a71290070f826292c0ce907f21280e46cb4b800163ca3b81301c75710387ff1b

Analysis

max time kernel
49s
max time network
136s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
10-04-2024 13:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a71290070f826292c0ce907f21280e46cb4b800163ca3b81301c75710387ff1b.apk
Size

29.1MB
MD5

7ac30a4488748e4be24c04325f147c9f
SHA1

b54fff5a7f0a279040a4499d5aabce41ea1840fb
SHA256

a71290070f826292c0ce907f21280e46cb4b800163ca3b81301c75710387ff1b
SHA512

2bde3d4bb8a5df81f1e0230cf6e1464853bb52c104ce3da594a0218fee62b83610d673b999c186b158b469c50213be4057c8a23aea2b693fd9083293db44cc9c
SSDEEP

393216:bjd8b3Stod1v3uFwCPwmSPkkbiaOhECW1Fypl+W9ESATJXQY0/rBxqHoyvc2IGif:SbKhE3cYFAYA/q3Yq2w2AEZ+1AphH

Score

8^/10

collection discovery evasion persistence

Malware Config

Signatures

Makes use of the framework's Accessibility service 2 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion

T1516

T1513

Processes:

com.secure.vpn

description	ioc	process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.secure.vpn

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
evasion persistence

T1541

Processes:

com.secure.vpn

description ioc process

Framework service call android.app.IActivityManager.setServiceForeground com.secure.vpn
Queries information about running processes on the device. 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

T1424

Processes:

com.secure.vpn

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.secure.vpn
Reads the contacts stored on the device. 1 TTPs 1 IoCs
collection

T1636.003

Processes:

com.secure.vpn

description ioc process

URI accessed for read content://com.android.contacts/contacts com.secure.vpn
Reads the content of the call log. 1 TTPs 1 IoCs
collection

T1636.002

Processes:

com.secure.vpn

description ioc process

URI accessed for read content://call_log/calls com.secure.vpn
Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes:

com.secure.vpn

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.secure.vpn

description	ioc	process
Framework service call	android.app.IActivityManager.setServiceForeground	com.secure.vpn

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.secure.vpn

description	ioc	process
URI accessed for read	content://com.android.contacts/contacts	com.secure.vpn

description	ioc	process
URI accessed for read	content://call_log/calls	com.secure.vpn

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.secure.vpn

com.secure.vpn
1⤵
- Makes use of the framework's Accessibility service
- Makes use of the framework's foreground persistence service
- Queries information about running processes on the device.
- Reads the contacts stored on the device.
- Reads the content of the call log.
- Uses Crypto APIs (Might try to encrypt user data)
PID:4183

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.secure.vpn/cache/rndseq
Filesize
48B

MD5
fbcf51aacf609db39150059dcce7d290

SHA1
df19d99bc27a8f1e52c924ee2179857f2108860c

SHA256
a18717e359d200d20ae2966f62fbae41289ad7e3e5b156d31d77d012e728283c

SHA512
002e732cf92afbea46641e834d0d00bd0a3c93379cb919976a9b9922c328aae5e793f96ad19863b66dda2573d95a497266902eaa263cd68c205e6038c6beb79c

Download Submit
/data/data/com.secure.vpn/databases/MonDB
Filesize
140KB

MD5
0c228e1878d4705a5eda4492b48f5113

SHA1
6991fc6a10522d3342da836320f0b07103cf6194

SHA256
6194503cff535acea05bb9b742abe489899cd051db4a378b25ec3931bc022370

SHA512
226122fd70cccc58820e8b4cb9391e538a9b7cd53426a3c8a8b168a42e1202ee3c1030cd171f564d177703c4511882048e617e3bef1ad100f590e8d1cc8883a1

Download Submit
/data/data/com.secure.vpn/databases/MonDB-journal
Filesize
512B

MD5
395c5fe9f08d5cff677efb7865d4f8bf

SHA1
4e0f1911ce178de19b0d8be5920707c2d01e5ae7

SHA256
3e200e2cfaae69fee1722127a6e183dabbb5a581325d2c082bab50dae2927b9b

SHA512
ae396722a914bc908a5b51ef6aef32bd0a9125c49f8164a1381a3a3caa9bba4dfcf3934bcdf7c672ea04a0b06acba1ba754247b8b5d7b6b3272236dbbef463a2

Download Submit
/data/data/com.secure.vpn/databases/MonDB-wal
Filesize
16KB

MD5
f016f67dbb82c8b953ab54ee767ec6cd

SHA1
416587602b3ea2484fadbcf11d07b27252cc5e91

SHA256
6c4a337ad09ff51005034cd6e62900dca7b24cfd00151432d698ce2a51e90bd4

SHA512
c53d0f350fa4e3acee64066f05120ee424d4a007e8097fe2e4540ef60a08f12675bac0b4d69e074dead773f0b5192ceb6db9bc0781185911c02fc82747d339d9

Download Submit
/data/data/com.secure.vpn/databases/MonDB-wal
Filesize
152KB

MD5
1432cf267b3db210e87632dc4229c070

SHA1
042b3f7d4f7d18669626aa902535f8dbc7b13f1f

SHA256
b8e8d1f1d628896c1cf359a485cab405212444528acfeefeb538e5d6a0133976

SHA512
a78faabd3b1241a82ec9f19ed23c658ad7bb336bcaaa89c5703169027af6130b9af7e30dbbcba75041b34bc340b54d80dcd9689fb671b6c93a39f383e6a0a56e

Download Submit
/data/data/com.secure.vpn/databases/MonDB-wal
Filesize
410KB

MD5
ea65ffcd66dcb36ba987619671fe662e

SHA1
0f99efb7da4bde51fc76b054830688684050decd

SHA256
983f828b06dbd73a0d931e99d6b5a5fc1d53cf3b43129811a564d7dc3cf48b5e

SHA512
baa2cc20f2f7facb520856c8732ebb1dfc99372896c72df67c78d90f455ebc04c859304f0e1de3ff6344dbcade13dff29b805a241ebab9078b00b6f624911da6

Download Submit
/data/data/com.secure.vpn/databases/anchorfree-ucr.db-journal
Filesize
512B

MD5
f976f7d872db964c8accdb04cea93e58

SHA1
83c84d018b9072dc2a519c1e4d2a8f952f4e2dea

SHA256
2a9875af0a4edfb2e31b4ef69bd4ca3b798f5ddde28eb4aa95d39439f3e9ee78

SHA512
f0c0c9846b3e56916b048f58772770a82bbec1c43ba95c10ca09af65753589f5fdcc217e08fde9d582f299b8cd501a955bc3e57bd2d447b85d21343508178ea5

Download Submit
/data/data/com.secure.vpn/databases/anchorfree-ucr.db-wal
Filesize
32KB

MD5
703acef86fd20861cd2070211fcacddb

SHA1
dddfcb4e1f26cfd0a2972d7a520c38060f2e954e

SHA256
80d4b2607327c6ae48084c906a3b92fe8fc4a25e2620d40bffc421b5a7ec1587

SHA512
7a8412e428b47fc7829178d2b84573763e7e08fffbfa582c6b8e60594eee885bdcbbe5028d3a324c5464f1a3d898bad23f3aebd965a58964b18c76b3fdc65371

Download Submit
/data/data/com.secure.vpn/databases/key_value_store.db
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.secure.vpn/databases/key_value_store.db-journal
Filesize
512B

MD5
604c40b8534986a3f2e33da380d98e2d

SHA1
9a62efb4df19edcc9bc89cd978df14edd1891dae

SHA256
f56ee7e3c39f31223e738211503e9e0a0fbcccee75d6404741ea0ff2c04e4b74

SHA512
d3d8aec08126ee624c33376849b8211c6c598b3e7b0459f6ac7f2af2de8ccaf88ea9ea895beb95698acb4b2d2f5eb80a1e0b5315dfc89345b90d9dd9a720ad2b

Download Submit
/data/data/com.secure.vpn/databases/key_value_store.db-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.secure.vpn/databases/key_value_store.db-wal
Filesize
209KB

MD5
b75c67f05a56892a7d79e3e0e60f22b1

SHA1
097c8d527d231b3ca46b55a14f24c01e91adeda7

SHA256
b8171c532cc0ef1f24a3203884e060cf5fc6e7bd6c8392c0ec527d565f53e5dc

SHA512
3044d499cb108791291e0e84cd98c60fba37aa7b9b429629fe161c2ba352e23d1b1489c2031bf867a6b50a7dd5590f07c88657dcb6f5b35e289de990d1b1a72c

Download Submit
/data/data/com.secure.vpn/no_backup/androidx.work.workdb-journal
Filesize
512B

MD5
c841f1908b3dcd7de548effe1c8b0b6c

SHA1
305a34dc988c277fae117814ad0a6d343a30dfa4

SHA256
266acc93a2675d520f58afa35c1a61cce44a90d07d41f0322aec66b48a51c960

SHA512
4be77d845af15e94dc298ca16b2b2e03513b0faecbcffae39b20d09a194392f034c674bb57510db7f2d9889982610b883a0a87f86fd5ecad92e59f91578d38a1

Download Submit
/data/data/com.secure.vpn/no_backup/androidx.work.workdb-wal
Filesize
108KB

MD5
683bf579be1903f4d0f5b22b716e8c55

SHA1
66d06c8e17b4cd75b68f0f7dbe12b099044f44f4

SHA256
05578077d5b76ded709d58c328f190289a1469a6f4c67c98f89fa9641c426442

SHA512
b94926074d868564d338fe609f0f67aea19a3b0082371c5f5da73b5101d6a11768b8fd4866bee93b51c4a8f298d7fd83c3ca8f4604e38d64cac12aea5f0bd0f8

Download Submit
/data/data/com.secure.vpn/no_backup/androidx.work.workdb-wal
Filesize
189KB

MD5
bcb857e649a6c0360b85b2b4bbe0ea27

SHA1
711546b11c18c0b5dfa2e15573caa8c95741ae06

SHA256
f6fdc22f81473c4e407022c589949f31f42af2b3a44793c142da9a6d17a6d072

SHA512
8ddb6bfeff7c4dcb72243906c961e623d503c170c9eb1aa62845fa3945f17ec486cf5090dced30525e9f96d90126918b20f7845d1e22bd6bfb299a757c49f516

Download Submit
/data/data/com.secure.vpn/no_backup/androidx.work.workdb-wal
Filesize
16KB

MD5
57832cffd6ea6f21cec72a6b13d95a5d

SHA1
4960a430b14c50738fb3829742fd750d664bf436

SHA256
986a03dd474548ec5d9836162f0571c33d1e61401878ac6848ef8db7762fc409

SHA512
a2372b01d89f50722271bd3bd67a66004cd85e11945fcb013e08f7344ccfc102f77da2a8c427a83e7e7cc0549ff08ba2cc44dd3cc4367e7fadb3f22b1ee6d484

Download Submit