a71290070f826292c0ce907f21280e46cb4b800163ca3b81301c75710387ff1b

Analysis

max time kernel
49s
max time network
151s
platform
android_x64
resource
android-x64-arm64-20240221-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240221-enlocale:en-usos:android-11-x64system
submitted
10-04-2024 13:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a71290070f826292c0ce907f21280e46cb4b800163ca3b81301c75710387ff1b.apk
Size

29.1MB
MD5

7ac30a4488748e4be24c04325f147c9f
SHA1

b54fff5a7f0a279040a4499d5aabce41ea1840fb
SHA256

a71290070f826292c0ce907f21280e46cb4b800163ca3b81301c75710387ff1b
SHA512

2bde3d4bb8a5df81f1e0230cf6e1464853bb52c104ce3da594a0218fee62b83610d673b999c186b158b469c50213be4057c8a23aea2b693fd9083293db44cc9c
SSDEEP

393216:bjd8b3Stod1v3uFwCPwmSPkkbiaOhECW1Fypl+W9ESATJXQY0/rBxqHoyvc2IGif:SbKhE3cYFAYA/q3Yq2w2AEZ+1AphH

Score

8^/10

collection discovery evasion persistence

Malware Config

Signatures

Makes use of the framework's Accessibility service 2 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion

Input Injection

T1516

Screen Capture

T1513

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.secure.vpn

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	com.secure.vpn

Queries information about running processes on the device. 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.secure.vpn

Reads the contacts stored on the device. 1 TTPs 1 IoCs

collection

Contact List

T1636.003

description	ioc	Process
URI accessed for read	content://com.android.contacts/contacts	com.secure.vpn

Reads the content of the call log. 1 TTPs 1 IoCs

collection

Call Log

T1636.002

description	ioc	Process
URI accessed for read	content://call_log/calls	com.secure.vpn

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.secure.vpn

com.secure.vpn
1⤵
- Makes use of the framework's Accessibility service
- Makes use of the framework's foreground persistence service
- Queries information about running processes on the device.
- Reads the contacts stored on the device.
- Reads the content of the call log.
- Uses Crypto APIs (Might try to encrypt user data)
PID:4685

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Foreground Persistence

T1541

Input Injection

T1516

Credential Access

Discovery

Process Discovery

T1424

Lateral Movement

Collection

Protected User Data

T1636

Call Log

T1636.002

Contact List

T1636.003

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.secure.vpn/cache/rndseq

Filesize
48B

MD5
bf494ca52fc02901dd0fced1abf7d808

SHA1
51d3b2737ea86d5422268e9bbb826560028efa22

SHA256
4328b10b5d0d43dc10b6b76c00ce5f315643cc66a358d9ddf29ea9acff0dbe98

SHA512
ea69a602adabd3791045dcb25380e1f9f33b395f12476c1bd7431b3946a6d9fbdd58fffe5837f64201aaf85e450d105b137b34ef167add6acd2ba5d93ca957f8

Download Submit
/data/user/0/com.secure.vpn/databases/MonDB-journal

Filesize
512B

MD5
eeea3598a378949683fd348fe90b8288

SHA1
8c06e99910f0976217ff2c84b90a485c2a92f544

SHA256
49b3bfc2cd00ac14db719ef5124152ecbf69b6a7e8b2938b951f660cd6d8dc9e

SHA512
a5fde483ec45dc83bce700a9be71149ee56a15c98d46cdec38b178597cdcd9b9fc717e38668f2f18948afe21e3ee40dbf4a3b1b99af4cae57f267c555300791b

Download Submit
/data/user/0/com.secure.vpn/databases/MonDB-wal

Filesize
16KB

MD5
17a4d4751e43549ea0a1aaf37aeb4444

SHA1
64131c069026c935b7233a98a1d0ea077bfe631d

SHA256
9db07dd14c398a5dacc1474832e4b423c8b04aafe783f290e44076f16ef81d91

SHA512
84c9b76043199399e7ef048759753ace92fd79aaa892cddade21f552800021a61b9af9188e2cc2578f53747d469e61b3f40b5dd3ffcf567391a9b5bb08a45b07

Download Submit
/data/user/0/com.secure.vpn/databases/MonDB-wal

Filesize
152KB

MD5
53499714ffcadd41e7cc38bdd4560575

SHA1
a47fe71623ac66ead83c3c1757034b643d8eb171

SHA256
e960cd80c574871636f95179710bd4011674fa6545321a2d4947a633247bfea3

SHA512
d61ad086558312d70d2a071a1c025f6549b084affeef10ac174a949b58e251730bb7b0fa1c4685ebfaa20f3ccdc5926dad54ee053585c7a507860ac33ef44316

Download Submit
/data/user/0/com.secure.vpn/databases/MonDB-wal

Filesize
386KB

MD5
6354afcfb1669040dd33f86506fd44f3

SHA1
26f80f5e7b40f369e30532ca2027d8ca4fbbfe7c

SHA256
01b1ceda1b3b8ea11cfa2eaaeaa25af76684c8411c90b243fb626bd49be8ef98

SHA512
99c4fce14447f255bdcf1deb850e963bc2640e013ebde0681ad46413d0df60c59d9bbb67f36467dccf40528f102e5716f9867dd7b794758ba3905f6cd0041ea0

Download Submit
/data/user/0/com.secure.vpn/databases/anchorfree-ucr.db

Filesize
20KB

MD5
c2a766c823646d51ce83dc128eabaea0

SHA1
bd9f3eb47edf3a37a3f8bca130f6ae5009fbef2e

SHA256
2a9824654df72f159f8dc612c314d4efec13683e72653b6d898f9ad997707752

SHA512
1bf424c9d14c9792507264caa9f13e48bcacd17c511b8298ba788be6afd0f7b515aa37e0205d3d6bb89d0958ce383e890446ea8cad5cfc7128cfe60ec86fea5b

Download Submit
/data/user/0/com.secure.vpn/databases/anchorfree-ucr.db-journal

Filesize
512B

MD5
6b25c48a1a154e8b9b18abf660c1488b

SHA1
3e667f4738ad3b01bd6c56c82d352981991242f9

SHA256
b7629c3c2dbec2729049a079df524351fb9f0b38a517bc52fe4a674983f24437

SHA512
733cbfde98700eea243c038dd09bc06300c6144a1a2e047b834ada50b0b36020afe2249360a2feb435f6afe272e8536c68d836e25d853d897a6c8fe63042f802

Download Submit
/data/user/0/com.secure.vpn/databases/anchorfree-ucr.db-journal

Filesize
8KB

MD5
8648b41041901a6a15a9b361679a3980

SHA1
8a55a47abaac38504be945dd55e552edea322389

SHA256
6ab976f8de91b08b653f28a4efad5d3f09d9e0949af25765807eed2496195988

SHA512
5659110be3077faf189aaac02880de4cf17617205688d690cc6420d0f7251b4f424692058ede106c613f4be72ef2129c07a5b036e15252ebddff5df7cd09e352

Download Submit
/data/user/0/com.secure.vpn/databases/anchorfree-ucr.db-journal

Filesize
8KB

MD5
497685de0f57ae6c42c0e78bd7ea2ea7

SHA1
576a83b807ed53626140c4dd4e9feb8e9b763bd3

SHA256
12de7d9b840d401b3b0a548656c3a3c7ea9862244c1b14e4214bf46963bdb708

SHA512
ecda6fe5402cde0fae580cbfd836da832fb8d10bfc594e4ee4b71d8b8ea8d97cbd9b49bc439baac899810a0f8182d20097949b510bf809dfa977690f6154fe1b

Download Submit
/data/user/0/com.secure.vpn/databases/key_value_store.db

Filesize
20KB

MD5
02eb05e1fe13e25805c2e38f67faaf38

SHA1
ce05cce433176a5faf3b94efaeb771920bccfba1

SHA256
53bec041612b8fc83bbd5aa864b3f6dc3631896f2a01d83ef627bda7d001b148

SHA512
6ad3cf3e1f92cf41e719f2fb6c442fa424f930d9765fdf8c3c962f8da9b232b2604d105cfb7e682bca3ab7718e5fca7bf2bdff3381124bb308d276d49c85c0a8

Download Submit
/data/user/0/com.secure.vpn/databases/key_value_store.db-journal

Filesize
12KB

MD5
9c02fdb99574bfe869f274efe7438121

SHA1
583fb2ab449a73f2b5ce830b4e5a132c8b5c34a0

SHA256
c68fffcb79563af823ac9a2933ac8fd9b92147cad7ef4bcb683a11b2f45fe46c

SHA512
8655b0d2b05ed13941b53c692abf7e6818924970c30562afa9ba9ab82ccaf783ef393aa22ba0e5853fad6dc362c565299111e91dd3041457446af27613e78d34

Download Submit
/data/user/0/com.secure.vpn/databases/key_value_store.db-journal

Filesize
12KB

MD5
f078ab0d51d08fe0905b90ec06016da7

SHA1
164dee44d00fecf07c93ff8967c6267a136aab15

SHA256
228d374f49863ff580a10c961360d68bb0f33bb4708180e71553cb8df996bbaf

SHA512
f01ab818c85873ec1b4f08cee723cb8897c0633c3a9cd0daab23e587ff3aaae52782d20c9645c6ae95a6bf74449b4deb8aa09ba1b2b6977e80dfb6b6eefc9d76

Download Submit
/data/user/0/com.secure.vpn/databases/key_value_store.db-journal

Filesize
512B

MD5
4d64318c022eb4857b6853fc39b5e33c

SHA1
42bae2f4b91321d7c57b5ba3a73a7fc8eb1fb794

SHA256
a57035da67e763cdbaee1f9ea2f851a3b2aa50a1a2f0475577eb863c73c03dfd

SHA512
e3538354ff8e68e6be8915600674985a5e6d1133b775928a8e77495d0413633095fbbef099b8bcfd0022dbd716eb4b8c58559d4987f4feef27fd8e5708d87d0e

Download Submit
/data/user/0/com.secure.vpn/databases/key_value_store.db-journal

Filesize
8KB

MD5
82dee6cbbf309078fd21bfacef88c967

SHA1
311b1fd6ccfe3aea4ec85f9e3cb482ab10ac0836

SHA256
1e71242268797446975ec60955125a6bf173b02beb64f37ecfc5267ae4d758bb

SHA512
28663a9f1f8558424ddaf02da696e04ffd621f6c53724ffb1e043a732efa4385ef963b97b99a47743113ec8852f61db7df747ac9dec7a0fcf2097f110b66cd6f

Download Submit
/data/user/0/com.secure.vpn/databases/key_value_store.db-journal

Filesize
8KB

MD5
c7b779c41472c255a5282d2266c05a5f

SHA1
b2366afca82ac49821236307bc321877e4c9b8a0

SHA256
21b40c39965a4be6ee150132ae89100733ab0aa10f0ff6b5523359d0c318ccba

SHA512
8611ef8a0bf72861d8172f0e1ad4bb3f7fbc1bfee3dff2b011a6c23ddf5ee329d7b7840999be879160de41d3a39457228a62117a47820a520d67fa9b9a5794bb

Download Submit
/data/user/0/com.secure.vpn/databases/key_value_store.db-journal

Filesize
12KB

MD5
20a1e4e482debe4b92bace5b8c9dd071

SHA1
e5f6716705c272ebf2d5d985a25fe9d451b54d69

SHA256
418a29ded2a87492602e170c58ffb1fecd20e68b4b2843fef7289d0129e433f0

SHA512
f75c9dbf13d1d2ac55bf3e8a037b6006c6320472a6b40521b72d16cbd0eb1e1651e17cb6ebc73607e260d8c2615e2da45bc828579d91119b19cfe2ad46b3941d

Download Submit
/data/user/0/com.secure.vpn/no_backup/androidx.work.workdb

Filesize
4KB

MD5
7e858c4054eb00fcddc653a04e5cd1c6

SHA1
2e056bf31a8d78df136f02a62afeeca77f4faccf

SHA256
9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad

SHA512
d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

Download Submit
/data/user/0/com.secure.vpn/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
47161bd4e8acfbda74030aadfa7eff05

SHA1
7ad6cca7f643445eb82eb8cfe213677e4c8c3c2f

SHA256
30e038ad9a1723508b236ccfa7cb5f92f41335e6d4f235c8ef291cdacaf79da8

SHA512
272a868b5298bfb90208c99f5e7d88da87058f34ab51d9d5d962c35dd447af93b985d6ee50f985cbc7df7f2cef13bbdf374dc5756c9dccb7ccf437c1ee74411f

Download Submit
/data/user/0/com.secure.vpn/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/user/0/com.secure.vpn/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
0f5a493aa96f4d03c879e6a98f866b55

SHA1
64b0f139148a402267496e44727a07669748603b

SHA256
1ebdc4897c70e54fbd75dbb19540b0544a41b393b25c13a5485b0c3c2751cf8f

SHA512
a8f9778fe84dceac1ef2d9d486f0013ff2939244e28144997d3b636979da5cd6224bd8eee5679bd543c5dfef3ca64fc92c3aa91d651503b655af8ff4980f51f8

Download Submit
/data/user/0/com.secure.vpn/no_backup/androidx.work.workdb-wal

Filesize
189KB

MD5
40679221b6cfe2e015d9fec22d16ad1f

SHA1
d27f918fa3ae7cbfa3ca2c8a409d3c93061211db

SHA256
83a2ff013aea65eeffc487efba1b78fadae69bcc8877d44d91a6ed5a0ca0563e

SHA512
9e153b15196018d3d09a420cd24234e70f461e19061e54d10534b8627538d6208fa6c532648dd0c4a19a53cf6c242e0d66cbeb0ab8ae60a48c3f74c9ac09c26d

Download Submit
/data/user/0/com.secure.vpn/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
7b156da7f3bc4c7b6fc8baa6135e6ab1

SHA1
356134c3622d31b0afe41ec71a222b3ff90e23fb

SHA256
e4e68e90644a271f86b6993c2f0ee07f4ef4e66bade5c02656b10e0011985d21

SHA512
b8bec8fca1d4c7515e5d3ead4a3a475052c86bb1ee614408de4c63f2dadecf884beac1f213e8a84590c176120ae074d212e4dd9124698570308dcac62d1598fa

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads