a71290070f826292c0ce907f21280e46cb4b800163ca3b81301c75710387ff1b

Analysis

max time kernel
49s
max time network
136s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
10/04/2024, 13:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a71290070f826292c0ce907f21280e46cb4b800163ca3b81301c75710387ff1b.apk
Size

29.1MB
MD5

7ac30a4488748e4be24c04325f147c9f
SHA1

b54fff5a7f0a279040a4499d5aabce41ea1840fb
SHA256

a71290070f826292c0ce907f21280e46cb4b800163ca3b81301c75710387ff1b
SHA512

2bde3d4bb8a5df81f1e0230cf6e1464853bb52c104ce3da594a0218fee62b83610d673b999c186b158b469c50213be4057c8a23aea2b693fd9083293db44cc9c
SSDEEP

393216:bjd8b3Stod1v3uFwCPwmSPkkbiaOhECW1Fypl+W9ESATJXQY0/rBxqHoyvc2IGif:SbKhE3cYFAYA/q3Yq2w2AEZ+1AphH

Score

8^/10

collection discovery evasion persistence

Malware Config

Signatures

Makes use of the framework's Accessibility service 2 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion

Input Injection

T1516

Screen Capture

T1513

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.secure.vpn

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	com.secure.vpn

Queries information about running processes on the device. 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.secure.vpn

Reads the contacts stored on the device. 1 TTPs 1 IoCs

collection

Contact List

T1636.003

description	ioc	Process
URI accessed for read	content://com.android.contacts/contacts	com.secure.vpn

Reads the content of the call log. 1 TTPs 1 IoCs

collection

Call Log

T1636.002

description	ioc	Process
URI accessed for read	content://call_log/calls	com.secure.vpn

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.secure.vpn

com.secure.vpn
1⤵
- Makes use of the framework's Accessibility service
- Makes use of the framework's foreground persistence service
- Queries information about running processes on the device.
- Reads the contacts stored on the device.
- Reads the content of the call log.
- Uses Crypto APIs (Might try to encrypt user data)
PID:4183

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Foreground Persistence

T1541

Input Injection

T1516

Credential Access

Discovery

Process Discovery

T1424

Lateral Movement

Collection

Protected User Data

T1636

Call Log

T1636.002

Contact List

T1636.003

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.secure.vpn/cache/rndseq

Filesize
48B

MD5
fbcf51aacf609db39150059dcce7d290

SHA1
df19d99bc27a8f1e52c924ee2179857f2108860c

SHA256
a18717e359d200d20ae2966f62fbae41289ad7e3e5b156d31d77d012e728283c

SHA512
002e732cf92afbea46641e834d0d00bd0a3c93379cb919976a9b9922c328aae5e793f96ad19863b66dda2573d95a497266902eaa263cd68c205e6038c6beb79c

Download Submit
/data/data/com.secure.vpn/databases/MonDB

Filesize
140KB

MD5
0c228e1878d4705a5eda4492b48f5113

SHA1
6991fc6a10522d3342da836320f0b07103cf6194

SHA256
6194503cff535acea05bb9b742abe489899cd051db4a378b25ec3931bc022370

SHA512
226122fd70cccc58820e8b4cb9391e538a9b7cd53426a3c8a8b168a42e1202ee3c1030cd171f564d177703c4511882048e617e3bef1ad100f590e8d1cc8883a1

Download Submit
/data/data/com.secure.vpn/databases/MonDB-journal

Filesize
512B

MD5
395c5fe9f08d5cff677efb7865d4f8bf

SHA1
4e0f1911ce178de19b0d8be5920707c2d01e5ae7

SHA256
3e200e2cfaae69fee1722127a6e183dabbb5a581325d2c082bab50dae2927b9b

SHA512
ae396722a914bc908a5b51ef6aef32bd0a9125c49f8164a1381a3a3caa9bba4dfcf3934bcdf7c672ea04a0b06acba1ba754247b8b5d7b6b3272236dbbef463a2

Download Submit
/data/data/com.secure.vpn/databases/MonDB-wal

Filesize
16KB

MD5
f016f67dbb82c8b953ab54ee767ec6cd

SHA1
416587602b3ea2484fadbcf11d07b27252cc5e91

SHA256
6c4a337ad09ff51005034cd6e62900dca7b24cfd00151432d698ce2a51e90bd4

SHA512
c53d0f350fa4e3acee64066f05120ee424d4a007e8097fe2e4540ef60a08f12675bac0b4d69e074dead773f0b5192ceb6db9bc0781185911c02fc82747d339d9

Download Submit
/data/data/com.secure.vpn/databases/MonDB-wal

Filesize
152KB

MD5
1432cf267b3db210e87632dc4229c070

SHA1
042b3f7d4f7d18669626aa902535f8dbc7b13f1f

SHA256
b8e8d1f1d628896c1cf359a485cab405212444528acfeefeb538e5d6a0133976

SHA512
a78faabd3b1241a82ec9f19ed23c658ad7bb336bcaaa89c5703169027af6130b9af7e30dbbcba75041b34bc340b54d80dcd9689fb671b6c93a39f383e6a0a56e

Download Submit
/data/data/com.secure.vpn/databases/MonDB-wal

Filesize
410KB

MD5
ea65ffcd66dcb36ba987619671fe662e

SHA1
0f99efb7da4bde51fc76b054830688684050decd

SHA256
983f828b06dbd73a0d931e99d6b5a5fc1d53cf3b43129811a564d7dc3cf48b5e

SHA512
baa2cc20f2f7facb520856c8732ebb1dfc99372896c72df67c78d90f455ebc04c859304f0e1de3ff6344dbcade13dff29b805a241ebab9078b00b6f624911da6

Download Submit
/data/data/com.secure.vpn/databases/anchorfree-ucr.db-journal

Filesize
512B

MD5
f976f7d872db964c8accdb04cea93e58

SHA1
83c84d018b9072dc2a519c1e4d2a8f952f4e2dea

SHA256
2a9875af0a4edfb2e31b4ef69bd4ca3b798f5ddde28eb4aa95d39439f3e9ee78

SHA512
f0c0c9846b3e56916b048f58772770a82bbec1c43ba95c10ca09af65753589f5fdcc217e08fde9d582f299b8cd501a955bc3e57bd2d447b85d21343508178ea5

Download Submit
/data/data/com.secure.vpn/databases/anchorfree-ucr.db-wal

Filesize
32KB

MD5
703acef86fd20861cd2070211fcacddb

SHA1
dddfcb4e1f26cfd0a2972d7a520c38060f2e954e

SHA256
80d4b2607327c6ae48084c906a3b92fe8fc4a25e2620d40bffc421b5a7ec1587

SHA512
7a8412e428b47fc7829178d2b84573763e7e08fffbfa582c6b8e60594eee885bdcbbe5028d3a324c5464f1a3d898bad23f3aebd965a58964b18c76b3fdc65371

Download Submit
/data/data/com.secure.vpn/databases/key_value_store.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.secure.vpn/databases/key_value_store.db-journal

Filesize
512B

MD5
604c40b8534986a3f2e33da380d98e2d

SHA1
9a62efb4df19edcc9bc89cd978df14edd1891dae

SHA256
f56ee7e3c39f31223e738211503e9e0a0fbcccee75d6404741ea0ff2c04e4b74

SHA512
d3d8aec08126ee624c33376849b8211c6c598b3e7b0459f6ac7f2af2de8ccaf88ea9ea895beb95698acb4b2d2f5eb80a1e0b5315dfc89345b90d9dd9a720ad2b

Download Submit
/data/data/com.secure.vpn/databases/key_value_store.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.secure.vpn/databases/key_value_store.db-wal

Filesize
209KB

MD5
b75c67f05a56892a7d79e3e0e60f22b1

SHA1
097c8d527d231b3ca46b55a14f24c01e91adeda7

SHA256
b8171c532cc0ef1f24a3203884e060cf5fc6e7bd6c8392c0ec527d565f53e5dc

SHA512
3044d499cb108791291e0e84cd98c60fba37aa7b9b429629fe161c2ba352e23d1b1489c2031bf867a6b50a7dd5590f07c88657dcb6f5b35e289de990d1b1a72c

Download Submit
/data/data/com.secure.vpn/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
c841f1908b3dcd7de548effe1c8b0b6c

SHA1
305a34dc988c277fae117814ad0a6d343a30dfa4

SHA256
266acc93a2675d520f58afa35c1a61cce44a90d07d41f0322aec66b48a51c960

SHA512
4be77d845af15e94dc298ca16b2b2e03513b0faecbcffae39b20d09a194392f034c674bb57510db7f2d9889982610b883a0a87f86fd5ecad92e59f91578d38a1

Download Submit
/data/data/com.secure.vpn/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
683bf579be1903f4d0f5b22b716e8c55

SHA1
66d06c8e17b4cd75b68f0f7dbe12b099044f44f4

SHA256
05578077d5b76ded709d58c328f190289a1469a6f4c67c98f89fa9641c426442

SHA512
b94926074d868564d338fe609f0f67aea19a3b0082371c5f5da73b5101d6a11768b8fd4866bee93b51c4a8f298d7fd83c3ca8f4604e38d64cac12aea5f0bd0f8

Download Submit
/data/data/com.secure.vpn/no_backup/androidx.work.workdb-wal

Filesize
189KB

MD5
bcb857e649a6c0360b85b2b4bbe0ea27

SHA1
711546b11c18c0b5dfa2e15573caa8c95741ae06

SHA256
f6fdc22f81473c4e407022c589949f31f42af2b3a44793c142da9a6d17a6d072

SHA512
8ddb6bfeff7c4dcb72243906c961e623d503c170c9eb1aa62845fa3945f17ec486cf5090dced30525e9f96d90126918b20f7845d1e22bd6bfb299a757c49f516

Download Submit
/data/data/com.secure.vpn/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
57832cffd6ea6f21cec72a6b13d95a5d

SHA1
4960a430b14c50738fb3829742fd750d664bf436

SHA256
986a03dd474548ec5d9836162f0571c33d1e61401878ac6848ef8db7762fc409

SHA512
a2372b01d89f50722271bd3bd67a66004cd85e11945fcb013e08f7344ccfc102f77da2a8c427a83e7e7cc0549ff08ba2cc44dd3cc4367e7fadb3f22b1ee6d484

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads