b65a8edc06bbeb598e495ccc44dc40e77ab2ef0ab11e136a0a10c24970640b42

Analysis

max time kernel
111s
max time network
146s
platform
android_x64
resource
android-x64-arm64-20240221-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240221-enlocale:en-usos:android-11-x64system
submitted
10-04-2024 13:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b65a8edc06bbeb598e495ccc44dc40e77ab2ef0ab11e136a0a10c24970640b42.apk
Size

31.7MB
MD5

20e66b734fa959145a8ef75d2e6cdffb
SHA1

3144b187edf4309263ff0bcfd02c6542704145b1
SHA256

b65a8edc06bbeb598e495ccc44dc40e77ab2ef0ab11e136a0a10c24970640b42
SHA512

903b6322d92c310162e0abc356bdc5daa40c57095655b653564d29c89bf8803e155885ecdfac4820687e86e4d0311badd7cc52cc9ca59ca6b4b55d88edd9177b
SSDEEP

786432:Gx3Em1OMtghYsVYzTKU86F+VQF9Fks7J5oX063p:GJEt8gh72Tl8+ko9Gsdax3p

Score

7^/10

collection evasion persistence

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 4 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

Processes:

com.openvpn.securecom.openvpn.secure:openvpn

ioc	pid	process
/system_ext/framework/androidx.window.sidecar.jar	4440	com.openvpn.secure
/system_ext/framework/androidx.window.sidecar.jar	4440	com.openvpn.secure
/system_ext/framework/androidx.window.sidecar.jar	4480	com.openvpn.secure:openvpn
/system_ext/framework/androidx.window.sidecar.jar	4480	com.openvpn.secure:openvpn

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
evasion persistence

Foreground Persistence
T1541

Processes:

com.openvpn.secure

description ioc process

Framework service call android.app.IActivityManager.setServiceForeground com.openvpn.secure
Reads the contacts stored on the device. 1 TTPs 1 IoCs
collection

Contact List
T1636.003

Processes:

com.openvpn.secure

description ioc process

URI accessed for read content://com.android.contacts/contacts com.openvpn.secure
Reads the content of the call log. 1 TTPs 1 IoCs
collection

Call Log
T1636.002

Processes:

com.openvpn.secure

description ioc process

URI accessed for read content://call_log/calls com.openvpn.secure

description	ioc	process
Framework service call	android.app.IActivityManager.setServiceForeground	com.openvpn.secure

description	ioc	process
URI accessed for read	content://com.android.contacts/contacts	com.openvpn.secure

description	ioc	process
URI accessed for read	content://call_log/calls	com.openvpn.secure

com.openvpn.secure
1⤵
- Loads dropped Dex/Jar
- Makes use of the framework's foreground persistence service
- Reads the contacts stored on the device.
- Reads the content of the call log.
PID:4440

com.openvpn.secure:openvpn
1⤵
- Loads dropped Dex/Jar
PID:4480

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Foreground Persistence

T1541

Credential Access

Discovery

Lateral Movement

Collection

Protected User Data

T1636

Call Log

T1636.002

Contact List

T1636.003

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.openvpn.secure/databases/MonDB

Filesize
140KB

MD5
6ca6fcad583f639b51c1136fc9c5951b

SHA1
e3f7da0c9747b1e748fa7768ca8bcc6b513c787f

SHA256
94081a87636841ca2fc6976f9d3b0940c0fb305712731080db4ccc0fe6069afe

SHA512
fe86584fe3e5910f14de8085e8d86cc91e267c464b2cfc99796de2f9ea451f1617f4065529c354a64d00a2f4f9351b0bdf1591e8f1971525168f3e2e8316ab43

Download Submit
/data/data/com.openvpn.secure/databases/MonDB-journal

Filesize
512B

MD5
bac95684c108081e58a4ebf0e69e7657

SHA1
bab516a78f3cecf54c67f5a099db4840336ffb70

SHA256
a25adfb686de7b7314aa69f9a55c53e3d9162faa70e6b633c62d6f39ce1d6b5b

SHA512
e4d15336560db2549a46f018ba977ba6df3864cd68a5f8095a24eff71443a1a05b5e1cf3a315a151aedb814c6959ae15bf5cb40736a595349146e870c06042cc

Download Submit
/data/data/com.openvpn.secure/databases/MonDB-wal

Filesize
152KB

MD5
3ac17363f053615f60bd17e0f0c4d059

SHA1
3190ad90cd34c8043e49361fbe3f4f7e6d4ada94

SHA256
dce7edc1ef9f8bc913260fd8fd4dd25912f64dac71b00da096d0c80398a5e328

SHA512
c5fec20a3d5f94f012769c2935523228491fd9052f09053d98a229f5f5d23eca4c3fac1cfebdca7fd321974597228a7c14f5f862a39db2b0bef2fc6083c6cc71

Download Submit
/data/data/com.openvpn.secure/databases/MonDB-wal

Filesize
410KB

MD5
bb2ffb7f46d417cc2077ec298225a3e9

SHA1
c677e5209a60a610fbd61f7a9a4b378d743e8c97

SHA256
1ff0f36484a073dac19b6113fefc70c0ceef1fd5fdc5096b0a4fcc17a8899106

SHA512
9b1211f27a55761951496e03a23924cb73ad76499de5effa0ab5061e7333e7d1c56feee6f63743a5b40a127146b2ad1ec6ed5d93a7d66a21063d95aa3ac8226f

Download Submit
/data/data/com.openvpn.secure/databases/MonDB-wal

Filesize
16KB

MD5
cb6e1c3403305e58bf834f09a1fe3377

SHA1
54a6e6aaa47d51d6f5e04c0ed5278a9a460716dd

SHA256
d0e4338bbcd34fdb51186e179ff0653ae14df457fa23a78996fc9ff2c7d7025e

SHA512
5c3289e887cba6df2db2ac90f077da7605efbe19c22bf7f1105a77bfe9b626117fd86b9d4f8812f176351705c01420196b30de2f22d27eb03b2fe28dd45b19a0

Download Submit
/data/data/com.openvpn.secure/no_backup/androidx.work.workdb

Filesize
4KB

MD5
7e858c4054eb00fcddc653a04e5cd1c6

SHA1
2e056bf31a8d78df136f02a62afeeca77f4faccf

SHA256
9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad

SHA512
d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

Download Submit
/data/data/com.openvpn.secure/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
a7cda02ecc1d477ab223adfda961db64

SHA1
ab487d498feb24f13f3ccf08bbd12afefccfba4e

SHA256
c4d0c185ec02f0f48f90219cd02105ecb8416426bd6b0081a7a684f7b8bff57b

SHA512
ea40794fca7c648145204472089fb31af70138bfcf2e9290e7d7055ea4bb4e4b5ccf2a0fba2f1df59c79feae56e43f651b5ccea1c3f041b50f11b3aa49e1669f

Download Submit
/data/data/com.openvpn.secure/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.openvpn.secure/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
5de9041d7c75bfca2dcf725312a9e04d

SHA1
93f8e2922688f06ec358559d0407d6419d209114

SHA256
b0a67cdfbed35eba9b0be4b9cc9f932bb2b544db3ebb82613841838f8a4c439a

SHA512
034eb3205d02be1225b9f74eb209045aa25857ccd4b2ef7a55e666eb37afe9825caa9c7d390e60d9a6e13eb1225e761b96bc77dc56ce13d6959f9a5b06c334d1

Download Submit
/data/data/com.openvpn.secure/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
7e6503439152f918f6159803d03bd0b0

SHA1
ae9fd5395394bc9e8b72182469ddd8f26f8db761

SHA256
eedaaa6cc6a902b8148c241e9599b2f14cf1e5f050d43bd60a385c3ba9f1a03d

SHA512
e8f33cb0bf1753e08837d1458e5f1bdefc0a67efa3ca41d37c562e80bd7eb5698d9e3835f2f2eddbe4e53de469eb7c4246e62cb7360df0688b1f0a1e5091a38b

Download Submit
/data/data/com.openvpn.secure/no_backup/androidx.work.workdb-wal

Filesize
189KB

MD5
f66669d7c6dc785d34e2bf5f4d5681ed

SHA1
a03cb8022a854f62b4e70970445624402ea7fb2d

SHA256
291e48511a9d73de01dbbc638e47b42cec1a4927cd046bcf1f4bae11d752155e

SHA512
d3a869f3cb6b6e091f498a56c9b8a8feecd042da10ad9327b336080e96a68c0aeb13512febed174729cf46c1935aae3373f176544d57c335ef1987b322a9496f

Download Submit
/system_ext/framework/androidx.window.sidecar.jar

Filesize
12KB

MD5
bdf3529e80318eb14e53a5bf3720c10d

SHA1
25c9ace4b1af6e80ebb2572345972c56505969ba

SHA256
bbc8300dd1e9cd08de8f66560c1ac2c928615b72b51cef9649f88974f586d64b

SHA512
48b9c2d01171bb651b9b54826baa51f4add48431a3efd8ceb5f7cc3bcd6f8f37edf47fabb24349dd15b3a02329cd450f90a8d164bf4f8dfae554bf3b35a8a55b

Download Submit