545e1638a22602271762ce27fac8d4493b2b80b5b5de5abe256cb2934864c782

Analysis

max time kernel
34s
max time network
132s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
27-03-2024 09:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2242164a5dacbf84465af4b36743c4874eac7688a6ebcc44cdc93940ce1d4622.apk
Size

12.9MB
MD5

ecfb0e004eaa80c80e0361785ce2d2f4
SHA1

e078e9d6d27a2c5077e5c9d151df1bcb6a1b0320
SHA256

2242164a5dacbf84465af4b36743c4874eac7688a6ebcc44cdc93940ce1d4622
SHA512

0f5b2a2ae8a510930607a536ab5a57fd76d05c647ffbe43396f3d95fe68408a0ef6ccc4838ef4b5f9b4d2ad6545e6bd9b82fcf476d429b86d9dea5ca1766c1a6
SSDEEP

393216:uLDcQFEEfSc5avdRapbX5/E4VxSxGYoga:uUQGFep1/EAxJga

Score

7^/10

evasion

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 3 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

Processes:

com.s1creative.vpn/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.s1creative.vpn/files/audience_network.dex --output-vdex-fd=88 --oat-fd=150 --oat-location=/data/user/0/com.s1creative.vpn/files/oat/x86/audience_network.odex --compiler-filter=quicken --class-loader-context=&

ioc	pid	Process
/data/user/0/com.s1creative.vpn/files/audience_network.dex	4276	com.s1creative.vpn
/data/user/0/com.s1creative.vpn/files/audience_network.dex	4558	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.s1creative.vpn/files/audience_network.dex --output-vdex-fd=88 --oat-fd=150 --oat-location=/data/user/0/com.s1creative.vpn/files/oat/x86/audience_network.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.s1creative.vpn/files/audience_network.dex	4276	com.s1creative.vpn

Acquires the wake lock 1 IoCs

Processes:

com.s1creative.vpn

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.s1creative.vpn

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes:

com.s1creative.vpn

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.s1creative.vpn

com.s1creative.vpn
1⤵
- Loads dropped Dex/Jar
- Acquires the wake lock
- Uses Crypto APIs (Might try to encrypt user data)
PID:4276
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.s1creative.vpn/files/audience_network.dex --output-vdex-fd=88 --oat-fd=150 --oat-location=/data/user/0/com.s1creative.vpn/files/oat/x86/audience_network.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4558

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.s1creative.vpn/cache/rndseq

Filesize
48B

MD5
87e9b3fd469a068661029a2a4c116f64

SHA1
e5c72df14c04de95d84fa7b4966eace108489e59

SHA256
4b80fd2c5bdbdec259c5f97114ca842a180cba0610f8699332a07e156eba4b2c

SHA512
1fe43f80d09cead7432f888e96b2cd2f1d983307778b88f380ba1996c859f62581de448121e58c2c8e55ede58f5e3363b150d2745d15bc2fd156e1b55852ce3c

Download Submit
/data/data/com.s1creative.vpn/databases/InternalEvent-journal

Filesize
512B

MD5
b96cf73cd2a927619c0345c8c0b1fc03

SHA1
5eff169db4db2af0f85ff848524910d146a284b7

SHA256
35510c76a05718aafc3c75aea9fbf71f562b0c34b5cf9096da0802d874b58ddd

SHA512
5c054c313452c2fde07809d7512afdd428c0b4bbdf13ec077a925297891f536c6d6e2f4be8ad36e1cc72273fa169d14287ef608c8df434ffd569203836a3d651

Download Submit
/data/data/com.s1creative.vpn/databases/InternalEvent-wal

Filesize
28KB

MD5
1b2955250cb12f5197e09484964c992b

SHA1
12da5b9c780b5b96f92f8ee5ba283f50b7ccc2a4

SHA256
b044ddee440c6e0e5e1e381f42619769eaf58900009a3af59237fe1e8a3b3434

SHA512
6bb69068524b31d249fbe92a9393c36b328823770b6d170fdbb15b43da54ae0bc1e6d926d2ce2ee450ff383a0cdb40c81dc9e9a5f2e0ad7614bce3fd3853cf6c

Download Submit
/data/data/com.s1creative.vpn/databases/androidx.work.workdb-journal

Filesize
512B

MD5
f8961adf6bc524b74751928d932a9940

SHA1
effe51cfb7ed99d982403b74135ca011a7974a8a

SHA256
7536e480fa0c4756ab2c809f22795272735067e95f9a9be86da8d24423f9b7ae

SHA512
5f21fcff46d0c27027187dcf060e5a25e6d16ecbb11b468dcd32951af8b555b53d96610a99eac1fce7ee5c863446c94a193312f853cd24f48329988a2c94dd56

Download Submit
/data/data/com.s1creative.vpn/databases/androidx.work.workdb-wal

Filesize
16KB

MD5
c85ea188ca5127fb762b42d8d8620ded

SHA1
f89228d01df3c34dc390f7935c47dc6ebbd8befb

SHA256
ff92c64d5faa4eed8186ebd5bd88cc62cf5ad6667555ba9ca95b4d9534d5ad18

SHA512
6eadbbdf6d7be1d55c9590c9bd074c5ca17416d9503ab49b7263a31163ea6620a3d7140260ff3613b0832f2086310e2c1807f7bc8187f01e2117d056f89925f7

Download Submit
/data/data/com.s1creative.vpn/databases/com.google.android.datatransport.events

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.s1creative.vpn/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
50db8e3bd8327f315fd0f40f350dda67

SHA1
1b46a1049db424e23884b9fedaa15e4cd41c241a

SHA256
9e333db1f754e14faf26d71c1dd1a1631e27ff43bd8defcdce2be7740958c7de

SHA512
73a20f83c16ba4bffd376269cd5af5e7f5c94ee9c64e9071fe24b84839b2671b705cc9b3e9d1c2d4bf7693febdfaf0e7ddb41bd8baf1e0e270fe1527d38ec678

Download Submit
/data/data/com.s1creative.vpn/databases/com.google.android.datatransport.events-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.s1creative.vpn/databases/com.google.android.datatransport.events-wal

Filesize
44KB

MD5
46ddf11b59938fb53e826db033ee02f2

SHA1
34af3a918b2750835dbbfbe4ec43fb86e4279896

SHA256
5ad62825bad57ade0030b77cfd93ff11bf8071676b881426dda8d1c9baa84580

SHA512
23d5c4ebe6b9b87a785e705b881b91ffb754efbdf6dd3005f19470fae7293949de18b130214141984e69e3fad2d67a0a3649897ca6090f9d1b84316154f65a4c

Download Submit
/data/data/com.s1creative.vpn/databases/key_value_store.db-journal

Filesize
512B

MD5
d3204b24a894023cadabfd2e0158495d

SHA1
8c67bab70f158577dc3410eba231c6ff4aa8ffdb

SHA256
74dd10eeaccc4eab313c1394e3ea22fd5738e0c3e7892b7189f04137d5875081

SHA512
dc01fc2ab755590264e89c5af1d072aab9dfa947a0a32f37e8a02e2dca5b44162b31e87c288de95f9aff46ea18620bd6e2edbafee951d7d1002021074ca99cc7

Download Submit
/data/data/com.s1creative.vpn/databases/key_value_store.db-wal

Filesize
40KB

MD5
9da8e7521295d18f442464e651bf79d6

SHA1
43fe8e08b77d4478dbb4b9dc6fcf05ec157c4d40

SHA256
f0dba2febb312eb020bba0d330aedf34d6e6342d23f2a95b4d55220baf796b2a

SHA512
0a1075090786b228a00084706631bacddd84a697cf3d356820f521cd881625526629f1d02f74c6b5ccc071aeb1bbd4e7621d81281d87df6dd6d46f3d172b7d1d

Download Submit
/data/data/com.s1creative.vpn/files/PersistedInstallation7481185962629914361tmp

Filesize
90B

MD5
fef554f1cbae870d9d6816a77d807502

SHA1
62d50e1670bc1935a2f0e218c8a8fa7fa7f2f4a4

SHA256
1a092b4d75ef36de32eb5b16619196eff384ba02e20ffd38ae58ada3717a2e4c

SHA512
31df9cd1795748bae8628e7931a1c556a20358af51e2fe94f21350d461dd55de43a3a3f55faf1f38db7e744cc509bd21be0caf1dbcefc1f9ca40244ae5cf4632

Download Submit
/data/data/com.s1creative.vpn/files/audience_network.dex

Filesize
128KB

MD5
409e12521b030b5cca60d6556addbd94

SHA1
03ab216d36a8993ac55fe6e309983989f3db381a

SHA256
7f80e0794687a35f2c40044cc18a3d4df993b58ddde759cf280706c9c2c7c551

SHA512
e976c6785e7c14134a31b5349869476daa403c527d498f244e57e4211188a16bfa2d24ab6d3303fac9aad3cbfe29804c49bca7cb4cf6288b9a87218863d8c4d8

Download Submit
/data/user/0/com.s1creative.vpn/files/audience_network.dex

Filesize
3.2MB

MD5
69cf159b893eefff9a8106cc3ee37e03

SHA1
165207adfe8c6047ce9f3dd38aed50796c1660d1

SHA256
26fb1a790377e11135bf8bfa7552cc2797d351df60154ea032ceeb4463776fdf

SHA512
379960366739517c1c856834227aaa1a30a20a9bab730d4229f200192f2c643b69a3e2e114dbdd743a69577e0b7b477c0d14e71c31ee491e137ec405f79e71aa

Download Submit
/data/user/0/com.s1creative.vpn/files/audience_network.dex

Filesize
3.2MB

MD5
d437cdd3ce661e6966ac9f31a5413561

SHA1
013662ffcab50bb8c56557031cf16e2fd84f4a7c

SHA256
db97838bf29d022b67acffd5f7c931ba63746eb645718a04d02ec78c576cca46

SHA512
fad474e16d5bb5f34ccd1a32d63d6f9e307f6c1052253665bbb7ad4af20b1f331f61aa9738939a122ee3fa212098a226544b4f96dfb38bfbc6abad029901ef16

Download Submit