1cf59c44c2094ed061daa79cf0218e56ae1ef00a0dd38b6d3c16cee10b42d03b

Analysis

max time kernel
149s
max time network
157s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
10-04-2024 09:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1cf59c44c2094ed061daa79cf0218e56ae1ef00a0dd38b6d3c16cee10b42d03b.apk
Size

31.7MB
MD5

ed7c1a0bcc8818a40c91a23db5476c9c
SHA1

4f05482e93825e6a40af3dfe45f6226a044d8635
SHA256

1cf59c44c2094ed061daa79cf0218e56ae1ef00a0dd38b6d3c16cee10b42d03b
SHA512

1526615ab9b2cc4694e1b22c321f6276ec40856fdde5b7d832182a07a793f24162bdf6bd4e3c6507e8f42713a25109be1a771a7b13215f344f7040ba180774ae
SSDEEP

786432:FlO3Em1FtahYsVNU86F+VQ7TteXoX063s7JyE:FlGEQah7E8+kmTQYx3sdyE

Score

7^/10

collection evasion persistence

Malware Config

Signatures

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
evasion persistence

T1541

Processes:

com.openvpn.secure

description ioc process

Framework service call android.app.IActivityManager.setServiceForeground com.openvpn.secure
Reads the contacts stored on the device. 1 TTPs 1 IoCs
collection

T1636.003

Processes:

com.openvpn.secure

description ioc process

URI accessed for read content://com.android.contacts/contacts com.openvpn.secure
Reads the content of the call log. 1 TTPs 1 IoCs
collection

T1636.002

Processes:

com.openvpn.secure

description ioc process

URI accessed for read content://call_log/calls com.openvpn.secure

description	ioc	process
Framework service call	android.app.IActivityManager.setServiceForeground	com.openvpn.secure

description	ioc	process
URI accessed for read	content://com.android.contacts/contacts	com.openvpn.secure

description	ioc	process
URI accessed for read	content://call_log/calls	com.openvpn.secure

com.openvpn.secure
1⤵
- Makes use of the framework's foreground persistence service
- Reads the contacts stored on the device.
- Reads the content of the call log.
PID:4308

com.openvpn.secure:openvpn
1⤵
PID:4341

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.openvpn.secure/databases/MonDB
Filesize
140KB

MD5
f491c4b4d271c8242b52176efedc8b30

SHA1
140093220c689fd32806f7728636897cb463c8ad

SHA256
ec2b6effa28abce43790bb7a0211ea03c1f73eb37ce2673aae30a1a49f79ccdb

SHA512
7a8f3ec5c3fab5c1d069a372bbca75510d1e6a6232707d1c11ce3c1245f856740c9b8ab2ef7662b2b7f1470d3cb78f8ebf4ec1fae3db2660fe6524aa549d5f86

Download Submit
/data/data/com.openvpn.secure/databases/MonDB-journal
Filesize
512B

MD5
ec555ff0a287f954f5cfa39b29f68141

SHA1
7bea48684e94b9a454a0d605c55ede751d9a649a

SHA256
5d66eae061d47035e1efcc9b2ec4b5a97b708e3e3e5cd97a99fecca50b9a9d32

SHA512
a2351be3fed401853d5afb497e684783d49388103ef6b89cb79ca98fa4711c944ca907ad924d62952d596d82728a2b41739c99063bc109a085c2ec01e113a64f

Download Submit
/data/data/com.openvpn.secure/databases/MonDB-wal
Filesize
152KB

MD5
d5a5cb32dcb00b46e584461da548c052

SHA1
092a99e61a8bbddb1dd49c13a96fedfd9f3a4b55

SHA256
23607387d758e5d521f3827135092be1d6ba1ef51cd353ccb5f5202629b62929

SHA512
512e66757477c40ca85314846c988e1a31a6f62007a10f66b316b7b0c5d5bc4be1e50352798a9f719020074070b3b44fafe1dc28f20cdbf8ea27bdf63c4adec7

Download Submit
/data/data/com.openvpn.secure/databases/MonDB-wal
Filesize
410KB

MD5
387a5ba498aa5175034fed7c279631e5

SHA1
bc6e365b21583e6fb77942432f9a18cabc55a46a

SHA256
78e34280ab780139b38bbf398d5799169032c8c42ab8eef9f428e42dcb9fc35f

SHA512
7bbc911c3ee1e03f346c08786a40c0eb9ff7e375ea11baab8a12571b0fcdfb9a382909a5bbe2a470b3ee5381109b63253fe26360eee979d8ff5b81cf4e3d4746

Download Submit
/data/data/com.openvpn.secure/databases/MonDB-wal
Filesize
16KB

MD5
4129f3fc0f0ad1894238677ec05e13b9

SHA1
a9c137e8ce0261c325cd427c4c4378665f17e356

SHA256
d62ab2953e600128455c9a55f2a1820113a00a855015331d890232a9fe4385dc

SHA512
b27f8257f534a405182b1e5d7fccac992b7c3e03c369d1069d1a17153c2c960356fb9665984a39dbe92af45545315d235708c5e90af80170c7be8bab369b1cb4

Download Submit
/data/data/com.openvpn.secure/no_backup/androidx.work.workdb
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.openvpn.secure/no_backup/androidx.work.workdb-journal
Filesize
512B

MD5
a4ebd0b1e708c2119f180e184e78df9f

SHA1
cd73ba45752f673b619e1a38cc1906c5a013aadb

SHA256
6befbb41c49d56b504b27fc519bcf329a790e3e821e28697cbc2042c45639bbb

SHA512
297fb82322727450010491ce835bf0db88dbb0b7c9740adcec2bc01f95afc3fb59407183189f9465175bcad4d55ccba1e8dbb666347fd4c9ba10cd22065e13d3

Download Submit
/data/data/com.openvpn.secure/no_backup/androidx.work.workdb-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.openvpn.secure/no_backup/androidx.work.workdb-wal
Filesize
16KB

MD5
b2aaf3cd4ec4739f79a94db7c8156dc4

SHA1
4b732854628209804d2417d4bac44d72af746142

SHA256
2bac3b3018dd3fc4e516060b874104aa2f2c52758faa284c1ae057ae87a24a83

SHA512
69ab2f7d1aa4368f6deee76609861cb97732e4dca70cdbb939b5947b6a43479c3127d7037808085d347a79ea1078c6a1596658e9cb2c35df43195700c2c64033

Download Submit
/data/data/com.openvpn.secure/no_backup/androidx.work.workdb-wal
Filesize
108KB

MD5
69cb45be50247b2410b08aa0bcabbb39

SHA1
4d547328ddc3460b8036a0896e6b9ac47cf7463e

SHA256
23f05f5989222263f02c683a9cd62051dcfafe021f3c031d0654f60cab96629f

SHA512
4897def5732accb7a7e557acc3a52d7f3fd7d464ff1658fc1098065fc9e146307f3a15bfbcd17bbf07244a22492867c6e0114ab73e96ebf78b097ee33e2e90bb

Download Submit
/data/data/com.openvpn.secure/no_backup/androidx.work.workdb-wal
Filesize
189KB

MD5
341fead800740fabe4dc17ea843b8986

SHA1
49a1cfa06d2751d5ad4696d1df853835025e8979

SHA256
c44eed0102a06545b75ebbc038b88d930bc1c76ae54fbcfd54fce56733a66777

SHA512
047c3729124a4bdc055c971174f3ccb2b0c36cc2f307af1e6f7f0d3a858518a8a98238d536891c32e8e6f92cee679cbd748197f495a505d3d7d6fa70009dbc28

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads