General
-
Target
ProtonVPN-5.3.15.3.apk
-
Size
74.9MB
-
Sample
240528-at2tmsfg2z
-
MD5
815c12142674de9f436640a0348b17af
-
SHA1
c637d406aad042e36911f812824244628890083c
-
SHA256
35c0548576fe4866c60fe3230e91ef855fae7523ce23eb8b0ce54ce4f99412b2
-
SHA512
dd8a85a6e231a53b6491415e4615a894b54eefa5ef096fbaa22d767491168c77909ebffdeda52a4d4f87e9211c619a3e4205f686be9e64da24fc0d4c36d5f904
-
SSDEEP
1572864:hQVLSksPq/EZcjpsX2l0VtimAE/bIu7v4dX1JF31qZH8joUwYTZ6tmQfpIk:qtnZEZcoqiAibRWDF3lqpr
Malware Config
Targets
-
-
Target
ProtonVPN-5.3.15.3.apk
-
Size
74.9MB
-
MD5
815c12142674de9f436640a0348b17af
-
SHA1
c637d406aad042e36911f812824244628890083c
-
SHA256
35c0548576fe4866c60fe3230e91ef855fae7523ce23eb8b0ce54ce4f99412b2
-
SHA512
dd8a85a6e231a53b6491415e4615a894b54eefa5ef096fbaa22d767491168c77909ebffdeda52a4d4f87e9211c619a3e4205f686be9e64da24fc0d4c36d5f904
-
SSDEEP
1572864:hQVLSksPq/EZcjpsX2l0VtimAE/bIu7v4dX1JF31qZH8joUwYTZ6tmQfpIk:qtnZEZcoqiAibRWDF3lqpr
Score8/10-
Checks if the Android device is rooted.
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Queries information about running processes on the device
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Queries the mobile country code (MCC)
-
Registers a broadcast receiver at runtime (usually for listening for system events)
-
Checks if the internet connection is available
-
Schedules tasks to execute at a specified time
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
-
Listens for changes in the sensor environment (might be used to detect emulation)
-