23ac2751dc37f07078dafc79b381ba9e686ed8d18e70719e9a4786b9c38dc5a5

Analysis

max time kernel
14s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
01-07-2024 06:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

GLTools.apk
Size

22.8MB
MD5

8f6f9fe8ee494c98437a11d143a8e67d
SHA1

850e8818929525a5bcf178a322824b56ca7db82a
SHA256

23ac2751dc37f07078dafc79b381ba9e686ed8d18e70719e9a4786b9c38dc5a5
SHA512

d1c8c553518a811bd7b9767d64428a96615c0ff6fb628ef09e95400da61184d7b5c76a1e92e6ecc81a9820e5400b703929101be019ba21cdd7ef3211b9c93a6b
SSDEEP

393216:jSBurJP2vsEKD3LO1HGJxEUD0XQdeayzt6toOWTw/to9EduT2:vJ2Vs0mJFIWeaw8toOWTw/tSZi

Score

8^/10

banker discovery evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 8 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/bin/su	com.superpaninbros.glng
/system/bin/failsafe/su	com.superpaninbros.glng
/system/sd/xbin/su	com.superpaninbros.glng
/system/xbin/su	com.superpaninbros.glng
/data/local/su	com.superpaninbros.glng
/data/local/bin/su	com.superpaninbros.glng
/data/local/xbin/su	com.superpaninbros.glng
/sbin/su	com.superpaninbros.glng

Checks known Qemu pipes. 1 TTPs 2 IoCs

Checks for known pipes used by the Android emulator to communicate with the host.

evasion

System Checks

T1633.001

ioc	Process
/dev/socket/qemud	com.superpaninbros.glng
/dev/qemu_pipe	com.superpaninbros.glng

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.superpaninbros.glng

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.superpaninbros.glng

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.superpaninbros.glng

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.superpaninbros.glng

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.superpaninbros.glng

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.superpaninbros.glng

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.superpaninbros.glng

com.superpaninbros.glng
1⤵
- Checks if the Android device is rooted.
- Checks known Qemu pipes.
- Queries information about running processes on the device
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4264

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.superpaninbros.glng/databases/StartApp-d6864f2502af7851

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.superpaninbros.glng/databases/StartApp-d6864f2502af7851-journal

Filesize
512B

MD5
7bd7126dc3eb988444dd9335df17be39

SHA1
cccf66993da7167c5fad0094707e6f1643cf82c0

SHA256
121f88bcbe6008f37ae90d20ad64e7775ed6dfef8b266e7ac31342a363163a3b

SHA512
c02bbee82bfcfd64a3d6aa170c625f1c00abfc2ccbc8ab5dc465f642a856f5eb48a473971c3880638daa4d98ea18e4c6a3a45be1bd61a95ae991785e30cd2138

Download Submit
/data/data/com.superpaninbros.glng/databases/StartApp-d6864f2502af7851-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.superpaninbros.glng/databases/StartApp-d6864f2502af7851-wal

Filesize
48KB

MD5
827da86649d8c4fa353cd0eabb64e3b0

SHA1
84cfa79872cf1c935a3aafa0ac034ff5b26660d7

SHA256
6f49101dd46deea02492acb9d4c45fd5c5e11d92da9749401b18218c34b470da

SHA512
43146c023cc52ef2a6a2a68f86a49d515befc642290c60cb3f3946c04d9f848f869cd304185ae35eee140c29bb9b3f9568b21a685c23829b9986a40122deb251

Download Submit
/data/data/com.superpaninbros.glng/databases/androidx.work.workdb-journal

Filesize
512B

MD5
b438876769d39501af0e482d4c743207

SHA1
92d6fdbfb615be710dc942ecfc39b293eb285408

SHA256
c009f157364cab9be4d9d9d52e8ea6150abc683b3e63fd6051d814cc59c9f4b4

SHA512
1acf30ef9daa4abfbf52984a7cd79f9ecbff6ed8506bf187555e31aca10640bd4bc61f99faa025201a6ffe49cdb53b7b961d7199ee5243c310ac5cad143f4674

Download Submit
/data/data/com.superpaninbros.glng/databases/androidx.work.workdb-wal

Filesize
88KB

MD5
82bb25a8a9dbbf647104532c8172ea5f

SHA1
2ac3f2d67c60b06330c3302249f4c1c154aec1f0

SHA256
ee742319055b62922bfa1633d1ae4dd7f6cd751aad5b74ab196096de24f5435d

SHA512
00e860abd8c88c1d8cdeb310c135c91f7e956fec33f582215872097d4995ef77c10b75d9cc084597216b1aa5bfdb07cf2815b93e8f97bf6e8f3811f24282a3fc

Download Submit
/data/data/com.superpaninbros.glng/databases/androidx.work.workdb-wal

Filesize
16KB

MD5
72e4e3cbfa08958160266f2ca57ea591

SHA1
e428429a8b16b1281aa97791d798c67d865552b2

SHA256
6fe0ff2482500c0504f2891442ea3c9718379946f9602c2b66dee57214afaa48

SHA512
6e9ec4f1aa7724625bd7405f335c5dd7cb3455e7cbc39c08cb7e0ac5b40136e1a8cff665bb69ee745cd1bc94fc3c778d889b00245f527564f8db2f9bd4cce27b

Download Submit
/data/data/com.superpaninbros.glng/databases/gltools_database-journal

Filesize
512B

MD5
ace39a746f638f05c5985480b8eb8c33

SHA1
b14d21555404ebeced1e3ac10b1e173aca240da0

SHA256
fa4e343505e30d7798b161e87424837f005fcbadfc8dae9062906e1a89f71c23

SHA512
ed46df3030c1f63867045b7f94ff7c7fab4c38b1cd577c0b48bf74a1ff0c2082454945c9f0928d2cf8374f9d6905c3a2cc6fbfc22b5c7f4eb812e04a5eb83fcb

Download Submit
/data/data/com.superpaninbros.glng/databases/gltools_database-wal

Filesize
16KB

MD5
cd3a050ecd4be49174907d4cf8a04550

SHA1
c4761063306553a79945663385bacfae28b6ad47

SHA256
7bd3a1043ac074c846e1f7ef7c070dd47746f3865b9f29e608a96507710b7880

SHA512
59b93d630eb341ff2f1c15ba52306a1e8a294f63274e6c1015e20596465fefcc81ca0e9423b1e5b444e778b7d32b281a6384f3e8f35f9ea874dce804b8a39d49

Download Submit
/data/data/com.superpaninbros.glng/databases/gltools_database-wal

Filesize
36KB

MD5
273332351bdc2223687c9c96c9c61aea

SHA1
7498cb0708844e66751d17a016c994ae4d369a04

SHA256
be23bd6cb039d774be3e426499405c17213e387be6389a0189240d3c3b8c9e74

SHA512
636d07aad2c137ce0880a54b7ad2b4e611679cc9ebaa9a27686b41369c88dbf9071298e107fd01dc9294f4860464b7fa003ce970877629913a2364822e4f5e4a

Download Submit
/data/data/com.superpaninbros.glng/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7237409e0640cfab7bdbd429bf821a3b

SHA1
4c3da934842f8d4835dfe2a9c275a300e5123309

SHA256
5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

SHA512
c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

Download Submit
/data/data/com.superpaninbros.glng/databases/google_app_measurement_local.db

Filesize
16KB

MD5
1a459724afba9768a6957424135d24b5

SHA1
42e05009b2152751a5d9dc1f42cf4b7f551dc961

SHA256
0ee466433450174b82fc26b1f50d2763673e18225b7fecf6d5829964a6a1cc97

SHA512
36321dd1a3f04a6fec9a8a961efea780f35b22146fe41a1a97d14971b71f110b5892c94b18a2f5f19e32d6dbbd671c05f2852e71665bf5289f8fc1ff9238c8cc

Download Submit
/data/data/com.superpaninbros.glng/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
395617fffb83946d46c0caf1dfe6fc52

SHA1
acfe02728c56768e0fb2fed114edbb8d08cbb358

SHA256
ca27697d03e634350c3b7d20bbd2befdab751018e671fca142b175447d607e65

SHA512
b58421404da03d12b6b358d298263663c1585d2875c8d1588e344dc0eecdf5ff324330d4a70711c490d261598d8b46e1a1e92274071e354b47d88ebddea437c3

Download Submit
/data/data/com.superpaninbros.glng/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
19c0a592939e4da0ce1f80d7bc25ecb0

SHA1
34e53b71054529074928c3e6adeeb401c2c79eed

SHA256
e0befb5296a37192b282b02df87c975ff1aff04d0efa304b4f799e2e91e5a431

SHA512
c2f7c19df6c416cb956fe27ce591154bb8b4ed99ee6f343cbd5df94c8dc6d51abc31cf106a7be5f9f24a635d647ada38bb1b1770dc9a08a25557085602456168

Download Submit
/data/data/com.superpaninbros.glng/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
568c0cfdf29e43c47a09dc0eafaa42a3

SHA1
a1b17de52c0880150248936d28608d3f0ee79f24

SHA256
f393537e55af1b1bb7063478bcef11951077808055c458ab7aaf60c4ae097363

SHA512
ce60b4fb48ec59d6b88d3868a343ec4744fa42b00dba51a75b649d27fa4e2e3a5293bacd0ac270735b9ff9723ceb267e7abc4f09819b2adadad518471d19e2aa

Download Submit
/data/data/com.superpaninbros.glng/files/PersistedInstallation2656573112393529545tmp

Filesize
90B

MD5
6407ee0bd253525c3a43f08ac61cb57d

SHA1
0498aef9b3e1dc37f6a750fbf1d4997d49726e3d

SHA256
4eaf0874bd3be7b2f6321580580a35b690a8f22fe6f7827ee28a28cf5c602528

SHA512
d8efe8a0556c3c0764b37720b2e845b26d9d31d8045a108e73da1c763ad6f5295f760c7e46c540e6fa5faa3f76fdbb7accccd79f94e6add1762a672de8e609a3

Download Submit
/data/data/com.superpaninbros.glng/files/PersistedInstallation5407268961078769364tmp

Filesize
569B

MD5
7cc96fc1781a66754029f30022908200

SHA1
c80b6342481a5c15d56444f9f3f945850f7f66a4

SHA256
bbd648cc5fd32b2f78fa79ba10ef10678bfec8ce9e05c4015b5443dd9f065a90

SHA512
fc958a027949c90dbec459214d6b73bf735359b0160fab3c1f6bd299a2b9ea68272980d02267661a40f9077c2095851e1ef06a7fee0e9f3f5a0e303b1e024108

Download Submit
/data/data/com.superpaninbros.glng/files/StartappAdInfoMetadata

Filesize
1KB

MD5
3ac7ebe7ad555e8980d0ba4200767af1

SHA1
bc8704eeeb39017b5311f2b8a67bd432a0217be9

SHA256
70e63197b6570499a2fcc2d8510d92e1e53ef55a3af1bfce50f5d58425e10d4f

SHA512
615a6f494780e596c2bc1ee60b96ef74ed084b86ea8c9ff3398a3a6f2ffe7bc69f9d948b05b4a0337f800d3668924488e359c5d0c12ae310d550823bcecc8023

Download Submit
/data/data/com.superpaninbros.glng/files/StartappAdsMetadata

Filesize
2KB

MD5
1e7476acc3433c9665f2987f1167eaf5

SHA1
07cae472f962d77f27f8e04c2c449021edd01565

SHA256
6b6e51ec547460cc1251a5db1b04030faf4f9e0c82f53060f1785ddf9c80acc2

SHA512
6ff8e21f4b0ef40da49e930e402107331e9731480ba26ad20ca854d81cab9b234a8686535ce437fe24a9dd916f6bdbf2c776aaf80da9978321a4ed5f198dabea

Download Submit
/data/data/com.superpaninbros.glng/files/StartappBannerMetadata

Filesize
719B

MD5
fd1c677c049c84d9a3d7ec6d33af2208

SHA1
d100166e06b6fdb7eeb758bcb6fca1e449890289

SHA256
b1db2133872df52987644f0b4c82029aae2e6b9cbf64c5ce5c30ffbe54e6f3d5

SHA512
ea0c802524982e60892716433c988de843690f64877c8d40d02e5d12d7509821477a221b85d814a5172a33fc5c69a35d629c89eee82ce372d3763528b8291db7

Download Submit
/data/data/com.superpaninbros.glng/files/StartappCacheMetadata

Filesize
884B

MD5
1ee0163dba426d3830a376ed693635bc

SHA1
607da0f402aa4fd3f093d09a63e7f59f6f31fbf1

SHA256
7b739d99595a6c517f288dbe517463942b084cfb7c72f1ecbefb5ddba4b65483

SHA512
2db29b0386e562c73cab4ef18f55ba77b5556609bc6ec65b728ff5ffff64f2399c15ad48c399091741ba02b06a9059b1d11a30f1e2bae8c87e00d30ffcbab2bb

Download Submit
/data/data/com.superpaninbros.glng/files/StartappSplashMetadata

Filesize
1KB

MD5
22f0f624fc4e0893fa04018909f5516b

SHA1
39b3b601da9279adcb28b4be796903ea65f94dec

SHA256
30432dac4d77b6aa7852f5c3a59d1afb1b1caf8ce078a9724905c2f51d0d2eb6

SHA512
bbd37280affbea47ddb7293f50c2fa3233bdcfa5cca65a6d2be430ad9cbce874970df37e0266a3eb54c646b1d2d3a2a41378742653128bb79e1979f5dcf4e291

Download Submit
/data/data/com.superpaninbros.glng/files/audience_network.dex

Filesize
2.2MB

MD5
3045704e8802e59e6c1479817ebbd31d

SHA1
22d8324951cf8b01433fe4cb322b0ab88b72e27c

SHA256
44e465a1b3c1936047d5b4739272a035d04b850e69463779ba49afda45d4aa00

SHA512
91a750a334d558b6e7614eecd01cc9ab854a6cfc68732904fb8081fdbb6c64150232662c0216209f1d935eaead89ea162d6c64ef4ecaecb37b87361f3834ce02

Download Submit
/data/data/com.superpaninbros.glng/files/frc_1:156716762757:android:ef0772c1977b71abf4cbec_firebase_defaults.json

Filesize
111B

MD5
3519d45b8e024eda31beee37c3581da6

SHA1
f9224f24f61a7dbb9906da722bf7272fc4fdb0ff

SHA256
5f32faf34193e352a7bb26e53f17cb2d831a3a0a544df562d432ad4bdeb19b8b

SHA512
d7ca91c7b1bd5f08036400b19906127c7aa957255a2ed88404bef6d9cbd9229cba44a858a749b248b373c5d6a9b6b3270843ee5e2b50aef239ffdc123859ab13

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads