sidewinder | 9d505af49ef6a95ec46536aaa8186e8839df00c73929e73b5468ec17435c462b

Sharing

Copy URL Twitter E-mail

General

Target

9d505af49ef6a95ec46536aaa8186e8839df00c73929e73b5468ec17435c462b
Size

9.6MB
MD5

44d1ce14d0e2bea08f21a9a20c02eb56
SHA1

61e87bf065ac0d2aebb1fe888fe2ccf06f524caf
SHA256

9d505af49ef6a95ec46536aaa8186e8839df00c73929e73b5468ec17435c462b
SHA512

1f6293bc28cf4a4dfdd29647e47cdbe33af491d990eb8b72d246ac7c469f60b82ea7f01615bb7d48a45aca5f7981b8b620d7bf19c75152a578643162b64ab179
SSDEEP

196608:DPyBDnyVkgZ1+Ss2++H/h1v3uFmCPwalOZqkh5lfYO:DPWo1+Ss2rfh1v3uFmCPwGOZqkh7

Score

10^/10

sidewinder

Malware Config

Signatures

SideWinder payload 1 IoCs

resource	yara_rule
static1/unpack001/com.securedata.vpn.apk	family_sidewinder

Sidewinder family
sidewinder

Declares services with permission to bind to the system 1 IoCs

description	ioc
Required by VPN services to bind with the system. Allows apps to provision VPN services.	android.permission.BIND_VPN_SERVICE

Requests dangerous framework permissions 8 IoCs

description	ioc
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an application to request installing packages.	android.permission.REQUEST_INSTALL_PACKAGES
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps.	android.permission.SYSTEM_ALERT_WINDOW
Allows an app to access precise location.	android.permission.ACCESS_FINE_LOCATION
Allows an app to access approximate location.	android.permission.ACCESS_COARSE_LOCATION
Allows an application to read the user's contacts data.	android.permission.READ_CONTACTS
Allows access to the list of accounts in the Accounts Service.	android.permission.GET_ACCOUNTS

Files

9d505af49ef6a95ec46536aaa8186e8839df00c73929e73b5468ec17435c462b
.zip
com.securedata.vpn.apk
.apk android

com.securedata.vpn

com.securedata.vpn.view.MainActivity

Activities

com.securedata.vpn.view.MainActivity

android.intent.action.MAIN

Permissions

android.permission.INTERNET
android.permission.ACCESS_NETWORK_STATE
android.permission.FOREGROUND_SERVICE
android.permission.READ_EXTERNAL_STORAGE
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.READ_MEDIA_STORAGE
android.permission.REQUEST_INSTALL_PACKAGES
android.permission.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS
android.permission.SYSTEM_ALERT_WINDOW
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.ACCESS_WIFI_STATE
android.permission.ACCESS_FINE_LOCATION
android.permission.ACCESS_COARSE_LOCATION
android.permission.READ_CONTACTS
android.permission.GET_ACCOUNTS
com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE

Receivers

p4d236d9a.pc31b3236.peae18bc4.p10cd395c.pff57a6d4

android.intent.action.BOOT_COMPLETED
android.intent.action.QUICKBOOT_POWERON

Services

p5f02f088.pe1dca40f.p4556d148.pa74ad8df.pc4a58b3b

android.net.VpnService
config.ar.apk
.apk android

com.securedata.vpn
config.arm64_v8a.apk
.apk android arch:arm64

com.securedata.vpn
config.de.apk
.apk android

com.securedata.vpn
config.en.apk
.apk android

com.securedata.vpn
config.es.apk
.apk android

com.securedata.vpn
config.fr.apk
.apk android

com.securedata.vpn
config.hi.apk
.apk android

com.securedata.vpn
config.in.apk
.apk android

com.securedata.vpn
config.it.apk
.apk android

com.securedata.vpn
config.ja.apk
.apk android

com.securedata.vpn
config.ko.apk
.apk android

com.securedata.vpn
config.my.apk
.apk android

com.securedata.vpn
config.pt.apk
.apk android

com.securedata.vpn
config.ru.apk
.apk android

com.securedata.vpn
config.th.apk
.apk android

com.securedata.vpn
config.tr.apk
.apk android

com.securedata.vpn
config.vi.apk
.apk android

com.securedata.vpn
config.xxhdpi.apk
.apk android

com.securedata.vpn
config.zh.apk
.apk android

com.securedata.vpn
icon.png
.png
manifest.json

Sharing

General

Malware Config

Signatures

Files

com.securedata.vpn

com.securedata.vpn.view.MainActivity

Activities

com.securedata.vpn.view.MainActivity

Permissions

Receivers

p4d236d9a.pc31b3236.peae18bc4.p10cd395c.pff57a6d4

Services

p5f02f088.pe1dca40f.p4556d148.pa74ad8df.pc4a58b3b

com.securedata.vpn

com.securedata.vpn

com.securedata.vpn

com.securedata.vpn

com.securedata.vpn

com.securedata.vpn

com.securedata.vpn

com.securedata.vpn

com.securedata.vpn

com.securedata.vpn

com.securedata.vpn

com.securedata.vpn

com.securedata.vpn

com.securedata.vpn

com.securedata.vpn

com.securedata.vpn

com.securedata.vpn

com.securedata.vpn

com.securedata.vpn