767744f41c8feb141369122e5d3d75b636ccc63ecef3865b82e8420ee44ec19b

Analysis

max time kernel
149s
max time network
156s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
10-04-2024 12:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

767744f41c8feb141369122e5d3d75b636ccc63ecef3865b82e8420ee44ec19b.apk
Size

31.7MB
MD5

babbd2b9f9267b43cd8abf8e6bca5b10
SHA1

79bd0bdfdc3645531c6285c3eb7c24cd0d6b0faf
SHA256

767744f41c8feb141369122e5d3d75b636ccc63ecef3865b82e8420ee44ec19b
SHA512

99471ff424f85d19488e982cc7af0562a02ff9c6dc2bf0fa480fdcaef423a7fbdf4c32bcfee68c51efa46e74e29f8e86907b0550e7445025d547f1949f1250a0
SSDEEP

786432:WB3Em1PXhYsVpTJt9DU86F+VQ5+XoX063L7JE:W5EeXh7XTDy8+kO+Yx3LdE

Score

7^/10

collection evasion persistence

Malware Config

Signatures

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
evasion persistence

T1541

Processes:

com.openvpn.secure

description ioc process

Framework service call android.app.IActivityManager.setServiceForeground com.openvpn.secure
Reads the contacts stored on the device. 1 TTPs 1 IoCs
collection

T1636.003

Processes:

com.openvpn.secure

description ioc process

URI accessed for read content://com.android.contacts/contacts com.openvpn.secure
Reads the content of the call log. 1 TTPs 1 IoCs
collection

T1636.002

Processes:

com.openvpn.secure

description ioc process

URI accessed for read content://call_log/calls com.openvpn.secure

description	ioc	process
Framework service call	android.app.IActivityManager.setServiceForeground	com.openvpn.secure

description	ioc	process
URI accessed for read	content://com.android.contacts/contacts	com.openvpn.secure

description	ioc	process
URI accessed for read	content://call_log/calls	com.openvpn.secure

com.openvpn.secure
1⤵
- Makes use of the framework's foreground persistence service
- Reads the contacts stored on the device.
- Reads the content of the call log.
PID:4312

com.openvpn.secure:openvpn
1⤵
PID:4349

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.openvpn.secure/databases/MonDB
Filesize
140KB

MD5
399729d7e742d3a7f39ec90ada405cb6

SHA1
75e278e43a62f680b451ba60e5a6ef519672d95c

SHA256
2dc7827253efedb6585b698df0568ac37884dda6140d707e7b257d28f8f76fdc

SHA512
1387a83da5dec796565aacb5b90453e64937fae460b7be82c8301a968ecb9ec9050b041987f699521c7f1329a21963e2543457125217b098e0c55ed322945a57

Download Submit
/data/data/com.openvpn.secure/databases/MonDB-journal
Filesize
512B

MD5
9cffd244bc4157e99b0625e94c0f0adb

SHA1
d55c4f17332f6f16674db50f9ed1c7f6fabbd751

SHA256
0804b9854f4dabc085b7ee22adb9bd219cb7509b788e0f9b1afc8f3a2f19368b

SHA512
6bb142e9b197557279cac1f738db69028df4859d3245655478a05a0be5464c0b5b191cfae9ef97ffa1dbc873da442c91e7bd4c98b10dd6490f6714a6e64dda7a

Download Submit
/data/data/com.openvpn.secure/databases/MonDB-wal
Filesize
152KB

MD5
cc2f4e2ce0d3e4aaf9fd721bb20719fa

SHA1
952db49a46f04c0e97e54ba049d04dd517e80436

SHA256
cb66ec4c561cdc4912cd351bead35b278dc4e57a7c5fd759f3f66ed9f257615b

SHA512
82634cc82a3d86a44d7d1649c44c3af01283273cfc0c852a73d33aeadbd6e1cf5801f35c8a7caae9f0a2bfb6d6dc59e80e2047e1a0657027664460a77e6acbdd

Download Submit
/data/data/com.openvpn.secure/databases/MonDB-wal
Filesize
410KB

MD5
293d766e7e620786cd0f44454e0467ab

SHA1
104ada90f811f698fd6044eb37a286a155cfa055

SHA256
e8a4b9a9ae1ca5b2c6744dc1108d982a293cc56dbdf41d9db499b00054f648b6

SHA512
be668d45c032d451da98003404fca52b55dfec31c0b8115c3db2df686651d794c232a8affd9c3473db119718f2cbe98632d861ed51615e8197f2bb883a74b036

Download Submit
/data/data/com.openvpn.secure/databases/MonDB-wal
Filesize
16KB

MD5
73085f1a7f45fc04fdbe788ba8f64d8d

SHA1
75d13ca8c6b9c859f6b7cd63c7678ce51b6b7271

SHA256
cedb8c5f72fb63bd3cb6c4850f51087c14311fc671bec5c0c77084a7f1f2bb43

SHA512
d87be4f225d8ac6ad77d0e7a5334d7a1eda6f74c8b5f4095de01b23a27baee10f910e716b4bdaa7ba7967bf72767dbea902dfe6c735794924cb43194d312ce2b

Download Submit
/data/data/com.openvpn.secure/no_backup/androidx.work.workdb
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.openvpn.secure/no_backup/androidx.work.workdb-journal
Filesize
512B

MD5
08e60a3ed953a9ed55c59bf51922394b

SHA1
3a9da0a516c9b67dcf0d575aae4c7186aed9a0d3

SHA256
ade56c8c4ea7924c32dfce4fa01c332295ea61a0ca879b853017c4d97981d816

SHA512
d81a4077c3d3d521aaf22c19421aa829a56aabcddb38bd3643dff6a9d940f4253b7f8806e4f177257a334b009141ecb785d3363dacc012672d94f0adef6aecc3

Download Submit
/data/data/com.openvpn.secure/no_backup/androidx.work.workdb-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.openvpn.secure/no_backup/androidx.work.workdb-wal
Filesize
16KB

MD5
71cfda42e8ad695b0b74dc443b23e865

SHA1
3d1d691592e383034f28bdb0acd6aa640e9a1457

SHA256
115fd9e09157fb76b16d7a33a758a9ae8d79228311c60cc452630b85a64d4af7

SHA512
0f19631a202aa1068631961e26ea89d964402b05903d7b6eb720bc9fb272b99dbce2319b31802fed1ea14c8b5587c6e729ea0a1c7357b9060b701f49a68b6d5f

Download Submit
/data/data/com.openvpn.secure/no_backup/androidx.work.workdb-wal
Filesize
108KB

MD5
911d09c661aa76b53cf81e107aa52d4c

SHA1
e31ae91a12e5d7b53aa248c97fe8c2a4c2b4f813

SHA256
ad77db7f4db5a58c61045eebb2b4ddf6d4b52ea06ee33c56d384ec36b5da744b

SHA512
576736bbe77d9ffb1fc0467f789fa09d4016da6188a852e8cc9749ea8227b18ba91dfdadda509944cf9f0e8356fd51f7085f3176623cdd561e691d8b899d6f5e

Download Submit
/data/data/com.openvpn.secure/no_backup/androidx.work.workdb-wal
Filesize
189KB

MD5
9ac9a7ebc9b5a4a923314366340da7e9

SHA1
b9345f2cbee92d2b3ff9b56d61b3fe1225546983

SHA256
4dc53230b61d832635ec9c544171bca8082973c576527d3f22f8258d33661a69

SHA512
4401763ae4f84b51963090774d9a38b9f8c1cd94c8415d739a29e701baf9a873133970348596151830d6381445b5b2e2f2200dcb77176828ef702a203e714821

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads