43e3a0b0d5e2f172ff9555897c3d3330f3adc3ac390a52d84cea7045fbae108d

Analysis

max time kernel
46s
max time network
130s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
10-04-2024 10:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

43e3a0b0d5e2f172ff9555897c3d3330f3adc3ac390a52d84cea7045fbae108d.apk
Size

21.9MB
MD5

d9a39c41e9f599766b5527986e807840
SHA1

a35653c3d04aaaa76266db6cd253f086872a5d27
SHA256

43e3a0b0d5e2f172ff9555897c3d3330f3adc3ac390a52d84cea7045fbae108d
SHA512

ccd49932590a89f8ccfddd0d588660942b9e657355456a7bc5f05f36d02b6ddb3f42321b47ab7de03a747c846cca1d3e9f0f02fc0a15f57dc1c0073354a2c300
SSDEEP

393216:5q3TVSn9LXMq4Ynog/N8Cko4g04hQOZeibmUEPZgYlX5oLLIR1pmF8yxilXLGg6a:5qJwBXJ/atbnasiAB3wVF9xwLS4vgfxO

Score

8^/10

banker collection discovery evasion

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs 1 IoCs
banker discovery

Security Software Discovery
T1418.001

Processes:

com.shimmershine.GlobalVpnPro

description ioc process

Framework service call android.content.pm.IPackageManager.getInstalledApplications com.shimmershine.GlobalVpnPro

description	ioc	process
Framework service call	android.content.pm.IPackageManager.getInstalledApplications	com.shimmershine.GlobalVpnPro

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

Processes:

com.shimmershine.GlobalVpnPro

ioc	pid	process
/data/user/0/com.shimmershine.GlobalVpnPro/cache/1598581401714.jar	4460	com.shimmershine.GlobalVpnPro
/data/user/0/com.shimmershine.GlobalVpnPro/files/audience_network.dex	4460	com.shimmershine.GlobalVpnPro

Queries account information for other applications stored on the device. 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
collection

Stored Application Data
T1409

Processes:

com.shimmershine.GlobalVpnPro

description ioc process

Framework service call android.accounts.IAccountManager.getAccounts com.shimmershine.GlobalVpnPro
Queries information about running processes on the device. 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

Process Discovery
T1424

Processes:

com.shimmershine.GlobalVpnPro

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.shimmershine.GlobalVpnPro
Reads the contacts stored on the device. 1 TTPs 1 IoCs
collection

Contact List
T1636.003

Processes:

com.shimmershine.GlobalVpnPro

description ioc process

URI accessed for read content://com.android.contacts/data/phones com.shimmershine.GlobalVpnPro
Reads the content of photos stored on the user's device. 1 TTPs 1 IoCs
collection

Data from Local System
T1533

Processes:

com.shimmershine.GlobalVpnPro

description ioc process

URI accessed for read content://media/external/images/media com.shimmershine.GlobalVpnPro
Reads the content of the call log. 1 TTPs 1 IoCs
collection

Call Log
T1636.002

Processes:

com.shimmershine.GlobalVpnPro

description ioc process

URI accessed for read content://call_log/calls com.shimmershine.GlobalVpnPro
Acquires the wake lock 1 IoCs

Processes:

com.shimmershine.GlobalVpnPro

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.shimmershine.GlobalVpnPro
Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes:

com.shimmershine.GlobalVpnPro

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.shimmershine.GlobalVpnPro

description	ioc	process
Framework service call	android.accounts.IAccountManager.getAccounts	com.shimmershine.GlobalVpnPro

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.shimmershine.GlobalVpnPro

description	ioc	process
URI accessed for read	content://com.android.contacts/data/phones	com.shimmershine.GlobalVpnPro

description	ioc	process
URI accessed for read	content://media/external/images/media	com.shimmershine.GlobalVpnPro

description	ioc	process
URI accessed for read	content://call_log/calls	com.shimmershine.GlobalVpnPro

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.shimmershine.GlobalVpnPro

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.shimmershine.GlobalVpnPro

com.shimmershine.GlobalVpnPro
1⤵
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
- Loads dropped Dex/Jar
- Queries account information for other applications stored on the device.
- Queries information about running processes on the device.
- Reads the contacts stored on the device.
- Reads the content of photos stored on the user's device.
- Reads the content of the call log.
- Acquires the wake lock
- Uses Crypto APIs (Might try to encrypt user data)
PID:4460

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

Lateral Movement

Collection

Data from Local System

T1533

Protected User Data

T1636

Call Log

T1636.002

Contact List

T1636.003

Stored Application Data

T1409

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.shimmershine.GlobalVpnPro/cache/1598581401714.jar

Filesize
9KB

MD5
03ee9d194982da8259d81957162c9795

SHA1
f05ab5cc908262c4dd51f3e8ca49bc346dc136b2

SHA256
d44cfb6b41231f150cf310c7c4d399be9587294e3727197e046db4a1c2c3ca3b

SHA512
241f97312aa3e4547ce7f3195667301872bded70880ce33641a26292530ec2c22614a85c7e2437c5a88fff0e6359ef9c253caa79fa49a025869ae5dcbae524ff

Download Submit
/data/data/com.shimmershine.GlobalVpnPro/cache/rndseq

Filesize
48B

MD5
d10c19d11789b178c0a823b53eb66444

SHA1
0188c0ac5c946228d3d42f0bda887564e9cc966f

SHA256
d95adfdb57a0e325b181ef658090dded438fb67310f6870a7f4148a8a44a05be

SHA512
b9e63d44ccbcdd32121c23da87a8d9df455af75a3e48b803b72babce91487bf25da4a9cd7b8b7d22e3eebfd4e7161b5f59fd1ae02a75e4f12edb9879d805d010

Download Submit
/data/data/com.shimmershine.GlobalVpnPro/databases/anchorfree-ucr.db-journal

Filesize
512B

MD5
ebfdd9df0c5f351587a152e627261817

SHA1
42d99b089a500d93f216cc1b5a4fc50cc8426335

SHA256
84c1b07b4108f23b9f0e3559e5ffc4dc88b5b066a06ac234ef7188ad29e329df

SHA512
92eeadc0f96135086c131bda151550bc268e2dcda94254a7783e0695af8c6690a84908788a43da11ee2cc59f0e2f3defb655604f6b66eb60815e9a30a1b0eb87

Download Submit
/data/data/com.shimmershine.GlobalVpnPro/databases/anchorfree-ucr.db-wal

Filesize
32KB

MD5
fde4cd4250708ddb87f647d52baa7b90

SHA1
7a1a1e77fefbdad348d41797dde68744c87760cb

SHA256
011568f80f2021bb6aafd2947edeae7414d4a3a3ea0c1367459594b78b30e425

SHA512
29821a20e3876aeb0d9a81c03615486d9bf7df9fa5ce095640f6c0b30952e282aa3aa687adbe33dd6d0e2ab18ee61fce43b3364f5cec4b9c07373919e47ba6bf

Download Submit
/data/data/com.shimmershine.GlobalVpnPro/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
11619a469ff58abde9167331fbff9a17

SHA1
b3bacd7484adfe2ccaa54306890271903dd0d1ca

SHA256
29dcbe1062119b151855026e4458b1339b1741842246fd885871f78d8dce61fd

SHA512
8c12f5ca7bc80c85cf1946a68183c13c1883af26ec59f3a9a168fa72ccfe1cabd30c8cbc46eb7664386da10f03aeb6561d425f27b8eec1119e3bba451b68faa1

Download Submit
/data/data/com.shimmershine.GlobalVpnPro/databases/com.google.android.datatransport.events-wal

Filesize
52KB

MD5
74b7d6afaf0db4ca814840d03f7e7294

SHA1
51a359076ad30eb3c8cd1f03b701ceead69cc6ba

SHA256
5ec1cb7b979a6f5f1e325b4d8d28e7fec08cd7da670e71c4f41f3ecfdc83760f

SHA512
9ef1e0bf3d613e2e7792fdf140d0543030b3a56def63a401853d1c86a6350ffd08f48bb78560ece96d24de0e161e1d94e2c771d70d7603a9d011b0635fed6422

Download Submit
/data/data/com.shimmershine.GlobalVpnPro/databases/key_value_store.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.shimmershine.GlobalVpnPro/databases/key_value_store.db-journal

Filesize
512B

MD5
faa03a5eed7160af5e80500c497c0f0a

SHA1
8c005cbfa40a0c6b179a912786771114ee332283

SHA256
d5570a7cfd9fde282fafdef253c060ebc594af558ec44d0c8373a078bc9d7a00

SHA512
b3735bf08d32c110bd4cd88146afe66ef2051dd73166411206b9f850a164d433f66da9fb3077292602003a74bbead4a8c299f0890441bf6ab6d4b2f229bba73f

Download Submit
/data/data/com.shimmershine.GlobalVpnPro/databases/key_value_store.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.shimmershine.GlobalVpnPro/databases/key_value_store.db-wal

Filesize
225KB

MD5
5704598b3a0066cc1b958f103916ec53

SHA1
d44108845e4280987541d9a60938e55d0b343f13

SHA256
345999b824a53cf00a02b5d2250cbd6edd3f26f00a66f7ef43e110c1d04ca5d9

SHA512
3aabd2182a2adb2948347042c471dce6f4a73d6f905904826d5b2e77d4730ea223e09abb137486ca44fb4bc3fecdd5c44dea81f8779388e76ef7f23caa8ce343

Download Submit
/data/data/com.shimmershine.GlobalVpnPro/files/.id_config

Filesize
99B

MD5
77fa67c26cb74ad2304d5bdadbe15f25

SHA1
6926bafb952f2bf1c4169e5e23e41033dad820b6

SHA256
911164f9278accfb7ad1dae0cad0d67105ef2aafdb996cb052371792d8be96d0

SHA512
ae8294275ced4c13b6f23c58643449d9dea2d6b89e01bdfd5e1a244b07def1e617ceddef67640c73b282867dde9fe27165ddb6cfe1e648e4a6620e86a6fb27fa

Download Submit
/data/data/com.shimmershine.GlobalVpnPro/files/PersistedInstallation4272346528834078618tmp

Filesize
90B

MD5
13e1ffdf2631270704ab6a7da4c1a26f

SHA1
1a3e311a11519136a2e17c7ee3283e470b5fd9b5

SHA256
be5e1e8c0d8e9e7c394a936cec22d471445422a79382e5796a41aacf9434276c

SHA512
48e4bde8b8acbc64ffbc963ae69893eeee85ed4a907d65b5f662c8f0c2144fac4d93d97a6f1b2a92810cd11f0c305a4b832c6e640f49ae75d3ab4fd95f72a65b

Download Submit
/data/data/com.shimmershine.GlobalVpnPro/files/PersistedInstallation4843724625205140242tmp

Filesize
569B

MD5
d983c8e0829b90c1b820fa86de7eb453

SHA1
63427723fb2ceb129552a716c43f82148c364e1f

SHA256
b33b4e0e02f820c3b31958a88d5ec67bc4077d97c2e88fecd9bf97b1849fb38d

SHA512
f2af7fe05a9151d357afe696b11e015a3a57cde99ac3e97a55894276ed4129343a1b4fb3795a52cd8704a3e6de13a7fcbf3a7f91d98912b20a8158f067b96964

Download Submit
/data/data/com.shimmershine.GlobalVpnPro/files/audience_network.dex

Filesize
3.2MB

MD5
4905ee4caebdf455b9debee76ea89cae

SHA1
461d5626e22bd87e0f0afa3440d5ce61d2363571

SHA256
0bfad0c78e6e439d2c70d43568d1dc541bff8d4b4c5bfda9e81e03ae790dd864

SHA512
89bce0984264008e30a635852cbd3ba0c822b0917525a9029ff029a33409c161dad0f60ccf67406bea62e3d42ce0364250f3a9f502db8bbcaeba277787b2fc3f

Download Submit
/data/data/com.shimmershine.GlobalVpnPro/files/time.config

Filesize
37B

MD5
73b332e367d23967f33f68b209ce2dd1

SHA1
b320c327feab307c4526ca5a8e3b71720f9029b4

SHA256
fb1cc362c9cb491e893cf60811a02aa7829c0c9a610be5c5a53ad161d8846814

SHA512
2307b946536b4d27cf1f6c00031077f211e95bdb4a3dd4fe5b36f2374ca7511a7372f2b6e7acb0f682d6a12eed67f2d3b2088a0af7c9020eba1c0cd1249b8d6f

Download Submit
/data/data/com.shimmershine.GlobalVpnPro/no_backup/androidx.work.workdb

Filesize
96KB

MD5
947c2dbb1bd8a2a0c9768722140d204d

SHA1
943ab8dd839212b17e0dc2c12cabac784ae3d29e

SHA256
29a8bbecf40fd06e4fb77cdf578813bea0e6febc68b643a7ce5cf941149f09e5

SHA512
760296e73b1dced91c697d353550d352ef1fac4930973129eca46f6fdad0a8b1f18214839d4187a113998a79dab63dd2d785f4b8cef8bc2ad55794985f23fc38

Download Submit
/data/data/com.shimmershine.GlobalVpnPro/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
7e177cffddc7f3cb114ff24d20ae5da3

SHA1
c92ef95639ae2bea5d300666957c68dc206fdbb3

SHA256
7c5d07118289d6927104b7eb6c38b843a3c030316d3a8e6e92b845236797a82f

SHA512
b3cf44380e3b8046386f6ec513c81f728caa4e417ba91c747e721f91de55a364a5be2c24985d92224dcadb63ae60a3d78992ae0efdb09c1bb9fc0f8bc9448b79

Download Submit
/data/data/com.shimmershine.GlobalVpnPro/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
ab817064b30870ce2c0cb05e43922c88

SHA1
87ed18efabeb4cd9f05af18f89652b9e85970069

SHA256
f633152a61f20ed2c209662a0f4dcd5ba64577ef725b569c21f1663ea93db979

SHA512
819b137440b8caf1ab34a5b04ba280b10b59c7ad5416b1c6893a047f7a79cc253277a72f48bf75cd5fbed5a6448dccb155e2d071ea7252bd1540ad4358606b94

Download Submit
/data/data/com.shimmershine.GlobalVpnPro/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
332842ccd3aaef3bd9337bacb351c2cf

SHA1
29b406eddea6ef6c0388ad9f1e7339059c33e9fd

SHA256
81e6ad793af1674062e3528134136a9395cd2f1a9f57679902520c53c8f3fb5c

SHA512
1ae4cad6390fe848e19a8d7da34ad57f1a3e8a911ccca5e290f1eaa09c8feefe6e877548daa747911b6bc2ee9fcea27f3eef4b3b1a200d6bc8a0916639d7869c

Download Submit
/data/data/com.shimmershine.GlobalVpnPro/no_backup/androidx.work.workdb-wal

Filesize
406KB

MD5
ee685ce90d660b5d0ad0d21a1435be0d

SHA1
aa70283dfde6bceac85fb837705060adc344b418

SHA256
c3f5d8b7d9bde304ec1e62dea8ffba026089867d1f3ed8049e7eea36f55d2d52

SHA512
27c9747934018d65a7e676372c27cd8be082dce161cee49bb9fc6e1a70d7be189f47f1b52809d424109ea2e0865bd2a76ba8144de2acb1e63bad1d6da64e7d8e

Download Submit
/data/user/0/com.shimmershine.GlobalVpnPro/cache/1598581401714.jar

Filesize
19KB

MD5
cf2ed89992c1145a27f078b9da17e96c

SHA1
2afc75b5bc6329198ec01829e6c6acbd0c0dee01

SHA256
84009ae4f9125e2d61a670b88e41ad81bba2161dc0910b4506ef6356f0ebeb78

SHA512
8240cd4dcf4087b5f02400853f6820afe4b2a8825089aaa661662539fcb857b78013f8f3a9dc047034f6f42168fffcc6c1727076ab0e4eeaffcad956659de6f5

Download Submit