General

  • Target

    Cool_VPN_Pro_1.0.179_.apk

  • Size

    32.0MB

  • Sample

    241109-z2djfsselq

  • MD5

    45b3c3fe240298383a857946d2813c52

  • SHA1

    71a52d015b921e78b03df9ce58bd1b750abb054d

  • SHA256

    def6fd4601b7985daaffd9fb4e2fca4a1b59193ff3f0fb94d10a898413e609e0

  • SHA512

    6acec6235159ed491518199bdee82e2804085d1992d9cacad39f11493371d385e35aa960cb9007f5dbf4324ab3ad812d2c616a67cd3b780d5267ddc600d97209

  • SSDEEP

    786432:cXKP3wpxapQMSnNNll1ZCVftzOYYPMR9AygmyfcRiJt:mK4pxganFIVftaN4DyfvJt

Malware Config

Targets

    • Target

      Cool_VPN_Pro_1.0.179_.apk

    • Size

      32.0MB

    • MD5

      45b3c3fe240298383a857946d2813c52

    • SHA1

      71a52d015b921e78b03df9ce58bd1b750abb054d

    • SHA256

      def6fd4601b7985daaffd9fb4e2fca4a1b59193ff3f0fb94d10a898413e609e0

    • SHA512

      6acec6235159ed491518199bdee82e2804085d1992d9cacad39f11493371d385e35aa960cb9007f5dbf4324ab3ad812d2c616a67cd3b780d5267ddc600d97209

    • SSDEEP

      786432:cXKP3wpxapQMSnNNll1ZCVftzOYYPMR9AygmyfcRiJt:mK4pxganFIVftaN4DyfvJt

    • Checks if the Android device is rooted.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

    • Acquires the wake lock

    • Queries information about active data network

    • Queries the mobile country code (MCC)

    • Checks the presence of a debugger

MITRE ATT&CK Mobile v15

Tasks