43e3a0b0d5e2f172ff9555897c3d3330f3adc3ac390a52d84cea7045fbae108d

Analysis

max time kernel
147s
max time network
166s
platform
android_x64
resource
android-x64-20240221-en
resource tags

androidarch:x64arch:x86image:android-x64-20240221-enlocale:en-usos:android-10-x64system
submitted
10-04-2024 10:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

43e3a0b0d5e2f172ff9555897c3d3330f3adc3ac390a52d84cea7045fbae108d.apk
Size

21.9MB
MD5

d9a39c41e9f599766b5527986e807840
SHA1

a35653c3d04aaaa76266db6cd253f086872a5d27
SHA256

43e3a0b0d5e2f172ff9555897c3d3330f3adc3ac390a52d84cea7045fbae108d
SHA512

ccd49932590a89f8ccfddd0d588660942b9e657355456a7bc5f05f36d02b6ddb3f42321b47ab7de03a747c846cca1d3e9f0f02fc0a15f57dc1c0073354a2c300
SSDEEP

393216:5q3TVSn9LXMq4Ynog/N8Cko4g04hQOZeibmUEPZgYlX5oLLIR1pmF8yxilXLGg6a:5qJwBXJ/atbnasiAB3wVF9xwLS4vgfxO

Score

8^/10

banker collection discovery evasion

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs 1 IoCs
banker discovery

Security Software Discovery
T1418.001

Processes:

com.shimmershine.GlobalVpnPro

description ioc process

Framework service call android.content.pm.IPackageManager.getInstalledApplications com.shimmershine.GlobalVpnPro

description	ioc	process
Framework service call	android.content.pm.IPackageManager.getInstalledApplications	com.shimmershine.GlobalVpnPro

Loads dropped Dex/Jar 1 TTPs 3 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

Processes:

com.shimmershine.GlobalVpnPro

ioc	pid	process
/data/user/0/com.shimmershine.GlobalVpnPro/files/audience_network.dex	5035	com.shimmershine.GlobalVpnPro
/data/user/0/com.shimmershine.GlobalVpnPro/files/audience_network.dex	5035	com.shimmershine.GlobalVpnPro
/data/user/0/com.shimmershine.GlobalVpnPro/cache/1598581401714.jar	5035	com.shimmershine.GlobalVpnPro

Queries account information for other applications stored on the device. 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
collection

Stored Application Data
T1409

Processes:

com.shimmershine.GlobalVpnPro

description ioc process

Framework service call android.accounts.IAccountManager.getAccounts com.shimmershine.GlobalVpnPro
Queries information about running processes on the device. 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

Process Discovery
T1424

Processes:

com.shimmershine.GlobalVpnPro

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.shimmershine.GlobalVpnPro
Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads the contacts stored on the device. 1 TTPs 1 IoCs
collection

Contact List
T1636.003

Processes:

com.shimmershine.GlobalVpnPro

description ioc process

URI accessed for read content://com.android.contacts/data/phones com.shimmershine.GlobalVpnPro
Reads the content of photos stored on the user's device. 1 TTPs 1 IoCs
collection

Data from Local System
T1533

Processes:

com.shimmershine.GlobalVpnPro

description ioc process

URI accessed for read content://media/external/images/media com.shimmershine.GlobalVpnPro
Reads the content of the call log. 1 TTPs 1 IoCs
collection

Call Log
T1636.002

Processes:

com.shimmershine.GlobalVpnPro

description ioc process

URI accessed for read content://call_log/calls com.shimmershine.GlobalVpnPro
Acquires the wake lock 1 IoCs

Processes:

com.shimmershine.GlobalVpnPro

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.shimmershine.GlobalVpnPro
Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes:

com.shimmershine.GlobalVpnPro

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.shimmershine.GlobalVpnPro

description	ioc	process
Framework service call	android.accounts.IAccountManager.getAccounts	com.shimmershine.GlobalVpnPro

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.shimmershine.GlobalVpnPro

description	ioc	process
URI accessed for read	content://com.android.contacts/data/phones	com.shimmershine.GlobalVpnPro

description	ioc	process
URI accessed for read	content://media/external/images/media	com.shimmershine.GlobalVpnPro

description	ioc	process
URI accessed for read	content://call_log/calls	com.shimmershine.GlobalVpnPro

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.shimmershine.GlobalVpnPro

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.shimmershine.GlobalVpnPro

com.shimmershine.GlobalVpnPro
1⤵
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
- Loads dropped Dex/Jar
- Queries account information for other applications stored on the device.
- Queries information about running processes on the device.
- Reads the contacts stored on the device.
- Reads the content of photos stored on the user's device.
- Reads the content of the call log.
- Acquires the wake lock
- Uses Crypto APIs (Might try to encrypt user data)
PID:5035

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Data from Local System

T1533

Protected User Data

T1636

Call Log

T1636.002

Contact List

T1636.003

Stored Application Data

T1409

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.shimmershine.GlobalVpnPro/cache/1598581401714.jar

Filesize
9KB

MD5
03ee9d194982da8259d81957162c9795

SHA1
f05ab5cc908262c4dd51f3e8ca49bc346dc136b2

SHA256
d44cfb6b41231f150cf310c7c4d399be9587294e3727197e046db4a1c2c3ca3b

SHA512
241f97312aa3e4547ce7f3195667301872bded70880ce33641a26292530ec2c22614a85c7e2437c5a88fff0e6359ef9c253caa79fa49a025869ae5dcbae524ff

Download Submit
/data/data/com.shimmershine.GlobalVpnPro/cache/rndseq

Filesize
48B

MD5
95c3652f4426ee77e4b4d254d6c6f35f

SHA1
10a3cd75320ff673d340c99047cbce6534aab5d3

SHA256
1ea547107cb8642d145fd75a8d13d2da8211cf40cdffb1f6ee089d9e6c048da0

SHA512
928a8f487928efaed689cb52d15aa02d5e776c663974f5d7044f154c59c97379b40b51fdad4104e21e9fcd94f8d15d4d9650fe13fe6cb29b42a3010647d6da7c

Download Submit
/data/data/com.shimmershine.GlobalVpnPro/databases/anchorfree-ucr.db

Filesize
20KB

MD5
7b5e50daef3dd134ef6b17827703028c

SHA1
ddf24d3b4b90694aafa514084544cdcee51186ef

SHA256
c426e89b43758cbe7e22c4f6fe12096de0bc388c4bfe8d94a9398ee807d58452

SHA512
8e19a9661fd28aea8230451c1b89e2fa19095b9e31510e6d9ab6d4d6842028cf638448dc928bc48dad4942fba0743f3fe0e58316aa8aee944f04f94e06041156

Download Submit
/data/data/com.shimmershine.GlobalVpnPro/databases/anchorfree-ucr.db-journal

Filesize
512B

MD5
db77a182daa69b8a6affa4b10cf04ab3

SHA1
66a7b186fd6ef76a6ee7a19a430084edfc68c83e

SHA256
e334651fab641d6722c4380be93154fc7608ad3cc683e5593e5e26c57af33b0e

SHA512
93e322a87debc37e20d370b7982e5c44ca59fa54d7ad61a6e6859efe75ea10c24ce278001a6c547ed27970ca54b6e24e628a309dd8dfdbe10a7705b5cd63f227

Download Submit
/data/data/com.shimmershine.GlobalVpnPro/databases/anchorfree-ucr.db-journal

Filesize
8KB

MD5
0864b9cce2569d6b64a2319d42645358

SHA1
9fb01567a3e2be73fbfecc309977962e4bb59c22

SHA256
01ae8cc2d338762a1c82c9ae322c75768467f5d250ad294d71db979e2505974d

SHA512
f02cd26c825a240c78b3548e05275d7afd0f70fb71d7062d06bdb3072198d13d1e494fe0b48d2fe479fa8744ede3a1a9974e0715eb4afe2431c62159a2696431

Download Submit
/data/data/com.shimmershine.GlobalVpnPro/databases/anchorfree-ucr.db-journal

Filesize
8KB

MD5
6e3a8c87a2e68007b4a472441459c4a0

SHA1
c9cfcb6361ba5b01cf2f8a2a7a21a48dc4416918

SHA256
4471f88a216805220120b3a4677740a5408052eaef33471ad6b07487184ef320

SHA512
4d53bac560c316e4c5f83d51ea7c8132ad5518b027b84e3bc427c14b9cf4c2bb8c3bfb2c93bb320e15b75e9aba5bb6b16cc4930abf84c3e894c9b55d9de12dbd

Download Submit
/data/data/com.shimmershine.GlobalVpnPro/databases/com.google.android.datatransport.events

Filesize
40KB

MD5
15d5b92dcbda7ef7f9ca327a903e46e4

SHA1
ca153b66028a58d90346ff8abadbdf01b95c37b1

SHA256
e802fdc1ccd833b91d80bb1d8f54cab2b585393e6a07622c4d9feaab07633370

SHA512
2352f167ee5aa37cb3438a0a7df8f632771a1d019c5cd120fe62313fb73aed6d0e09186a9bf306a564371b846a8da020f6acd7aede0cc47ca50701611fa84aca

Download Submit
/data/data/com.shimmershine.GlobalVpnPro/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
92aead6e59743db7f691ee1388ad3619

SHA1
3098d0a0c0a0f102a799df66173e51cdbd824f31

SHA256
eef72645ba9d3a6b520d648df613de825bc9f33e2a85108e60e503f5363eb57a

SHA512
cb6c42591077cc1b3a5fe4ba99f19b5a7aea75bd707163db826b33b43c86f6a898256c50acef1e95596a2af7f924d133fd14cc077281f01fc8321ef5dbd05699

Download Submit
/data/data/com.shimmershine.GlobalVpnPro/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
818c9cad84be960d1491dd372d305e17

SHA1
87fd101cddbe5a974ea3e70fda90ceb579c6bedf

SHA256
300c3a0288f2cc6d7bf0390d8489df4cb363035e9df97140de8b689ef21120a7

SHA512
74cc3d59f2ed7483e11941a46b778ff5164821c466210c2f46f6e051b007d2343dda6c1689f2381c42879f3c6c6b2839d3cfc7b054003ad7934cd88e08a9b9ad

Download Submit
/data/data/com.shimmershine.GlobalVpnPro/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
0f6d05df80400808acabc588801688ea

SHA1
b9b6d86f2bb48cfe30713a27d377fb6ab21adc1b

SHA256
059ca19e51be266bae98763ac8cc03b0fe7660cc1cc1ec5e0805776e5af56d93

SHA512
44e56debcbfd8f75548885da7c79c718f60e42a221228cdabfb83de8972db1b54c06087f91a5fa009db0a3bbc5b65e788996f2bfcffdaf325964acf742582dcc

Download Submit
/data/data/com.shimmershine.GlobalVpnPro/databases/key_value_store.db

Filesize
20KB

MD5
13a5c5755e0233b82dd878d235780441

SHA1
a3b297891cecf4d72c1aa15283443e5adb471e2d

SHA256
ab962d92002b0833eadd06e69911ed7ee5b711b602052b8aa5f329278b048684

SHA512
7d0bdedea600e44424badeaa3152e6ca4e7be5f755ce7b2fa48ba4827143227f290392340aebb7538b263c784169f57ebb34f7e3e6caae47ee06ba4fb0f53be1

Download Submit
/data/data/com.shimmershine.GlobalVpnPro/databases/key_value_store.db-journal

Filesize
512B

MD5
93ea08502ffeab15df449443d01de275

SHA1
411eeac0acb230944c1126a9d7be164a2300e6ce

SHA256
52001b0efff21ebc5a0d564d583b55e67e99a670be48641da07bc86f16551dd7

SHA512
9a5d4a2c36f857010804f7f8e378dd869cb4b85fbb008397def4cf8ee46c734543ccb3c6153b097159210c6fb758d588e874f948f06aedec159323bc04d3e40b

Download Submit
/data/data/com.shimmershine.GlobalVpnPro/databases/key_value_store.db-journal

Filesize
8KB

MD5
22ede4fc4b37ebcf23beecccb29fb395

SHA1
4691fb16601af79046c68d0cbac5fdb9ec416325

SHA256
2316392bd1e005b471af8f180153ea85827487a3627a9972e4d5a9f40385e7c2

SHA512
cf0d7ae7081322bd22ececf2b2471d7c860bdee6237f3080feae72f12d4752df76dd9c4b6ed77c0b57e945b398b41da86d98f5a78b70a1facd1d959b2101caa2

Download Submit
/data/data/com.shimmershine.GlobalVpnPro/databases/key_value_store.db-journal

Filesize
8KB

MD5
e6d6e10d69ac6209d82737993441017c

SHA1
39beb36b1f700ffd06ec183af0adabaf98b38ff4

SHA256
11e94ecfa0fd5abfbdc7615b4f084ad43ccfb7b6d188d136a626efa5ccc6878f

SHA512
3eb2c935ce53def48bb966c5284eed1eeb9b5192486d39f8109f2a189d41f9b90ab41e5e93b83e362b1a92f3f15fc6110f54646e758cd2a13b9f8ce39b7da53e

Download Submit
/data/data/com.shimmershine.GlobalVpnPro/databases/key_value_store.db-journal

Filesize
12KB

MD5
ca82f152fc3b95af2450ff2438dceec2

SHA1
60fc05fd8ceffccb53c8490a08a7cc29688fccc1

SHA256
284c528387ae34e816a1342e2d65ea6af2b70dbcea14d8b6cb3b1baa33726cf5

SHA512
3ea59a2068b530a5ec5f479993830d32b9d72cde926df3c2398beccb09dac3c6c1943b67e0aa413e469459eea62f60556894265e91648a6ac658890c4d7bcde8

Download Submit
/data/data/com.shimmershine.GlobalVpnPro/databases/key_value_store.db-journal

Filesize
12KB

MD5
ff207ad49474951fba80b89e8f5b2e68

SHA1
9bc209b7f514ec98c2b7749aa162288e72f9f493

SHA256
3293da147658b787047583cf8775ee856de855915b95ba2989d6486f5e1d23ad

SHA512
4a749210b19ff281d6bd212e50e4e717da549d67ff939c86cb3bb3ebf1ec2ca71a699f83dbe5f8549db0035091faacf26782ae96d8197175c92855ff575b9370

Download Submit
/data/data/com.shimmershine.GlobalVpnPro/databases/key_value_store.db-journal

Filesize
12KB

MD5
0a73af8a370c6ef4d1e501da036c8a67

SHA1
4b30c6a38d0e3c11d3f6bae5043ba7716e7c9582

SHA256
0acc4a665bc9f3b8d06aa94a50d5405f21d377c047d19397bdbbae7d6e7bd779

SHA512
ef2ef1a47aca22c131a435f7c6cc190e21a67ca810039b640be98b72b193fb68eeb90e7b5e0db99f3cf94fda6cacb581d27620b3ee699090da96688f1c766f12

Download Submit
/data/data/com.shimmershine.GlobalVpnPro/files/.id_config

Filesize
99B

MD5
1699b1d539530bccd0e1e5b712d36f99

SHA1
4e40e3fafe8c62cffb0d633d5f5427a7d5549506

SHA256
ed5d421fd6a65419ab377f280d345cafebcc103daca622658a870898ee88d49d

SHA512
5ab0acc5ddd2400e6aa3a158eb929a1169043a3480ab4cc83fac7a3355c03cbd738bb189a77765df0cf007bc5f843ac4d1bbf6838d24424965f10ef5d6f8f4e8

Download Submit
/data/data/com.shimmershine.GlobalVpnPro/files/PersistedInstallation3036354354259879702tmp

Filesize
90B

MD5
41711ff1519f1e017ce898478e8b34c4

SHA1
55bc60c47a6c923ae4721e455bc3a9e0dd363ca5

SHA256
af766153cc57a259333f1ec9d59e49895f2adddd3d04bed8356c8e0f0208dd76

SHA512
781246dad9a277113521bfa72f3d1d663837a86766e93321b90c2cb529db8dcacc8391d2b68bbab589700619bbb1af62aaebc052a3234df3096dd119692dd59b

Download Submit
/data/data/com.shimmershine.GlobalVpnPro/files/PersistedInstallation3333791924841616242tmp

Filesize
568B

MD5
3972f9b4e1a0972e3d42b82fff3d3e09

SHA1
f1a983a44969f2e7135ffef1fa8f41c9fba508b4

SHA256
280274ca7ba0f0b909e36dc00cba9e945ea42f5242aae2ed5ac1e134e10ca315

SHA512
7d7e6b3acb95a5cf0a121364cc572200b9f822be23404e100f88b8ae8030834ecb012fab6d8b232ea56a314a8213b6512633ad0ec3b244669f922a8af25135d3

Download Submit
/data/data/com.shimmershine.GlobalVpnPro/files/audience_network.dex

Filesize
3.2MB

MD5
4905ee4caebdf455b9debee76ea89cae

SHA1
461d5626e22bd87e0f0afa3440d5ce61d2363571

SHA256
0bfad0c78e6e439d2c70d43568d1dc541bff8d4b4c5bfda9e81e03ae790dd864

SHA512
89bce0984264008e30a635852cbd3ba0c822b0917525a9029ff029a33409c161dad0f60ccf67406bea62e3d42ce0364250f3a9f502db8bbcaeba277787b2fc3f

Download Submit
/data/data/com.shimmershine.GlobalVpnPro/files/time.config

Filesize
37B

MD5
73b332e367d23967f33f68b209ce2dd1

SHA1
b320c327feab307c4526ca5a8e3b71720f9029b4

SHA256
fb1cc362c9cb491e893cf60811a02aa7829c0c9a610be5c5a53ad161d8846814

SHA512
2307b946536b4d27cf1f6c00031077f211e95bdb4a3dd4fe5b36f2374ca7511a7372f2b6e7acb0f682d6a12eed67f2d3b2088a0af7c9020eba1c0cd1249b8d6f

Download Submit
/data/data/com.shimmershine.GlobalVpnPro/no_backup/androidx.work.workdb

Filesize
96KB

MD5
50d366373afbe6480956eb331f1f3b4b

SHA1
c49cb111ad65ec454dd82af637eea2880edee1be

SHA256
6a1eaeb7206b06763d98fe939b1e6d7836927506632a141730cee29eb86db187

SHA512
37828fe79195654c03482f6453b7eecb21f0286cdab7df49495c5b0e988168a46f8c461061b45117b9d10903f98df70c3db3253c12b488693a72ce37bf24c771

Download Submit
/data/data/com.shimmershine.GlobalVpnPro/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
73dcc616133bd3b910f10c53aa3c46ac

SHA1
0dcc348e5e1e0da33c8caa7dec74010bba2a4640

SHA256
9a05a6c7c949fbb890914131b1601ce3ff1c870b49e6cdeb30e39fea14b6d60e

SHA512
2f1c292a840f3e9c4719d56baaa7f227018ffd3b0ed3cac85faf5fc39d7813ecd52e90acac2bd0824352cedb535983023eb86b81675362dedc1502684aa2efc8

Download Submit
/data/data/com.shimmershine.GlobalVpnPro/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.shimmershine.GlobalVpnPro/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
e1fc44fc18ebd97a99fb74fc04a2b317

SHA1
b9d222c0ee107e02eee033d95155039caa12712d

SHA256
f9c4a6acdf23897414b678388b5caa112f1d0764b5a9654003e0d0ba1ebb50ab

SHA512
f724d5ac91829c577c41a8f874cb43eed4abc729c0bea629c26a471adbe6a8604916948991ffa4fa8e16eefd6206ac87ff8f7f93d07681621292e659b3d27131

Download Submit
/data/data/com.shimmershine.GlobalVpnPro/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
fe4177bf543eb69c472134619d2e658b

SHA1
756361758e6afa6011e8461438596744c924689d

SHA256
7038c974b11cc4e2ec3b3bbab2ddaed505ebe9fdd43b694ce7de201fc7be1075

SHA512
7495ef806acf1c973e334499f77e6175f9c340cc4792b14ae155d29c1903ce62539224e29f39fa08091b047ef29aeec0b5e03d464ff2389500dd7738e261ab7e

Download Submit
/data/data/com.shimmershine.GlobalVpnPro/no_backup/androidx.work.workdb-wal

Filesize
406KB

MD5
4a70949c50a3d6f2d94b3bd3da61edfd

SHA1
c2e5683961748c9eba01a9803c4e217ce569cd1a

SHA256
c9d1f726d01d4228ae264e5d782738e71fc0ef2ec1a0a642c423e08e6bd3ec66

SHA512
e0f2b8220db45388ebc2994ff0124d8688a0d2d050b0e644bdbf15e0a9c2eb13ac893595352fb61401057b0eb547806065ce707a2d06932b57e012c68ab7bbf4

Download Submit
/data/user/0/com.shimmershine.GlobalVpnPro/cache/1598581401714.jar

Filesize
19KB

MD5
cf2ed89992c1145a27f078b9da17e96c

SHA1
2afc75b5bc6329198ec01829e6c6acbd0c0dee01

SHA256
84009ae4f9125e2d61a670b88e41ad81bba2161dc0910b4506ef6356f0ebeb78

SHA512
8240cd4dcf4087b5f02400853f6820afe4b2a8825089aaa661662539fcb857b78013f8f3a9dc047034f6f42168fffcc6c1727076ab0e4eeaffcad956659de6f5

Download Submit