Overview

overview

10

Static

static

10

VPN Service Pro .apk

android-10-x64

7

VPN Service Pro .apk

android-11-x64

7

VPN Service Pro .apk

android-13-x64

7

VPN Service Pro .apk

android-9-x86

7

Analysis

  • max time kernel
    70s
  • max time network
    72s
  • platform
    android-9_x86
  • resource
    android-x86-arm-20240910-en
  • resource tags

    arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
  • submitted
    05/11/2024, 16:51 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    VPN Service Pro .apk

  • Size

    9.4MB

  • MD5

    2ae3b1faf664cb347b8d81dfcddea167

  • SHA1

    acdaa4d3b3ae29442567e46baaee7b3932d000d0

  • SHA256

    d492cf0729e9e846be934ba081dec52c6136141e31dc50a533731f62522d1f9a

  • SHA512

    f0a6e2a561ba0f56a27a1e09a5a768d929f08f07bee2269f2be4bfac90095c28c6a631edf58df5422f1acd4a55f55bf41bdd2b95cda5fa3a35ab345d5bb9e6f0

  • SSDEEP

    98304:3l/tPUSu0e0livUDtcX+VCvwx49G0PGucKMIAmzRzBHT40tlSCAB:3DsP0rlivUDtVYIx41YFI/zfjS

Score
7/10
collectioncredential_accessevasionexecutionpersistence

Malware Config

Signatures

  • Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Requests enabling of the accessibility settings. 1 IoCs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence

Processes

  • european.tubes.agreement
    1⤵
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Requests enabling of the accessibility settings.
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    PID:4212

Network

  • flag-us
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
    Response
    android.apis.google.com
    IN CNAME
    clients.l.google.com
    clients.l.google.com
    IN A
    142.250.178.14
  • flag-us
    DNS
    craxs007-53582.portmap.host
    Remote address:
    1.1.1.1:53
    Request
    craxs007-53582.portmap.host
    IN A
    Response
    craxs007-53582.portmap.host
    IN A
    193.161.193.99
  • flag-us
    DNS
    semanticlocation-pa.googleapis.com
    Remote address:
    1.1.1.1:53
    Request
    semanticlocation-pa.googleapis.com
    IN A
    Response
    semanticlocation-pa.googleapis.com
    IN A
    142.250.180.10
    semanticlocation-pa.googleapis.com
    IN A
    216.58.204.74
    semanticlocation-pa.googleapis.com
    IN A
    142.250.200.42
    semanticlocation-pa.googleapis.com
    IN A
    142.250.187.234
    semanticlocation-pa.googleapis.com
    IN A
    172.217.16.234
    semanticlocation-pa.googleapis.com
    IN A
    142.250.178.10
    semanticlocation-pa.googleapis.com
    IN A
    172.217.169.10
    semanticlocation-pa.googleapis.com
    IN A
    216.58.212.234
    semanticlocation-pa.googleapis.com
    IN A
    216.58.201.106
    semanticlocation-pa.googleapis.com
    IN A
    142.250.187.202
    semanticlocation-pa.googleapis.com
    IN A
    172.217.169.42
    semanticlocation-pa.googleapis.com
    IN A
    216.58.213.10
    semanticlocation-pa.googleapis.com
    IN A
    142.250.200.10
    semanticlocation-pa.googleapis.com
    IN A
    142.250.179.234
    semanticlocation-pa.googleapis.com
    IN A
    172.217.169.74
  • flag-us
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
    Response
    android.apis.google.com
    IN CNAME
    clients.l.google.com
    clients.l.google.com
    IN A
    142.250.200.46
  • 216.58.201.110:443
    tls, https
    915 B
     40 B
     1
    1
  • 216.58.201.110:443
    tls, https
    915 B
     40 B
     1
    1
  • 142.250.178.14:443
    android.apis.google.com
    tls
    999 B
     4.5kB
     8
    7
  • 172.217.169.42:443
    tls, https
    8.6kB
     40 B
     4
    1
  • 193.161.193.99:53582
    craxs007-53582.portmap.host
    60 B
     40 B
     1
    1
  • 193.161.193.99:53582
    craxs007-53582.portmap.host
    60 B
     40 B
     1
    1
  • 193.161.193.99:53582
    craxs007-53582.portmap.host
    60 B
     40 B
     1
    1
  • 193.161.193.99:53582
    craxs007-53582.portmap.host
    60 B
     40 B
     1
    1
  • 193.161.193.99:53582
    craxs007-53582.portmap.host
    60 B
     40 B
     1
    1
  • 193.161.193.99:53582
    craxs007-53582.portmap.host
    60 B
     40 B
     1
    1
  • 193.161.193.99:53582
    craxs007-53582.portmap.host
    60 B
     40 B
     1
    1
  • 193.161.193.99:53582
    craxs007-53582.portmap.host
    120 B
     40 B
     2
    1
  • 193.161.193.99:53582
    craxs007-53582.portmap.host
    60 B
     40 B
     1
    1
  • 193.161.193.99:53582
    craxs007-53582.portmap.host
    60 B
     40 B
     1
    1
  • 193.161.193.99:53582
    craxs007-53582.portmap.host
    60 B
     40 B
     1
    1
  • 193.161.193.99:53582
    craxs007-53582.portmap.host
    60 B
     40 B
     1
    1
  • 193.161.193.99:53582
    craxs007-53582.portmap.host
    60 B
     40 B
     1
    1
  • 193.161.193.99:53582
    craxs007-53582.portmap.host
    60 B
     40 B
     1
    1
  • 193.161.193.99:53582
    craxs007-53582.portmap.host
    60 B
     40 B
     1
    1
  • 193.161.193.99:53582
    craxs007-53582.portmap.host
    60 B
     40 B
     1
    1
  • 193.161.193.99:53582
    craxs007-53582.portmap.host
    60 B
     40 B
     1
    1
  • 193.161.193.99:53582
    craxs007-53582.portmap.host
    60 B
     40 B
     1
    1
  • 193.161.193.99:53582
    craxs007-53582.portmap.host
    60 B
     40 B
     1
    1
  • 193.161.193.99:53582
    craxs007-53582.portmap.host
    60 B
     40 B
     1
    1
  • 193.161.193.99:53582
    craxs007-53582.portmap.host
    60 B
     40 B
     1
    1
  • 193.161.193.99:53582
    craxs007-53582.portmap.host
    60 B
     40 B
     1
    1
  • 193.161.193.99:53582
    craxs007-53582.portmap.host
    60 B
     40 B
     1
    1
  • 193.161.193.99:53582
    craxs007-53582.portmap.host
    60 B
     40 B
     1
    1
  • 193.161.193.99:53582
    craxs007-53582.portmap.host
    60 B
     40 B
     1
    1
  • 193.161.193.99:53582
    craxs007-53582.portmap.host
    60 B
     40 B
     1
    1
  • 193.161.193.99:53582
    craxs007-53582.portmap.host
    120 B
     40 B
     2
    1
  • 193.161.193.99:53582
    craxs007-53582.portmap.host
    60 B
     40 B
     1
    1
  • 193.161.193.99:53582
    craxs007-53582.portmap.host
    60 B
     40 B
     1
    1
  • 193.161.193.99:53582
    craxs007-53582.portmap.host
    60 B
     40 B
     1
    1
  • 193.161.193.99:53582
    craxs007-53582.portmap.host
    60 B
     40 B
     1
    1
  • 193.161.193.99:53582
    craxs007-53582.portmap.host
    60 B
     40 B
     1
    1
  • 193.161.193.99:53582
    craxs007-53582.portmap.host
    60 B
     40 B
     1
    1
  • 193.161.193.99:53582
    craxs007-53582.portmap.host
    60 B
     40 B
     1
    1
  • 193.161.193.99:53582
    craxs007-53582.portmap.host
    60 B
     40 B
     1
    1
  • 193.161.193.99:53582
    craxs007-53582.portmap.host
    60 B
     40 B
     1
    1
  • 193.161.193.99:53582
    craxs007-53582.portmap.host
    60 B
     40 B
     1
    1
  • 193.161.193.99:53582
    craxs007-53582.portmap.host
    60 B
     40 B
     1
    1
  • 193.161.193.99:53582
    craxs007-53582.portmap.host
    60 B
     40 B
     1
    1
  • 193.161.193.99:53582
    craxs007-53582.portmap.host
    60 B
     40 B
     1
    1
  • 193.161.193.99:53582
    craxs007-53582.portmap.host
    60 B
     40 B
     1
    1
  • 193.161.193.99:53582
    craxs007-53582.portmap.host
    60 B
     40 B
     1
    1
  • 193.161.193.99:53582
    craxs007-53582.portmap.host
    60 B
     40 B
     1
    1
  • 193.161.193.99:53582
    craxs007-53582.portmap.host
    60 B
     40 B
     1
    1
  • 193.161.193.99:53582
    craxs007-53582.portmap.host
    60 B
     40 B
     1
    1
  • 193.161.193.99:53582
    craxs007-53582.portmap.host
    60 B
     40 B
     1
    1
  • 193.161.193.99:53582
    craxs007-53582.portmap.host
    60 B
     40 B
     1
    1
  • 193.161.193.99:53582
    craxs007-53582.portmap.host
    60 B
     40 B
     1
    1
  • 142.250.200.46:443
    android.apis.google.com
    tls
    1.9kB
     5.9kB
     10
    11
  • 193.161.193.99:53582
    craxs007-53582.portmap.host
    60 B
     40 B
     1
    1
  • 193.161.193.99:53582
    craxs007-53582.portmap.host
    60 B
     40 B
     1
    1
  • 193.161.193.99:53582
    craxs007-53582.portmap.host
    60 B
     40 B
     1
    1
  • 193.161.193.99:53582
    craxs007-53582.portmap.host
    60 B
     40 B
     1
    1
  • 193.161.193.99:53582
    craxs007-53582.portmap.host
    60 B
     40 B
     1
    1
  • 193.161.193.99:53582
    craxs007-53582.portmap.host
    60 B
     40 B
     1
    1
  • 193.161.193.99:53582
    craxs007-53582.portmap.host
    60 B
     40 B
     1
    1
  • 193.161.193.99:53582
    craxs007-53582.portmap.host
    60 B
     40 B
     1
    1
  • 193.161.193.99:53582
    craxs007-53582.portmap.host
    60 B
     40 B
     1
    1
  • 193.161.193.99:53582
    craxs007-53582.portmap.host
    60 B
     40 B
     1
    1
  • 193.161.193.99:53582
    craxs007-53582.portmap.host
    60 B
     40 B
     1
    1
  • 1.1.1.1:53
    android.apis.google.com
    dns
    69 B
     109 B
     1
    1

    DNS Request

    android.apis.google.com

    DNS Response

    142.250.178.14

  • 224.0.0.251:5353
    3.3kB
     10
  • 1.1.1.1:53
    craxs007-53582.portmap.host
    dns
    73 B
     89 B
     1
    1

    DNS Request

    craxs007-53582.portmap.host

    DNS Response

    193.161.193.99

  • 1.1.1.1:53
    semanticlocation-pa.googleapis.com
    dns
    80 B
     320 B
     1
    1

    DNS Request

    semanticlocation-pa.googleapis.com

    DNS Response

    142.250.180.10
    216.58.204.74
    142.250.200.42
    142.250.187.234
    172.217.16.234
    142.250.178.10
    172.217.169.10
    216.58.212.234
    216.58.201.106
    142.250.187.202
    172.217.169.42
    216.58.213.10
    142.250.200.10
    142.250.179.234
    172.217.169.74

  • 1.1.1.1:53
    android.apis.google.com
    dns
    69 B
     109 B
     1
    1

    DNS Request

    android.apis.google.com

    DNS Response

    142.250.200.46

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /storage/emulated/0/Config/sys/apps/log/log-2024-11-05.txt
    Filesize

    13B

    MD5

    de2c41a51ee9246eb1708f65b511add0

    SHA1

    2f442d634c8a18760a232c8829d4b5d74a52f074

    SHA256

    ad2d914ca347cd1930e32f21c6d5448c34104bea181b93abc85ec518985653ab

    SHA512

    7cdfbd001594503644e9ed80ae852f90ef9e841a8382e2eec6979e149a2c400a3b83055d205b4d1d66e1600e5127482932d5127eb5800d35a4ee5673fe34d84a

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-11-05.txt
    Filesize

    33B

    MD5

    404d9e3fcb4c932ac8cac5a08b4ff39c

    SHA1

    5077728ad31a2af6d40ddf7b08cae46fb2cdd7a2

    SHA256

    a736bddaf45aeb0d1b06e713f454adaa6fb1df85a1880b7c62631c249986e5cf

    SHA512

    577a673d98539d09d3eff0996f1065734bda941e10d12c9654e3cb1af7dd71a7ba039c32f62ff2871ca2a63377bb8e4bbaec032cb8a844608817b49a9c2bf218

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-11-05.txt
    Filesize

    284B

    MD5

    3459beb9240952accb5584a707edf07e

    SHA1

    b7c08897fa4ff2e0b3e1a4c74856574704ae7f12

    SHA256

    e6c72a733a6cd51add901d50335db5e1601fbc505785f6a2740ab4c61f60f844

    SHA512

    c2fcedef69792e15a53c584864c588867fa668e63c2ff424da4f4ea208cfe1b31cd4c27fe6ec0da20084dd373c6dabe74bccc384eaf828d46d673918536fe993

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.