1cf59c44c2094ed061daa79cf0218e56ae1ef00a0dd38b6d3c16cee10b42d03b

Analysis

max time kernel
149s
max time network
157s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
10-04-2024 09:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1cf59c44c2094ed061daa79cf0218e56ae1ef00a0dd38b6d3c16cee10b42d03b.apk
Size

31.7MB
MD5

ed7c1a0bcc8818a40c91a23db5476c9c
SHA1

4f05482e93825e6a40af3dfe45f6226a044d8635
SHA256

1cf59c44c2094ed061daa79cf0218e56ae1ef00a0dd38b6d3c16cee10b42d03b
SHA512

1526615ab9b2cc4694e1b22c321f6276ec40856fdde5b7d832182a07a793f24162bdf6bd4e3c6507e8f42713a25109be1a771a7b13215f344f7040ba180774ae
SSDEEP

786432:FlO3Em1FtahYsVNU86F+VQ7TteXoX063s7JyE:FlGEQah7E8+kmTQYx3sdyE

Score

7^/10

collection evasion persistence

Malware Config

Signatures

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
evasion persistence

Foreground Persistence
T1541

Processes:

com.openvpn.secure

description ioc process

Framework service call android.app.IActivityManager.setServiceForeground com.openvpn.secure
Reads the contacts stored on the device. 1 TTPs 1 IoCs
collection

Contact List
T1636.003

Processes:

com.openvpn.secure

description ioc process

URI accessed for read content://com.android.contacts/contacts com.openvpn.secure
Reads the content of the call log. 1 TTPs 1 IoCs
collection

Call Log
T1636.002

Processes:

com.openvpn.secure

description ioc process

URI accessed for read content://call_log/calls com.openvpn.secure

description	ioc	process
Framework service call	android.app.IActivityManager.setServiceForeground	com.openvpn.secure

description	ioc	process
URI accessed for read	content://com.android.contacts/contacts	com.openvpn.secure

description	ioc	process
URI accessed for read	content://call_log/calls	com.openvpn.secure

com.openvpn.secure
1⤵
- Makes use of the framework's foreground persistence service
- Reads the contacts stored on the device.
- Reads the content of the call log.
PID:4308

com.openvpn.secure:openvpn
1⤵
PID:4341

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Foreground Persistence

T1541

Credential Access

Discovery

Lateral Movement

Collection

Protected User Data

T1636

Call Log

T1636.002

Contact List

T1636.003

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.openvpn.secure/databases/MonDB

Filesize
140KB

MD5
f491c4b4d271c8242b52176efedc8b30

SHA1
140093220c689fd32806f7728636897cb463c8ad

SHA256
ec2b6effa28abce43790bb7a0211ea03c1f73eb37ce2673aae30a1a49f79ccdb

SHA512
7a8f3ec5c3fab5c1d069a372bbca75510d1e6a6232707d1c11ce3c1245f856740c9b8ab2ef7662b2b7f1470d3cb78f8ebf4ec1fae3db2660fe6524aa549d5f86

Download Submit
/data/data/com.openvpn.secure/databases/MonDB-journal

Filesize
512B

MD5
ec555ff0a287f954f5cfa39b29f68141

SHA1
7bea48684e94b9a454a0d605c55ede751d9a649a

SHA256
5d66eae061d47035e1efcc9b2ec4b5a97b708e3e3e5cd97a99fecca50b9a9d32

SHA512
a2351be3fed401853d5afb497e684783d49388103ef6b89cb79ca98fa4711c944ca907ad924d62952d596d82728a2b41739c99063bc109a085c2ec01e113a64f

Download Submit
/data/data/com.openvpn.secure/databases/MonDB-wal

Filesize
152KB

MD5
d5a5cb32dcb00b46e584461da548c052

SHA1
092a99e61a8bbddb1dd49c13a96fedfd9f3a4b55

SHA256
23607387d758e5d521f3827135092be1d6ba1ef51cd353ccb5f5202629b62929

SHA512
512e66757477c40ca85314846c988e1a31a6f62007a10f66b316b7b0c5d5bc4be1e50352798a9f719020074070b3b44fafe1dc28f20cdbf8ea27bdf63c4adec7

Download Submit
/data/data/com.openvpn.secure/databases/MonDB-wal

Filesize
410KB

MD5
387a5ba498aa5175034fed7c279631e5

SHA1
bc6e365b21583e6fb77942432f9a18cabc55a46a

SHA256
78e34280ab780139b38bbf398d5799169032c8c42ab8eef9f428e42dcb9fc35f

SHA512
7bbc911c3ee1e03f346c08786a40c0eb9ff7e375ea11baab8a12571b0fcdfb9a382909a5bbe2a470b3ee5381109b63253fe26360eee979d8ff5b81cf4e3d4746

Download Submit
/data/data/com.openvpn.secure/databases/MonDB-wal

Filesize
16KB

MD5
4129f3fc0f0ad1894238677ec05e13b9

SHA1
a9c137e8ce0261c325cd427c4c4378665f17e356

SHA256
d62ab2953e600128455c9a55f2a1820113a00a855015331d890232a9fe4385dc

SHA512
b27f8257f534a405182b1e5d7fccac992b7c3e03c369d1069d1a17153c2c960356fb9665984a39dbe92af45545315d235708c5e90af80170c7be8bab369b1cb4

Download Submit
/data/data/com.openvpn.secure/no_backup/androidx.work.workdb

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.openvpn.secure/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
a4ebd0b1e708c2119f180e184e78df9f

SHA1
cd73ba45752f673b619e1a38cc1906c5a013aadb

SHA256
6befbb41c49d56b504b27fc519bcf329a790e3e821e28697cbc2042c45639bbb

SHA512
297fb82322727450010491ce835bf0db88dbb0b7c9740adcec2bc01f95afc3fb59407183189f9465175bcad4d55ccba1e8dbb666347fd4c9ba10cd22065e13d3

Download Submit
/data/data/com.openvpn.secure/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.openvpn.secure/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
b2aaf3cd4ec4739f79a94db7c8156dc4

SHA1
4b732854628209804d2417d4bac44d72af746142

SHA256
2bac3b3018dd3fc4e516060b874104aa2f2c52758faa284c1ae057ae87a24a83

SHA512
69ab2f7d1aa4368f6deee76609861cb97732e4dca70cdbb939b5947b6a43479c3127d7037808085d347a79ea1078c6a1596658e9cb2c35df43195700c2c64033

Download Submit
/data/data/com.openvpn.secure/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
69cb45be50247b2410b08aa0bcabbb39

SHA1
4d547328ddc3460b8036a0896e6b9ac47cf7463e

SHA256
23f05f5989222263f02c683a9cd62051dcfafe021f3c031d0654f60cab96629f

SHA512
4897def5732accb7a7e557acc3a52d7f3fd7d464ff1658fc1098065fc9e146307f3a15bfbcd17bbf07244a22492867c6e0114ab73e96ebf78b097ee33e2e90bb

Download Submit
/data/data/com.openvpn.secure/no_backup/androidx.work.workdb-wal

Filesize
189KB

MD5
341fead800740fabe4dc17ea843b8986

SHA1
49a1cfa06d2751d5ad4696d1df853835025e8979

SHA256
c44eed0102a06545b75ebbc038b88d930bc1c76ae54fbcfd54fce56733a66777

SHA512
047c3729124a4bdc055c971174f3ccb2b0c36cc2f307af1e6f7f0d3a858518a8a98238d536891c32e8e6f92cee679cbd748197f495a505d3d7d6fa70009dbc28

Download Submit