.db-shm
Filesize
8B

MD5
7dea362b3fac8e00956a4952a3d4f474

SHA1
05fe405753166f125559e7c9ac558654f107c7e9

SHA256
af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc

SHA512
1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

Download Submit
/data/user/0/com.secure.vpn/databases/anchorfree-ucr.db-wal
Filesize
32KB

MD5
374a728060c1dc31c965efef8ed00332

SHA1
b6e6eb8b4e48d4fcf9b29fbda483ae8beda20925

SHA256
b57594f2c95901e1051c06be64caee83c5e43b0b86f7074dff22b68a16df1193

SHA512
72828173ec2513158951c3af521fc7144c66bf501cf54ae8f7b1f0394dbdc8c16abff8b09e7b6153416957afa4b7d2b3728ce1463891466afbf22ec95865bd8d

Download Submit
/data/user/0/com.secure.vpn/databases/key_value_store.db
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/user/0/com.secure.vpn/databases/key_value_store.db-journal
Filesize
524B

MD5
1ba2a8650233b4a9f7e4f1e55ea3139b

SHA1
7e6745d46159fc823fcc166e30f0f7a603eadc9f

SHA256
4bb4c7c6fd46102cfd14e6d55922527e42b618fbe61400caf884fb3f3b875ccc

SHA512
4cdc610aec7ccdcc2dcf9fd00a31bbbb5fd9a450e75d6713572e1354bd78a017720a3f835886badfb73318d61d9779dc0e72e5df88717ab221b4254087a3991d

Download Submit
/data/user/0/com.secure.vpn/databases/key_value_store.db-shm
Filesize
8B

MD5
7dea362b3fac8e00956a4952a3d4f474

SHA1
05fe405753166f125559e7c9ac558654f107c7e9

SHA256
af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc

SHA512
1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

Download Submit
/data/user/0/com.secure.vpn/databases/key_value_store.db-wal
Filesize
209KB

MD5
63cc361edc7b3a4e144e06cac5c170d2

SHA1
462a7ffe2159ef7eebf9a9f0a79b0885bc9d5e72

SHA256
d2c931b5a1be42086ab954cbb6777addf3ae0ac210009541a44b34f42033be3d

SHA512
ba9829567a2d5adce96000989bdf2ac8857103d0035d5dbcdcea34a8782ef1ac25f90370f2fff36a24cc27f6def7ffa405033f2d2dc5b34d2780bf112e715ed8

Download Submit
/data/user/0/com.secure.vpn/no_backup/androidx.work.workdb
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/user/0/com.secure.vpn/no_backup/androidx.work.workdb-journal
Filesize
524B

MD5
f46537b72254fde2133598e9d79bdb58

SHA1
611bc991dce9c5e755a43eab0e90787a83731cd3

SHA256
58fa642312bbb10bed7f08df2baafeb141a48442a0ba162442969cd6222ec298

SHA512
f979ae898408ea499d8c92677e9638e1cbef2986c94b3bcb68489b6b5632f77f9ddbd3d8f45b515c1e8001f10b350c2e40d19e377b0672ea396936a4d8ff806a

Download Submit
/data/user/0/com.secure.vpn/no_backup/androidx.work.workdb-shm
Filesize
8B

MD5
7dea362b3fac8e00956a4952a3d4f474

SHA1
05fe405753166f125559e7c9ac558654f107c7e9

SHA256
af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc

SHA512
1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

Download Submit
/data/user/0/com.secure.vpn/no_backup/androidx.work.workdb-wal
Filesize
189KB

MD5
bb7518bf808a1ffdf278cb6589eff879

SHA1
6ef6d4487ccad242cfc5dc21746a69370f7cbeb8

SHA256
ae8f9210dbaf921d8f879b1694a42f1e3b3c8e53a357f4cfac772687a8c65910

SHA512
e096ddec6b4999f4d5e7087bfdbd78f825f1dabf04f8eceb5000248c83913e14f74a7342aa630820294dddf560e0e5413f66a532c218f272b1e9cb64675c9e35

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads