General

  • Target

    767744f41c8feb141369122e5d3d75b636ccc63ecef3865b82e8420ee44ec19b

  • Size

    31.7MB

  • MD5

    babbd2b9f9267b43cd8abf8e6bca5b10

  • SHA1

    79bd0bdfdc3645531c6285c3eb7c24cd0d6b0faf

  • SHA256

    767744f41c8feb141369122e5d3d75b636ccc63ecef3865b82e8420ee44ec19b

  • SHA512

    99471ff424f85d19488e982cc7af0562a02ff9c6dc2bf0fa480fdcaef423a7fbdf4c32bcfee68c51efa46e74e29f8e86907b0550e7445025d547f1949f1250a0

  • SSDEEP

    786432:WB3Em1PXhYsVpTJt9DU86F+VQ5+XoX063L7JE:W5EeXh7XTDy8+kO+Yx3LdE

Score
10/10

Malware Config

Extracted

Family

bahamut

C2

https://ft8hua063okwfdcu21pw.de/api/v0.0.1/device/

Signatures

  • Bahamut family
  • Declares services with permission to bind to the system 3 IoCs
  • Requests dangerous framework permissions 12 IoCs

Files

  • 767744f41c8feb141369122e5d3d75b636ccc63ecef3865b82e8420ee44ec19b
    .apk android arch:arm arch:x86

    com.openvpn.secure

    com.openvpn.secure.presentation.ui.main.SecureMainActivity


Android Permissions

767744f41c8feb141369122e5d3d75b636ccc63ecef3865b82e8420ee44ec19b

Permissions

android.permission.INTERNET

android.permission.ACCESS_NETWORK_STATE

android.permission.RECEIVE_BOOT_COMPLETED

android.permission.READ_EXTERNAL_STORAGE

android.permission.WRITE_EXTERNAL_STORAGE

android.permission.FOREGROUND_SERVICE

android.permission.QUERY_ALL_PACKAGES

android.permission.GET_ACCOUNTS

android.permission.CAMERA

android.permission.READ_SMS

android.permission.READ_CONTACTS

android.permission.READ_CALL_LOG

android.permission.ACCESS_FINE_LOCATION

android.permission.ACCESS_COARSE_LOCATION

android.permission.CALL_PHONE

android.permission.READ_PHONE_STATE

android.permission.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS

android.permission.SYSTEM_ALERT_WINDOW

android.permission.WAKE_LOCK