1cf59c44c2094ed061daa79cf0218e56ae1ef00a0dd38b6d3c16cee10b42d03b

Analysis

max time kernel
115s
max time network
151s
platform
android_x64
resource
android-x64-arm64-20240221-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240221-enlocale:en-usos:android-11-x64system
submitted
10-04-2024 09:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1cf59c44c2094ed061daa79cf0218e56ae1ef00a0dd38b6d3c16cee10b42d03b.apk
Size

31.7MB
MD5

ed7c1a0bcc8818a40c91a23db5476c9c
SHA1

4f05482e93825e6a40af3dfe45f6226a044d8635
SHA256

1cf59c44c2094ed061daa79cf0218e56ae1ef00a0dd38b6d3c16cee10b42d03b
SHA512

1526615ab9b2cc4694e1b22c321f6276ec40856fdde5b7d832182a07a793f24162bdf6bd4e3c6507e8f42713a25109be1a771a7b13215f344f7040ba180774ae
SSDEEP

786432:FlO3Em1FtahYsVNU86F+VQ7TteXoX063s7JyE:FlGEQah7E8+kmTQYx3sdyE

Score

7^/10

collection evasion persistence

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 4 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

Processes:

com.openvpn.securecom.openvpn.secure:openvpn

ioc	pid	process
/system_ext/framework/androidx.window.sidecar.jar	4453	com.openvpn.secure
/system_ext/framework/androidx.window.sidecar.jar	4453	com.openvpn.secure
/system_ext/framework/androidx.window.sidecar.jar	4492	com.openvpn.secure:openvpn
/system_ext/framework/androidx.window.sidecar.jar	4492	com.openvpn.secure:openvpn

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
evasion persistence

Foreground Persistence
T1541

Processes:

com.openvpn.secure

description ioc process

Framework service call android.app.IActivityManager.setServiceForeground com.openvpn.secure
Reads the contacts stored on the device. 1 TTPs 1 IoCs
collection

Contact List
T1636.003

Processes:

com.openvpn.secure

description ioc process

URI accessed for read content://com.android.contacts/contacts com.openvpn.secure
Reads the content of the call log. 1 TTPs 1 IoCs
collection

Call Log
T1636.002

Processes:

com.openvpn.secure

description ioc process

URI accessed for read content://call_log/calls com.openvpn.secure

description	ioc	process
Framework service call	android.app.IActivityManager.setServiceForeground	com.openvpn.secure

description	ioc	process
URI accessed for read	content://com.android.contacts/contacts	com.openvpn.secure

description	ioc	process
URI accessed for read	content://call_log/calls	com.openvpn.secure

com.openvpn.secure
1⤵
- Loads dropped Dex/Jar
- Makes use of the framework's foreground persistence service
- Reads the contacts stored on the device.
- Reads the content of the call log.
PID:4453

com.openvpn.secure:openvpn
1⤵
- Loads dropped Dex/Jar
PID:4492

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Foreground Persistence

T1541

Credential Access

Discovery

Lateral Movement

Collection

Protected User Data

T1636

Call Log

T1636.002

Contact List

T1636.003

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.openvpn.secure/databases/MonDB

Filesize
140KB

MD5
577459d9bef78fb4ba83163f237ad7a8

SHA1
a179b209d96c1d3d420957c5cc4d3586a31a9c5b

SHA256
3a474e17fd3ebf7665334a64bb6ac15766826e8747eb3a6497d821a4826f2200

SHA512
3aae8b96b74a4ba18eb4b6a2af134a27ab6d9406fa83b1f265163791009cddc34d9f351a5d5354a86447e883a301bdec50afd49c03064bb7155e83c5af630093

Download Submit
/data/data/com.openvpn.secure/databases/MonDB-journal

Filesize
512B

MD5
0cae07e69545a1c830eb7626d819f8dd

SHA1
6c54bfb7354eb2fff0ee44e6d285cdd3fdaa00a2

SHA256
c303451f1274350acdfd3cbe6f80fc375bd200628f0d30273b8db8aef407ae14

SHA512
7fcd03a224a66c06a82e24e6f1cc7397d582a868ea86802fc147adf3ffdfd9a304cd59a44cfc6b55077b03e777762588ed8685706cee21bbecf88c286811c2fb

Download Submit
/data/data/com.openvpn.secure/databases/MonDB-wal

Filesize
152KB

MD5
4a5d7c7efaec432e2627fa26fddd08ed

SHA1
50590376f155155a3c4af5273a550b098e23dace

SHA256
42d28ddcc8bce4757f525f39981d18301d49112318228b39f7a1c065166bb86c

SHA512
c7d06a45f4bfe6fe7d9f86b58e57418834a0c5c51bcec16438d25475340b6efc8c14ff6124fc43d1cf27893ce35b737044979959d7a536b1205bebb9bc9bbd60

Download Submit
/data/data/com.openvpn.secure/databases/MonDB-wal

Filesize
410KB

MD5
3a59becced947549d2a44ff13a50e166

SHA1
0f51f3798a5c8e692b8c1353955d3d3f6c9f1387

SHA256
660b4469155fa21b6f82ec14ef2607450b01004fcc1481efeeea559d435cf512

SHA512
9129a1c609b095a43bf8b9643120e16553d5ba1b8bc4ef5a604675c4eaa97d4c549c256ba70c0a250d4221f08619f7b70ffcc935d76fcb3da5578ff03b5cd67e

Download Submit
/data/data/com.openvpn.secure/databases/MonDB-wal

Filesize
16KB

MD5
72638acfc3515fa3f930877644549489

SHA1
a3bc0bde0630fa33d59babaadd610e7b8129054a

SHA256
89e23c0d3ffa6ab3e13bda934d9be8b8835a5e5c24dd0caa678f83bcbebf0734

SHA512
e9840f755b6525635d29d5afd2e90dc291e05fefdd325c57804b2e9ab67a4656667254c83a445870acad13db635462429b60ab82c893349680256c670d22261a

Download Submit
/data/data/com.openvpn.secure/no_backup/androidx.work.workdb

Filesize
4KB

MD5
7e858c4054eb00fcddc653a04e5cd1c6

SHA1
2e056bf31a8d78df136f02a62afeeca77f4faccf

SHA256
9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad

SHA512
d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

Download Submit
/data/data/com.openvpn.secure/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
93ed421ed830200a659e74be74d544de

SHA1
01287142cf02106ecbd03fc3c81de62335da6bb1

SHA256
f5d46adfac7d1dc73d2d944bf0f648a101236d7ba6d67594627130bce629fd95

SHA512
2d67680eed74d4cdd4812c555817da71eb440e59c693b777abdd00013ca4c749d5ae2fab603a242cd7ddb792a4941847fbe1d597d27d6cecf13c3404a3fa1324

Download Submit
/data/data/com.openvpn.secure/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.openvpn.secure/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
39c4345205f0421b66650dfa1a65322a

SHA1
b7b99802d416cd583f6501e6443b37289a06522f

SHA256
a08451297fc0746bf7e0d12a6b44e5e377267219dc35f712b0ab48537cfd7fad

SHA512
898981cdbf9aaeb754a1c35145e070400ef3cec3d9cb574d075bb2e032bedf9e4a105dd31a3d6c5340264d7633f83a941e4929f7a812bb669ec3100df2d9e10b

Download Submit
/data/data/com.openvpn.secure/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
cb314ee6dbd81d19de648471a8aafab5

SHA1
8e734ad34e1996948437d1c6d79f7e1bbfe1e353

SHA256
c9fcd281ca9882f31cbda35c808e6d8e80cc484dcc397e1707fb51e1e839de47

SHA512
c9aa4d45e3253c38038bdf4fca2520ade29be2ac6a391d0bfeb42efc8ee85d2b8948ad6d593d936b5cda7552cbff91febfcf35e24cf4337cb1d7326215cab319

Download Submit
/data/data/com.openvpn.secure/no_backup/androidx.work.workdb-wal

Filesize
189KB

MD5
975d4eb097bf50560269043cc1247754

SHA1
a97307526ea18e9c2ddc0f7972638be9601e1340

SHA256
dcec2ccafa0c2454be439c55b01c9e4b65653ad83c6ef46c0121b74c3a8249f7

SHA512
c418145c59a0fd10f6fda7c6bd40a6c2d8908e3dad942fa2ec882478d43a09dd9ddb8f8ce3077cb7e46ba6625ca0c10bccd55699f23169960f5b4511f6219513

Download Submit
/system_ext/framework/androidx.window.sidecar.jar

Filesize
12KB

MD5
bdf3529e80318eb14e53a5bf3720c10d

SHA1
25c9ace4b1af6e80ebb2572345972c56505969ba

SHA256
bbc8300dd1e9cd08de8f66560c1ac2c928615b72b51cef9649f88974f586d64b

SHA512
48b9c2d01171bb651b9b54826baa51f4add48431a3efd8ceb5f7cc3bcd6f8f37edf47fabb24349dd15b3a02329cd450f90a8d164bf4f8dfae554bf3b35a8a55b

Download Submit