b65a8edc06bbeb598e495ccc44dc40e77ab2ef0ab11e136a0a10c24970640b42

Analysis

max time kernel
111s
max time network
146s
platform
android_x64
resource
android-x64-arm64-20240221-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240221-enlocale:en-usos:android-11-x64system
submitted
10-04-2024 13:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b65a8edc06bbeb598e495ccc44dc40e77ab2ef0ab11e136a0a10c24970640b42.apk
Size

31.7MB
MD5

20e66b734fa959145a8ef75d2e6cdffb
SHA1

3144b187edf4309263ff0bcfd02c6542704145b1
SHA256

b65a8edc06bbeb598e495ccc44dc40e77ab2ef0ab11e136a0a10c24970640b42
SHA512

903b6322d92c310162e0abc356bdc5daa40c57095655b653564d29c89bf8803e155885ecdfac4820687e86e4d0311badd7cc52cc9ca59ca6b4b55d88edd9177b
SSDEEP

786432:Gx3Em1OMtghYsVYzTKU86F+VQF9Fks7J5oX063p:GJEt8gh72Tl8+ko9Gsdax3p

Score

7^/10

collection evasion persistence

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 4 IoCs

Runs executable file dropped to the device during analysis.

evasion

T1407

Processes:

com.openvpn.securecom.openvpn.secure:openvpn

ioc	pid	process
/system_ext/framework/androidx.window.sidecar.jar	4440	com.openvpn.secure
/system_ext/framework/androidx.window.sidecar.jar	4440	com.openvpn.secure
/system_ext/framework/androidx.window.sidecar.jar	4480	com.openvpn.secure:openvpn
/system_ext/framework/androidx.window.sidecar.jar	4480	com.openvpn.secure:openvpn

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
evasion persistence

T1541

Processes:

com.openvpn.secure

description ioc process

Framework service call android.app.IActivityManager.setServiceForeground com.openvpn.secure
Reads the contacts stored on the device. 1 TTPs 1 IoCs
collection

T1636.003

Processes:

com.openvpn.secure

description ioc process

URI accessed for read content://com.android.contacts/contacts com.openvpn.secure
Reads the content of the call log. 1 TTPs 1 IoCs
collection

T1636.002

Processes:

com.openvpn.secure

description ioc process

URI accessed for read content://call_log/calls com.openvpn.secure

description	ioc	process
Framework service call	android.app.IActivityManager.setServiceForeground	com.openvpn.secure

description	ioc	process
URI accessed for read	content://com.android.contacts/contacts	com.openvpn.secure

description	ioc	process
URI accessed for read	content://call_log/calls	com.openvpn.secure

com.openvpn.secure
1⤵
- Loads dropped Dex/Jar
- Makes use of the framework's foreground persistence service
- Reads the contacts stored on the device.
- Reads the content of the call log.
PID:4440

com.openvpn.secure:openvpn
1⤵
- Loads dropped Dex/Jar
PID:4480

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.openvpn.secure/databases/MonDB
Filesize
140KB

MD5
6ca6fcad583f639b51c1136fc9c5951b

SHA1
e3f7da0c9747b1e748fa7768ca8bcc6b513c787f

SHA256
94081a87636841ca2fc6976f9d3b0940c0fb305712731080db4ccc0fe6069afe

SHA512
fe86584fe3e5910f14de8085e8d86cc91e267c464b2cfc99796de2f9ea451f1617f4065529c354a64d00a2f4f9351b0bdf1591e8f1971525168f3e2e8316ab43

Download Submit
/data/data/com.openvpn.secure/databases/MonDB-journal
Filesize
512B

MD5
bac95684c108081e58a4ebf0e69e7657

SHA1
bab516a78f3cecf54c67f5a099db4840336ffb70

SHA256
a25adfb686de7b7314aa69f9a55c53e3d9162faa70e6b633c62d6f39ce1d6b5b

SHA512
e4d15336560db2549a46f018ba977ba6df3864cd68a5f8095a24eff71443a1a05b5e1cf3a315a151aedb814c6959ae15bf5cb40736a595349146e870c06042cc

Download Submit
/data/data/com.openvpn.secure/databases/MonDB-wal
Filesize
152KB

MD5
3ac17363f053615f60bd17e0f0c4d059

SHA1
3190ad90cd34c8043e49361fbe3f4f7e6d4ada94

SHA256
dce7edc1ef9f8bc913260fd8fd4dd25912f64dac71b00da096d0c80398a5e328

SHA512
c5fec20a3d5f94f012769c2935523228491fd9052f09053d98a229f5f5d23eca4c3fac1cfebdca7fd321974597228a7c14f5f862a39db2b0bef2fc6083c6cc71

Download Submit
/data/data/com.openvpn.secure/databases/MonDB-wal
Filesize
410KB

MD5
bb2ffb7f46d417cc2077ec298225a3e9

SHA1
c677e5209a60a610fbd61f7a9a4b378d743e8c97

SHA256
1ff0f36484a073dac19b6113fefc70c0ceef1fd5fdc5096b0a4fcc17a8899106

SHA512
9b1211f27a55761951496e03a23924cb73ad76499de5effa0ab5061e7333e7d1c56feee6f63743a5b40a127146b2ad1ec6ed5d93a7d66a21063d95aa3ac8226f

Download Submit
/data/data/com.openvpn.secure/databases/MonDB-wal
Filesize
16KB

MD5
cb6e1c3403305e58bf834f09a1fe3377

SHA1
54a6e6aaa47d51d6f5e04c0ed5278a9a460716dd

SHA256
d0e4338bbcd34fdb51186e179ff0653ae14df457fa23a78996fc9ff2c7d7025e

SHA512
5c3289e887cba6df2db2ac90f077da7605efbe19c22bf7f1105a77bfe9b626117fd86b9d4f8812f176351705c01420196b30de2f22d27eb03b2fe28dd45b19a0

Download Submit
/data/data/com.openvpn.secure/no_backup/androidx.work.workdb
Filesize
4KB

MD5
7e858c4054eb00fcddc653a04e5cd1c6

SHA1
2e056bf31a8d78df136f02a62afeeca77f4faccf

SHA256
9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad

SHA512
d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

Download Submit
/data/data/com.openvpn.secure/no_backup/androidx.work.workdb-journal
Filesize
512B

MD5
a7cda02ecc1d477ab223adfda961db64

SHA1
ab487d498feb24f13f3ccf08bbd12afefccfba4e

SHA256
c4d0c185ec02f0f48f90219cd02105ecb8416426bd6b0081a7a684f7b8bff57b

SHA512
ea40794fca7c648145204472089fb31af70138bfcf2e9290e7d7055ea4bb4e4b5ccf2a0fba2f1df59c79feae56e43f651b5ccea1c3f041b50f11b3aa49e1669f

Download Submit
/data/data/com.openvpn.secure/no_backup/androidx.work.workdb-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.openvpn.secure/no_backup/androidx.work.workdb-wal
Filesize
16KB

MD5
5de9041d7c75bfca2dcf725312a9e04d

SHA1
93f8e2922688f06ec358559d0407d6419d209114

SHA256
b0a67cdfbed35eba9b0be4b9cc9f932bb2b544db3ebb82613841838f8a4c439a

SHA512
034eb3205d02be1225b9f74eb209045aa25857ccd4b2ef7a55e666eb37afe9825caa9c7d390e60d9a6e13eb1225e761b96bc77dc56ce13d6959f9a5b06c334d1

Download Submit
/data/data/com.openvpn.secure/no_backup/androidx.work.workdb-wal
Filesize
108KB

MD5
7e6503439152f918f6159803d03bd0b0

SHA1
ae9fd5395394bc9e8b72182469ddd8f26f8db761

SHA256
eedaaa6cc6a902b8148c241e9599b2f14cf1e5f050d43bd60a385c3ba9f1a03d

SHA512
e8f33cb0bf1753e08837d1458e5f1bdefc0a67efa3ca41d37c562e80bd7eb5698d9e3835f2f2eddbe4e53de469eb7c4246e62cb7360df0688b1f0a1e5091a38b

Download Submit
/data/data/com.openvpn.secure/no_backup/androidx.work.workdb-wal
Filesize
189KB

MD5
f66669d7c6dc785d34e2bf5f4d5681ed

SHA1
a03cb8022a854f62b4e70970445624402ea7fb2d

SHA256
291e48511a9d73de01dbbc638e47b42cec1a4927cd046bcf1f4bae11d752155e

SHA512
d3a869f3cb6b6e091f498a56c9b8a8feecd042da10ad9327b336080e96a68c0aeb13512febed174729cf46c1935aae3373f176544d57c335ef1987b322a9496f

Download Submit
/system_ext/framework/androidx.window.sidecar.jar
Filesize
12KB

MD5
bdf3529e80318eb14e53a5bf3720c10d

SHA1
25c9ace4b1af6e80ebb2572345972c56505969ba

SHA256
bbc8300dd1e9cd08de8f66560c1ac2c928615b72b51cef9649f88974f586d64b

SHA512
48b9c2d01171bb651b9b54826baa51f4add48431a3efd8ceb5f7cc3bcd6f8f37edf47fabb24349dd15b3a02329cd450f90a8d164bf4f8dfae554bf3b35a8a55b

Download Submit