b04ceb9e211acc72b2af0ab26e20e502ecde25e4be9a465ec77d16ca9da1bb32

Analysis

max time kernel
85s
max time network
159s
platform
android_x64
resource
android-x64-arm64-20240221-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240221-enlocale:en-usos:android-11-x64system
submitted
10/04/2024, 13:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b04ceb9e211acc72b2af0ab26e20e502ecde25e4be9a465ec77d16ca9da1bb32.apk
Size

31.7MB
MD5

3c726b77585d359a5bbff08afd682971
SHA1

2fbdc11613a065afbbf36a66e8f17c0d802f8347
SHA256

b04ceb9e211acc72b2af0ab26e20e502ecde25e4be9a465ec77d16ca9da1bb32
SHA512

9a11f73c948877b6c6ac7471a2ab67829808629b07549f2a2ee83df0021a1e284fa98bf6bc9d64f8a0c32c9bd1cb0ba28db807992c055d316916f0df2a0c76e3
SSDEEP

786432:eyg3Em1Dt8TjhYsVsDU86F+VQ9IKlGG7JeoX0638:e7E68Tjh718+kXKGGdpx38

Score

7^/10

collection evasion persistence

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 4 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/system_ext/framework/androidx.window.sidecar.jar	4590	com.openvpn.secure
/system_ext/framework/androidx.window.sidecar.jar	4590	com.openvpn.secure
/system_ext/framework/androidx.window.sidecar.jar	4632	com.openvpn.secure:openvpn
/system_ext/framework/androidx.window.sidecar.jar	4632	com.openvpn.secure:openvpn

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	com.openvpn.secure

Reads the contacts stored on the device. 1 TTPs 1 IoCs

collection

Contact List

T1636.003

description	ioc	Process
URI accessed for read	content://com.android.contacts/contacts	com.openvpn.secure

Reads the content of the call log. 1 TTPs 1 IoCs

collection

Call Log

T1636.002

description	ioc	Process
URI accessed for read	content://call_log/calls	com.openvpn.secure

com.openvpn.secure
1⤵
- Loads dropped Dex/Jar
- Makes use of the framework's foreground persistence service
- Reads the contacts stored on the device.
- Reads the content of the call log.
PID:4590

com.openvpn.secure:openvpn
1⤵
- Loads dropped Dex/Jar
PID:4632

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Foreground Persistence

T1541

Credential Access

Discovery

Lateral Movement

Collection

Protected User Data

T1636

Call Log

T1636.002

Contact List

T1636.003

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.openvpn.secure/databases/MonDB

Filesize
140KB

MD5
79df1f6ee301230a26c4b2e25222f1b6

SHA1
1057f63087fa8a8369f29cd9c02e27ef698f0a25

SHA256
843c22f6b608ba2e00453ef0f0e7c2e5b330abb615c63498af569375ee5d6614

SHA512
b3b86e8fafff336f630bac4c1be92fa2d2e9cc6d62e8d059139d4078989aa5c642b76d14019f49dd240f582da1c2700d9807dd670ec386e288ffcd66a9c47aae

Download Submit
/data/data/com.openvpn.secure/databases/MonDB-journal

Filesize
512B

MD5
fa09b842ce51067c6b67ef646bd0a503

SHA1
2f584af5f983336eb4bcb527bca8f0a1c0993036

SHA256
aec81550614b5779cb860e2bd39b2c218795ba28e2b3a09901fb9ddb2ac04371

SHA512
cdff26c2214d416d041f87ff09b88cd6c77e165290b397871015267e66d1a449bd439d330e9ffd128f04220f0d23b148b568f6447d0120a3961ec5fe2630de1f

Download Submit
/data/data/com.openvpn.secure/databases/MonDB-wal

Filesize
152KB

MD5
6272fe4453d616a5bdd1bf85463661cd

SHA1
9d0731920721d557322abba491d956b2b23362bd

SHA256
07eba81d7270c5675ec881511b142030d8d17a765ff934cd43a57034b7af6a4f

SHA512
57f2afc5508f5eedb1d06cb3a516e34165e002924c076f9a972398a44d05f0a7813df057c77299577b45744387bda7d863b01708a7b28d3595c417748122c07a

Download Submit
/data/data/com.openvpn.secure/databases/MonDB-wal

Filesize
410KB

MD5
71a60b0d335ae0a1cd4ced44611ee460

SHA1
4b71d6353401c14b2639e2737fb48f35017639ee

SHA256
26970f8735d521d33ed0657219a1d29ede824f3013df538029cb4b7144879f5a

SHA512
8c59aad5961a6d3d4dfb3376662d4372fe90a6ea6e18b89d95e0b4484314fed75cffa11b9a2a6c1f14435d63a0d9db3092ff7e70ef32600ac4d0378dc22975e1

Download Submit
/data/data/com.openvpn.secure/databases/MonDB-wal

Filesize
16KB

MD5
4c381c191e3bf10ee5136937be621906

SHA1
25738837e747e7061e256b8097229e25474ba99d

SHA256
f5ecad1699e56487e85a30f4f1039e3bd2cd2d4d457f7f91bff8286abbbf4ca0

SHA512
bc06d59d2770aaef90965d629e05f75a277a31d7f3a3d37d968b49e4d99040b7004323750207e3bcfcb8f3277e8879f282b0b35e3519ba785b3d9938bc82153d

Download Submit
/data/data/com.openvpn.secure/no_backup/androidx.work.workdb

Filesize
4KB

MD5
7e858c4054eb00fcddc653a04e5cd1c6

SHA1
2e056bf31a8d78df136f02a62afeeca77f4faccf

SHA256
9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad

SHA512
d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

Download Submit
/data/data/com.openvpn.secure/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
b5ac7f040dca3c8d58ee1d99b9b11eb7

SHA1
97e37de971f3e8a0c0d6414fd308c4b8d3bc6db5

SHA256
5a544c900d3158f2e692f61b36e3cc8c7bc3009fd8f18874dbf86292936c1fdb

SHA512
9497c89b843848f2e007e08a683f23e2eadda5cf40dde4ec8390a43f8d0aa7a63d276e3cf23942adf7868a3be4524d949b205e8f8ab1b05f991956f4c29c897e

Download Submit
/data/data/com.openvpn.secure/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.openvpn.secure/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
37d1c4dc38350a7b42f5c9e248ce5ecd

SHA1
5b9f44caaf88c43196b75db48fe71dffb734f49d

SHA256
aacc05bd2eba6be3d50a97d0d3b17cf50269bcb6a52a64d53705b35362b8622b

SHA512
45c881c0aba329b6af1acd7fcd8ee0450e12307e1d1e82f736fe0b626cdbf62063249381eac2fd4fb5325b9c28b38b30c6c1cb80a245846c9f2252da47cb8e30

Download Submit
/data/data/com.openvpn.secure/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
e7163b01e4056b507dfd28e21fafcc98

SHA1
5fbfb2bfd7c631c3e2b0f9957fc4c94882acd0bd

SHA256
aa7ae8e03985064bfcf435207aa74e87ff0ae61c219a893efcf242cf0085b1ed

SHA512
5adbac57a256de51fdad291b25baaffdd06b5f6efe294dcc9a087d8ca5f643fe04b5ed768b468fe8b651b5dd7d7ad94a7ff0f2b50374122c5e8c7637adb3ae6b

Download Submit
/data/data/com.openvpn.secure/no_backup/androidx.work.workdb-wal

Filesize
181KB

MD5
391ef869076a2854a93af9abfd787363

SHA1
23e451ea09ebd5f9e8011ba79c613a76cd263ca0

SHA256
02047ec1d496da60c960dbc8951e5f63d716fe431ba727bef6693052d6fa5ba4

SHA512
165c35f50158a526c38d50aa82d0cce50cfc00ede7a1f5b78ed77e418c4e217edbf567495859954b5d37f59af0532871d6d8b4a4d2edb7a17abd66a22c15be22

Download Submit
/system_ext/framework/androidx.window.sidecar.jar

Filesize
12KB

MD5
bdf3529e80318eb14e53a5bf3720c10d

SHA1
25c9ace4b1af6e80ebb2572345972c56505969ba

SHA256
bbc8300dd1e9cd08de8f66560c1ac2c928615b72b51cef9649f88974f586d64b

SHA512
48b9c2d01171bb651b9b54826baa51f4add48431a3efd8ceb5f7cc3bcd6f8f37edf47fabb24349dd15b3a02329cd450f90a8d164bf4f8dfae554bf3b35a8a55b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads