3277e4ffaa712e938996baa02f765a82c804924dd3bd10f7a1467644770772da

Analysis

max time kernel
179s
max time network
128s
platform
android_x64
resource
android-33-x64-arm64-20240514-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240514-enlocale:en-usos:android-13-x64system
submitted
23-05-2024 12:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

vpn3000.apk
Size

11.8MB
MD5

25b615ad17a2c229cd2693a8124c2ab1
SHA1

116d18de7432390ca4b00d815e3319b58ae7d373
SHA256

3277e4ffaa712e938996baa02f765a82c804924dd3bd10f7a1467644770772da
SHA512

08dc1960b08e1a9a40803f876a44061e3c72de0dfdf799cd038c96c5cd6fb0d7d865cf8f162ae82d1cd12f30b37a0781f98a1db31dfde20c42e4cbd0e08c7189
SSDEEP

196608:EUcpeW0suT9yoqBwU00wrlya9NqlpuQsdzWc7yi0U56n521Cec58UxAMxlBD4K9c:E6Io0wr0acl22xR5CCwAfR4K9VO

Score

8^/10

collection credential_access discovery evasion execution impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs
evasion

T1426

Processes:

com.gi.vpn

ioc process

/system/app/Superuser.apk com.gi.vpn
/system/xbin/su com.gi.vpn
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.gi.vpn

description ioc process

File opened for read /proc/cpuinfo com.gi.vpn
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.gi.vpn

description ioc process

File opened for read /proc/meminfo com.gi.vpn
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

T1414

T1641.001

Processes:

com.gi.vpn

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.gi.vpn
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

T1424

Processes:

com.gi.vpn

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.gi.vpn
Acquires the wake lock 1 IoCs

Processes:

com.gi.vpn

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.gi.vpn
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.gi.vpn

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.gi.vpn
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service
T1102

Processes:

flow ioc

49 raw.githubusercontent.com
50 raw.githubusercontent.com
Reads information about phone network operator. 1 TTPs
discovery

T1422
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
execution persistence

T1603

Processes:

com.gi.vpn

description ioc process

Framework service call android.app.job.IJobScheduler.schedule com.gi.vpn
Checks the presence of a debugger
evasion
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

com.gi.vpn

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.gi.vpn

ioc	process
/system/app/Superuser.apk	com.gi.vpn
/system/xbin/su	com.gi.vpn

description	ioc	process
File opened for read	/proc/cpuinfo	com.gi.vpn

description	ioc	process
File opened for read	/proc/meminfo	com.gi.vpn

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.gi.vpn

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.gi.vpn

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.gi.vpn

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.gi.vpn

flow	ioc
49	raw.githubusercontent.com
50	raw.githubusercontent.com

description	ioc	process
Framework service call	android.app.job.IJobScheduler.schedule	com.gi.vpn

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.gi.vpn

com.gi.vpn
1⤵
- Checks if the Android device is rooted.
- Checks CPU information
- Checks memory information
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Acquires the wake lock
- Checks if the internet connection is available
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4347

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.gi.vpn/cache/volley/-6860137-1423777433
Filesize
12KB

MD5
89a08c499bd0767188378b2a39fd0847

SHA1
f849e34b9c5c275310f856d36da428f4dc27d16a

SHA256
faf94b551e6e12c75d92090bbebfaea39cc334a8ded923376bdd7d58d5bddc8d

SHA512
96607214ba6db9c3040bf304ab52e6dfe21b7f72e9f44d3db04d60ab7e2e169fcc0532818fdbdb2a95186e1721a36f68947ae8bc70fefef3c463f26dda513808

Download Submit
/data/data/com.gi.vpn/cache/volley/-6860137-788939276
Filesize
649KB

MD5
7f66440a0797144d709651ad913493b4

SHA1
e123b072d781d112d7e015b6ccfbd3faf0bcdd87

SHA256
b0d7ebabbd7f30a9ab1b236ae06340cc971c5d09e613d1320b3a3928a21f21bd

SHA512
d4390d885454615be817adc27c54b3596273e6ce984a229ccb59d04702fbfcf73ce11311b8bf3cdfb4966190448d03f79773b908e6bc591b78e421d2d77ddf9b

Download Submit
/data/data/com.gi.vpn/databases/com.google.android.datatransport.events
Filesize
56KB

MD5
4c0e867f6b155cafc823b152766d9e55

SHA1
e8ba8d208ce2746a2fc357f434a945a70ae9d58d

SHA256
beac6a83ffa3eec1560c51cddb8d6cb21a87dbcfff358a39fa18f6e41512cbc2

SHA512
10384ade8ce0505147d8447f6b190b4d09fd4c3b63855b91bbbf4221f57e21a09207d307f203f55431d6d02a7cb0bba354afe29c41ad4d70a98c5aa8d26012c7

Download Submit
/data/data/com.gi.vpn/databases/com.google.android.datatransport.events-journal
Filesize
24KB

MD5
ca40293d4bc08c831ee7541a0642f940

SHA1
aef294a27b71c644370531fb9b7cb3ba0fd2988b

SHA256
8f4d5503526aa48f1c1ebc4b534b07a3d8ed0e536169593cc190e797437903c1

SHA512
cb8ac6fd23fd02892c53b83d09f54e61adbb80ddc38df58b258ef5076a1744f4cd9c889292e23f56b446e99accd4966d9a0edc084e9cb3ee84aa2577e1d95ea6

Download Submit
/data/data/com.gi.vpn/databases/com.google.android.datatransport.events-journal
Filesize
512B

MD5
4d625df6e32bd2008773cbabe63d7a49

SHA1
29d57f2af09c96f3233f704750c4c2406764a4d5

SHA256
d53035a7f04561c8d72f78c6d477813691ed999680e7867b1581cb39642afebe

SHA512
61fddd0c35e02db765e9bd75a7644ba7d2ea22dccf3a0f06fb715bb1605714f86d38fa39f0c044409603cea445b16c75160720db095a1deb3f123c951fa2df7b

Download Submit
/data/data/com.gi.vpn/databases/com.google.android.datatransport.events-journal
Filesize
16KB

MD5
01a915feb4caa8209f7b721f6fa4b788

SHA1
4eda8e6cfe1fc71760208c4e47f3dc870ad86e54

SHA256
7e88da8639974f640a0ecd34402f0a2e1b3b4b0104827bb4113bc757dc74c12e

SHA512
8e50eac7f97b183336e645410d20ddc91a742cd68d438a3f6d8fedca3cfb3fb31b10a91225d3ff55d498d2b89f846dc69fe7430d03793fb23ba3e9d8d6839266

Download Submit
/data/data/com.gi.vpn/databases/com.google.android.datatransport.events-journal
Filesize
20KB

MD5
c3f15c070004100bf54de118f2c11c70

SHA1
301eb4b34c96f1c651b27926358ca2d21ac2631c

SHA256
67a4ba4012f5f162a0798d1f981f0d4cad4088519e235aa42c737914fb33ca65

SHA512
79d7b52da7fefb1711575e785b4417521326fec4309523073d14d83e2ec57728a32a981346cdf5262311ee1742b090799cc5a2ee140008c17d3d0a41c3728778

Download Submit
/data/data/com.gi.vpn/databases/com.google.android.datatransport.events-journal
Filesize
8KB

MD5
63339cb8a11209ee9d5c0306afddfd16

SHA1
e61b30ae1831bb6f1e5fe5f076b89923db1e4913

SHA256
a4dd5863b0b4dd8f98870854d9d8623ae3af014ca22845f5b36e6dde0f5d536f

SHA512
ee7494e2d0394573c98c9f16bee00ef6eb128ae94c38acd4761160d0aaaa47fd48a8a4a9bd0944e4319a3cc333657b8c33d067e2ec978f4341ce5d29811aff6a

Download Submit
/data/data/com.gi.vpn/databases/com.google.android.datatransport.events-journal
Filesize
8KB

MD5
830b8f6906245a9068910aaf782a4758

SHA1
e755f20a8120d4d75878db68e4eaee8e75b67571

SHA256
6bd0b891fc7bd2e545c539144d340a23a85b9189cbc1f5af987c3cf85a87a993

SHA512
c81418b30b42d343611383a46b24a71165edf498c6f489eda71ecf8b059cbba72cd2bb2909ed963d378971e788f3e7a51e111f1e77d40ae27612e3d2f5cc1a4b

Download Submit
/data/data/com.gi.vpn/databases/google_app_measurement_local.db
Filesize
16KB

MD5
62ad4a05cbdca7f47b3206b7dbda487f

SHA1
4f4044cef7b7b1e5c6184ed9025267fc92bf0cd3

SHA256
18b909096c7c61d51ab076ae8e562effb0d4ada28e2a4ecd0e6b88ef58f6b2a6

SHA512
0936531ed1b2b356a247123200739a43cfc765469ab47a424dcd6e3d1176092a212b0a28591d07f8c2d0cc9d2e0eeddfcea8dde314c2f9343783c61075b071a6

Download Submit
/data/data/com.gi.vpn/databases/google_app_measurement_local.db
Filesize
16KB

MD5
f174f5a98e110cf6cfd25d7e628f027a

SHA1
ab84eec89dd8602c1a1fd2abd231e2d4c97b782e

SHA256
c03193c3d1e351bb0ae08e6bf759772493671b71b124748d28321aeb1708e153

SHA512
3286bffad60e65cbbdc6d620e8366ea2424d750fde19595c9b51f6b891a1034f693dcfb4b75f0fa7f3d137b1fec2f570f6aa7fb7b420c5930c7dd1e659aa19da

Download Submit
/data/data/com.gi.vpn/databases/google_app_measurement_local.db
Filesize
16KB

MD5
51b5775b1c9637249101778ab7c2977e

SHA1
d4830d223b4e557121eaf798c91eb26c854ffab6

SHA256
96bdab38c0a318146ac57fd9697ab9a45f3d975c143d3ad4130201cbde1c0e0e

SHA512
7f6a9157aa50034c29d17e011049f83ecfa72db898137426e16129098c1c6a924158626fd265f61d19c00478801f30b307133007ad363751c7906f0acf353a12

Download Submit
/data/data/com.gi.vpn/databases/google_app_measurement_local.db
Filesize
16KB

MD5
7f8618d4f722548bf5926372d884e5c9

SHA1
57a63b3cf636bdc2a9e7d0bc4b33c5870d4e3a1d

SHA256
c95d17f9065b293dab842e4bdaf70846ec84c96073df673ae56c527eae4b5093

SHA512
ac8a75145f972bc87998028a39424db05e9c872262fdd45bd293648bf5f8bf0099015c126b3691e067d5e5380801f87cfa4c664e7de141df7b4b954c46a9957e

Download Submit
/data/data/com.gi.vpn/databases/google_app_measurement_local.db
Filesize
16KB

MD5
0a499ba7028e72617c6f9993356f60eb

SHA1
8b17de76d14a5b34fad84b31af3224d06d32bb5d

SHA256
091c2e49302459fb0f94183a89c391f8b6554817da26631b14d00b67a54e10f8

SHA512
09bdde81c138f418d36efc4441c709597ed867332b093871a32e9b2943ddc82147d8866dcb4446426d2fd925342c2f5a3d36371c64d662dd2a04f317f58fcff5

Download Submit
/data/data/com.gi.vpn/databases/google_app_measurement_local.db
Filesize
16KB

MD5
7848f63d5c39f43e754fb5b91cc94ba5

SHA1
e08f2b51180348247e9e16f79eb5570635ed305c

SHA256
007678b3a687602169791a4bcb6d18d162a9a8efa6f8a90652838e6c68c3d025

SHA512
5e7f57361600aeb43594f5afe4f24b59990797d7e554d671ddc72cd3d484f45a8dc167846d8d73ae2edc910927f5db974dbbbaae9da7747084380c84c87c451e

Download Submit
/data/data/com.gi.vpn/databases/google_app_measurement_local.db-journal
Filesize
512B

MD5
94a7ba268940aebfcdd29291f51c8ef8

SHA1
4fa8503ed58e853f3371edf3b98fc2147960a794

SHA256
27ca59b5cbfaf979bcb7e44c61aeb2e4e3e7aa02efe7cddc5f8da91a188ed754

SHA512
fc47fedb47b2d1f17d49bd78bf7d2ea2a49ff39fadc6ec19d97a12e9513bf1822c73028da711a8fa1481ec60d108fe2e7b4606f2d92b1fbf93d264b57b43fa53

Download Submit
/data/data/com.gi.vpn/databases/google_app_measurement_local.db-journal
Filesize
8KB

MD5
4eaa6244a2f128b34267a84f1f1c45b3

SHA1
5f6549935c060ecc77f9b874ce5ee8695f92eeb0

SHA256
8692d71a697a7235fc496810258eef9c6125239d44cd7cee9831a18863d8726f

SHA512
f3c8ad72da8d2fcc96895cc24f820def812b5b2774228c2bf642fad2c46e428dc0bb1841d0f189398d2aae910d5df0ff25aaaa31466fc2d484a857ddf9911561

Download Submit
/data/data/com.gi.vpn/databases/google_app_measurement_local.db-journal
Filesize
4KB

MD5
87f5ab6077d7cddb9a79ab697177ddeb

SHA1
038a469fd17225a09afd71785b48245d4e7d3655

SHA256
c2744f1af4cff35fdbfac6eeb251fa7913d996cd3113711418dde5c17ab8fb1f

SHA512
4fa3a63c2a0c156908a5ef7b7dfdc9fcc982451919752a06b2d3854a33bc425676f66c98526bba0be96bcaed273e29e01ab58874cef7976a5476d4bf0429b16e

Download Submit
/data/data/com.gi.vpn/databases/google_app_measurement_local.db-journal
Filesize
8KB

MD5
36e9a42216fd843f9be14a003ad8f077

SHA1
1a5416077d2ff60fed88adb5a5a0147ed6021bfc

SHA256
db9c76be98a2d039c97899d80ca94f62930dc7012e73b8f2cb552dd8eb2007b0

SHA512
cb083400554b5287f7ef288f8ce7034c5ee480f02cab1557c17f15a518b9d87a81adadfe6e867ed4e43b53d7e3ae6e7a26c059a33782df466308ffac145db387

Download Submit
/data/data/com.gi.vpn/databases/google_app_measurement_local.db-journal
Filesize
8KB

MD5
b4344267e3c066b5a6a3a97f1788aec2

SHA1
de763ca495ea885f63d568387c5f13f2f390aa6b

SHA256
738158bf660660f540ddd293cb687775c01a8694d4444e28ae56e9002573dd75

SHA512
2af9ff0b803088d9b53605cd31736deecca5f409e6de67ceff8b97ef0be75f4b24345889f316280b39f2f477e75bdf93ff40d38e439ddbffe61a50f6d678a7da

Download Submit
/data/data/com.gi.vpn/databases/google_app_measurement_local.db-journal
Filesize
8KB

MD5
ca6881f0d0544aead5b47da5f678db51

SHA1
d36ea84589829fccedec6a3e356e7944bdc13b56

SHA256
ce9b0e7165967a5e9c64e6f72d52934f14658e36daceae65c9d0a5d400016e25

SHA512
cf55184c28c9b484fdcaca02edd4dd687a705ecc25d38058f5ecfa99f24056d2cbbc3b25866bca8bac0a0ad14d1f2a6023bf7cb6eb02566151ada3d2753dae1d

Download Submit
/data/data/com.gi.vpn/files/.com.google.firebase.crashlytics.files.v2:com.gi.vpn/com.crashlytics.settings.json
Filesize
706B

MD5
e3234999e9657b8804ef7f17f264ee13

SHA1
fce6ac838602d6e3e2cb30fee9e2a57a50d8fd36

SHA256
8137fd588b9f2035304ee859e8d57f19bfa5497d25e0cbfdc6e5c29015bd26b6

SHA512
08ea88a3af0eb266937a0ca7798b6b065ea17e7951c0973f493a7b2f41534014e7bafe6a532645377a51befc3e2297eb97a9d063e30da39c724a3e100c9cdb0c

Download Submit
/data/data/com.gi.vpn/files/.com.google.firebase.crashlytics.files.v2:com.gi.vpn/open-sessions/664F3CF200DF000110FBF30A7E723859/report
Filesize
785B

MD5
05b0498b0217c29dbed9d4ed8f85e4d3

SHA1
27c36be9b64fac8f5316e93c0631b1d8333d7552

SHA256
a82c3e0a3842672225842789e0fc7e6b4b5a7b4ed7f71a30359502fa32617fa2

SHA512
041fb2bea24c1d9cb2f74435da6cdf283b1433384c21742504c7dd5b549e53ab4f03c315fd296e2037e746e636d869485710410e15131814a797875ec9504a14

Download Submit
/data/data/com.gi.vpn/files/.com.google.firebase.crashlytics.files.v2:com.gi.vpn/open-sessions/664F3CF200DF000110FBF30A7E723859/userlog
Filesize
926B

MD5
67b19f05d41cd8518c5f4ab976d57570

SHA1
cd0a2a0e2f36ac07637661d9ae0cd18b523c0abc

SHA256
fae314afc9cad1853d3cb895d8224a158113470f569cef299d7115b15d6d015c

SHA512
1af491d970e41bc535a7f6bd411bee8e5a049044e22e1118ae07b55295d75b81c64f7cc8e4eec8e58823bd647957b58a5927ada3fe44785d054b057a73fff65f

Download Submit
/data/data/com.gi.vpn/files/.com.google.firebase.crashlytics.files.v2:com.gi.vpn/open-sessions/664F3CF200DF000110FBF30A7E723859/userlog.tmp
Filesize
16B

MD5
c33583fae4e0b61cde1c5b9227963237

SHA1
fe2ebe4d27469af1460f7e852031a04208ef629b

SHA256
35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

SHA512
fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

Download Submit
/data/data/com.gi.vpn/files/AppEventsLogger.persistedevents
Filesize
258B

MD5
6443983e831ca1f8e2e2c0a009578eef

SHA1
9fc61ac7a07cd32dc3019192d5f1b07fe9e31b31

SHA256
c60992e811a73149a37838e4ad660d64fa67dd931050d0806014a80d748e7532

SHA512
1663dd15da0cdd2e6092b42fab759a86f894a2185554e7f0981ec1b872c6873a48bdacd7f8c69425bc7eec3b3220ac5915be8a0d92267ec56dcd32244e9c738c

Download Submit
/data/data/com.gi.vpn/files/AppEventsLogger.persistedevents
Filesize
258B

MD5
e5a55e22369b47b3a6dfd4ce884fd3f0

SHA1
8fdc5616ce982b4708b5ce4adbb709c5a823471d

SHA256
d3fc2e520e9158e5fc7902c26899fc91f90bac09019595a169bcd9f440555398

SHA512
cc87975f81e8c28075087b31a9585cf4981fcdfdca12bcd59c0e52bc41a71ef47eb26d8adb298e8bbb59e7d5f64d2371df483d7a4d0faab420e1b38c63e0f828

Download Submit
/data/data/com.gi.vpn/files/PersistedInstallation4309835687892865015tmp
Filesize
568B

MD5
bf5128ca0346ddf735e02ce36afe4416

SHA1
e9ef0e322069f555c4e0d35be28147a1a962f9ba

SHA256
4fea561178393e1642f720c01df94e54ee7ac0de85da4bd90e7c8f60c75512fa

SHA512
367718d2392b6d0e842d9f583e3b5fefcf3061df3183df0d125d842e78e70801f66391fa9248f44b11fb2c98761332357b22a095f0f8d1c2d977c869d0375349

Download Submit
/data/data/com.gi.vpn/files/PersistedInstallation8744840027129149006tmp
Filesize
90B

MD5
bee30a0fb41be906da84e437eb7406ef

SHA1
c6154802a9312a0feb4a0e3318225c8d2928ec00

SHA256
1a739a941d9a462115a86276859506951cf43910727561a796423454365d665c

SHA512
0d71fe32fcf41e4b0e5976d0ff73366c3ef29883105b7b50e69bd9432b6615bc8383b8d98328ff112c06a5e515e527da9ab9a6e05da6b7f64689af330b46a416

Download Submit
/data/data/com.gi.vpn/files/datastore/firebase_session_settings.preferences_pb.tmp
Filesize
33B

MD5
35b51faac8b5af3886e70bb5a885dab1

SHA1
e6cb282da46cd4bf113e25c8573268578dcd11b6

SHA256
af5b3362ec35985974c6b73eeba53e5063861f2491252d61d8cd42168aa5ed6b

SHA512
6ad5e9766cc03a4436e1440b9e47c44da6c6440a3c94b1cc988f8c5680043cde6f7b7e02b2b4c71b25df4209c39ed099fb65fdde02a9f09464609a1abe6af8fa

Download Submit
/data/data/com.gi.vpn/files/datastore/firebase_session_settings.preferences_pb.tmp
Filesize
75B

MD5
944e6a5a08cb971370c65c06061f0ab4

SHA1
84d47725cc29bf167b782c702575bce4bf2ecc5b

SHA256
ba8f4af0e35f93cc15649f4c51969f5279421fc12deeafaddec5e5c48aa58dab

SHA512
bdc404233927a6a99160492d0b3e2cf00776d51b33612b8c9ecba395747b3572cf1790269fb199915aafe84c546d30e3259833c9d00af8c412823396882ca783

Download Submit
/data/data/com.gi.vpn/files/datastore/firebase_session_settings.preferences_pb.tmp
Filesize
121B

MD5
ffcbf87665a36fc21782400bd0537e79

SHA1
3dbfbdbfdcde953317b089f9a9fa0bbe50c698ee

SHA256
a21d3bf2cca0951e9e7b3fed43cafe9f89a4cf9d844c82279b260852d0ee473d

SHA512
7f98ac150c422eb4f1126d86501d0435817ceaa7eb5549e4d21a295d57be3d3fed4388cda782c084130c4ac8d57a4f225139a2e42e8a12b34cc1679140d16b57

Download Submit
/data/data/com.gi.vpn/files/datastore/firebase_session_settings.preferences_pb.tmp
Filesize
163B

MD5
dcf7d6c1cfd5e7b56074e3001577c78b

SHA1
b8eba89aee9f6688ecda6675ef8ff4998da0b141

SHA256
ba0830617929c78abca9391c2059f89c78049911f502ef5525d39341e4da2b91

SHA512
42d75be824d69de23d2e8605d60c3608db20ed5c059f5b67c63ca2845484c67150aea88a3aae36aae12a4ea266fb6b469d09f765bbcd444350d836ab83f7695d

Download Submit
/data/data/com.gi.vpn/files/datastore/firebase_session_settings.preferences_pb.tmp
Filesize
212B

MD5
f4ba1cb0d7cb13f4f24b79128d8aaa70

SHA1
81ec888322a1fcdc6288f706b5831bdc3f7bd4cd

SHA256
136dcffb61c1beda7e896c3a5ac3482c5fca76f33e5b65adb5175871d1a370d0

SHA512
bd739baf4b3e8b61f226dc1ef89ead60ef0ea58f8369af21dcd1a1cbe85f5a863d709debda6cd976ec3e37759f75b8e7480586bf01c4ff360ab5da676d6c3d77

Download Submit
/data/data/com.gi.vpn/no_backup/androidx.work.workdb
Filesize
4KB

MD5
0eb157e1a86d4d00aa601dd2f6ff3ee3

SHA1
fee434f784e73cc7916322e949f727caf8363102

SHA256
b9a8194b71a046e8c0eb30995827b582b4bea834f630a5df2483b778a7d7d8a4

SHA512
b9b79b8c3af8a3f140df230fd89e95206358ba50ff214e7323a2dbbe2937b795f970e588302ffd5d721318bd597ce0a27af26d6cdb07f45569c30209845082a8

Download Submit
/data/data/com.gi.vpn/no_backup/androidx.work.workdb-journal
Filesize
512B

MD5
4db7d39a1056cb8caac6d832d3d3ddc9

SHA1
de5eb30475f080ab59bdedce78eaccfbff2ea6e9

SHA256
98e774fc32074ed9ffa949dd6e4a997e3609617691679fe3e3af7121cec3362c

SHA512
614d71388c3f49ead0e18f95d81823c9d6c1141ee72b7d70da3b4a6f414b02bd66bd0b252e22b43ba2e7b1ef92674535a530ba29c17e187fd7e3b6b624262626

Download Submit
/data/data/com.gi.vpn/no_backup/androidx.work.workdb-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.gi.vpn/no_backup/androidx.work.workdb-wal
Filesize
16KB

MD5
4081b86612ad43ae10def2dda2e5ec0f

SHA1
0800febb74db6b5a058ec5c65806ebaadb58551a

SHA256
5ba9cba8018d48aa9903875300a133bffcc7fd8fb94e324e8b5fa2185b6d3e46

SHA512
e44321522492cf2fbeb11430cc1087bfe7a15b01461af83d734f0f6cfe7b2c3f821d3764735b9ede6575132809c1e523a9654c7ee3b42b2291a6c7fdb368488b

Download Submit
/data/data/com.gi.vpn/no_backup/androidx.work.workdb-wal
Filesize
108KB

MD5
27d82d536c304643c737c8c361ac59e4

SHA1
eaadbd122a9023323a9c864fe3aed686011a5f12

SHA256
49ad84688674af83d2fae68b8f7bb879d837a4bd86f7c33efc5a45ad4f3bbff8

SHA512
3df70d59af3a0acc061d9218fbdc1e79c0a6977313941d2d23b50f1261528f4d8a4a98bd265fc0dae4bc7b901e820139f2785e29628c8f480da904817726630c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads