767744f41c8feb141369122e5d3d75b636ccc63ecef3865b82e8420ee44ec19b

Analysis

max time kernel
149s
max time network
156s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
10-04-2024 12:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

767744f41c8feb141369122e5d3d75b636ccc63ecef3865b82e8420ee44ec19b.apk
Size

31.7MB
MD5

babbd2b9f9267b43cd8abf8e6bca5b10
SHA1

79bd0bdfdc3645531c6285c3eb7c24cd0d6b0faf
SHA256

767744f41c8feb141369122e5d3d75b636ccc63ecef3865b82e8420ee44ec19b
SHA512

99471ff424f85d19488e982cc7af0562a02ff9c6dc2bf0fa480fdcaef423a7fbdf4c32bcfee68c51efa46e74e29f8e86907b0550e7445025d547f1949f1250a0
SSDEEP

786432:WB3Em1PXhYsVpTJt9DU86F+VQ5+XoX063L7JE:W5EeXh7XTDy8+kO+Yx3LdE

Score

7^/10

collection evasion persistence

Malware Config

Signatures

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	com.openvpn.secure

Reads the contacts stored on the device. 1 TTPs 1 IoCs

collection

Contact List

T1636.003

description	ioc	Process
URI accessed for read	content://com.android.contacts/contacts	com.openvpn.secure

Reads the content of the call log. 1 TTPs 1 IoCs

collection

Call Log

T1636.002

description	ioc	Process
URI accessed for read	content://call_log/calls	com.openvpn.secure

com.openvpn.secure
1⤵
- Makes use of the framework's foreground persistence service
- Reads the contacts stored on the device.
- Reads the content of the call log.
PID:4312

com.openvpn.secure:openvpn
1⤵
PID:4349

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Foreground Persistence

T1541

Credential Access

Discovery

Lateral Movement

Collection

Protected User Data

T1636

Call Log

T1636.002

Contact List

T1636.003

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.openvpn.secure/databases/MonDB

Filesize
140KB

MD5
399729d7e742d3a7f39ec90ada405cb6

SHA1
75e278e43a62f680b451ba60e5a6ef519672d95c

SHA256
2dc7827253efedb6585b698df0568ac37884dda6140d707e7b257d28f8f76fdc

SHA512
1387a83da5dec796565aacb5b90453e64937fae460b7be82c8301a968ecb9ec9050b041987f699521c7f1329a21963e2543457125217b098e0c55ed322945a57

Download Submit
/data/data/com.openvpn.secure/databases/MonDB-journal

Filesize
512B

MD5
9cffd244bc4157e99b0625e94c0f0adb

SHA1
d55c4f17332f6f16674db50f9ed1c7f6fabbd751

SHA256
0804b9854f4dabc085b7ee22adb9bd219cb7509b788e0f9b1afc8f3a2f19368b

SHA512
6bb142e9b197557279cac1f738db69028df4859d3245655478a05a0be5464c0b5b191cfae9ef97ffa1dbc873da442c91e7bd4c98b10dd6490f6714a6e64dda7a

Download Submit
/data/data/com.openvpn.secure/databases/MonDB-wal

Filesize
152KB

MD5
cc2f4e2ce0d3e4aaf9fd721bb20719fa

SHA1
952db49a46f04c0e97e54ba049d04dd517e80436

SHA256
cb66ec4c561cdc4912cd351bead35b278dc4e57a7c5fd759f3f66ed9f257615b

SHA512
82634cc82a3d86a44d7d1649c44c3af01283273cfc0c852a73d33aeadbd6e1cf5801f35c8a7caae9f0a2bfb6d6dc59e80e2047e1a0657027664460a77e6acbdd

Download Submit
/data/data/com.openvpn.secure/databases/MonDB-wal

Filesize
410KB

MD5
293d766e7e620786cd0f44454e0467ab

SHA1
104ada90f811f698fd6044eb37a286a155cfa055

SHA256
e8a4b9a9ae1ca5b2c6744dc1108d982a293cc56dbdf41d9db499b00054f648b6

SHA512
be668d45c032d451da98003404fca52b55dfec31c0b8115c3db2df686651d794c232a8affd9c3473db119718f2cbe98632d861ed51615e8197f2bb883a74b036

Download Submit
/data/data/com.openvpn.secure/databases/MonDB-wal

Filesize
16KB

MD5
73085f1a7f45fc04fdbe788ba8f64d8d

SHA1
75d13ca8c6b9c859f6b7cd63c7678ce51b6b7271

SHA256
cedb8c5f72fb63bd3cb6c4850f51087c14311fc671bec5c0c77084a7f1f2bb43

SHA512
d87be4f225d8ac6ad77d0e7a5334d7a1eda6f74c8b5f4095de01b23a27baee10f910e716b4bdaa7ba7967bf72767dbea902dfe6c735794924cb43194d312ce2b

Download Submit
/data/data/com.openvpn.secure/no_backup/androidx.work.workdb

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.openvpn.secure/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
08e60a3ed953a9ed55c59bf51922394b

SHA1
3a9da0a516c9b67dcf0d575aae4c7186aed9a0d3

SHA256
ade56c8c4ea7924c32dfce4fa01c332295ea61a0ca879b853017c4d97981d816

SHA512
d81a4077c3d3d521aaf22c19421aa829a56aabcddb38bd3643dff6a9d940f4253b7f8806e4f177257a334b009141ecb785d3363dacc012672d94f0adef6aecc3

Download Submit
/data/data/com.openvpn.secure/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.openvpn.secure/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
71cfda42e8ad695b0b74dc443b23e865

SHA1
3d1d691592e383034f28bdb0acd6aa640e9a1457

SHA256
115fd9e09157fb76b16d7a33a758a9ae8d79228311c60cc452630b85a64d4af7

SHA512
0f19631a202aa1068631961e26ea89d964402b05903d7b6eb720bc9fb272b99dbce2319b31802fed1ea14c8b5587c6e729ea0a1c7357b9060b701f49a68b6d5f

Download Submit
/data/data/com.openvpn.secure/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
911d09c661aa76b53cf81e107aa52d4c

SHA1
e31ae91a12e5d7b53aa248c97fe8c2a4c2b4f813

SHA256
ad77db7f4db5a58c61045eebb2b4ddf6d4b52ea06ee33c56d384ec36b5da744b

SHA512
576736bbe77d9ffb1fc0467f789fa09d4016da6188a852e8cc9749ea8227b18ba91dfdadda509944cf9f0e8356fd51f7085f3176623cdd561e691d8b899d6f5e

Download Submit
/data/data/com.openvpn.secure/no_backup/androidx.work.workdb-wal

Filesize
189KB

MD5
9ac9a7ebc9b5a4a923314366340da7e9

SHA1
b9345f2cbee92d2b3ff9b56d61b3fe1225546983

SHA256
4dc53230b61d832635ec9c544171bca8082973c576527d3f22f8258d33661a69

SHA512
4401763ae4f84b51963090774d9a38b9f8c1cd94c8415d739a29e701baf9a873133970348596151830d6381445b5b2e2f2200dcb77176828ef702a203e714821

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads