Overview

overview

10

Static

static

10

VPN Service Pro .apk

android-10-x64

7

VPN Service Pro .apk

android-11-x64

7

VPN Service Pro .apk

android-13-x64

7

VPN Service Pro .apk

android-9-x86

7

Analysis

  • max time kernel
    70s
  • max time network
    77s
  • platform
    android_x64
  • resource
    android-x64-20240624-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
  • submitted
    05-11-2024 16:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    VPN Service Pro .apk

  • Size

    9.4MB

  • MD5

    2ae3b1faf664cb347b8d81dfcddea167

  • SHA1

    acdaa4d3b3ae29442567e46baaee7b3932d000d0

  • SHA256

    d492cf0729e9e846be934ba081dec52c6136141e31dc50a533731f62522d1f9a

  • SHA512

    f0a6e2a561ba0f56a27a1e09a5a768d929f08f07bee2269f2be4bfac90095c28c6a631edf58df5422f1acd4a55f55bf41bdd2b95cda5fa3a35ab345d5bb9e6f0

  • SSDEEP

    98304:3l/tPUSu0e0livUDtcX+VCvwx49G0PGucKMIAmzRzBHT40tlSCAB:3DsP0rlivUDtVYIx41YFI/zfjS

Score
7/10
collectioncredential_accessevasionexecutionpersistence

Malware Config

Signatures

  • Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence

Processes

  • european.tubes.agreement
    1⤵
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    PID:4929

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /storage/emulated/0/Config/sys/apps/log/log-2024-11-05.txt
    Filesize

    13B

    MD5

    de2c41a51ee9246eb1708f65b511add0

    SHA1

    2f442d634c8a18760a232c8829d4b5d74a52f074

    SHA256

    ad2d914ca347cd1930e32f21c6d5448c34104bea181b93abc85ec518985653ab

    SHA512

    7cdfbd001594503644e9ed80ae852f90ef9e841a8382e2eec6979e149a2c400a3b83055d205b4d1d66e1600e5127482932d5127eb5800d35a4ee5673fe34d84a

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-11-05.txt
    Filesize

    33B

    MD5

    bcda3ea991660c7e05d39a1e0ed3beb6

    SHA1

    024450a5e41e4e4e7ab1678a1fa2fdd1b41d4f65

    SHA256

    403c898ed4d2df3c2eadea3b24d657d3aa53316a85873f55b349066ac3860153

    SHA512

    d85e96987e190cc4ff851c29548f4484af444104da6ecf68160a561227beeb1f7343679b677b513d4a8fd85b2f3b96e265a239d8ff5793686e533dd8c7c64f17

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-11-05.txt
    Filesize

    33B

    MD5

    99fe1c139a4a82bb13535f02cd9f8d9a

    SHA1

    e5fed6c55c884b8f938a04918b5922c91681f795

    SHA256

    b65340f5f9513c06f3e02065d259cd9a3de109fdf0563300c163b06e77704348

    SHA512

    edfa69c0fcc4da64eaed539e4748886694e31a031b8822d85b993c067597bb12231d0af973e2ee7aff56ceca73c09ff1a8a96613193ec60d7097011434206509

    Download Submit