Resubmissions
10-08-2024 13:29
240810-qrkekswajg 1010-08-2024 13:26
240810-qpxbcs1dmq 1010-08-2024 13:26
240810-qpm3pa1dmj 10Analysis
-
max time kernel
27s -
max time network
51s -
platform
android_x64 -
resource
android-x64-arm64-20240624-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system -
submitted
10-08-2024 13:29
Behavioral task
behavioral1
Sample
Shield Plus_6.2.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral2
Sample
Shield Plus_6.2.apk
Resource
android-x64-arm64-20240624-en
Behavioral task
behavioral3
Sample
Shield Plus_6.2.apk
Resource
android-33-x64-arm64-20240624-en
Behavioral task
behavioral4
Sample
Shield Plus_6.2.apk
Resource
android-x86-arm-20240624-en
General
-
Target
Shield Plus_6.2.apk
-
Size
8.1MB
-
MD5
5b7d31fb9202d6b559263fac309eb477
-
SHA1
587856a9368146e701ad654087329d4636cd62d1
-
SHA256
add00a4daf4de36f154c7313a13c155fd5a922119cb087d6cd93ed4b2fe372bc
-
SHA512
42dd54f71a23bc47ea92613b7a8b8b74f01cc8ec8b9e65afbb7c4bdbbb3d51ac510cba8ea68341f603ac177475a034d80f9849467fb6ead64f1db1b9de45366b
-
SSDEEP
196608:Wyw2BxZNmiYIQFBCuZ4NOzCjj8IkxCfgEK:Dw2T7mibQFBCw4NqcIIkxC4n
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 16 IoCs
Processes:
com.shield.cheatcom.shield.cheat:stub1ioc Process /data/local/su com.shield.cheat /system/sd/xbin/su com.shield.cheat /data/local/su com.shield.cheat:stub1 /system/bin/failsafe/su com.shield.cheat:stub1 /sbin/su com.shield.cheat /system/sd/xbin/su com.shield.cheat:stub1 /system/xbin/su com.shield.cheat:stub1 /data/local/bin/su com.shield.cheat /system/bin/failsafe/su com.shield.cheat /system/xbin/su com.shield.cheat /data/local/bin/su com.shield.cheat:stub1 /sbin/su com.shield.cheat:stub1 /data/local/xbin/su com.shield.cheat /system/bin/su com.shield.cheat /data/local/xbin/su com.shield.cheat:stub1 /system/bin/su com.shield.cheat:stub1 -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Checks the application is allowed to request package installs through the package installer 1 TTPs 1 IoCs
Checks the application is allowed to install additional applications (Might try to install applications from unknown sources).
Processes:
com.shield.cheatdescription ioc Process Framework service call android.content.pm.IPackageManager.canRequestPackageInstalls com.shield.cheat -
Requests allowing to install additional applications from unknown sources. 1 TTPs 1 IoCs
Processes:
com.shield.cheatdescription ioc Process Intent action android.settings.MANAGE_UNKNOWN_APP_SOURCES com.shield.cheat -
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
Processes:
com.shield.cheatdescription ioc Process Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS com.shield.cheat -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
Processes:
com.shield.cheatcom.shield.cheat:stub1description ioc Process Framework API call javax.crypto.Cipher.doFinal com.shield.cheat Framework API call javax.crypto.Cipher.doFinal com.shield.cheat:stub1
Processes
-
com.shield.cheat1⤵
- Checks if the Android device is rooted.
- Checks the application is allowed to request package installs through the package installer
- Requests allowing to install additional applications from unknown sources.
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Uses Crypto APIs (Might try to encrypt user data)
PID:4452
-
com.shield.cheat:stub11⤵
- Checks if the Android device is rooted.
- Uses Crypto APIs (Might try to encrypt user data)
PID:4502
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
8.1MB
MD55b7d31fb9202d6b559263fac309eb477
SHA1587856a9368146e701ad654087329d4636cd62d1
SHA256add00a4daf4de36f154c7313a13c155fd5a922119cb087d6cd93ed4b2fe372bc
SHA51242dd54f71a23bc47ea92613b7a8b8b74f01cc8ec8b9e65afbb7c4bdbbb3d51ac510cba8ea68341f603ac177475a034d80f9849467fb6ead64f1db1b9de45366b
-
Filesize
16KB
MD5c8df6aad99badcfed847a4ad3cbe0abe
SHA11f5e2eb40eceed8280a933d367988291dabd6c46
SHA25682d5c85d39793d6929ed10c64c8ad42bf6e446e7915e86ba9fb078d1fb83fcdd
SHA5127b08c2fd9fba029475e1989c7021b47ae53ed85c7d420c0e26ea7d46f9e9d66d4a009dcb074da81e463450753c91e99baeee6fc471e55ebd9659d469bd1184c3
-
Filesize
16KB
MD5c6e0d35b833e000dd85236aab7a53678
SHA1681d963c6d9b9f05cea6b0c482f04889f29e1e5f
SHA2565998520560e75db80df17edc2e2cf59585a50b9b65f09757b6354b570dd97a2d
SHA512748f86ae3465ebb42e12f505670b3457d16dcf5e0abcb80098cf93153175e4236842dd67686285a861ea1a5cc3fdaa97ac01fdbec64f32e477633e8472f4c22e
-
Filesize
16KB
MD55a8f14501be53a99fa184a2ac64f9222
SHA15e1543786da2d9d84759100045b8d618e77856ca
SHA256ac3ac23758bb1f8e1c94b759196a9da7cce247e91cd6a0d4e55dbd1ef1bcb8aa
SHA512532c927ddc6cedbc4a28209dab0476c1f44351be40bb86b73ad73503d9202b27b77ad55d7fc9dce2f599f4781f32641f7f3462dd066a5e44f2da5d2a081b1f26
-
Filesize
16KB
MD5d9cf75fdd1c2292d986f6c3d5d60f2c8
SHA107ecb1d3a26d952ae5fecf54f36699ab498510b1
SHA2562d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a
SHA512442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb
-
Filesize
8KB
MD5bc3e813cf1dcbe3f0cea47000585e4a7
SHA17141399875137c2789f34ffecf7a2ad0df0f316e
SHA25645e88ec130d0834bd5102c68ce263eefd19b900669d20017280d281070cdb8fd
SHA512d28fa564559e455b24db95d42dd46d61f8a78da784d945d886cb47738406293159f2b4f2f69c4612e12e45df8ccaa1f406e6b4230a68dd1ebf2a474241e6bbd1
-
Filesize
8KB
MD5aded6fe7abd0a4f73d94ff9cdba6577d
SHA104aa6e8b8e416398235842277199b7a4a5f49eb7
SHA256183bce0852e37bc5248ebfa835b5a33f4094fe0962fed2c642213e092bf9774d
SHA512bfa4527f8dd620af0541674291d6a36d8c36b645f84e6540cd9fc1e4b8f9e375d3db239bf0b2ba30e1b1b0d97aac72d134bc22f94b5b76ed4f57dc4525fb66de
-
Filesize
512B
MD5d64fef80b74abe5a7176392fdafc659d
SHA1f8b98a74caec1eaacc9e79ca9aff521ec6ddd092
SHA2563668ba854f0f9f6cce1d9d78a0c274b0793dafb39cd378b0418e46488270da08
SHA512e5ec0eaf831b25fdad8c8d93d8770d94429c8189a628379daf13d2ac1d3fe78ededa814153c79a54833338930767d9cc3131c6a1d4fb7b4a05b791f1ebfcbef0
-
Filesize
8KB
MD55abcc9d74204401cd54f3c3306a726b4
SHA1a7a379d435c290788692b7a30d228c1dbc97f69f
SHA25682655a02a01ee58cc6f46ae84beeeb9b28404297a3a94f02fb5ab84b4e06f7b2
SHA5121ad3a79754e797203173d63605543a913ae476e8d10df60a690b1b211aeffed7c49c3faa0c34d9600013929fef2a644baf810884f1610f9c3634f2a4e18e8bec
-
Filesize
4KB
MD5445bb64e9d70789102272532c3af57cb
SHA1b428c4bcb7e2229cb9b2e84dd35be3280d7a9338
SHA2565456c3807bf9dee7141a214d58333b10e6944ebbb4030640f36990ff64a861d1
SHA5129fde691e1e074837eeafa0212ed3ef8d4f3dc1b166974ace233d06ac6448d51d568924edb90cf0bae34a681d867a7c779d6fd9ac7ea4af43ea4009eba3994251
-
Filesize
8KB
MD587af8a86df2af58aa93abb1b9cd00a7f
SHA120d58573f2a8526175d97d89a4c136c59a774b9f
SHA256a2a2d9571fbb52dc5350f3f84edc4e89418ea7ddff790edb0b788704c24ec065
SHA5120a9a63dc2dd05ce67d2567f2599105a73f9eb0a5877323dc474953de5e059e2d12a78588dde998cbb5ab0fc8b546a49f56767395d1500d383a83f971a1f93211
-
Filesize
569B
MD513ec29a3a44298181070ee9919063dc6
SHA13d8b6cb8f4ed705f6f84291b4090478fb51c5051
SHA256b1eb6844b6f483a807264581c8372805b7f45945fb37d2de8301babf54b03aa1
SHA512bfc1e72fb93c66955e404d3df7548c97eadc7bea0fefae3314884cfd448956ae28dc83a203be588b0695fc5a29b133ec4370a091a9b7b165d341d3acbb951c65
-
Filesize
90B
MD5c5a03a500d30c3bc4b505d11ee5b5154
SHA15e710e1b1267cc20d4203d516bb4cfda71b7d948
SHA256df644d22b598d9af1d1b1aa95c6a6978c6528f5d54e9b98e26f06a173b62fe64
SHA51288dfe608847588087f0e2a66864284202a2492fc2ac5d924466d8d56a7262e5eb071265cce9cc22a79a6d8c82fb30c2a504f0144a271c3252adb849a65348fa3