a71290070f826292c0ce907f21280e46cb4b800163ca3b81301c75710387ff1b

Analysis

max time kernel
49s
max time network
151s
platform
android_x64
resource
android-x64-arm64-20240221-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240221-enlocale:en-usos:android-11-x64system
submitted
10-04-2024 13:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a71290070f826292c0ce907f21280e46cb4b800163ca3b81301c75710387ff1b.apk
Size

29.1MB
MD5

7ac30a4488748e4be24c04325f147c9f
SHA1

b54fff5a7f0a279040a4499d5aabce41ea1840fb
SHA256

a71290070f826292c0ce907f21280e46cb4b800163ca3b81301c75710387ff1b
SHA512

2bde3d4bb8a5df81f1e0230cf6e1464853bb52c104ce3da594a0218fee62b83610d673b999c186b158b469c50213be4057c8a23aea2b693fd9083293db44cc9c
SSDEEP

393216:bjd8b3Stod1v3uFwCPwmSPkkbiaOhECW1Fypl+W9ESATJXQY0/rBxqHoyvc2IGif:SbKhE3cYFAYA/q3Yq2w2AEZ+1AphH

Score

8^/10

collection discovery evasion persistence

Malware Config

Signatures

Makes use of the framework's Accessibility service 2 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion

T1516

T1513

Processes:

com.secure.vpn

description	ioc	process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.secure.vpn

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
evasion persistence

T1541

Processes:

com.secure.vpn

description ioc process

Framework service call android.app.IActivityManager.setServiceForeground com.secure.vpn
Queries information about running processes on the device. 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

T1424

Processes:

com.secure.vpn

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.secure.vpn
Reads the contacts stored on the device. 1 TTPs 1 IoCs
collection

T1636.003

Processes:

com.secure.vpn

description ioc process

URI accessed for read content://com.android.contacts/contacts com.secure.vpn
Reads the content of the call log. 1 TTPs 1 IoCs
collection

T1636.002

Processes:

com.secure.vpn

description ioc process

URI accessed for read content://call_log/calls com.secure.vpn
Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes:

com.secure.vpn

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.secure.vpn

description	ioc	process
Framework service call	android.app.IActivityManager.setServiceForeground	com.secure.vpn

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.secure.vpn

description	ioc	process
URI accessed for read	content://com.android.contacts/contacts	com.secure.vpn

description	ioc	process
URI accessed for read	content://call_log/calls	com.secure.vpn

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.secure.vpn

com.secure.vpn
1⤵
- Makes use of the framework's Accessibility service
- Makes use of the framework's foreground persistence service
- Queries information about running processes on the device.
- Reads the contacts stored on the device.
- Reads the content of the call log.
- Uses Crypto APIs (Might try to encrypt user data)
PID:4685

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.secure.vpn/cache/rndseq
Filesize
48B

MD5
bf494ca52fc02901dd0fced1abf7d808

SHA1
51d3b2737ea86d5422268e9bbb826560028efa22

SHA256
4328b10b5d0d43dc10b6b76c00ce5f315643cc66a358d9ddf29ea9acff0dbe98

SHA512
ea69a602adabd3791045dcb25380e1f9f33b395f12476c1bd7431b3946a6d9fbdd58fffe5837f64201aaf85e450d105b137b34ef167add6acd2ba5d93ca957f8

Download Submit
/data/user/0/com.secure.vpn/databases/MonDB-journal
Filesize
512B

MD5
eeea3598a378949683fd348fe90b8288

SHA1
8c06e99910f0976217ff2c84b90a485c2a92f544

SHA256
49b3bfc2cd00ac14db719ef5124152ecbf69b6a7e8b2938b951f660cd6d8dc9e

SHA512
a5fde483ec45dc83bce700a9be71149ee56a15c98d46cdec38b178597cdcd9b9fc717e38668f2f18948afe21e3ee40dbf4a3b1b99af4cae57f267c555300791b

Download Submit
/data/user/0/com.secure.vpn/databases/MonDB-wal
Filesize
16KB

MD5
17a4d4751e43549ea0a1aaf37aeb4444

SHA1
64131c069026c935b7233a98a1d0ea077bfe631d

SHA256
9db07dd14c398a5dacc1474832e4b423c8b04aafe783f290e44076f16ef81d91

SHA512
84c9b76043199399e7ef048759753ace92fd79aaa892cddade21f552800021a61b9af9188e2cc2578f53747d469e61b3f40b5dd3ffcf567391a9b5bb08a45b07

Download Submit
/data/user/0/com.secure.vpn/databases/MonDB-wal
Filesize
152KB

MD5
53499714ffcadd41e7cc38bdd4560575

SHA1
a47fe71623ac66ead83c3c1757034b643d8eb171

SHA256
e960cd80c574871636f95179710bd4011674fa6545321a2d4947a633247bfea3

SHA512
d61ad086558312d70d2a071a1c025f6549b084affeef10ac174a949b58e251730bb7b0fa1c4685ebfaa20f3ccdc5926dad54ee053585c7a507860ac33ef44316

Download Submit
/data/user/0/com.secure.vpn/databases/MonDB-wal
Filesize
386KB

MD5
6354afcfb1669040dd33f86506fd44f3

SHA1
26f80f5e7b40f369e30532ca2027d8ca4fbbfe7c

SHA256
01b1ceda1b3b8ea11cfa2eaaeaa25af76684c8411c90b243fb626bd49be8ef98

SHA512
99c4fce14447f255bdcf1deb850e963bc2640e013ebde0681ad46413d0df60c59d9bbb67f36467dccf40528f102e5716f9867dd7b794758ba3905f6cd0041ea0

Download Submit
/data/user/0/com.secure.vpn/databases/anchorfree-ucr.db
Filesize
20KB

MD5
c2a766c823646d51ce83dc128eabaea0

SHA1
bd9f3eb47edf3a37a3f8bca130f6ae5009fbef2e

SHA256
2a9824654df72f159f8dc612c314d4efec13683e72653b6d898f9ad997707752

SHA512
1bf424c9d14c9792507264caa9f13e48bcacd17c511b8298ba788be6afd0f7b515aa37e0205d3d6bb89d0958ce383e890446ea8cad5cfc7128cfe60ec86fea5b

Download Submit
/data/user/0/com.secure.vpn/databases/anchorfree-ucr.db-journal
Filesize
512B

MD5
6b25c48a1a154e8b9b18abf660c1488b

SHA1
3e667f4738ad3b01bd6c56c82d352981991242f9

SHA256
b7629c3c2dbec2729049a079df524351fb9f0b38a517bc52fe4a674983f24437

SHA512
733cbfde98700eea243c038dd09bc06300c6144a1a2e047b834ada50b0b36020afe2249360a2feb435f6afe272e8536c68d836e25d853d897a6c8fe63042f802

Download Submit
/data/user/0/com.secure.vpn/databases/anchorfree-ucr.db-journal
Filesize
8KB

MD5
8648b41041901a6a15a9b361679a3980

SHA1
8a55a47abaac38504be945dd55e552edea322389

SHA256
6ab976f8de91b08b653f28a4efad5d3f09d9e0949af25765807eed2496195988

SHA512
5659110be3077faf189aaac02880de4cf17617205688d690cc6420d0f7251b4f424692058ede106c613f4be72ef2129c07a5b036e15252ebddff5df7cd09e352

Download Submit
/data/user/0/com.secure.vpn/databases/anchorfree-ucr.db-journal
Filesize
8KB

MD5
497685de0f57ae6c42c0e78bd7ea2ea7

SHA1
576a83b807ed53626140c4dd4e9feb8e9b763bd3

SHA256
12de7d9b840d401b3b0a548656c3a3c7ea9862244c1b14e4214bf46963bdb708

SHA512
ecda6fe5402cde0fae580cbfd836da832fb8d10bfc594e4ee4b71d8b8ea8d97cbd9b49bc439baac899810a0f8182d20097949b510bf809dfa977690f6154fe1b

Download Submit
/data/user/0/com.secure.vpn/databases/key_value_store.db
Filesize
20KB

MD5
02eb05e1fe13e25805c2e38f67faaf38

SHA1
ce05cce433176a5faf3b94efaeb771920bccfba1

SHA256
53bec041612b8fc83bbd5aa864b3f6dc3631896f2a01d83ef627bda7d001b148

SHA512
6ad3cf3e1f92cf41e719f2fb6c442fa424f930d9765fdf8c3c962f8da9b232b2604d105cfb7e682bca3ab7718e5fca7bf2bdff3381124bb308d276d49c85c0a8

Download Submit
/data/user/0/com.secure.vpn/databases/key_value_store.db-journal
Filesize
12KB

MD5
9c02fdb99574bfe869f274efe7438121

SHA1
583fb2ab449a73f2b5ce830b4e5a132c8b5c34a0

SHA256
c68fffcb79563af823ac9a2933ac8fd9b92147cad7ef4bcb683a11b2f45fe46c

SHA512
8655b0d2b05ed13941b53c692abf7e6818924970c30562afa9ba9ab82ccaf783ef393aa22ba0e5853fad6dc362c565299111e91dd3041457446af27613e78d34

Download Submit
/data/user/0/com.secure.vpn/databases/key_value_store.db-journal
Filesize
12KB

MD5
f078ab0d51d08fe0905b90ec06016da7

SHA1
164dee44d00fecf07c93ff8967c6267a136aab15

SHA256
228d374f49863ff580a10c961360d68bb0f33bb4708180e71553cb8df996bbaf

SHA512
f01ab818c85873ec1b4f08cee723cb8897c0633c3a9cd0daab23e587ff3aaae52782d20c9645c6ae95a6bf74449b4deb8aa09ba1b2b6977e80dfb6b6eefc9d76

Download Submit
/data/user/0/com.secure.vpn/databases/key_value_store.db-journal
Filesize
512B

MD5
4d64318c022eb4857b6853fc39b5e33c

SHA1
42bae2f4b91321d7c57b5ba3a73a7fc8eb1fb794

SHA256
a57035da67e763cdbaee1f9ea2f851a3b2aa50a1a2f0475577eb863c73c03dfd

SHA512
e3538354ff8e68e6be8915600674985a5e6d1133b775928a8e77495d0413633095fbbef099b8bcfd0022dbd716eb4b8c58559d4987f4feef27fd8e5708d87d0e

Download Submit
/data/user/0/com.secure.vpn/databases/key_value_store.db-journal
Filesize
8KB

MD5
82dee6cbbf309078fd21bfacef88c967

SHA1
311b1fd6ccfe3aea4ec85f9e3cb482ab10ac0836

SHA256
1e71242268797446975ec60955125a6bf173b02beb64f37ecfc5267ae4d758bb

SHA512
28663a9f1f8558424ddaf02da696e04ffd621f6c53724ffb1e043a732efa4385ef963b97b99a47743113ec8852f61db7df747ac9dec7a0fcf2097f110b66cd6f

Download Submit
/data/user/0/com.secure.vpn/databases/key_value_store.db-journal
Filesize
8KB

MD5
c7b779c41472c255a5282d2266c05a5f

SHA1
b2366afca82ac49821236307bc321877e4c9b8a0

SHA256
21b40c39965a4be6ee150132ae89100733ab0aa10f0ff6b5523359d0c318ccba

SHA512
8611ef8a0bf72861d8172f0e1ad4bb3f7fbc1bfee3dff2b011a6c23ddf5ee329d7b7840999be879160de41d3a39457228a62117a47820a520d67fa9b9a5794bb

Download Submit
/data/user/0/com.secure.vpn/databases/key_value_store.db-journal
Filesize
12KB

MD5
20a1e4e482debe4b92bace5b8c9dd071

SHA1
e5f6716705c272ebf2d5d985a25fe9d451b54d69

SHA256
418a29ded2a87492602e170c58ffb1fecd20e68b4b2843fef7289d0129e433f0

SHA512
f75c9dbf13d1d2ac55bf3e8a037b6006c6320472a6b40521b72d16cbd0eb1e1651e17cb6ebc73607e260d8c2615e2da45bc828579d91119b19cfe2ad46b3941d

Download Submit
/data/user/0/com.secure.vpn/no_backup/androidx.work.workdb
Filesize
4KB

MD5
7e858c4054eb00fcddc653a04e5cd1c6

SHA1
2e056bf31a8d78df136f02a62afeeca77f4faccf

SHA256
9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad

SHA512
d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

Download Submit
/data/user/0/com.secure.vpn/no_backup/androidx.work.workdb-journal
Filesize
512B

MD5
47161bd4e8acfbda74030aadfa7eff05

SHA1
7ad6cca7f643445eb82eb8cfe213677e4c8c3c2f

SHA256
30e038ad9a1723508b236ccfa7cb5f92f41335e6d4f235c8ef291cdacaf79da8

SHA512
272a868b5298bfb90208c99f5e7d88da87058f34ab51d9d5d962c35dd447af93b985d6ee50f985cbc7df7f2cef13bbdf374dc5756c9dccb7ccf437c1ee74411f

Download Submit
/data/user/0/com.secure.vpn/no_backup/androidx.work.workdb-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/user/0/com.secure.vpn/no_backup/androidx.work.workdb-wal
Filesize
108KB

MD5
0f5a493aa96f4d03c879e6a98f866b55

SHA1
64b0f139148a402267496e44727a07669748603b

SHA256
1ebdc4897c70e54fbd75dbb19540b0544a41b393b25c13a5485b0c3c2751cf8f

SHA512
a8f9778fe84dceac1ef2d9d486f0013ff2939244e28144997d3b636979da5cd6224bd8eee5679bd543c5dfef3ca64fc92c3aa91d651503b655af8ff4980f51f8

Download Submit
/data/user/0/com.secure.vpn/no_backup/androidx.work.workdb-wal
Filesize
189KB

MD5
40679221b6cfe2e015d9fec22d16ad1f

SHA1
d27f918fa3ae7cbfa3ca2c8a409d3c93061211db

SHA256
83a2ff013aea65eeffc487efba1b78fadae69bcc8877d44d91a6ed5a0ca0563e

SHA512
9e153b15196018d3d09a420cd24234e70f461e19061e54d10534b8627538d6208fa6c532648dd0c4a19a53cf6c242e0d66cbeb0ab8ae60a48c3f74c9ac09c26d

Download Submit
/data/user/0/com.secure.vpn/no_backup/androidx.work.workdb-wal
Filesize
16KB

MD5
7b156da7f3bc4c7b6fc8baa6135e6ab1

SHA1
356134c3622d31b0afe41ec71a222b3ff90e23fb

SHA256
e4e68e90644a271f86b6993c2f0ee07f4ef4e66bade5c02656b10e0011985d21

SHA512
b8bec8fca1d4c7515e5d3ead4a3a475052c86bb1ee614408de4c63f2dadecf884beac1f213e8a84590c176120ae074d212e4dd9124698570308dcac62d1598fa

Download Submit