1cf59c44c2094ed061daa79cf0218e56ae1ef00a0dd38b6d3c16cee10b42d03b

Analysis

max time kernel
115s
max time network
151s
platform
android_x64
resource
android-x64-arm64-20240221-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240221-enlocale:en-usos:android-11-x64system
submitted
10-04-2024 09:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1cf59c44c2094ed061daa79cf0218e56ae1ef00a0dd38b6d3c16cee10b42d03b.apk
Size

31.7MB
MD5

ed7c1a0bcc8818a40c91a23db5476c9c
SHA1

4f05482e93825e6a40af3dfe45f6226a044d8635
SHA256

1cf59c44c2094ed061daa79cf0218e56ae1ef00a0dd38b6d3c16cee10b42d03b
SHA512

1526615ab9b2cc4694e1b22c321f6276ec40856fdde5b7d832182a07a793f24162bdf6bd4e3c6507e8f42713a25109be1a771a7b13215f344f7040ba180774ae
SSDEEP

786432:FlO3Em1FtahYsVNU86F+VQ7TteXoX063s7JyE:FlGEQah7E8+kmTQYx3sdyE

Score

7^/10

collection evasion persistence

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 4 IoCs

Runs executable file dropped to the device during analysis.

evasion

T1407

Processes:

com.openvpn.securecom.openvpn.secure:openvpn

ioc	pid	process
/system_ext/framework/androidx.window.sidecar.jar	4453	com.openvpn.secure
/system_ext/framework/androidx.window.sidecar.jar	4453	com.openvpn.secure
/system_ext/framework/androidx.window.sidecar.jar	4492	com.openvpn.secure:openvpn
/system_ext/framework/androidx.window.sidecar.jar	4492	com.openvpn.secure:openvpn

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
evasion persistence

T1541

Processes:

com.openvpn.secure

description ioc process

Framework service call android.app.IActivityManager.setServiceForeground com.openvpn.secure
Reads the contacts stored on the device. 1 TTPs 1 IoCs
collection

T1636.003

Processes:

com.openvpn.secure

description ioc process

URI accessed for read content://com.android.contacts/contacts com.openvpn.secure
Reads the content of the call log. 1 TTPs 1 IoCs
collection

T1636.002

Processes:

com.openvpn.secure

description ioc process

URI accessed for read content://call_log/calls com.openvpn.secure

description	ioc	process
Framework service call	android.app.IActivityManager.setServiceForeground	com.openvpn.secure

description	ioc	process
URI accessed for read	content://com.android.contacts/contacts	com.openvpn.secure

description	ioc	process
URI accessed for read	content://call_log/calls	com.openvpn.secure

com.openvpn.secure
1⤵
- Loads dropped Dex/Jar
- Makes use of the framework's foreground persistence service
- Reads the contacts stored on the device.
- Reads the content of the call log.
PID:4453

com.openvpn.secure:openvpn
1⤵
- Loads dropped Dex/Jar
PID:4492

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.openvpn.secure/databases/MonDB
Filesize
140KB

MD5
577459d9bef78fb4ba83163f237ad7a8

SHA1
a179b209d96c1d3d420957c5cc4d3586a31a9c5b

SHA256
3a474e17fd3ebf7665334a64bb6ac15766826e8747eb3a6497d821a4826f2200

SHA512
3aae8b96b74a4ba18eb4b6a2af134a27ab6d9406fa83b1f265163791009cddc34d9f351a5d5354a86447e883a301bdec50afd49c03064bb7155e83c5af630093

Download Submit
/data/data/com.openvpn.secure/databases/MonDB-journal
Filesize
512B

MD5
0cae07e69545a1c830eb7626d819f8dd

SHA1
6c54bfb7354eb2fff0ee44e6d285cdd3fdaa00a2

SHA256
c303451f1274350acdfd3cbe6f80fc375bd200628f0d30273b8db8aef407ae14

SHA512
7fcd03a224a66c06a82e24e6f1cc7397d582a868ea86802fc147adf3ffdfd9a304cd59a44cfc6b55077b03e777762588ed8685706cee21bbecf88c286811c2fb

Download Submit
/data/data/com.openvpn.secure/databases/MonDB-wal
Filesize
152KB

MD5
4a5d7c7efaec432e2627fa26fddd08ed

SHA1
50590376f155155a3c4af5273a550b098e23dace

SHA256
42d28ddcc8bce4757f525f39981d18301d49112318228b39f7a1c065166bb86c

SHA512
c7d06a45f4bfe6fe7d9f86b58e57418834a0c5c51bcec16438d25475340b6efc8c14ff6124fc43d1cf27893ce35b737044979959d7a536b1205bebb9bc9bbd60

Download Submit
/data/data/com.openvpn.secure/databases/MonDB-wal
Filesize
410KB

MD5
3a59becced947549d2a44ff13a50e166

SHA1
0f51f3798a5c8e692b8c1353955d3d3f6c9f1387

SHA256
660b4469155fa21b6f82ec14ef2607450b01004fcc1481efeeea559d435cf512

SHA512
9129a1c609b095a43bf8b9643120e16553d5ba1b8bc4ef5a604675c4eaa97d4c549c256ba70c0a250d4221f08619f7b70ffcc935d76fcb3da5578ff03b5cd67e

Download Submit
/data/data/com.openvpn.secure/databases/MonDB-wal
Filesize
16KB

MD5
72638acfc3515fa3f930877644549489

SHA1
a3bc0bde0630fa33d59babaadd610e7b8129054a

SHA256
89e23c0d3ffa6ab3e13bda934d9be8b8835a5e5c24dd0caa678f83bcbebf0734

SHA512
e9840f755b6525635d29d5afd2e90dc291e05fefdd325c57804b2e9ab67a4656667254c83a445870acad13db635462429b60ab82c893349680256c670d22261a

Download Submit
/data/data/com.openvpn.secure/no_backup/androidx.work.workdb
Filesize
4KB

MD5
7e858c4054eb00fcddc653a04e5cd1c6

SHA1
2e056bf31a8d78df136f02a62afeeca77f4faccf

SHA256
9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad

SHA512
d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

Download Submit
/data/data/com.openvpn.secure/no_backup/androidx.work.workdb-journal
Filesize
512B

MD5
93ed421ed830200a659e74be74d544de

SHA1
01287142cf02106ecbd03fc3c81de62335da6bb1

SHA256
f5d46adfac7d1dc73d2d944bf0f648a101236d7ba6d67594627130bce629fd95

SHA512
2d67680eed74d4cdd4812c555817da71eb440e59c693b777abdd00013ca4c749d5ae2fab603a242cd7ddb792a4941847fbe1d597d27d6cecf13c3404a3fa1324

Download Submit
/data/data/com.openvpn.secure/no_backup/androidx.work.workdb-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.openvpn.secure/no_backup/androidx.work.workdb-wal
Filesize
16KB

MD5
39c4345205f0421b66650dfa1a65322a

SHA1
b7b99802d416cd583f6501e6443b37289a06522f

SHA256
a08451297fc0746bf7e0d12a6b44e5e377267219dc35f712b0ab48537cfd7fad

SHA512
898981cdbf9aaeb754a1c35145e070400ef3cec3d9cb574d075bb2e032bedf9e4a105dd31a3d6c5340264d7633f83a941e4929f7a812bb669ec3100df2d9e10b

Download Submit
/data/data/com.openvpn.secure/no_backup/androidx.work.workdb-wal
Filesize
108KB

MD5
cb314ee6dbd81d19de648471a8aafab5

SHA1
8e734ad34e1996948437d1c6d79f7e1bbfe1e353

SHA256
c9fcd281ca9882f31cbda35c808e6d8e80cc484dcc397e1707fb51e1e839de47

SHA512
c9aa4d45e3253c38038bdf4fca2520ade29be2ac6a391d0bfeb42efc8ee85d2b8948ad6d593d936b5cda7552cbff91febfcf35e24cf4337cb1d7326215cab319

Download Submit
/data/data/com.openvpn.secure/no_backup/androidx.work.workdb-wal
Filesize
189KB

MD5
975d4eb097bf50560269043cc1247754

SHA1
a97307526ea18e9c2ddc0f7972638be9601e1340

SHA256
dcec2ccafa0c2454be439c55b01c9e4b65653ad83c6ef46c0121b74c3a8249f7

SHA512
c418145c59a0fd10f6fda7c6bd40a6c2d8908e3dad942fa2ec882478d43a09dd9ddb8f8ce3077cb7e46ba6625ca0c10bccd55699f23169960f5b4511f6219513

Download Submit
/system_ext/framework/androidx.window.sidecar.jar
Filesize
12KB

MD5
bdf3529e80318eb14e53a5bf3720c10d

SHA1
25c9ace4b1af6e80ebb2572345972c56505969ba

SHA256
bbc8300dd1e9cd08de8f66560c1ac2c928615b72b51cef9649f88974f586d64b

SHA512
48b9c2d01171bb651b9b54826baa51f4add48431a3efd8ceb5f7cc3bcd6f8f37edf47fabb24349dd15b3a02329cd450f90a8d164bf4f8dfae554bf3b35a8a55b

Download Submit