Overview

overview

10

Static

static

10

VPN Service Pro .apk

android-10-x64

7

VPN Service Pro .apk

android-11-x64

7

VPN Service Pro .apk

android-13-x64

7

VPN Service Pro .apk

android-9-x86

7

Analysis

  • max time kernel
    68s
  • max time network
    70s
  • platform
    android-13_x64
  • resource
    android-33-x64-arm64-20240910-en
  • resource tags

    arch:arm64arch:x64arch:x86image:android-33-x64-arm64-20240910-enlocale:en-usos:android-13-x64system
  • submitted
    05-11-2024 16:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    VPN Service Pro .apk

  • Size

    9.4MB

  • MD5

    2ae3b1faf664cb347b8d81dfcddea167

  • SHA1

    acdaa4d3b3ae29442567e46baaee7b3932d000d0

  • SHA256

    d492cf0729e9e846be934ba081dec52c6136141e31dc50a533731f62522d1f9a

  • SHA512

    f0a6e2a561ba0f56a27a1e09a5a768d929f08f07bee2269f2be4bfac90095c28c6a631edf58df5422f1acd4a55f55bf41bdd2b95cda5fa3a35ab345d5bb9e6f0

  • SSDEEP

    98304:3l/tPUSu0e0livUDtcX+VCvwx49G0PGucKMIAmzRzBHT40tlSCAB:3DsP0rlivUDtVYIx41YFI/zfjS

Score
7/10
collectioncredential_accessevasionexecutionpersistence

Malware Config

Signatures

  • Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Requests enabling of the accessibility settings. 1 IoCs
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence

Processes

  • european.tubes.agreement
    1⤵
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Requests enabling of the accessibility settings.
    • Schedules tasks to execute at a specified time
    PID:4485

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /storage/emulated/0/Config/sys/apps/log/log-2024-11-05.txt
    Filesize

    13B

    MD5

    de2c41a51ee9246eb1708f65b511add0

    SHA1

    2f442d634c8a18760a232c8829d4b5d74a52f074

    SHA256

    ad2d914ca347cd1930e32f21c6d5448c34104bea181b93abc85ec518985653ab

    SHA512

    7cdfbd001594503644e9ed80ae852f90ef9e841a8382e2eec6979e149a2c400a3b83055d205b4d1d66e1600e5127482932d5127eb5800d35a4ee5673fe34d84a

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-11-05.txt
    Filesize

    25B

    MD5

    ba30336bf53d54ed3c0ea69dd545de8c

    SHA1

    ce99c6724c75b93b7448e2d9fac16ca702a5711f

    SHA256

    2d6988fb5afdaafc4e33fa1f71d6f10c95ab5a49a8ec820add5b13eef05439af

    SHA512

    eea34ca526e03349e746d3687ea660b4748f0174fe2ffdb65161e232e08630b345e03329614852ce881a71362ba68575e9dd08fa361a416e5b2fb231e21a0a3e

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-11-05.txt
    Filesize

    223B

    MD5

    01c31a64fbc7d202c1b12c96291b3483

    SHA1

    874f08cbe6d1056437a2e7b347a6eab9c899c1fe

    SHA256

    435a58e2fae46db3716f9f7b512442308cffed4a79a43196064e29704fafa99b

    SHA512

    0f726db8f3f15e24247d49711f178219d33b375cb0ba6d27818e63bf18feafe281ec6b28dbc1cb55ca2c72bda672869ee6c5e79678bf7acdacdcdd42c06cb8bb

    Download Submit