General
-
Target
turbovpn.apk
-
Size
26.9MB
-
Sample
240809-t6nbkasgql
-
MD5
955083f1988de0dc9f7c78fd463b03dc
-
SHA1
5ddb1e1b258936693af628d50e5d9ec6a8abf2db
-
SHA256
5079208324c004d5ae538b48bbfdecdcf0a4e6542dcc283328d77e8398ab9f92
-
SHA512
829226284d2e32268f06a2e9c65e2c80cecbdeaff1ecb2845561022f607fe5167040c54680e6bf6e1f698910c55627ddc322ba4f65eb4905853aab7ad1e84135
-
SSDEEP
393216:Nu3imvxANNC5uoVqFouE18Q9xwbyDeBR4PzfnXxd7QBiY2vGlM6dV5Rn9vEG6:NuzAz4+mN18GwbDq7/xJZYdl7Rn9vE/
Behavioral task
behavioral1
Sample
turbovpn.apk
Resource
android-33-x64-arm64-20240624-en
Malware Config
Targets
-
-
Target
turbovpn.apk
-
Size
26.9MB
-
MD5
955083f1988de0dc9f7c78fd463b03dc
-
SHA1
5ddb1e1b258936693af628d50e5d9ec6a8abf2db
-
SHA256
5079208324c004d5ae538b48bbfdecdcf0a4e6542dcc283328d77e8398ab9f92
-
SHA512
829226284d2e32268f06a2e9c65e2c80cecbdeaff1ecb2845561022f607fe5167040c54680e6bf6e1f698910c55627ddc322ba4f65eb4905853aab7ad1e84135
-
SSDEEP
393216:Nu3imvxANNC5uoVqFouE18Q9xwbyDeBR4PzfnXxd7QBiY2vGlM6dV5Rn9vEG6:NuzAz4+mN18GwbDq7/xJZYdl7Rn9vE/
-
Checks if the Android device is rooted.
-
Checks known Qemu files.
Checks for known Qemu files that exist on Android virtual device images.
-
Checks known Qemu pipes.
Checks for known pipes used by the Android emulator to communicate with the host.
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Obtains sensitive information copied to the device clipboard
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Queries information about running processes on the device
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Acquires the wake lock
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Queries information about active data network
-
Queries the mobile country code (MCC)
-
Requests enabling of the accessibility settings.
-
Checks the presence of a debugger
-
Listens for changes in the sensor environment (might be used to detect emulation)
-
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Hide Artifacts
1User Evasion
1Input Injection
1Virtualization/Sandbox Evasion
4System Checks
4Credential Access
Clipboard Data
1Input Capture
2GUI Input Capture
1Keylogging
1Discovery
Process Discovery
1System Information Discovery
3System Network Configuration Discovery
1System Network Connections Discovery
1