a40c7cabf874517f5d3d069e0377fa9348e10344000e39717c1a6571939ba7c0

Analysis

max time kernel
47s
max time network
137s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
10-04-2024 13:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a40c7cabf874517f5d3d069e0377fa9348e10344000e39717c1a6571939ba7c0.apk
Size

29.1MB
MD5

54a85378f28085923115ee44f540ff8a
SHA1

2e40f7fd49fa8538879f90a85300247fbf2f8f67
SHA256

a40c7cabf874517f5d3d069e0377fa9348e10344000e39717c1a6571939ba7c0
SHA512

853d315b460f899c3b4e7e2d6e071763dea1f4c58f8ea1547d8a234eda12e7ee8a1b2c4c5f51f7f4074061f3c50dc5e1892e33520d0b7eec3a82e3f1c4c74917
SSDEEP

393216:bjd8b3Stod1v3uFwCPwmSPk3biaOhECW1Fypl+W9ESATkXQY0/rBxqHoyvc2IG6a:ZbKhE3cYQAYA/q3Qq2w2AA+1Aphm

Score

8^/10

collection discovery evasion persistence

Malware Config

Signatures

Makes use of the framework's Accessibility service 2 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion

T1516

T1513

Processes:

com.secure.vpn

description	ioc	process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.secure.vpn

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
evasion persistence

T1541

Processes:

com.secure.vpn

description ioc process

Framework service call android.app.IActivityManager.setServiceForeground com.secure.vpn
Queries information about running processes on the device. 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

T1424

Processes:

com.secure.vpn

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.secure.vpn
Reads the contacts stored on the device. 1 TTPs 1 IoCs
collection

T1636.003

Processes:

com.secure.vpn

description ioc process

URI accessed for read content://com.android.contacts/contacts com.secure.vpn
Reads the content of the call log. 1 TTPs 1 IoCs
collection

T1636.002

Processes:

com.secure.vpn

description ioc process

URI accessed for read content://call_log/calls com.secure.vpn
Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes:

com.secure.vpn

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.secure.vpn

description	ioc	process
Framework service call	android.app.IActivityManager.setServiceForeground	com.secure.vpn

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.secure.vpn

description	ioc	process
URI accessed for read	content://com.android.contacts/contacts	com.secure.vpn

description	ioc	process
URI accessed for read	content://call_log/calls	com.secure.vpn

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.secure.vpn

com.secure.vpn
1⤵
- Makes use of the framework's Accessibility service
- Makes use of the framework's foreground persistence service
- Queries information about running processes on the device.
- Reads the contacts stored on the device.
- Reads the content of the call log.
- Uses Crypto APIs (Might try to encrypt user data)
PID:4242

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.secure.vpn/cache/rndseq
Filesize
48B

MD5
00efe599e2fb55cfa3286a61a580725a

SHA1
dbe8a31de8bc383b59713a70087352a1f192a091

SHA256
17527a66bcc2424c13c7ae8a7e7e26947cdc97011451cdbceec25032a4a2423d

SHA512
ddffa6e5fae1f40bef37b4c5d347d51a127de3fd74748079bcd958a1dd00841df5d12eb6bc8bd399df5788ef4f40a19e79725066ac278f84eb5c492208ffa618

Download Submit
/data/data/com.secure.vpn/databases/MonDB
Filesize
140KB

MD5
11cdae334eb513f8d7c83c3d9f9eba3a

SHA1
a5923d603aab35b7bc8c02c2a9c5fa7ec9a29842

SHA256
49541eab2d57c17fc70c9df7a664f4fced4b4a687fcdf85e75a086aafed7b934

SHA512
a31802a38a6611902974eea67c9fb975a7bc589f670ea3052ddcbd196a3e8af17e5b5e8ea711b931b641aa8c890a7fa51423d7e121b270f1f911f820dfdcdbfc

Download Submit
/data/data/com.secure.vpn/databases/MonDB-journal
Filesize
512B

MD5
ca71da855d9c09a19bf938268b04c544

SHA1
ab45bdfecfc241e38cf46df25553795a2f500617

SHA256
01efb3f923e372b5ca402b3ff0a2d97294722403d746495ea06b18fc3723b3aa

SHA512
22807ce91d7f08811c10420a67e1299572478759523668150bc06f3e4cbec56c22b82bbf17da146328b0422dc9e272de1c80e6f9f54a441f7a336d7345d0dd6b

Download Submit
/data/data/com.secure.vpn/databases/MonDB-wal
Filesize
16KB

MD5
dcda0e5930d3e65b3da789567704a071

SHA1
ebd4380771a0cf67379b436889c31efb1121dd0a

SHA256
c752f93152089320832a8c02f7ceb12a04d367b27f9d9df59064a7afeac67650

SHA512
a36908728321c67ece6c93c4b2c924b7129d7260ab3c231a3c3cdaf1321a3365afd1212d9c1bbd83f846cbf39d1861ce4ef2a4a2c193fe4dcf735f4c23cdd38a

Download Submit
/data/data/com.secure.vpn/databases/MonDB-wal
Filesize
152KB

MD5
6924dcc99fe5f555a26bc8e9c03d7bcb

SHA1
1748682d4f9209335963559e28ad39c05f3b915c

SHA256
671e1d623571520077cfad3105215d4f4a07ee5f77bf8b95a23c76d2ed887f4b

SHA512
b75b46f18497b3603f305a4d88e197aedeccce084bd729e922dad40fa8c57c481190990cf82291841df8927afeff8a74cd1b013137bdbe6fc9efd9c2eb98d323

Download Submit
/data/data/com.secure.vpn/databases/MonDB-wal
Filesize
410KB

MD5
42c482efbe8fef74df374a8dabd868e5

SHA1
cf7762c7d1c81a55f862700d50f0ee6552217b14

SHA256
037471f622e6c9c53111b7a5ceeea7edbb96738f5027bf0ce3c17515055004a1

SHA512
8763681ad43c71a0f67ef0112168bffeed19bff993b5b440accffe9975b19a6c727dfaa819459ba298e6a6207b03ca44158867b7a2cd9c7a067e29d9f0a25397

Download Submit
/data/data/com.secure.vpn/databases/anchorfree-ucr.db-journal
Filesize
512B

MD5
b2050282e978646845cfe280ffc7b543

SHA1
500aa76a36f5a7d47b53bdc39b38edf98641d147

SHA256
cf8a0433fa03bb9ff2a27c3a895cfa0296399422faa6dfef18b1fbe3b1a8d47c

SHA512
6ecb5094fa959fe9337fa07870f1a318ed77c27ff58b59aa26db840ca8c6d9e0bfc07e0b96ae8f4c508763f6bfb3c4067c31f33c56160f5f5524bce50f869d24

Download Submit
/data/data/com.secure.vpn/databases/anchorfree-ucr.db-wal
Filesize
32KB

MD5
223e6897ada8a0e35c008515b70db2bc

SHA1
8939afad79670bd46a5608a3a5ca39bb51123453

SHA256
fb0aac453f5751124b4a0ea157e89eb6e86899f758ef49c428f31873a7d4f732

SHA512
6cb78c5336ce6c84521f9abbdea177ccfe10ef51eba465bfeeecdf700b297fa626ccf3800d26b95541372afa55bc4641282329d85a28e84d2344a69d3103934c

Download Submit
/data/data/com.secure.vpn/databases/key_value_store.db
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.secure.vpn/databases/key_value_store.db-journal
Filesize
512B

MD5
f658a96a01329a82d25dd57119c1f855

SHA1
1eb768242f26d73c2c08f594a4ec3956341b5ffc

SHA256
c9fe325f5c07045f91cd19b25ebeddfd6b0b759e88f505705758d29b4b67cb87

SHA512
9550711745dc2ad0029a4fe762a2d1bfff0fe9f74e13262d2c521ae81efd0554a0ec864451145e0c40d48ca80c1e2524717d5b8d084e1ebb7943366e6a37c600

Download Submit
/data/data/com.secure.vpn/databases/key_value_store.db-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.secure.vpn/databases/key_value_store.db-wal
Filesize
209KB

MD5
4d769156cc1ed256338f2bbf167dda72

SHA1
c6e4702344697387469a4e7a68cb89b96ca3321a

SHA256
18fce54417f0e1c187f4061c3e3f72576a3a6943fc0c3891c714189a77885c89

SHA512
e33b22bb72ca7f02741fd0735e2fe54579cbfce5f0f468b92462c5092a04361f9168551b1a49c6f8d79222c917ab516b2b64a7db799b55f559132b1a13931d3f

Download Submit
/data/data/com.secure.vpn/no_backup/androidx.work.workdb-journal
Filesize
512B

MD5
720d524d0cd685925f106becc0c5eace

SHA1
3870afece293479244b4a32995000f818672959b

SHA256
17b35c19fd6001a31839d2c47ed77629a47e2a4ddf6a4c2deeb199c900baaba6

SHA512
43bb04e4d33825a6d8cd0ce080912204ebce206dc9fd64efbc83412e6d59ef48625bca995d5db5197faf6099eb57355b33a5ef569aaf5d6e28020420a39d5dfa

Download Submit
/data/data/com.secure.vpn/no_backup/androidx.work.workdb-wal
Filesize
108KB

MD5
9e4bbb0e5fc10bae56f51c7d67689a7a

SHA1
c9bed9f53a0cf815443d7bf02e9147d35e309077

SHA256
6a4361f7322d0c15d18670878d8e4b12fabd0f5ece3d46f943932da5ae35b996

SHA512
97dac1f78ea9a58072b8c6e7f8a9371a4ab9a9ce3b7ee50ebdcc4457ee7dc31d0f452a639c3aef9be96fa3fc60396f41fcf06e33baa5a90c25268d475f2142b5

Download Submit
/data/data/com.secure.vpn/no_backup/androidx.work.workdb-wal
Filesize
189KB

MD5
1e70b5a888fc71dfe71cf26f5986eca3

SHA1
e0486ffa55192a9298887346685ef8a4d54a2031

SHA256
2bfb5c8c359c4a557db96d300efd28b70671032be6e2ed23e69533fd938b4208

SHA512
51db5a5f1e13dfb2bfc4479cae6a08927e709b3878a0d2842a7e050d0d5333c68a3fe22521043583f09e77b45f2df93128de93ed20d415e3923191453c37ab9f

Download Submit
/data/data/com.secure.vpn/no_backup/androidx.work.workdb-wal
Filesize
16KB

MD5
943ee81fb1ce941de011d7e69fad10b6

SHA1
8c736bbd0c7d0a8b371a62dfe59d3ea2c5aa1622

SHA256
b4395fb72badf31ca761239a2a9e4682638ee16a5526967a36395d2d6daa943e

SHA512
644c795a0e312ee5ee08e0d9e54d8bc1c013f7f885c0e80f5bf4d3c91fc631c5dca33eb5f080300b6a7b0fb3d100d29aede16f76e473e8268c78b824579020ed

Download Submit