545e1638a22602271762ce27fac8d4493b2b80b5b5de5abe256cb2934864c782

Analysis

max time kernel
35s
max time network
166s
platform
android_x64
resource
android-x64-20240221-en
resource tags

androidarch:x64arch:x86image:android-x64-20240221-enlocale:en-usos:android-10-x64system
submitted
27-03-2024 09:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2242164a5dacbf84465af4b36743c4874eac7688a6ebcc44cdc93940ce1d4622.apk
Size

12.9MB
MD5

ecfb0e004eaa80c80e0361785ce2d2f4
SHA1

e078e9d6d27a2c5077e5c9d151df1bcb6a1b0320
SHA256

2242164a5dacbf84465af4b36743c4874eac7688a6ebcc44cdc93940ce1d4622
SHA512

0f5b2a2ae8a510930607a536ab5a57fd76d05c647ffbe43396f3d95fe68408a0ef6ccc4838ef4b5f9b4d2ad6545e6bd9b82fcf476d429b86d9dea5ca1766c1a6
SSDEEP

393216:uLDcQFEEfSc5avdRapbX5/E4VxSxGYoga:uUQGFep1/EAxJga

Score

7^/10

evasion

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

Processes:

com.s1creative.vpn

ioc	pid	Process
/data/user/0/com.s1creative.vpn/files/audience_network.dex	5052	com.s1creative.vpn
/data/user/0/com.s1creative.vpn/files/audience_network.dex	5052	com.s1creative.vpn

Acquires the wake lock 1 IoCs

Processes:

com.s1creative.vpn

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.s1creative.vpn

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes:

com.s1creative.vpn

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.s1creative.vpn

com.s1creative.vpn
1⤵
- Loads dropped Dex/Jar
- Acquires the wake lock
- Uses Crypto APIs (Might try to encrypt user data)
PID:5052

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.s1creative.vpn/cache/rndseq

Filesize
48B

MD5
f299122eaacb064c4ce0bd86c5132fc1

SHA1
444967419b2132ba3cb43fed3b983ca64d10ce2b

SHA256
b11406856ceaaac7815b8fd4a119bb2708ba02338e02ea4bd0a234d57fb9d07c

SHA512
1eabf5dec44f21fac29fe6a578a7d21dab51433d5ef97ceb814991ef879b65f7faca59cbc1587b2a25db22fea1ba8458bc0a5e1f626f8b8f7703b7b8738aad25

Download Submit
/data/data/com.s1creative.vpn/databases/InternalEvent

Filesize
12KB

MD5
163b0e3f017becbc89b9d7f330b78f09

SHA1
1ef9cd8ac8655190468d0ccece0a4738634ab0f9

SHA256
cf01452c3b494692386f6c5faac340eb3eb894bd416391002d56645aa8a9ea36

SHA512
6a85a30d16fa58a4fbbb05d469778ee69ca79deaa74316ccb5be3ee07fdf78dde22e95db3edb1b88b18478e8747047445f85baaf9556b9a1e55d9a02a80baffd

Download Submit
/data/data/com.s1creative.vpn/databases/InternalEvent-journal

Filesize
512B

MD5
57d50fc9f0383ebad9547b8578fea7e3

SHA1
e5ce74d9e7551a425ac0e83d0e07a004ddbe11b4

SHA256
288f7cb57a135cd304806cc2a104d798f6277d6b13c78dc4c9237e0e256cd601

SHA512
9f34279bbbcc53170f9636ac1096bea3102a838708bb8dad20db354e17a8688a0b55cde6251014d0f0c0dc4d7d962ba804e015cc39602153d250b361071adf73

Download Submit
/data/data/com.s1creative.vpn/databases/InternalEvent-journal

Filesize
8KB

MD5
62d46b2788dbdc049ac8d2cc5f3f358a

SHA1
ffec4a2dea763dc6d908c3bdfb4a4862a3c98593

SHA256
77b4073011383110507ee25ab2dc9e4b80d36e0aef53fc8f2aef17b17d2c36f5

SHA512
1a4ae6a9c6ac3ba252c822ecd2a889beb982cefe73f6fc0e6dfd1503c57ae13d337dd59505ec941f121d83a25ce62ef22013072bcba3f0f9842835ba3f5bdde3

Download Submit
/data/data/com.s1creative.vpn/databases/InternalEvent-journal

Filesize
8KB

MD5
647e79cd6efd07e44a21ce19b5b0cc2d

SHA1
9d2029ee3b9892347d52f5377ccaff393a270cd2

SHA256
1ce1a1a1f0042ea7e191c1ac5a90b88fe32d00ab326ab11e495e28bf16edd5c1

SHA512
81d118a2c75239fca3fa8c8942a85c94553cdbd8abd0d4b402e9bdaa8fad8d889bc98ebad66f58034847104e505b4a17104bb4bfdd8d60fcb7d9027d73ddeee4

Download Submit
/data/data/com.s1creative.vpn/databases/androidx.work.workdb

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.s1creative.vpn/databases/androidx.work.workdb-journal

Filesize
512B

MD5
1af8e4ae4817cd728f97d96cab6d1418

SHA1
381340bf193922e493a73a5a146f97d4e4b514bd

SHA256
940d4ba46cd06bfdf9a68073359c2505e98385bab2039bcd86d830e6cf37d24f

SHA512
0a8b132b324e8065fc9b23ccee10ee4b8cd98626c684858869e56b973538cad7cc07e4406646b15ec738c667ce33f7b115e7d18af891188f5531191a71dc9ec9

Download Submit
/data/data/com.s1creative.vpn/databases/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.s1creative.vpn/databases/androidx.work.workdb-wal

Filesize
16KB

MD5
8ef8d933381289fce9a4c12b7891ee22

SHA1
3412296a6538bfbd65c1795308d5f5ad71b07ea6

SHA256
58580e4dd025c4a9445a7ba969e2af861db9a58fa0b90f8274935ac53c1f5acc

SHA512
1dd50178246484c9cc4f9421a049e26ac2f911cc9f13099494300240f95e9d2f4d965afd6306102ab366c6f478c05fde3cb1d65277e89c517b80adf39d7b8e4d

Download Submit
/data/data/com.s1creative.vpn/databases/com.google.android.datatransport.events

Filesize
12KB

MD5
ea628e04765adaf4238a5dcdff4bbd51

SHA1
a801947619ea8c368efe9c006a324dc6339ac60b

SHA256
885e337c2156e4dbf2176a9677ade50418740532d222ccae5ad4aa371b54c6a4

SHA512
c0287b0e7b690a7231a37d1745c49f3d861b22aa65dd769ba6a8b5ab9da55443f749957781ee05a405019c39e1be45d37a971b821bffd62a1d5620bc39119abe

Download Submit
/data/data/com.s1creative.vpn/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
1a9ffa1f0a7a08276691bc8002222293

SHA1
27157f6d63318d03609ff5e36c78c2c73e0517d6

SHA256
1073b3fe51b8809966c5190997dfcce81edc63501056f85b0ff624aa89e12de1

SHA512
5c48b40e55e92fdd30bfe20cfdc2d645e05bddc43e7399e01e85427e56e50dbd2d694ab9e0856f89d39bd8c3f89075abfed6c6ccf8e7159dc5c805eeb34b2cf2

Download Submit
/data/data/com.s1creative.vpn/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
0081081f7457fb7654bdb93bcdd2da7a

SHA1
67afb36a7c4b3fffa8ab863bb61297bdc61c9ad4

SHA256
f6f6fb3586d2178d3666a8ad05ddc0dea5a9460fea7542cb3b7364ea3bb3c95a

SHA512
039a8822c723e682571208addbb3f9dde23201c743a5b1028d8341fd39bfe2fb3e6cf945edfb59d0b817d4909f25d11499f4a12174d4415d2ee2a93e276d59d7

Download Submit
/data/data/com.s1creative.vpn/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
fbc6c91ebae68ead9523195a333df089

SHA1
d55bfeb43dc82a9a077e7a4a219472a9411bfe1d

SHA256
952049cd6130d0537938647334953f993f74871f5cccc6c1b3558a7dc82b33b7

SHA512
ff4044ca3251ccf833d47d4c3ebbc95f7bc133f646845a547f08cd22f4abe375f3d2a55b88e93654b72f12cf87a0e68fd203508d310700dd2896b8b689cd7348

Download Submit
/data/data/com.s1creative.vpn/databases/google_app_measurement_local.db

Filesize
16KB

MD5
196558fc54cd67755a94a813e280152c

SHA1
2e9569cf2016d96d5234e925ef2ab61cdd48632c

SHA256
fd6594eef07f1180afda80214a49b6799cb6ea15ea1a2ae9c60af663ec7fde97

SHA512
b309330962a79d97e509502abc384cf77b7bd9dcb568b9cc43d77413c14ac72458583c90bd2e88f8149bf76efac9221b3ae6964e7ff48677fc6d70240bdbf4a6

Download Submit
/data/data/com.s1creative.vpn/databases/key_value_store.db

Filesize
20KB

MD5
6e4918712c33164d5bec85b353a37bfe

SHA1
bfd3e7866c2cbb42874b4c226463a7cce423e752

SHA256
edf13dd8031cc36a31f44bec7663632ac38c00dbebf3872fddc156c629aeb9af

SHA512
cf90a4255ec5677b429eba7cfeb4bcb92485540fa307e9ee5585e929e953ea07503d51607bb3568d0af9420292792a73edf4c7e69255ade96f2d3fe9708b19a0

Download Submit
/data/data/com.s1creative.vpn/databases/key_value_store.db-journal

Filesize
512B

MD5
25e9031b07d68564310adf0bc360eeb1

SHA1
58bc003e2b911de0743ed512203984c8341c93ac

SHA256
36c05532a67c7f40aa7d7660edb6d27979575072aa0993bd1b4ac4fb69a31fe9

SHA512
a149555dad1c1cbdd9d1f750d658e97ec3133c46edde9a0574bb4e516631906ccb8fa3740d9c1e7f332502ce1417c466c66b8ec1d2695181c91832f46e8457e4

Download Submit
/data/data/com.s1creative.vpn/databases/key_value_store.db-journal

Filesize
8KB

MD5
4fbe9bc3c35586fd4bbf340b2ec207a5

SHA1
42664fbc0fde904dd19f4027c256a3c0c2f30d33

SHA256
4c6f2b4cbc63670dfebf9e3e488d0f80549bdbc71e6141b3aff1e157ea678833

SHA512
4db72f6ba11590da3d907c34be0d282142594119661ca3fd73bfca70f499b284770d08038ede9195ba48bb4c2d715b90bca5f902ccabef693e21cd21dda99f4d

Download Submit
/data/data/com.s1creative.vpn/databases/key_value_store.db-journal

Filesize
8KB

MD5
ebb5e0cf73b4fb6d8e3978c5c4ca532a

SHA1
3c4ab2de109eec2aaab0afd1303e448a613fa216

SHA256
27b4275f921459c4968d8f49597cb7a65ebd6013d0e93d893f239859a1627022

SHA512
1a40d4a783995f7a944b3f6d22d17b5062a619d949c2d1436cd194fb426c5faed11a69c8d03cb64e92e4516fc83063730e912a8dbf5b2dccbc902bb4d1673ed1

Download Submit
/data/data/com.s1creative.vpn/databases/key_value_store.db-journal

Filesize
12KB

MD5
8ac3aab3f154615ba209ce61df7f8686

SHA1
f3e161663cffafed7f99a2b52f5fd12771239522

SHA256
4d8ccb4b7876de4079c1044605a93f29222a9adab3b899abcec8f0f87301da4b

SHA512
3fb54ac7252a2626d643f67fba2354168e49216c5339b8588633e6527e6c34c2c957db00ea9b0a7715d6e5668d18d9f6f4813d0e69935d3c5495af8851fdaeeb

Download Submit
/data/data/com.s1creative.vpn/databases/key_value_store.db-journal

Filesize
512B

MD5
52bd31b21b9919b8327f1338bd035e7f

SHA1
b567c253262a2f543777b10af14b3658967458b0

SHA256
b9d8c636d370d2759f77a8c7ae6bb6dcd6be88bf683071ccc2151216547b4cfa

SHA512
0f99b4cd35302ab1522a6fcc6cd1ce5ba4a6fe948fea0e5d0bcfc79ab6ef50e956f09cebb0cba15d390e65435fe3baab1d5a5b4accc514b62bc8f63853f8537b

Download Submit
/data/data/com.s1creative.vpn/files/PersistedInstallation5314779512074282788tmp

Filesize
90B

MD5
2e87de5d8eef2e7d0d5d1c80f098fbee

SHA1
df195b096138c10d0a616448ed15ce45cc64d0a1

SHA256
a719845cad952133e55bba4f2264d7e1e795c307d417e12a17aeabac2a94266a

SHA512
df66e97c953ace5929fcbab1a126fe6eb8d74c0a8be4e99ae5be0cc26f2887555c596653d73d0966534989f8a1bc11840603745bf6d688eac9a0b97b764d661f

Download Submit
/data/data/com.s1creative.vpn/files/audience_network.dex

Filesize
104KB

MD5
3346e40ed8f747f6b206df4de19fd34b

SHA1
dd2293a3ce146828feda15a47b0882a06e08fdd3

SHA256
324d2db077e0d498f74b6308b05baabe92756118dba7b29f607494a6105b4734

SHA512
1fe6f3475cb37f8f54481d92033010f0c347fbeb269bd64f8846e3c3033ea4934f68855433b9484c171d86e77d119e63fa83e1ddb04881e61f33964afca21d44

Download Submit
/data/user/0/com.s1creative.vpn/files/audience_network.dex

Filesize
3.2MB

MD5
69cf159b893eefff9a8106cc3ee37e03

SHA1
165207adfe8c6047ce9f3dd38aed50796c1660d1

SHA256
26fb1a790377e11135bf8bfa7552cc2797d351df60154ea032ceeb4463776fdf

SHA512
379960366739517c1c856834227aaa1a30a20a9bab730d4229f200192f2c643b69a3e2e114dbdd743a69577e0b7b477c0d14e71c31ee491e137ec405f79e71aa

Download Submit