cd92f7c8a2d5133f936fb5526e7c9ce4444b592a6223adb525e907c771322c14

Analysis

max time kernel
3000758s
max time network
153s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
24-12-2023 04:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cd92f7c8a2d5133f936fb5526e7c9ce4444b592a6223adb525e907c771322c14.apk
Size

28.0MB
MD5

f6bab5ef826ff3fb2f70e992b7c7f9f2
SHA1

ae7d35b7761ffc8dbf21fffd2671761c8f4d0465
SHA256

cd92f7c8a2d5133f936fb5526e7c9ce4444b592a6223adb525e907c771322c14
SHA512

33229552cc214fa9dc7ff0cc6c6c4fa93b805a6f0c5ea9b53b7d8e8553d534f4280e8c2ee3871c730939e8a3a4240741528ea7dfddeaa3c0a06a23ca916fe198
SSDEEP

786432:Xsjze3TqOpDoAQkXlLjOx2Wn7u/2aHZOrz3srfx:Xs/JOpQkqQWn7u/7iDM

Score

8^/10

banker evasion

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 IoCs

banker

description	ioc	Process
Framework service call	android.content.pm.IPackageManager.getInstalledApplications	me.skyvpn.app

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
Anonymous-DexFile@0xe23b5000-0xe23b819c	4275	me.skyvpn.app
Anonymous-DexFile@0xe22ba000-0xe22bc7e8	4275	me.skyvpn.app

Acquires the wake lock 2 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	me.skyvpn.app
Framework service call	android.os.IPowerManager.acquireWakeLock	me.skyvpn.app:remote

Reads information about phone network operator.
Checks the presence of a debugger
evasion

me.skyvpn.app
1⤵
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
- Loads dropped Dex/Jar
- Acquires the wake lock
PID:4275

me.skyvpn.app:remote
1⤵
- Acquires the wake lock
PID:4353

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/me.skyvpn.app/databases/dt_event.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/me.skyvpn.app/databases/dt_event.db-journal

Filesize
512B

MD5
c315ab36a58e33078c46ac614e99f92c

SHA1
825f3286d16107b02892e4b22cc604eb8fb376c6

SHA256
1ea4af5fe15bd72a639dd0837ad37b202c561a6d240d5396e985f03a32d85ab7

SHA512
90adf512870ee3c53ada05bf7432a6155e66cc7c4becd6cb7d5ecda5b8f9534679f564c2f60d65a2d947796b77c0634b18dd91e13cf3361e8bbfcb3011a27a1a

Download Submit
/data/data/me.skyvpn.app/databases/dt_event.db-wal

Filesize
32KB

MD5
0f166884e9bd8ad0c604473da23b938a

SHA1
be1a60ebd46ca65d54e0d40c84803acfa950b09a

SHA256
4d46d04d5671cd09462d45876f72b4a72a9ef270c05eaa1303ccfc5fda36c5e1

SHA512
684025cb5748d943adecfea3549920d5cb3c026199c707dc0a7ff99fe257f453b81608617dc864a58940ea03c023756939bc37f8b4e12dd8268d7e7ec90e83d8

Download Submit
/data/data/me.skyvpn.app/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/658E0AEC0004-0001-1101-D093B259CBB1BeginSession.cls_temp

Filesize
77B

MD5
eedcec4a70106483ed1fcbc83bde201f

SHA1
c6158f2502c9ae84901cca2450f066e62ca57aec

SHA256
e974085d6f3a9e9cde0122e58bb6f44c4581bdf267952c5f1dd96561fe77d3a6

SHA512
7212a64ba36a7b227b360dc7613f32cf929fa0f178d955beaef6d14157164b40193449182c9390974b4f0ed45a8ca9bee65947fabf8d4eb751aa6ee6a0be8d20

Download Submit
/data/data/me.skyvpn.app/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/658E0AEC0004-0001-1101-D093B259CBB1BeginSession.json

Filesize
132B

MD5
08f5b06b632d3d9118ddeeee5e2b4b42

SHA1
d0813cbeeb96d00696672b8e56d4223b6104a075

SHA256
681af5bbb8b26d19c976d3bd12ed386670b0ccae01f2056efbb4cbaf29aa9fa9

SHA512
64b3d86373f7f46fb720a48b44e0b8bb10cafc1682f2edef220dfedf9f7fc5347f740f89eed95c4d2bfc59fa9a58f22283f952b423a70e2a1cf5f83100a35223

Download Submit
/data/data/me.skyvpn.app/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/658E0AEC0004-0001-1101-D093B259CBB1SessionDevice.cls_temp

Filesize
48B

MD5
589e59397b14726aecc2a17b191cc00e

SHA1
aa5a32c16f0eeb2ab31a19e8344ed97c4d38784d

SHA256
30dc4b56dfa459b8766b1086514b3ee340e64589949f1382a813b22f19ae5d28

SHA512
83c156354683f8790d5d5df40cb1e3034bf06d08ca916ca15555f43a4399797f48b803b74928fdefa6ea6ad7dc221b3449ddc6146538c9355116691b7b481b62

Download Submit
/data/data/me.skyvpn.app/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/658E0AEC0004-0001-1101-D093B259CBB1SessionDevice.json

Filesize
202B

MD5
d9ec3d6321dedf24a31de2e58392e6c3

SHA1
0930747fcbee87c28c3de1193de4652926ad3030

SHA256
3c45857d9937c538eafbb07bc44be4fad0ef27f3a14831311fc197a06b3106c3

SHA512
5a9e68cd895b7339146f22c9fcb4101c6f6bd58dac45650211889500e0889416c118a9f2459e7f51969d83e39500b399575b48c39b813be6f80d081995fe1576

Download Submit
/data/data/me.skyvpn.app/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/658E0AEC0004-0001-1101-D093B259CBB1SessionOS.cls_temp

Filesize
14B

MD5
9b3d4522944ce6396563812bfdb92fa9

SHA1
6d2a6133c8f01938a48ccc77ef86ad8ca335c020

SHA256
d32805d685a3f50caa7f1c0bd7c8804c4d937a866513289f60e3184f7a591ed9

SHA512
091d87643712530bf9006135db42a5a50742bb5ca3026bcc5f2c1c17bf4fd984a8938d29263b0abde3d15cac196d2230902534e200b0b79485e3a1bd97d95727

Download Submit
/data/data/me.skyvpn.app/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/658E0AEC0004-0001-1101-D093B259CBB1SessionOS.json

Filesize
54B

MD5
93023624eb8dff5c20050da136aaae0a

SHA1
acfd1ffed752c28fb135ba83c0c6345ddf2f6995

SHA256
968bcd7c4f1abed89a09cc0e6dadd238a81e8655e64196b39a86be49ceecd39c

SHA512
bb25dfa144d3f0e17203936c503c5fedec5f9ca710e177f99e273010ba4a682199d4bda5684151d65f3cb1549f4611b3a645ce39646d3db9a1b2c17d6b160579

Download Submit
/data/data/me.skyvpn.app/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp

Filesize
2KB

MD5
594cdc46ee4f6755def2b9be696e919f

SHA1
4137177b7e149ca4d0ecfab8ab686574e2a42a8b

SHA256
ce03a3317e89f6fc101ef189551f1b303617411eccd13396f44d3257990d9274

SHA512
da708cbbab6e5afcaf9fab2eb5938abbddf219e0890ddc22f8e365a5103347658c10d80e33927d9940492ef34af3d86ff72a448c06c42697dcb087d00c3b8dbe

Download Submit
/data/data/me.skyvpn.app/files/mmkv/mmkv.default

Filesize
4KB

MD5
9806cf0d3761db2c53f2eaa3532b584b

SHA1
5fc494704f622cfce908cf7a66607524e99b2e0b

SHA256
304ec30ac5c2173eadc7b2ef676d78071a2d8d57c525f11bb2158138d28ec5a8

SHA512
4438306b040fd19604ed47bd270e4ca41c3d85027c0eed38dedd1693074dbafa8c1d8ca56f1910400cfeb9286a763abd0269ee3c264c12e5e179ae3c08ab3ca0

Download Submit
/data/data/me.skyvpn.app/files/mmkv/mmkv.default.crc

Filesize
4KB

MD5
aef3bcc9897543a0b1c28a70b43c43fd

SHA1
3372eeb7800025f5cee228ab1ad938ef72eccce6

SHA256
22d40e76ac7aaa50731edf356d5119b10c4057977efd88e5d61955511bf33c05

SHA512
ff9c6ab4f3721924f983747cd3f4cd8d5065d1f0feb2726f65a10aaabbc8851864363ce3310628cf66f8391b19f68f29ab881ca2633969d23fda72cecd7c6371

Download Submit
/data/data/me.skyvpn.app/files/mmkv/vpnsdk.crc

Filesize
4KB

MD5
620f0b67a91f7f74151bc5be745b7110

SHA1
1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d

SHA256
ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7

SHA512
2d23913d3759ef01704a86b4bee3ac8a29002313ecc98a7424425a78170f219577822fd77e4ae96313547696ad7d5949b58e12d5063ef2ee063b595740a3a12d

Download Submit
/data/data/me.skyvpn.app/files/persisted_config

Filesize
12KB

MD5
aa1e870a42d438d2a4c479e5880d8201

SHA1
4de430ce49a12d3ada3892332e37b838d3d676e4

SHA256
334238b5aa53bdf0289e6671920fec543badf8eb78536260eac5770ca41243bc

SHA512
a3a4512443d48ab3f9e61555ba8e3f80ee19e38ac9853a1ef44fb1b0cf03a01215cb7ca6924e24f59f6095ddf898b6c42a9ad8ddaa1c4e4838d202ed994f79b6

Download Submit
/data/data/me.skyvpn.app/no_backup/com.google.InstanceId.properties

Filesize
2KB

MD5
c1cbd08dfb56689205eb60a83f16a08a

SHA1
9e85ced7e2c5f34086cd08b37bdacec29ad76bee

SHA256
b813cd3746d0132a3de139a409d7e2b2f83578f2d830cf3e6208a7e70ca186a0

SHA512
c2b8ee036e6053d58c493f15df8b835c81e9ad71c47b8f98dc5cfa40f07737c96ef3c4a3998887c131fe754ce95c20ef782d98ba4a10df8a7bb82af513d52098

Download Submit
Anonymous-DexFile@0xe22ba000-0xe22bc7e8

Filesize
9KB

MD5
dff580f586d4b852dee40ed35558c3c4

SHA1
7a2c0846113fb8995be25c05073377cde58f1929

SHA256
5da3e24b7d579ebddb0073bab16aed4d4be5f12d3bde1cdcf6b6d2518bcec202

SHA512
fb8791aa458405bafc78eb4aa24194c6ba6c6a6dad976e87ff4b9074cd38b687c0013d03f59d6daa9b171d223c679a9878fe3b2961ba65e93357756658fa17ec

Download Submit
Anonymous-DexFile@0xe23b5000-0xe23b819c

Filesize
12KB

MD5
3aa2236990943a68ad547bdcc2489c27

SHA1
27530711cb94a3acb6a076e6c92bbe3b05c4499c

SHA256
b9d48162e6a33f4c914b0e75dfe9e7929f33f0b04eb6706789e1dc1d09d5f8b8

SHA512
d98a6191525688fef03b52ae4cad600ac1ea20ffb4938f84f15e3b1c05c298a80e2cef1b8195e46353e8dfe68b783ff416d6ac6967070465b06373528a29eed9

Download Submit