Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    151s
  • max time network
    164s
  • platform
    android_x64
  • resource
    android-x64-20240506-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240506-enlocale:en-usos:android-10-x64system
  • submitted
    10/05/2024, 23:11

General

  • Target

    3183f8b3abe10b5f80e9eb28a33ab98c_JaffaCakes118.apk

  • Size

    26.6MB

  • MD5

    3183f8b3abe10b5f80e9eb28a33ab98c

  • SHA1

    589bdab609af931468208098487fc3c0477926b4

  • SHA256

    0d2f1e1ae68cdf66c75d159a5a7d119d351a962a423aa16760412c0c89fd39ed

  • SHA512

    c7443824818c0dc7a329a8d6068f9151d1f8ec42749d8c05ab210a053435dfebb079caeb2101c70cf21393a9f38b1530b83f76e389b795436db928e709206e8a

  • SSDEEP

    786432:Pfvf1cOap5IDbo69IZzz8mEDHuP4b02yLcYHD6hYbh5:3vSOap5KbxI9MqP4AMO6hYd5

Malware Config

Signatures

  • Checks memory information 2 TTPs 3 IoCs

    Checks memory information which indicate if the system is an emulator.

  • Queries information about running processes on the device 1 TTPs 3 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 3 IoCs
  • Checks if the internet connection is available 1 TTPs 3 IoCs
  • Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
  • Reads information about phone network operator. 1 TTPs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

Processes

  • com.glimmer.connections
    1⤵
    • Checks memory information
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:5107
  • com.glimmer.connections:multiprocess
    1⤵
    • Checks memory information
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:5167
  • com.glimmer.connections:core
    1⤵
    • Checks memory information
    • Queries information about running processes on the device
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    PID:5210

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.glimmer.connections/app_crashrecord/1004

    Filesize

    58B

    MD5

    0d210bfb2a0e1f1b4c082a6a0f79de07

    SHA1

    bb8ed9e364db79d1d9f2fcde3f15091893222faa

    SHA256

    988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

    SHA512

    536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

  • /data/data/com.glimmer.connections/app_crashrecord/1004

    Filesize

    92KB

    MD5

    79ce1af7e4abc5b0e7d1c042209d55b2

    SHA1

    0df8abcdb79c7fb827d562525727695b11cfac28

    SHA256

    2b118595283c07607fd6c33d8ea30b94d3a7e2f23f4457e2b0f20da120f017ba

    SHA512

    87882a01bd860e2420b4bed07c57f46ba8f76f797d76cf00023fafb9200e715de590e5832d67d49c08b5dd7f86a5d3327b6a188bccfbecdcbfb6ac4329965bac

  • /data/data/com.glimmer.connections/app_crashrecord/1004

    Filesize

    16KB

    MD5

    ff270ee47df0d06ed9f1a3698f578c18

    SHA1

    05d078ddfa752c7ae67ec516c46c0208293ace59

    SHA256

    4efa2c9ef3adc6fc43bdb4dd59395cf2ab91744e16f4bdced11840eadea63b2e

    SHA512

    9c848912e70a3ac804d4f7a9d8f97457731e3819fda45d09fd536610e85833004f0702e7b0ea018227f0860dee5e38d9af28be1c162854a926b96d036092cde2

  • /data/data/com.glimmer.connections/databases/bugly_db_

    Filesize

    52KB

    MD5

    5c9683937c75117e62b47361dc254075

    SHA1

    34395d1cccb9a8560c7689b90ac015284c44235c

    SHA256

    40e33a8f75abb543ac57a13ef7341fe076cf8a5e708493f4c60a876d70e078a3

    SHA512

    53a218a9b96e516caa00aa5ae09da42504372c8eff2e62420ba6b65b710e0cea277afbb699efb5a2824b952a672630a35ae9a3f2aa53c1eaf578c0be6b7f6d63

  • /data/data/com.glimmer.connections/databases/bugly_db_-journal

    Filesize

    8KB

    MD5

    f2cb2b2c362873ba542d31bc2dea3197

    SHA1

    26857b3b35291a9071cf756b73ad5754ffed3188

    SHA256

    de29ded8b575e1726c491d69fe6871da7cd0cefb8a6338e6848f85b9146d0369

    SHA512

    f384ceff1754fc9082e2b5b9b18e84ef68885e6c4cfb4ea2d33a01a450beddf5acfc871d7ad6aca905c7b1b36085723d03bf2746fd1c0c432cccef28b6ad1ed7

  • /data/data/com.glimmer.connections/databases/bugly_db_-journal

    Filesize

    8KB

    MD5

    5e8642a065ce2b2a09b7df5420484253

    SHA1

    b5ebeaa5e0f25e5d838b6a54a92a8682e95b0406

    SHA256

    5250b0d713c2cbe94a0bded23a4e2e5cfc38cc5f85a72837f7cd5ef871a5eacd

    SHA512

    d4d727cd21b459968a2a4b33aca0a885e80cce58ae179be245c41555f3eac8170e47fbfe8e13430b884a925fbd37603eb86ef102340c0f26b4330943fb29f366

  • /data/data/com.glimmer.connections/databases/bugly_db_-journal

    Filesize

    8KB

    MD5

    a9b6841562db203008b68201cb72edc0

    SHA1

    421f0c6e32b852c5fe8f383b52828f7f385f85d8

    SHA256

    cc38b353f633ef812362fa3564d7d54e40641ece33c241b8f9b9d937db4687ab

    SHA512

    f1ddb5589a5431e5d3ebf44089dd9892c9d9b6d8389d14ecf38b73e2b48bde3493abc3da900cb50f16776113bce361e1e3335c48aa8f5e239bdc3b83ad8a9e3b

  • /data/data/com.glimmer.connections/databases/bugly_db_-journal

    Filesize

    512B

    MD5

    4ff9feea07afa1dc503b081c2412bc67

    SHA1

    545d7b874500416cc7e7e705bbdb0881efc4780d

    SHA256

    62dff12a5d06ae611e66a6c54c046f754916d49a5fbcf8245592486e420a895c

    SHA512

    ac38fb0fef05f687c0d060de718034c9566cba35b130d62fa910d518f9eff9fc4060b10a93e0719b6ad2e2f0c9c58a5a5a2f4460b4c6db8f5c1e50861fcb32ce

  • /data/data/com.glimmer.connections/databases/bugly_db_-journal

    Filesize

    8KB

    MD5

    cb9cb0f50a5902a7b34383fd60bf17b1

    SHA1

    0e5c04daca1a1e6fa895c97ff693080020065078

    SHA256

    7d2c63df47bee17f376575d32f89b68f5c6e70ff92812b14671029d1a4941674

    SHA512

    9fb47ad13d863d60a02f66bb3536a516439b036e9b2b76c088c045c96120f1018584bad2b80159b157a3be26efddb59f45b447ecca7d46a79539b6df2a8a4add

  • /data/data/com.glimmer.connections/databases/bugly_db_-journal

    Filesize

    8KB

    MD5

    c870b2333135dfc929c164667d024c08

    SHA1

    ac51d10b33d8c06228cdbbd1c0b7a0cecc92315c

    SHA256

    d3745eba9a8ed25d4305086cbbe6da4561353fe741d28d54b6179af9a1fdf835

    SHA512

    96c1991df839d82a769a44a8bcd69827be4c197ca5185924f1b5eb87c8f222b7249cd03518c39423f5f8704cd6d9b341afac2259468f18195db36229142b0bb5

  • /data/data/com.glimmer.connections/databases/bugly_db_-journal

    Filesize

    8KB

    MD5

    4a5436709db9adcb7245be604b9e1c7c

    SHA1

    a7cb3dcb5e012347106a3268b2cb0db90d403165

    SHA256

    8cb1e14f0fd68af81b37aae21b14183eade163ff4f5d097692621198629efbd7

    SHA512

    0960c43394b8a2e3fdd1b61320ad29d05c41084b69fd763d339ffed1be8182c38eaf3872094f4d763667ad441e036a04d522141dcaf8c311ea61024428c29cb6

  • /data/data/com.glimmer.connections/files/jpush_stat_cache.json

    Filesize

    119B

    MD5

    10d2b8f338657e4c072c0d494637f1db

    SHA1

    ce2a5505cbc39f4d68a34a312654bda666e2c99a

    SHA256

    2d07865ccfb25ef49575fca43fc4eaf5eba529d199d30ffb4d01c0668c54653e

    SHA512

    df0d2f794da16709e2aceb7c867306b4110771d67a11ba9114edd3e039feae00b2c15f8eaf3c2ea53307043edd60e9ca846126f9579dd3e4c90c9f9f3632590c

  • /data/data/com.glimmer.connections/files/jpush_stat_history/active_user/nowrap/5e8b3384-fe7a-4f07-b7c5-aeeb000313ef

    Filesize

    159B

    MD5

    d7d62493081131ed707543c6da2ed6ae

    SHA1

    ebda991ee784ece2e562808e419d9e3f118cd93e

    SHA256

    1d4bf5c9f7c308730e1706259c568cf944cf079e03c3d5b0a693f179db61282c

    SHA512

    5489b16c46600d9dff6f007b3f77a1e943d2b6f732937ed8f66dc77487b46a6c658172c65ba3c381ec1b121d36856c32754f63b6b037e67cdc2f2b6cc615a2f2

  • /storage/emulated/0/Android/data/com.glimmer.connections/files/nrtc_config/official_config

    Filesize

    1KB

    MD5

    3fc0502c98f19caf765316816028894c

    SHA1

    ef0dc30e3391b0a1836bd6edbdf8a5f5e33c160b

    SHA256

    67925a7d66bab20e3fde580664e738974518917c672a998681e8e6bfd1435ba7

    SHA512

    2f5481b5ed20ea31e60bdcbca50c5c6316de935b823b031de05a9f6869725dabf2efe78d6d46193a1ff6798b9a2d1e3c078d640577ccea4ed0b7f15c4edba746

  • /storage/emulated/0/com.glimmer.connections/log/demo_20240510.log

    Filesize

    112B

    MD5

    68f5620effb1942ad235eec81e6a4ea8

    SHA1

    63e88008e7b73fc1ecad690b70850adb17142a3a

    SHA256

    b4a9c34b37f73aa1ec02e145871d9e605c33b9412f1e2c3f89df01e0e0a76961

    SHA512

    042b5e62db0c87b77145a007157032b9eb68da969c32983be0d183b1e1459efe9446472cdeb8aea3c684194e098e3a084a4aa416a526fbe528169171328c8969

  • /storage/emulated/0/com.glimmer.connections/log/demo_20240510.log

    Filesize

    45B

    MD5

    c1ca1164cb4e4e2d1009d6f675d973ac

    SHA1

    9f309a6dad39730ffeac7b19bbb140fa50c346b4

    SHA256

    0aa499ceeda8023f3649019b9f43436e858bdeda964788049df9f35aa31a329a

    SHA512

    b644c485d402d7a6b470aec2d8d50c48f164e0af31e148136769bf74c534f29a8826aa2d729b4ef1bb1b0387c62ac25ad3edc41fe1721e60386f0b99b80061fd

  • /storage/emulated/0/com.glimmer.connections/nim/log/nim_sdk.log

    Filesize

    95B

    MD5

    4e89441c79ea2ba938d76e354958a8b8

    SHA1

    28b7f70dc67e0e14ad94995515205106bf04c69b

    SHA256

    5f438d579929b7155855c18300d59a78a1d015ba2b2ad35b75ea41bd7a67b06b

    SHA512

    688e9123871a8386552d53118867fcd676411f5838be71356244a73eac3f94a829a27288699b02b8930620ecb7246c0eb8107bc5cd48567046e110558989b486

  • /storage/emulated/0/com.glimmer.connections/nim/log/nim_sdk.log

    Filesize

    8KB

    MD5

    d00237ff859e13406a9421509b685036

    SHA1

    4314c57a427e5913e9a24edee8c089c62eb524fd

    SHA256

    9466eea25c495f2806f0d1a588321d62e7f47b28ea05d70de8658306406f7185

    SHA512

    458173703e4077df626b5657637cab42c480144b54cdecb28bcdddbbae9fd7ec9ca69f5574197ca3284d93a48bb48b043d3299f9f940dd72d08f89b8235c9ab1

  • /storage/emulated/0/com.glimmer.connections/nim/log/nim_sdk.log

    Filesize

    8KB

    MD5

    d0779772f40e89d908c3946be56249d4

    SHA1

    117524de00561a4d8321cb0a0877c09432f579f3

    SHA256

    6c5eb8cd092b3e596afe3fc6f62095b6002e857635e1b3267ef7af3e750cb8a9

    SHA512

    d06d0f2a6236cf96e250b95d163b5a6b557b239b1511dccdfbb049824b64cde2504cdfd30237e0fbe0953b7661064edf2056a14debadcd955bbe8ec8ead01912

  • /storage/emulated/0/com.glimmer.connections/nim/log/nim_sdk.log

    Filesize

    12KB

    MD5

    28ece9108d0da3e013ace8a2f1be1ff1

    SHA1

    76ddaac8312daa296803acc6379d230db030414f

    SHA256

    88bbe00faa27e934e9ce12d1bab4c7d11ac34f432a83dae15b8b455d3d537434

    SHA512

    aee7fc3be1e3418ed0bd76b24138b20cfa6d7fb2fdeb605c125830292142010e19c1e78036bef534f7fcd7068a345068f46200d3ee013e126602e4a218ad2b21

  • /storage/emulated/0/com.glimmer.connections/nim/log/nim_sdk.log

    Filesize

    96B

    MD5

    c08ef63434286b49fe267f51b2463923

    SHA1

    93000f7df059c43d4c5e8e3759af2f62ea525fbc

    SHA256

    f785996612e0cf9dcfb935202780f60551a2103e323ded218c6bb01bc78b46c6

    SHA512

    1ef8abf28721bad785dafe7c22ce011ef3edbfe490ff1e17fc5a7a26ce49a1098d2c42e5348fa06715805c5f785e4795ba35186113270b796eaebf62aa528452

  • /storage/emulated/0/com.glimmer.connections/nim/log/nim_sdk.log

    Filesize

    9KB

    MD5

    2b19f92f432d30b1252904a2c2f05f99

    SHA1

    5fb8ae6c1f861143a4eaeff917d9eb8b138287fa

    SHA256

    c577857e2a1421d89c3eaa4d04994365d9a055a2d7b490baa02d5c312d64262f

    SHA512

    47a384d7f32144fa90d207f00453648b2e1f6988c1206526bb70a5c5ae3c7c3ddda885d0105d67e4db79cb72eeb88c1a0221c52566f4c00562bb7b31f0cf485b

  • /storage/emulated/0/com.glimmer.connections/nim/log/nim_sdk.log

    Filesize

    94B

    MD5

    6c2cd28654381edac655a2d17618cbac

    SHA1

    d790a128d47ecee90c433dd1fe2a2baa8e4fda1e

    SHA256

    fe0f98cb7baebca5653b359f7c5eb30994dd0445e7e29a1e15f053f778a18f61

    SHA512

    0db27eeb3c02210fee9419778dce1d846a04950c1cb13ef3be8f5dfa79ee64a6614035750e3c7ed3c699e461cee8cbee72c15107094bba0879e7c6f5874ed588

  • /storage/emulated/0/com.glimmer.connections/nim/log/nim_sdk.log

    Filesize

    652B

    MD5

    bd2d925654568e6aebecf80a71adef77

    SHA1

    6244d4bdc158c7227869791a3d7c56177e4e4e0c

    SHA256

    fbb0ace4cff61f900b2c88c5fd1fa004d3ddc23b5dfe50f849645ecaabaa56dd

    SHA512

    fa2820580b12c1bf236cc54276643d48e3793116e485e9c6eb222edbe095bd6154f3199c593234ad2ff099af4b9d9b9fd66776812aab873747e43a7b34fd015a

  • /storage/emulated/0/com.glimmer.connections/nim/log/nim_sdk.log

    Filesize

    161B

    MD5

    d8f190f0c6b3440de2c7fb6cb47ff034

    SHA1

    85b9eba48ecee5a59eca4ad4cfde774bbc92725b

    SHA256

    fd39d450cf6c44f8b73ae62767801d239bb45a7ac3519b2c0be362882ae5d202

    SHA512

    e522eadc2d6b65d28fbe8448ed7aa5ee13e2d1b83a8da553a1955d4b05ddbfe06345dc086516624ec82a03a5dde58143844a5094f592f28dd199a5a3a50785f0

  • /storage/emulated/0/data/.push_deviceid

    Filesize

    32B

    MD5

    41a8fdbb701e75d22c9cdbf194d0da59

    SHA1

    7f9b6096b2772c2abc5cc73976d86e2f24eaee19

    SHA256

    d4bc4cad5ffa66b361fdf49bd48ff70b0f39f0b9bd1011254b9f1b445663e386

    SHA512

    092135f0a8f13b0fd0b315b053fd7216761d55a9bbe4e89cf55afcf49933ed22046f26f793dfd1808b0c798204840c1bc57d70f1863097eff1145791d8ca797d