0d2f1e1ae68cdf66c75d159a5a7d119d351a962a423aa16760412c0c89fd39ed

Analysis

max time kernel
150s
max time network
160s
platform
android_x86
resource
android-x86-arm-20240506-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240506-enlocale:en-usos:android-9-x86system
submitted
10-05-2024 23:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3183f8b3abe10b5f80e9eb28a33ab98c_JaffaCakes118.apk
Size

26.6MB
MD5

3183f8b3abe10b5f80e9eb28a33ab98c
SHA1

589bdab609af931468208098487fc3c0477926b4
SHA256

0d2f1e1ae68cdf66c75d159a5a7d119d351a962a423aa16760412c0c89fd39ed
SHA512

c7443824818c0dc7a329a8d6068f9151d1f8ec42749d8c05ab210a053435dfebb079caeb2101c70cf21393a9f38b1530b83f76e389b795436db928e709206e8a
SSDEEP

786432:Pfvf1cOap5IDbo69IZzz8mEDHuP4b02yLcYHD6hYbh5:3vSOap5KbxI9MqP4AMO6hYd5

Score

7^/10

discovery evasion impact persistence

Malware Config

Signatures

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.glimmer.connections:multiprocess

Queries information about running processes on the device 1 TTPs 3 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.glimmer.connections:multiprocess
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.glimmer.connections:core
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.glimmer.connections

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.glimmer.connections:multiprocess

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 3 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.glimmer.connections
Framework service call	android.app.IActivityManager.registerReceiver	com.glimmer.connections:multiprocess
Framework service call	android.app.IActivityManager.registerReceiver	com.glimmer.connections:core

Checks if the internet connection is available 1 TTPs 3 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.glimmer.connections
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.glimmer.connections:multiprocess
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.glimmer.connections:core

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.glimmer.connections:multiprocess

com.glimmer.connections
1⤵
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:4502

com.glimmer.connections:multiprocess
1⤵
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4549
- /system/bin/sh -c type su
  2⤵
  PID:4648

com.glimmer.connections:core
1⤵
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:4579

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.glimmer.connections/app_crashrecord/1004

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/data/data/com.glimmer.connections/app_crashrecord/1004

Filesize
232B

MD5
70f509ed5663de7f32c8ca9589436901

SHA1
dd6ff29d2cc41f54720a6b1adf2016141e2bdb0d

SHA256
c9329a5f726f346755518d71e58e77c5bc05fcdd9f7e5f101716098c0828a9eb

SHA512
a7f278e172739c41d87e8b7015a06de97bc9eb9fec131d7b7d178113954dda3e30bcfd18a20846d73234a605b570ca1ff32e8db5799f7d8a7d800f5d7922c6a4

Download Submit
/data/data/com.glimmer.connections/app_crashrecord/1004

Filesize
80KB

MD5
02b96326f1179e077bcfa4a0da57f72b

SHA1
feb5da83e1a60856f60e3337866b82f5f75def79

SHA256
e60d8706d29af8aa38c890a27f97c1284589dbe5a4fedcd40c988bd1a198de07

SHA512
5e40dbb61e331d3fcc40abd6ef9980f901a77b22f427f72464d9f6e7b5677e069d7d63848a8882673ec336a4a07352b2bdf7f5831beea362c9a0471371e4cdf3

Download Submit
/data/data/com.glimmer.connections/app_crashrecord/1004

Filesize
237B

MD5
bb753893ce959354fa790440501b5ab7

SHA1
f377f0499cd8d445d2272b1e62b5b96c2ee7f266

SHA256
5a6a21b116a7abb6ca13aed4f00f6b303708eaabdf8fe17492802ae4ace102e5

SHA512
14e437c02b4de2aee36b158a02438926a15f9b3042ddd3dc5bcfc46b3f5e599e74cd4c830eba1b6d90c834d3af4731ecdec2edf561ed489c1624afaffb4378c8

Download Submit
/data/data/com.glimmer.connections/databases/bugly_db_

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.glimmer.connections/databases/bugly_db_-journal

Filesize
84KB

MD5
2c90803c30d392019a78d4b11aa59651

SHA1
f8e3f26a12d70ccd5cb0024f142f1c57ab1cab82

SHA256
702b0a4f0b3e59eb10993485041c49ca4a23d6abd58602bc8277cecd4cf490ff

SHA512
11c60135ed0ddf0d4db7a45eb9a6143600a6fae8d5f917560b1559dc47b347dc228e241689fdaf15c84f9f2fe1353423c84d03c9b8b0e89fb6a940fef0e019ef

Download Submit
/data/data/com.glimmer.connections/databases/bugly_db_-shm

Filesize
32KB

MD5
9e6b66b4e963afdf5237c0c6aa0c10bc

SHA1
339335d408155bc3f410bb08f0425f4fbe64cc6b

SHA256
3c5c1e96ebbc5eecdf27cfcaafeb176ee7788185a732bdc60c877b31279f96e1

SHA512
cd007ceb02a4eac4a91a8f0328bce4d92507ca918f23af7fd401bb27c5c06c500a7128f724183bf0f60e0409f753be8591c76b7de46f9f292232116f62b3e359

Download Submit
/data/data/com.glimmer.connections/databases/bugly_db_-wal

Filesize
72KB

MD5
9a10ed66dec0d5a058a48d5954943cd5

SHA1
2e9a333dacf9a349c54a7184b7e071a1465edca3

SHA256
120680cea222c72fb027644cc751c49556bc84a993dc2d784d001df169fd5f1c

SHA512
ae89af5b3098fd832177b751c0607e2c8f6159834a69aef14f6f81d3c62ea6b21ac612b360028efe363a56034aaa2767272f6505f8bedce9d944e887cdf85de1

Download Submit
/data/data/com.glimmer.connections/files/jpush_stat_cache.json

Filesize
119B

MD5
9dbcbc45e5139ed5405f49ea64c32b42

SHA1
bfc4b4d27551250ec00c65614aa015c78401643f

SHA256
d070cd72de975987d8cb7b951c7ba123b8e36432275490be6092a1f1a69171a4

SHA512
bde05c1bace7b36e23461cc5e98d6402fc905459506549b8f4f76b8dc9ac7df61d9313fc9f27600d39f4d9119644afdc1b7657c99cafeb4932f9c1803fa3958b

Download Submit
/data/data/com.glimmer.connections/files/jpush_stat_history/active_user/nowrap/7c9ef76d-01ad-4617-9b2d-5b83e7adea87

Filesize
159B

MD5
88eb1773d0984f63431849059411d870

SHA1
920797b767e6332b76ca9b9cfb150b4f003cfcf2

SHA256
34a7fd02423435e0849b9e68dbb5ee5ac97c93554857430eeaf7ed7f6c034cbd

SHA512
d6b7bad3b0dcac2dba0c682903e13e1e32b4901fe4a7741b90f81f792ce5502dfbe9f75070c837db07060b0f7b21f85f395c57c884bb7a5dcc3cb1769ea1d197

Download Submit
/storage/emulated/0/Android/data/com.glimmer.connections/files/nrtc_config/official_config

Filesize
1KB

MD5
3fc0502c98f19caf765316816028894c

SHA1
ef0dc30e3391b0a1836bd6edbdf8a5f5e33c160b

SHA256
67925a7d66bab20e3fde580664e738974518917c672a998681e8e6bfd1435ba7

SHA512
2f5481b5ed20ea31e60bdcbca50c5c6316de935b823b031de05a9f6869725dabf2efe78d6d46193a1ff6798b9a2d1e3c078d640577ccea4ed0b7f15c4edba746

Download Submit
/storage/emulated/0/com.glimmer.connections/log/demo_20240510.log

Filesize
112B

MD5
97352ecb193ec141a4be3dfd587163b8

SHA1
fc951568c982ef774f7a51d0d5f37a035a9e740a

SHA256
268b8e0288400fabea0deb6bc6b8c2fc013389fc3068a973cd8dd86a38b7581c

SHA512
2940569b86f60d3ecc71108b68d3f05be137d020d81eda916cb722dad16a492414df8ddf156e2edd22f2d725ad2d36c6db367764c6f6130932ecb88e3a0505bd

Download Submit
/storage/emulated/0/com.glimmer.connections/log/demo_20240510.log

Filesize
45B

MD5
3a419199123ce7450f67bee9a1f253f3

SHA1
6d2eb37c1bd31eb92c941b2b90c2e9024e4c22a5

SHA256
64fbba9a80e479d1767eb40265d4126800f9aa5221a1d57283c4ecb02666e536

SHA512
ecc79d1f12d39a27ba564e4b23fb3b112a547df12a1ea125acf168301c44c0210de90e16f31cf83a541144647c8f10bdf62fa5eb5d9e0496c1ffd1cbcbc5b087

Download Submit
/storage/emulated/0/com.glimmer.connections/nim/log/nim_sdk.log

Filesize
58B

MD5
7b4aa4eac618dfc62927cd27fe5c46cc

SHA1
7444f76b550f2731aa3b3ac9a2d339e494a4f76c

SHA256
7d5a40b1843687587acfcca9873d26879c164f7d1d9ea6f4b7d4bd8eff23de53

SHA512
478f02e5248eb88f8fc901470be10b2aa3210d4ed47f160a1b0edc1be3e3afaa0964aff40200259f8909ba774ea5cba8bc8d584b1edc878fabb8a696e53f6ab6

Download Submit
/storage/emulated/0/com.glimmer.connections/nim/log/nim_sdk.log

Filesize
202B

MD5
8b2e96384e61e27b1c4def457e027a10

SHA1
76455bb7747c480b779f573a54bfa80d7548c15b

SHA256
390395d873e583421282f825c1793dce0bdbab7cf2ffb33ed5679e28a3eb0860

SHA512
4c39eaabc2d56027ce6075de0077d18cc4806820ac54b91a3b2690e68de92579de734d64d44546a8e9a60e4480f4c619dfcae5bca4d5b340320df96e27c9b71b

Download Submit
/storage/emulated/0/com.glimmer.connections/nim/log/nim_sdk.log

Filesize
218B

MD5
ecd43850bf35d29bf4bb2a579b59cbec

SHA1
b20d570c548d20f0018e12a019f414132d322cff

SHA256
e7428abb6256b4dc2877a123d1c1c907fb03eef16571c12cc77084f56af4832a

SHA512
62afe5300a295db4a9945f87f06926444fb713c1e9198188de32a7a2eb70312825a536b790f2bbdad80fa388e6268629f8c5e2428940786ff3e8b8d88eb9acd6

Download Submit
/storage/emulated/0/com.glimmer.connections/nim/log/nim_sdk.log

Filesize
112B

MD5
eac784b04c98fe80e844d5ce705531e2

SHA1
0219cf218f4b093ae10d7d22dc58e2591cca03a1

SHA256
56d7bfad57c7e0d3902639af7880e33ba5d8c00e5544c1c0551001406c681933

SHA512
d0128f72e4903773c3571b8b47b3d05a61400a2c8437aeebcf1f6a63c3385994d58f75c5d8b2c6bb3d2c19e799a303de76608c6bb023fbfd4eb63fbf383d1363

Download Submit
/storage/emulated/0/com.glimmer.connections/nim/log/nim_sdk.log

Filesize
94B

MD5
e5f51c473302f0828498bbc9e8d7bf24

SHA1
a8b6ab6659c4cc497bcf50999814656899feef86

SHA256
5097a759f54170af8ba952dc7144acda3a9b33e5894cf5e66b72770c918028e2

SHA512
748de7768d78d63465081ba839dbaf6fb187fac16dac36dbf9b13fac0ca7859fd9ed53001e62068bc2b33362eff4a3ede29c49659f23f7cc936e0c8ce6ff4754

Download Submit
/storage/emulated/0/com.glimmer.connections/nim/log/nim_sdk.log

Filesize
94B

MD5
5264d1a5f0822643feda0b6c44c523cc

SHA1
19d417d016ef1d8ac66c03e40dfb032857e939b9

SHA256
51aa23f264e3be5a713e4773da2d2fc3127a568cdee8d921105545b486e47e5d

SHA512
05135948207b9bc81b80e336228ffe2eceff799d2853c8cd66b12c6cb4e58295da97d91016872d11077c60c5e4b721e51e7b915f5040faa73952d9b17033c66f

Download Submit
/storage/emulated/0/com.glimmer.connections/nim/log/nim_sdk.log

Filesize
79B

MD5
8ed628d5fdc398a3c0b1734f00806508

SHA1
36d079631b7afe2e0eda52296aa782b2e536e1f3

SHA256
63de678d6d60a57b7f9ace5c8cf00f59b40c61e0e81f0a16fa5e788b857c3ecc

SHA512
7f74179e06dad52d0c8bf111e6884fc80f6a7b2dd2e1fd250ec2d9e04e623d64f744be5a74f0c1ee5e1a290496373a3bca5fbd90fa53e049088904547972ed4a

Download Submit
/storage/emulated/0/com.glimmer.connections/nim/log/nim_sdk.log

Filesize
161B

MD5
6f498ed1b5b034b3705928c0b32516fb

SHA1
a362ee4c79e516a9af6644621ac50e7cfaadb1d6

SHA256
de9de527b68ca1d234b325b35a765cd53205d220232bf18a4412d67cec6b428a

SHA512
6924fe92a8982b6b237447406dcc7ca458158f20b556d5755b06d85addf30f0727a3660e9f283e859b097b47977d99f271e17c270bd923ee947ae7fc68ac77c5

Download Submit
/storage/emulated/0/com.glimmer.connections/nim/log/nim_sdk.log

Filesize
175B

MD5
68b8f3e20c138b62933aa74fcc53bf4f

SHA1
8f422943ed86bfce1bf1716c5349c4222856ce33

SHA256
5894b6ffcf73c98259eafe7f3ec6ad10e7c88fb4628e359654c0f69bc02c0b44

SHA512
d5f03db3dd75e4c8cf5a20e8d994ccc097356f0f5f449596470b65d9482ab30a0b58116df09edd422711ef448d60d6cccdd480952076be007bd1e361046e9213

Download Submit
/storage/emulated/0/data/.push_deviceid

Filesize
32B

MD5
2d69811f573172ebb072cf295ec6ae75

SHA1
99773f6aed0489060019f54da979c72a79b8e11c

SHA256
7cbbf312ffeca96c4cd189040434b32265d459a81acaae8e606181e887c4f5bd

SHA512
f797619a41b0c03faecafda8a9cf13d0a09f06807377260abecd0f186bc55c70b471c47ec9abe5d2b94a54de4b7d5bd3de690e12da114f8e6ce694fd0a188944

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads