b04ceb9e211acc72b2af0ab26e20e502ecde25e4be9a465ec77d16ca9da1bb32

Analysis

max time kernel
85s
max time network
159s
platform
android_x64
resource
android-x64-arm64-20240221-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240221-enlocale:en-usos:android-11-x64system
submitted
10-04-2024 13:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b04ceb9e211acc72b2af0ab26e20e502ecde25e4be9a465ec77d16ca9da1bb32.apk
Size

31.7MB
MD5

3c726b77585d359a5bbff08afd682971
SHA1

2fbdc11613a065afbbf36a66e8f17c0d802f8347
SHA256

b04ceb9e211acc72b2af0ab26e20e502ecde25e4be9a465ec77d16ca9da1bb32
SHA512

9a11f73c948877b6c6ac7471a2ab67829808629b07549f2a2ee83df0021a1e284fa98bf6bc9d64f8a0c32c9bd1cb0ba28db807992c055d316916f0df2a0c76e3
SSDEEP

786432:eyg3Em1Dt8TjhYsVsDU86F+VQ9IKlGG7JeoX0638:e7E68Tjh718+kXKGGdpx38

Score

7^/10

collection evasion persistence

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 4 IoCs

Runs executable file dropped to the device during analysis.

evasion

T1407

Processes:

com.openvpn.securecom.openvpn.secure:openvpn

ioc	pid	process
/system_ext/framework/androidx.window.sidecar.jar	4590	com.openvpn.secure
/system_ext/framework/androidx.window.sidecar.jar	4590	com.openvpn.secure
/system_ext/framework/androidx.window.sidecar.jar	4632	com.openvpn.secure:openvpn
/system_ext/framework/androidx.window.sidecar.jar	4632	com.openvpn.secure:openvpn

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
evasion persistence

T1541

Processes:

com.openvpn.secure

description ioc process

Framework service call android.app.IActivityManager.setServiceForeground com.openvpn.secure
Reads the contacts stored on the device. 1 TTPs 1 IoCs
collection

T1636.003

Processes:

com.openvpn.secure

description ioc process

URI accessed for read content://com.android.contacts/contacts com.openvpn.secure
Reads the content of the call log. 1 TTPs 1 IoCs
collection

T1636.002

Processes:

com.openvpn.secure

description ioc process

URI accessed for read content://call_log/calls com.openvpn.secure

description	ioc	process
Framework service call	android.app.IActivityManager.setServiceForeground	com.openvpn.secure

description	ioc	process
URI accessed for read	content://com.android.contacts/contacts	com.openvpn.secure

description	ioc	process
URI accessed for read	content://call_log/calls	com.openvpn.secure

com.openvpn.secure
1⤵
- Loads dropped Dex/Jar
- Makes use of the framework's foreground persistence service
- Reads the contacts stored on the device.
- Reads the content of the call log.
PID:4590

com.openvpn.secure:openvpn
1⤵
- Loads dropped Dex/Jar
PID:4632

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.openvpn.secure/databases/MonDB
Filesize
140KB

MD5
79df1f6ee301230a26c4b2e25222f1b6

SHA1
1057f63087fa8a8369f29cd9c02e27ef698f0a25

SHA256
843c22f6b608ba2e00453ef0f0e7c2e5b330abb615c63498af569375ee5d6614

SHA512
b3b86e8fafff336f630bac4c1be92fa2d2e9cc6d62e8d059139d4078989aa5c642b76d14019f49dd240f582da1c2700d9807dd670ec386e288ffcd66a9c47aae

Download Submit
/data/data/com.openvpn.secure/databases/MonDB-journal
Filesize
512B

MD5
fa09b842ce51067c6b67ef646bd0a503

SHA1
2f584af5f983336eb4bcb527bca8f0a1c0993036

SHA256
aec81550614b5779cb860e2bd39b2c218795ba28e2b3a09901fb9ddb2ac04371

SHA512
cdff26c2214d416d041f87ff09b88cd6c77e165290b397871015267e66d1a449bd439d330e9ffd128f04220f0d23b148b568f6447d0120a3961ec5fe2630de1f

Download Submit
/data/data/com.openvpn.secure/databases/MonDB-wal
Filesize
152KB

MD5
6272fe4453d616a5bdd1bf85463661cd

SHA1
9d0731920721d557322abba491d956b2b23362bd

SHA256
07eba81d7270c5675ec881511b142030d8d17a765ff934cd43a57034b7af6a4f

SHA512
57f2afc5508f5eedb1d06cb3a516e34165e002924c076f9a972398a44d05f0a7813df057c77299577b45744387bda7d863b01708a7b28d3595c417748122c07a

Download Submit
/data/data/com.openvpn.secure/databases/MonDB-wal
Filesize
410KB

MD5
71a60b0d335ae0a1cd4ced44611ee460

SHA1
4b71d6353401c14b2639e2737fb48f35017639ee

SHA256
26970f8735d521d33ed0657219a1d29ede824f3013df538029cb4b7144879f5a

SHA512
8c59aad5961a6d3d4dfb3376662d4372fe90a6ea6e18b89d95e0b4484314fed75cffa11b9a2a6c1f14435d63a0d9db3092ff7e70ef32600ac4d0378dc22975e1

Download Submit
/data/data/com.openvpn.secure/databases/MonDB-wal
Filesize
16KB

MD5
4c381c191e3bf10ee5136937be621906

SHA1
25738837e747e7061e256b8097229e25474ba99d

SHA256
f5ecad1699e56487e85a30f4f1039e3bd2cd2d4d457f7f91bff8286abbbf4ca0

SHA512
bc06d59d2770aaef90965d629e05f75a277a31d7f3a3d37d968b49e4d99040b7004323750207e3bcfcb8f3277e8879f282b0b35e3519ba785b3d9938bc82153d

Download Submit
/data/data/com.openvpn.secure/no_backup/androidx.work.workdb
Filesize
4KB

MD5
7e858c4054eb00fcddc653a04e5cd1c6

SHA1
2e056bf31a8d78df136f02a62afeeca77f4faccf

SHA256
9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad

SHA512
d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

Download Submit
/data/data/com.openvpn.secure/no_backup/androidx.work.workdb-journal
Filesize
512B

MD5
b5ac7f040dca3c8d58ee1d99b9b11eb7

SHA1
97e37de971f3e8a0c0d6414fd308c4b8d3bc6db5

SHA256
5a544c900d3158f2e692f61b36e3cc8c7bc3009fd8f18874dbf86292936c1fdb

SHA512
9497c89b843848f2e007e08a683f23e2eadda5cf40dde4ec8390a43f8d0aa7a63d276e3cf23942adf7868a3be4524d949b205e8f8ab1b05f991956f4c29c897e

Download Submit
/data/data/com.openvpn.secure/no_backup/androidx.work.workdb-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.openvpn.secure/no_backup/androidx.work.workdb-wal
Filesize
16KB

MD5
37d1c4dc38350a7b42f5c9e248ce5ecd

SHA1
5b9f44caaf88c43196b75db48fe71dffb734f49d

SHA256
aacc05bd2eba6be3d50a97d0d3b17cf50269bcb6a52a64d53705b35362b8622b

SHA512
45c881c0aba329b6af1acd7fcd8ee0450e12307e1d1e82f736fe0b626cdbf62063249381eac2fd4fb5325b9c28b38b30c6c1cb80a245846c9f2252da47cb8e30

Download Submit
/data/data/com.openvpn.secure/no_backup/androidx.work.workdb-wal
Filesize
108KB

MD5
e7163b01e4056b507dfd28e21fafcc98

SHA1
5fbfb2bfd7c631c3e2b0f9957fc4c94882acd0bd

SHA256
aa7ae8e03985064bfcf435207aa74e87ff0ae61c219a893efcf242cf0085b1ed

SHA512
5adbac57a256de51fdad291b25baaffdd06b5f6efe294dcc9a087d8ca5f643fe04b5ed768b468fe8b651b5dd7d7ad94a7ff0f2b50374122c5e8c7637adb3ae6b

Download Submit
/data/data/com.openvpn.secure/no_backup/androidx.work.workdb-wal
Filesize
181KB

MD5
391ef869076a2854a93af9abfd787363

SHA1
23e451ea09ebd5f9e8011ba79c613a76cd263ca0

SHA256
02047ec1d496da60c960dbc8951e5f63d716fe431ba727bef6693052d6fa5ba4

SHA512
165c35f50158a526c38d50aa82d0cce50cfc00ede7a1f5b78ed77e418c4e217edbf567495859954b5d37f59af0532871d6d8b4a4d2edb7a17abd66a22c15be22

Download Submit
/system_ext/framework/androidx.window.sidecar.jar
Filesize
12KB

MD5
bdf3529e80318eb14e53a5bf3720c10d

SHA1
25c9ace4b1af6e80ebb2572345972c56505969ba

SHA256
bbc8300dd1e9cd08de8f66560c1ac2c928615b72b51cef9649f88974f586d64b

SHA512
48b9c2d01171bb651b9b54826baa51f4add48431a3efd8ceb5f7cc3bcd6f8f37edf47fabb24349dd15b3a02329cd450f90a8d164bf4f8dfae554bf3b35a8a55b

Download Submit