3277e4ffaa712e938996baa02f765a82c804924dd3bd10f7a1467644770772da

Analysis

max time kernel
179s
max time network
128s
platform
android_x64
resource
android-33-x64-arm64-20240514-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240514-enlocale:en-usos:android-13-x64system
submitted
23/05/2024, 12:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

vpn3000.apk
Size

11.8MB
MD5

25b615ad17a2c229cd2693a8124c2ab1
SHA1

116d18de7432390ca4b00d815e3319b58ae7d373
SHA256

3277e4ffaa712e938996baa02f765a82c804924dd3bd10f7a1467644770772da
SHA512

08dc1960b08e1a9a40803f876a44061e3c72de0dfdf799cd038c96c5cd6fb0d7d865cf8f162ae82d1cd12f30b37a0781f98a1db31dfde20c42e4cbd0e08c7189
SSDEEP

196608:EUcpeW0suT9yoqBwU00wrlya9NqlpuQsdzWc7yi0U56n521Cec58UxAMxlBD4K9c:E6Io0wr0acl22xR5CCwAfR4K9VO

Score

8^/10

collection credential_access discovery evasion execution impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	com.gi.vpn
/system/xbin/su	com.gi.vpn

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.gi.vpn

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.gi.vpn

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.gi.vpn

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.gi.vpn

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.gi.vpn

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.gi.vpn

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
49	raw.githubusercontent.com
50	raw.githubusercontent.com

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.gi.vpn

Checks the presence of a debugger
evasion

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.gi.vpn

com.gi.vpn
1⤵
- Checks if the Android device is rooted.
- Checks CPU information
- Checks memory information
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Acquires the wake lock
- Checks if the internet connection is available
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4347

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.gi.vpn/cache/volley/-6860137-1423777433

Filesize
12KB

MD5
89a08c499bd0767188378b2a39fd0847

SHA1
f849e34b9c5c275310f856d36da428f4dc27d16a

SHA256
faf94b551e6e12c75d92090bbebfaea39cc334a8ded923376bdd7d58d5bddc8d

SHA512
96607214ba6db9c3040bf304ab52e6dfe21b7f72e9f44d3db04d60ab7e2e169fcc0532818fdbdb2a95186e1721a36f68947ae8bc70fefef3c463f26dda513808

Download Submit
/data/data/com.gi.vpn/cache/volley/-6860137-788939276

Filesize
649KB

MD5
7f66440a0797144d709651ad913493b4

SHA1
e123b072d781d112d7e015b6ccfbd3faf0bcdd87

SHA256
b0d7ebabbd7f30a9ab1b236ae06340cc971c5d09e613d1320b3a3928a21f21bd

SHA512
d4390d885454615be817adc27c54b3596273e6ce984a229ccb59d04702fbfcf73ce11311b8bf3cdfb4966190448d03f79773b908e6bc591b78e421d2d77ddf9b

Download Submit
/data/data/com.gi.vpn/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
4c0e867f6b155cafc823b152766d9e55

SHA1
e8ba8d208ce2746a2fc357f434a945a70ae9d58d

SHA256
beac6a83ffa3eec1560c51cddb8d6cb21a87dbcfff358a39fa18f6e41512cbc2

SHA512
10384ade8ce0505147d8447f6b190b4d09fd4c3b63855b91bbbf4221f57e21a09207d307f203f55431d6d02a7cb0bba354afe29c41ad4d70a98c5aa8d26012c7

Download Submit
/data/data/com.gi.vpn/databases/com.google.android.datatransport.events-journal

Filesize
24KB

MD5
ca40293d4bc08c831ee7541a0642f940

SHA1
aef294a27b71c644370531fb9b7cb3ba0fd2988b

SHA256
8f4d5503526aa48f1c1ebc4b534b07a3d8ed0e536169593cc190e797437903c1

SHA512
cb8ac6fd23fd02892c53b83d09f54e61adbb80ddc38df58b258ef5076a1744f4cd9c889292e23f56b446e99accd4966d9a0edc084e9cb3ee84aa2577e1d95ea6

Download Submit
/data/data/com.gi.vpn/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
4d625df6e32bd2008773cbabe63d7a49

SHA1
29d57f2af09c96f3233f704750c4c2406764a4d5

SHA256
d53035a7f04561c8d72f78c6d477813691ed999680e7867b1581cb39642afebe

SHA512
61fddd0c35e02db765e9bd75a7644ba7d2ea22dccf3a0f06fb715bb1605714f86d38fa39f0c044409603cea445b16c75160720db095a1deb3f123c951fa2df7b

Download Submit
/data/data/com.gi.vpn/databases/com.google.android.datatransport.events-journal

Filesize
16KB

MD5
01a915feb4caa8209f7b721f6fa4b788

SHA1
4eda8e6cfe1fc71760208c4e47f3dc870ad86e54

SHA256
7e88da8639974f640a0ecd34402f0a2e1b3b4b0104827bb4113bc757dc74c12e

SHA512
8e50eac7f97b183336e645410d20ddc91a742cd68d438a3f6d8fedca3cfb3fb31b10a91225d3ff55d498d2b89f846dc69fe7430d03793fb23ba3e9d8d6839266

Download Submit
/data/data/com.gi.vpn/databases/com.google.android.datatransport.events-journal

Filesize
20KB

MD5
c3f15c070004100bf54de118f2c11c70

SHA1
301eb4b34c96f1c651b27926358ca2d21ac2631c

SHA256
67a4ba4012f5f162a0798d1f981f0d4cad4088519e235aa42c737914fb33ca65

SHA512
79d7b52da7fefb1711575e785b4417521326fec4309523073d14d83e2ec57728a32a981346cdf5262311ee1742b090799cc5a2ee140008c17d3d0a41c3728778

Download Submit
/data/data/com.gi.vpn/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
63339cb8a11209ee9d5c0306afddfd16

SHA1
e61b30ae1831bb6f1e5fe5f076b89923db1e4913

SHA256
a4dd5863b0b4dd8f98870854d9d8623ae3af014ca22845f5b36e6dde0f5d536f

SHA512
ee7494e2d0394573c98c9f16bee00ef6eb128ae94c38acd4761160d0aaaa47fd48a8a4a9bd0944e4319a3cc333657b8c33d067e2ec978f4341ce5d29811aff6a

Download Submit
/data/data/com.gi.vpn/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
830b8f6906245a9068910aaf782a4758

SHA1
e755f20a8120d4d75878db68e4eaee8e75b67571

SHA256
6bd0b891fc7bd2e545c539144d340a23a85b9189cbc1f5af987c3cf85a87a993

SHA512
c81418b30b42d343611383a46b24a71165edf498c6f489eda71ecf8b059cbba72cd2bb2909ed963d378971e788f3e7a51e111f1e77d40ae27612e3d2f5cc1a4b

Download Submit
/data/data/com.gi.vpn/databases/google_app_measurement_local.db

Filesize
16KB

MD5
62ad4a05cbdca7f47b3206b7dbda487f

SHA1
4f4044cef7b7b1e5c6184ed9025267fc92bf0cd3

SHA256
18b909096c7c61d51ab076ae8e562effb0d4ada28e2a4ecd0e6b88ef58f6b2a6

SHA512
0936531ed1b2b356a247123200739a43cfc765469ab47a424dcd6e3d1176092a212b0a28591d07f8c2d0cc9d2e0eeddfcea8dde314c2f9343783c61075b071a6

Download Submit
/data/data/com.gi.vpn/databases/google_app_measurement_local.db

Filesize
16KB

MD5
f174f5a98e110cf6cfd25d7e628f027a

SHA1
ab84eec89dd8602c1a1fd2abd231e2d4c97b782e

SHA256
c03193c3d1e351bb0ae08e6bf759772493671b71b124748d28321aeb1708e153

SHA512
3286bffad60e65cbbdc6d620e8366ea2424d750fde19595c9b51f6b891a1034f693dcfb4b75f0fa7f3d137b1fec2f570f6aa7fb7b420c5930c7dd1e659aa19da

Download Submit
/data/data/com.gi.vpn/databases/google_app_measurement_local.db

Filesize
16KB

MD5
51b5775b1c9637249101778ab7c2977e

SHA1
d4830d223b4e557121eaf798c91eb26c854ffab6

SHA256
96bdab38c0a318146ac57fd9697ab9a45f3d975c143d3ad4130201cbde1c0e0e

SHA512
7f6a9157aa50034c29d17e011049f83ecfa72db898137426e16129098c1c6a924158626fd265f61d19c00478801f30b307133007ad363751c7906f0acf353a12

Download Submit
/data/data/com.gi.vpn/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7f8618d4f722548bf5926372d884e5c9

SHA1
57a63b3cf636bdc2a9e7d0bc4b33c5870d4e3a1d

SHA256
c95d17f9065b293dab842e4bdaf70846ec84c96073df673ae56c527eae4b5093

SHA512
ac8a75145f972bc87998028a39424db05e9c872262fdd45bd293648bf5f8bf0099015c126b3691e067d5e5380801f87cfa4c664e7de141df7b4b954c46a9957e

Download Submit
/data/data/com.gi.vpn/databases/google_app_measurement_local.db

Filesize
16KB

MD5
0a499ba7028e72617c6f9993356f60eb

SHA1
8b17de76d14a5b34fad84b31af3224d06d32bb5d

SHA256
091c2e49302459fb0f94183a89c391f8b6554817da26631b14d00b67a54e10f8

SHA512
09bdde81c138f418d36efc4441c709597ed867332b093871a32e9b2943ddc82147d8866dcb4446426d2fd925342c2f5a3d36371c64d662dd2a04f317f58fcff5

Download Submit
/data/data/com.gi.vpn/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7848f63d5c39f43e754fb5b91cc94ba5

SHA1
e08f2b51180348247e9e16f79eb5570635ed305c

SHA256
007678b3a687602169791a4bcb6d18d162a9a8efa6f8a90652838e6c68c3d025

SHA512
5e7f57361600aeb43594f5afe4f24b59990797d7e554d671ddc72cd3d484f45a8dc167846d8d73ae2edc910927f5db974dbbbaae9da7747084380c84c87c451e

Download Submit
/data/data/com.gi.vpn/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
94a7ba268940aebfcdd29291f51c8ef8

SHA1
4fa8503ed58e853f3371edf3b98fc2147960a794

SHA256
27ca59b5cbfaf979bcb7e44c61aeb2e4e3e7aa02efe7cddc5f8da91a188ed754

SHA512
fc47fedb47b2d1f17d49bd78bf7d2ea2a49ff39fadc6ec19d97a12e9513bf1822c73028da711a8fa1481ec60d108fe2e7b4606f2d92b1fbf93d264b57b43fa53

Download Submit
/data/data/com.gi.vpn/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
4eaa6244a2f128b34267a84f1f1c45b3

SHA1
5f6549935c060ecc77f9b874ce5ee8695f92eeb0

SHA256
8692d71a697a7235fc496810258eef9c6125239d44cd7cee9831a18863d8726f

SHA512
f3c8ad72da8d2fcc96895cc24f820def812b5b2774228c2bf642fad2c46e428dc0bb1841d0f189398d2aae910d5df0ff25aaaa31466fc2d484a857ddf9911561

Download Submit
/data/data/com.gi.vpn/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
87f5ab6077d7cddb9a79ab697177ddeb

SHA1
038a469fd17225a09afd71785b48245d4e7d3655

SHA256
c2744f1af4cff35fdbfac6eeb251fa7913d996cd3113711418dde5c17ab8fb1f

SHA512
4fa3a63c2a0c156908a5ef7b7dfdc9fcc982451919752a06b2d3854a33bc425676f66c98526bba0be96bcaed273e29e01ab58874cef7976a5476d4bf0429b16e

Download Submit
/data/data/com.gi.vpn/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
36e9a42216fd843f9be14a003ad8f077

SHA1
1a5416077d2ff60fed88adb5a5a0147ed6021bfc

SHA256
db9c76be98a2d039c97899d80ca94f62930dc7012e73b8f2cb552dd8eb2007b0

SHA512
cb083400554b5287f7ef288f8ce7034c5ee480f02cab1557c17f15a518b9d87a81adadfe6e867ed4e43b53d7e3ae6e7a26c059a33782df466308ffac145db387

Download Submit
/data/data/com.gi.vpn/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
b4344267e3c066b5a6a3a97f1788aec2

SHA1
de763ca495ea885f63d568387c5f13f2f390aa6b

SHA256
738158bf660660f540ddd293cb687775c01a8694d4444e28ae56e9002573dd75

SHA512
2af9ff0b803088d9b53605cd31736deecca5f409e6de67ceff8b97ef0be75f4b24345889f316280b39f2f477e75bdf93ff40d38e439ddbffe61a50f6d678a7da

Download Submit
/data/data/com.gi.vpn/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
ca6881f0d0544aead5b47da5f678db51

SHA1
d36ea84589829fccedec6a3e356e7944bdc13b56

SHA256
ce9b0e7165967a5e9c64e6f72d52934f14658e36daceae65c9d0a5d400016e25

SHA512
cf55184c28c9b484fdcaca02edd4dd687a705ecc25d38058f5ecfa99f24056d2cbbc3b25866bca8bac0a0ad14d1f2a6023bf7cb6eb02566151ada3d2753dae1d

Download Submit
/data/data/com.gi.vpn/files/.com.google.firebase.crashlytics.files.v2:com.gi.vpn/com.crashlytics.settings.json

Filesize
706B

MD5
e3234999e9657b8804ef7f17f264ee13

SHA1
fce6ac838602d6e3e2cb30fee9e2a57a50d8fd36

SHA256
8137fd588b9f2035304ee859e8d57f19bfa5497d25e0cbfdc6e5c29015bd26b6

SHA512
08ea88a3af0eb266937a0ca7798b6b065ea17e7951c0973f493a7b2f41534014e7bafe6a532645377a51befc3e2297eb97a9d063e30da39c724a3e100c9cdb0c

Download Submit
/data/data/com.gi.vpn/files/.com.google.firebase.crashlytics.files.v2:com.gi.vpn/open-sessions/664F3CF200DF000110FBF30A7E723859/report

Filesize
785B

MD5
05b0498b0217c29dbed9d4ed8f85e4d3

SHA1
27c36be9b64fac8f5316e93c0631b1d8333d7552

SHA256
a82c3e0a3842672225842789e0fc7e6b4b5a7b4ed7f71a30359502fa32617fa2

SHA512
041fb2bea24c1d9cb2f74435da6cdf283b1433384c21742504c7dd5b549e53ab4f03c315fd296e2037e746e636d869485710410e15131814a797875ec9504a14

Download Submit
/data/data/com.gi.vpn/files/.com.google.firebase.crashlytics.files.v2:com.gi.vpn/open-sessions/664F3CF200DF000110FBF30A7E723859/userlog

Filesize
926B

MD5
67b19f05d41cd8518c5f4ab976d57570

SHA1
cd0a2a0e2f36ac07637661d9ae0cd18b523c0abc

SHA256
fae314afc9cad1853d3cb895d8224a158113470f569cef299d7115b15d6d015c

SHA512
1af491d970e41bc535a7f6bd411bee8e5a049044e22e1118ae07b55295d75b81c64f7cc8e4eec8e58823bd647957b58a5927ada3fe44785d054b057a73fff65f

Download Submit
/data/data/com.gi.vpn/files/.com.google.firebase.crashlytics.files.v2:com.gi.vpn/open-sessions/664F3CF200DF000110FBF30A7E723859/userlog.tmp

Filesize
16B

MD5
c33583fae4e0b61cde1c5b9227963237

SHA1
fe2ebe4d27469af1460f7e852031a04208ef629b

SHA256
35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

SHA512
fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

Download Submit
/data/data/com.gi.vpn/files/AppEventsLogger.persistedevents

Filesize
258B

MD5
6443983e831ca1f8e2e2c0a009578eef

SHA1
9fc61ac7a07cd32dc3019192d5f1b07fe9e31b31

SHA256
c60992e811a73149a37838e4ad660d64fa67dd931050d0806014a80d748e7532

SHA512
1663dd15da0cdd2e6092b42fab759a86f894a2185554e7f0981ec1b872c6873a48bdacd7f8c69425bc7eec3b3220ac5915be8a0d92267ec56dcd32244e9c738c

Download Submit
/data/data/com.gi.vpn/files/AppEventsLogger.persistedevents

Filesize
258B

MD5
e5a55e22369b47b3a6dfd4ce884fd3f0

SHA1
8fdc5616ce982b4708b5ce4adbb709c5a823471d

SHA256
d3fc2e520e9158e5fc7902c26899fc91f90bac09019595a169bcd9f440555398

SHA512
cc87975f81e8c28075087b31a9585cf4981fcdfdca12bcd59c0e52bc41a71ef47eb26d8adb298e8bbb59e7d5f64d2371df483d7a4d0faab420e1b38c63e0f828

Download Submit
/data/data/com.gi.vpn/files/PersistedInstallation4309835687892865015tmp

Filesize
568B

MD5
bf5128ca0346ddf735e02ce36afe4416

SHA1
e9ef0e322069f555c4e0d35be28147a1a962f9ba

SHA256
4fea561178393e1642f720c01df94e54ee7ac0de85da4bd90e7c8f60c75512fa

SHA512
367718d2392b6d0e842d9f583e3b5fefcf3061df3183df0d125d842e78e70801f66391fa9248f44b11fb2c98761332357b22a095f0f8d1c2d977c869d0375349

Download Submit
/data/data/com.gi.vpn/files/PersistedInstallation8744840027129149006tmp

Filesize
90B

MD5
bee30a0fb41be906da84e437eb7406ef

SHA1
c6154802a9312a0feb4a0e3318225c8d2928ec00

SHA256
1a739a941d9a462115a86276859506951cf43910727561a796423454365d665c

SHA512
0d71fe32fcf41e4b0e5976d0ff73366c3ef29883105b7b50e69bd9432b6615bc8383b8d98328ff112c06a5e515e527da9ab9a6e05da6b7f64689af330b46a416

Download Submit
/data/data/com.gi.vpn/files/datastore/firebase_session_settings.preferences_pb.tmp

Filesize
33B

MD5
35b51faac8b5af3886e70bb5a885dab1

SHA1
e6cb282da46cd4bf113e25c8573268578dcd11b6

SHA256
af5b3362ec35985974c6b73eeba53e5063861f2491252d61d8cd42168aa5ed6b

SHA512
6ad5e9766cc03a4436e1440b9e47c44da6c6440a3c94b1cc988f8c5680043cde6f7b7e02b2b4c71b25df4209c39ed099fb65fdde02a9f09464609a1abe6af8fa

Download Submit
/data/data/com.gi.vpn/files/datastore/firebase_session_settings.preferences_pb.tmp

Filesize
75B

MD5
944e6a5a08cb971370c65c06061f0ab4

SHA1
84d47725cc29bf167b782c702575bce4bf2ecc5b

SHA256
ba8f4af0e35f93cc15649f4c51969f5279421fc12deeafaddec5e5c48aa58dab

SHA512
bdc404233927a6a99160492d0b3e2cf00776d51b33612b8c9ecba395747b3572cf1790269fb199915aafe84c546d30e3259833c9d00af8c412823396882ca783

Download Submit
/data/data/com.gi.vpn/files/datastore/firebase_session_settings.preferences_pb.tmp

Filesize
121B

MD5
ffcbf87665a36fc21782400bd0537e79

SHA1
3dbfbdbfdcde953317b089f9a9fa0bbe50c698ee

SHA256
a21d3bf2cca0951e9e7b3fed43cafe9f89a4cf9d844c82279b260852d0ee473d

SHA512
7f98ac150c422eb4f1126d86501d0435817ceaa7eb5549e4d21a295d57be3d3fed4388cda782c084130c4ac8d57a4f225139a2e42e8a12b34cc1679140d16b57

Download Submit
/data/data/com.gi.vpn/files/datastore/firebase_session_settings.preferences_pb.tmp

Filesize
163B

MD5
dcf7d6c1cfd5e7b56074e3001577c78b

SHA1
b8eba89aee9f6688ecda6675ef8ff4998da0b141

SHA256
ba0830617929c78abca9391c2059f89c78049911f502ef5525d39341e4da2b91

SHA512
42d75be824d69de23d2e8605d60c3608db20ed5c059f5b67c63ca2845484c67150aea88a3aae36aae12a4ea266fb6b469d09f765bbcd444350d836ab83f7695d

Download Submit
/data/data/com.gi.vpn/files/datastore/firebase_session_settings.preferences_pb.tmp

Filesize
212B

MD5
f4ba1cb0d7cb13f4f24b79128d8aaa70

SHA1
81ec888322a1fcdc6288f706b5831bdc3f7bd4cd

SHA256
136dcffb61c1beda7e896c3a5ac3482c5fca76f33e5b65adb5175871d1a370d0

SHA512
bd739baf4b3e8b61f226dc1ef89ead60ef0ea58f8369af21dcd1a1cbe85f5a863d709debda6cd976ec3e37759f75b8e7480586bf01c4ff360ab5da676d6c3d77

Download Submit
/data/data/com.gi.vpn/no_backup/androidx.work.workdb

Filesize
4KB

MD5
0eb157e1a86d4d00aa601dd2f6ff3ee3

SHA1
fee434f784e73cc7916322e949f727caf8363102

SHA256
b9a8194b71a046e8c0eb30995827b582b4bea834f630a5df2483b778a7d7d8a4

SHA512
b9b79b8c3af8a3f140df230fd89e95206358ba50ff214e7323a2dbbe2937b795f970e588302ffd5d721318bd597ce0a27af26d6cdb07f45569c30209845082a8

Download Submit
/data/data/com.gi.vpn/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
4db7d39a1056cb8caac6d832d3d3ddc9

SHA1
de5eb30475f080ab59bdedce78eaccfbff2ea6e9

SHA256
98e774fc32074ed9ffa949dd6e4a997e3609617691679fe3e3af7121cec3362c

SHA512
614d71388c3f49ead0e18f95d81823c9d6c1141ee72b7d70da3b4a6f414b02bd66bd0b252e22b43ba2e7b1ef92674535a530ba29c17e187fd7e3b6b624262626

Download Submit
/data/data/com.gi.vpn/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.gi.vpn/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
4081b86612ad43ae10def2dda2e5ec0f

SHA1
0800febb74db6b5a058ec5c65806ebaadb58551a

SHA256
5ba9cba8018d48aa9903875300a133bffcc7fd8fb94e324e8b5fa2185b6d3e46

SHA512
e44321522492cf2fbeb11430cc1087bfe7a15b01461af83d734f0f6cfe7b2c3f821d3764735b9ede6575132809c1e523a9654c7ee3b42b2291a6c7fdb368488b

Download Submit
/data/data/com.gi.vpn/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
27d82d536c304643c737c8c361ac59e4

SHA1
eaadbd122a9023323a9c864fe3aed686011a5f12

SHA256
49ad84688674af83d2fae68b8f7bb879d837a4bd86f7c33efc5a45ad4f3bbff8

SHA512
3df70d59af3a0acc061d9218fbdc1e79c0a6977313941d2d23b50f1261528f4d8a4a98bd265fc0dae4bc7b901e820139f2785e29628c8f480da904817726630c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads