5e8b60829d35daed8f966f9de2755b98538c2c8edb35c43c60d425df901b18bc

General

Target

5e8b60829d35daed8f966f9de2755b98538c2c8edb35c43c60d425df901b18bc
Size

24.3MB
MD5

820413a1b96b17ea95f7cdd4fc6fc4b1
SHA1

c490e5bf998b818ee6b6b595a1a1689d9e47258b
SHA256

5e8b60829d35daed8f966f9de2755b98538c2c8edb35c43c60d425df901b18bc
SHA512

93f9568357f7c3b5092232ebf7ad831d06465293ff5709dfdee610034f254abe26d1333dec391eee278ddd8b6660dd9033fcbed2447ad8881952067cb5bef1e0
SSDEEP

393216:Ia6Qq6rdvO9v5zmu3UxVPNzlUDGnBhDgEXde4inKMmpHJgEXxe4dwQ5knVSl3fqZ:P6X6xXfRgGnbjNeZnRmjjBeToS5WU

Score

6^/10

Malware Config

Signatures

Declares services with permission to bind to the system 3 IoCs

description	ioc
Required by VPN services to bind with the system. Allows apps to provision VPN services.	android.permission.BIND_VPN_SERVICE
Required by VPN services to bind with the system. Allows apps to provision VPN services.	android.permission.BIND_VPN_SERVICE
Required by VPN services to bind with the system. Allows apps to provision VPN services.	android.permission.BIND_VPN_SERVICE

Files

5e8b60829d35daed8f966f9de2755b98538c2c8edb35c43c60d425df901b18bc
.apk android arch:arm64 arch:arm arch:x86

free.vpn.unblock.proxy.securevpn

free.vpn.unblock.proxy.securevpn.main.SplashActivity

Activities

free.vpn.unblock.proxy.securevpn.main.SplashActivity

android.intent.action.MAIN
android.intent.action.VIEW

free.vpn.unblock.proxy.securevpn.main.MainActivity

free.vpn.unblock.proxy.securevpn.MAIN
free.vpn.unblock.proxy.securevpn.P2P_DISCONNECT_VPN

free.vpn.unblock.proxy.securevpn.iap.IapActivity

free.vpn.unblock.proxy.securevpn.IabAction

com.github.shadowsocks.tasker.ConfigActivity

com.twofortyfouram.locale.intent.action.EDIT_SETTING

Permissions

android.permission.INTERNET
android.permission.ACCESS_NETWORK_STATE
android.permission.ACCESS_WIFI_STATE
com.android.vending.BILLING
android.permission.WAKE_LOCK
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.CHANGE_NETWORK_STATE
android.permission.VIBRATE
com.google.android.c2dm.permission.RECEIVE
com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE

Receivers

com.free.allconnect.receiver.BootReceiver

android.intent.action.BOOT_COMPLETED
android.intent.action.LOCKED_BOOT_COMPLETED

com.github.shadowsocks.BootReceiver

android.intent.action.BOOT_COMPLETED
android.intent.action.LOCKED_BOOT_COMPLETED

com.github.shadowsocks.tasker.ActionListener

com.twofortyfouram.locale.intent.action.FIRE_SETTING

com.evernote.android.job.JobBootReceiver

android.intent.action.BOOT_COMPLETED
android.intent.action.QUICKBOOT_POWERON
com.htc.intent.action.QUICKBOOT_POWERON
android.intent.action.MY_PACKAGE_REPLACED

com.google.firebase.iid.FirebaseInstanceIdReceiver

com.google.android.c2dm.intent.RECEIVE

com.google.android.gms.measurement.AppMeasurementInstallReferrerReceiver

com.android.vending.INSTALL_REFERRER

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryChargingProxy

android.intent.action.ACTION_POWER_CONNECTED
android.intent.action.ACTION_POWER_DISCONNECTED

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryNotLowProxy

android.intent.action.BATTERY_OKAY
android.intent.action.BATTERY_LOW

androidx.work.impl.background.systemalarm.ConstraintProxy$StorageNotLowProxy

android.intent.action.DEVICE_STORAGE_LOW
android.intent.action.DEVICE_STORAGE_OK

androidx.work.impl.background.systemalarm.ConstraintProxy$NetworkStateProxy

android.net.conn.CONNECTIVITY_CHANGE

androidx.work.impl.background.systemalarm.RescheduleReceiver

android.intent.action.BOOT_COMPLETED
android.intent.action.TIME_SET
android.intent.action.TIMEZONE_CHANGED

androidx.work.impl.background.systemalarm.ConstraintProxyUpdateReceiver

androidx.work.impl.background.systemalarm.UpdateProxies

com.facebook.CurrentAccessTokenExpirationBroadcastReceiver

com.facebook.sdk.ACTION_CURRENT_ACCESS_TOKEN_CHANGED

Services

org.strongswan.android.logic.CharonVpnService

android.net.VpnService

de.blinkt.openvpn.core.OpenVPNService

android.net.VpnService

com.github.shadowsocks.bg.SSVpnService

android.net.VpnService

com.google.firebase.iid.FirebaseInstanceIdService

com.google.firebase.INSTANCE_ID_EVENT

Android Permissions

5e8b60829d35daed8f966f9de2755b98538c2c8edb35c43c60d425df901b18bc

Permissions

android.permission.INTERNET

android.permission.ACCESS_NETWORK_STATE

android.permission.ACCESS_WIFI_STATE

com.android.vending.BILLING

android.permission.WAKE_LOCK

android.permission.RECEIVE_BOOT_COMPLETED

android.permission.CHANGE_NETWORK_STATE

android.permission.VIBRATE

com.google.android.c2dm.permission.RECEIVE

com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE

Sharing

General

Malware Config

Signatures

Files

free.vpn.unblock.proxy.securevpn

free.vpn.unblock.proxy.securevpn.main.SplashActivity

Activities

free.vpn.unblock.proxy.securevpn.main.SplashActivity

free.vpn.unblock.proxy.securevpn.main.MainActivity

free.vpn.unblock.proxy.securevpn.iap.IapActivity

com.github.shadowsocks.tasker.ConfigActivity

Permissions

Receivers

com.free.allconnect.receiver.BootReceiver

com.github.shadowsocks.BootReceiver

com.github.shadowsocks.tasker.ActionListener

com.evernote.android.job.JobBootReceiver

com.google.firebase.iid.FirebaseInstanceIdReceiver

com.google.android.gms.measurement.AppMeasurementInstallReferrerReceiver

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryChargingProxy

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryNotLowProxy

androidx.work.impl.background.systemalarm.ConstraintProxy$StorageNotLowProxy

androidx.work.impl.background.systemalarm.ConstraintProxy$NetworkStateProxy

androidx.work.impl.background.systemalarm.RescheduleReceiver

androidx.work.impl.background.systemalarm.ConstraintProxyUpdateReceiver

com.facebook.CurrentAccessTokenExpirationBroadcastReceiver

Services

org.strongswan.android.logic.CharonVpnService

de.blinkt.openvpn.core.OpenVPNService

com.github.shadowsocks.bg.SSVpnService

com.google.firebase.iid.FirebaseInstanceIdService

Android Permissions

5e8b60829d35daed8f966f9de2755b98538c2c8edb35c43c60d425df901b18bc