Overview

overview

10

Static

static

10

VPN Service Pro .apk

android-10-x64

7

VPN Service Pro .apk

android-11-x64

7

VPN Service Pro .apk

android-13-x64

7

VPN Service Pro .apk

android-9-x86

7

Analysis

  • max time kernel
    70s
  • max time network
    72s
  • platform
    android-9_x86
  • resource
    android-x86-arm-20240910-en
  • resource tags

    arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
  • submitted
    05-11-2024 16:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    VPN Service Pro .apk

  • Size

    9.4MB

  • MD5

    2ae3b1faf664cb347b8d81dfcddea167

  • SHA1

    acdaa4d3b3ae29442567e46baaee7b3932d000d0

  • SHA256

    d492cf0729e9e846be934ba081dec52c6136141e31dc50a533731f62522d1f9a

  • SHA512

    f0a6e2a561ba0f56a27a1e09a5a768d929f08f07bee2269f2be4bfac90095c28c6a631edf58df5422f1acd4a55f55bf41bdd2b95cda5fa3a35ab345d5bb9e6f0

  • SSDEEP

    98304:3l/tPUSu0e0livUDtcX+VCvwx49G0PGucKMIAmzRzBHT40tlSCAB:3DsP0rlivUDtVYIx41YFI/zfjS

Score
7/10
collectioncredential_accessevasionexecutionpersistence

Malware Config

Signatures

  • Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Requests enabling of the accessibility settings. 1 IoCs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence

Processes

  • european.tubes.agreement
    1⤵
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Requests enabling of the accessibility settings.
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    PID:4212

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /storage/emulated/0/Config/sys/apps/log/log-2024-11-05.txt
    Filesize

    13B

    MD5

    de2c41a51ee9246eb1708f65b511add0

    SHA1

    2f442d634c8a18760a232c8829d4b5d74a52f074

    SHA256

    ad2d914ca347cd1930e32f21c6d5448c34104bea181b93abc85ec518985653ab

    SHA512

    7cdfbd001594503644e9ed80ae852f90ef9e841a8382e2eec6979e149a2c400a3b83055d205b4d1d66e1600e5127482932d5127eb5800d35a4ee5673fe34d84a

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-11-05.txt
    Filesize

    33B

    MD5

    404d9e3fcb4c932ac8cac5a08b4ff39c

    SHA1

    5077728ad31a2af6d40ddf7b08cae46fb2cdd7a2

    SHA256

    a736bddaf45aeb0d1b06e713f454adaa6fb1df85a1880b7c62631c249986e5cf

    SHA512

    577a673d98539d09d3eff0996f1065734bda941e10d12c9654e3cb1af7dd71a7ba039c32f62ff2871ca2a63377bb8e4bbaec032cb8a844608817b49a9c2bf218

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-11-05.txt
    Filesize

    284B

    MD5

    3459beb9240952accb5584a707edf07e

    SHA1

    b7c08897fa4ff2e0b3e1a4c74856574704ae7f12

    SHA256

    e6c72a733a6cd51add901d50335db5e1601fbc505785f6a2740ab4c61f60f844

    SHA512

    c2fcedef69792e15a53c584864c588867fa668e63c2ff424da4f4ea208cfe1b31cd4c27fe6ec0da20084dd373c6dabe74bccc384eaf828d46d673918536fe993

    Download Submit