General

  • Target

    1cf59c44c2094ed061daa79cf0218e56ae1ef00a0dd38b6d3c16cee10b42d03b

  • Size

    31.7MB

  • MD5

    ed7c1a0bcc8818a40c91a23db5476c9c

  • SHA1

    4f05482e93825e6a40af3dfe45f6226a044d8635

  • SHA256

    1cf59c44c2094ed061daa79cf0218e56ae1ef00a0dd38b6d3c16cee10b42d03b

  • SHA512

    1526615ab9b2cc4694e1b22c321f6276ec40856fdde5b7d832182a07a793f24162bdf6bd4e3c6507e8f42713a25109be1a771a7b13215f344f7040ba180774ae

  • SSDEEP

    786432:FlO3Em1FtahYsVNU86F+VQ7TteXoX063s7JyE:FlGEQah7E8+kmTQYx3sdyE

Score
10/10

Malware Config

Extracted

Family

bahamut

C2

https://ft8hua063okwfdcu21pw.de/api/v0.0.1/device/

Signatures

  • Bahamut family
  • Declares services with permission to bind to the system 3 IoCs
  • Requests dangerous framework permissions 12 IoCs

Files

  • 1cf59c44c2094ed061daa79cf0218e56ae1ef00a0dd38b6d3c16cee10b42d03b
    .apk android arch:arm arch:x86

    com.openvpn.secure

    com.openvpn.secure.presentation.ui.main.SecureMainActivity


Android Permissions

1cf59c44c2094ed061daa79cf0218e56ae1ef00a0dd38b6d3c16cee10b42d03b

Permissions

android.permission.INTERNET

android.permission.ACCESS_NETWORK_STATE

android.permission.RECEIVE_BOOT_COMPLETED

android.permission.READ_EXTERNAL_STORAGE

android.permission.WRITE_EXTERNAL_STORAGE

android.permission.FOREGROUND_SERVICE

android.permission.QUERY_ALL_PACKAGES

android.permission.GET_ACCOUNTS

android.permission.CAMERA

android.permission.READ_SMS

android.permission.READ_CONTACTS

android.permission.READ_CALL_LOG

android.permission.ACCESS_FINE_LOCATION

android.permission.ACCESS_COARSE_LOCATION

android.permission.CALL_PHONE

android.permission.READ_PHONE_STATE

android.permission.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS

android.permission.SYSTEM_ALERT_WINDOW

android.permission.WAKE_LOCK