0d2f1e1ae68cdf66c75d159a5a7d119d351a962a423aa16760412c0c89fd39ed

Analysis

max time kernel
151s
max time network
164s
platform
android_x64
resource
android-x64-20240506-en
resource tags

androidarch:x64arch:x86image:android-x64-20240506-enlocale:en-usos:android-10-x64system
submitted
10/05/2024, 23:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3183f8b3abe10b5f80e9eb28a33ab98c_JaffaCakes118.apk
Size

26.6MB
MD5

3183f8b3abe10b5f80e9eb28a33ab98c
SHA1

589bdab609af931468208098487fc3c0477926b4
SHA256

0d2f1e1ae68cdf66c75d159a5a7d119d351a962a423aa16760412c0c89fd39ed
SHA512

c7443824818c0dc7a329a8d6068f9151d1f8ec42749d8c05ab210a053435dfebb079caeb2101c70cf21393a9f38b1530b83f76e389b795436db928e709206e8a
SSDEEP

786432:Pfvf1cOap5IDbo69IZzz8mEDHuP4b02yLcYHD6hYbh5:3vSOap5KbxI9MqP4AMO6hYd5

Score

7^/10

discovery evasion impact persistence

Malware Config

Signatures

Checks memory information 2 TTPs 3 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.glimmer.connections:multiprocess
File opened for read	/proc/meminfo	com.glimmer.connections:core
File opened for read	/proc/meminfo	com.glimmer.connections

Queries information about running processes on the device 1 TTPs 3 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.glimmer.connections
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.glimmer.connections:multiprocess
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.glimmer.connections:core

Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.glimmer.connections:multiprocess
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.glimmer.connections

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 3 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.glimmer.connections
Framework service call	android.app.IActivityManager.registerReceiver	com.glimmer.connections:multiprocess
Framework service call	android.app.IActivityManager.registerReceiver	com.glimmer.connections:core

Checks if the internet connection is available 1 TTPs 3 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.glimmer.connections
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.glimmer.connections:multiprocess
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.glimmer.connections:core

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.glimmer.connections:multiprocess
Framework API call	javax.crypto.Cipher.doFinal	com.glimmer.connections

com.glimmer.connections
1⤵
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:5107

com.glimmer.connections:multiprocess
1⤵
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:5167

com.glimmer.connections:core
1⤵
- Checks memory information
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:5210

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.glimmer.connections/app_crashrecord/1004

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/data/data/com.glimmer.connections/app_crashrecord/1004

Filesize
92KB

MD5
79ce1af7e4abc5b0e7d1c042209d55b2

SHA1
0df8abcdb79c7fb827d562525727695b11cfac28

SHA256
2b118595283c07607fd6c33d8ea30b94d3a7e2f23f4457e2b0f20da120f017ba

SHA512
87882a01bd860e2420b4bed07c57f46ba8f76f797d76cf00023fafb9200e715de590e5832d67d49c08b5dd7f86a5d3327b6a188bccfbecdcbfb6ac4329965bac

Download Submit
/data/data/com.glimmer.connections/app_crashrecord/1004

Filesize
16KB

MD5
ff270ee47df0d06ed9f1a3698f578c18

SHA1
05d078ddfa752c7ae67ec516c46c0208293ace59

SHA256
4efa2c9ef3adc6fc43bdb4dd59395cf2ab91744e16f4bdced11840eadea63b2e

SHA512
9c848912e70a3ac804d4f7a9d8f97457731e3819fda45d09fd536610e85833004f0702e7b0ea018227f0860dee5e38d9af28be1c162854a926b96d036092cde2

Download Submit
/data/data/com.glimmer.connections/databases/bugly_db_

Filesize
52KB

MD5
5c9683937c75117e62b47361dc254075

SHA1
34395d1cccb9a8560c7689b90ac015284c44235c

SHA256
40e33a8f75abb543ac57a13ef7341fe076cf8a5e708493f4c60a876d70e078a3

SHA512
53a218a9b96e516caa00aa5ae09da42504372c8eff2e62420ba6b65b710e0cea277afbb699efb5a2824b952a672630a35ae9a3f2aa53c1eaf578c0be6b7f6d63

Download Submit
/data/data/com.glimmer.connections/databases/bugly_db_-journal

Filesize
8KB

MD5
f2cb2b2c362873ba542d31bc2dea3197

SHA1
26857b3b35291a9071cf756b73ad5754ffed3188

SHA256
de29ded8b575e1726c491d69fe6871da7cd0cefb8a6338e6848f85b9146d0369

SHA512
f384ceff1754fc9082e2b5b9b18e84ef68885e6c4cfb4ea2d33a01a450beddf5acfc871d7ad6aca905c7b1b36085723d03bf2746fd1c0c432cccef28b6ad1ed7

Download Submit
/data/data/com.glimmer.connections/databases/bugly_db_-journal

Filesize
8KB

MD5
5e8642a065ce2b2a09b7df5420484253

SHA1
b5ebeaa5e0f25e5d838b6a54a92a8682e95b0406

SHA256
5250b0d713c2cbe94a0bded23a4e2e5cfc38cc5f85a72837f7cd5ef871a5eacd

SHA512
d4d727cd21b459968a2a4b33aca0a885e80cce58ae179be245c41555f3eac8170e47fbfe8e13430b884a925fbd37603eb86ef102340c0f26b4330943fb29f366

Download Submit
/data/data/com.glimmer.connections/databases/bugly_db_-journal

Filesize
8KB

MD5
a9b6841562db203008b68201cb72edc0

SHA1
421f0c6e32b852c5fe8f383b52828f7f385f85d8

SHA256
cc38b353f633ef812362fa3564d7d54e40641ece33c241b8f9b9d937db4687ab

SHA512
f1ddb5589a5431e5d3ebf44089dd9892c9d9b6d8389d14ecf38b73e2b48bde3493abc3da900cb50f16776113bce361e1e3335c48aa8f5e239bdc3b83ad8a9e3b

Download Submit
/data/data/com.glimmer.connections/databases/bugly_db_-journal

Filesize
512B

MD5
4ff9feea07afa1dc503b081c2412bc67

SHA1
545d7b874500416cc7e7e705bbdb0881efc4780d

SHA256
62dff12a5d06ae611e66a6c54c046f754916d49a5fbcf8245592486e420a895c

SHA512
ac38fb0fef05f687c0d060de718034c9566cba35b130d62fa910d518f9eff9fc4060b10a93e0719b6ad2e2f0c9c58a5a5a2f4460b4c6db8f5c1e50861fcb32ce

Download Submit
/data/data/com.glimmer.connections/databases/bugly_db_-journal

Filesize
8KB

MD5
cb9cb0f50a5902a7b34383fd60bf17b1

SHA1
0e5c04daca1a1e6fa895c97ff693080020065078

SHA256
7d2c63df47bee17f376575d32f89b68f5c6e70ff92812b14671029d1a4941674

SHA512
9fb47ad13d863d60a02f66bb3536a516439b036e9b2b76c088c045c96120f1018584bad2b80159b157a3be26efddb59f45b447ecca7d46a79539b6df2a8a4add

Download Submit
/data/data/com.glimmer.connections/databases/bugly_db_-journal

Filesize
8KB

MD5
c870b2333135dfc929c164667d024c08

SHA1
ac51d10b33d8c06228cdbbd1c0b7a0cecc92315c

SHA256
d3745eba9a8ed25d4305086cbbe6da4561353fe741d28d54b6179af9a1fdf835

SHA512
96c1991df839d82a769a44a8bcd69827be4c197ca5185924f1b5eb87c8f222b7249cd03518c39423f5f8704cd6d9b341afac2259468f18195db36229142b0bb5

Download Submit
/data/data/com.glimmer.connections/databases/bugly_db_-journal

Filesize
8KB

MD5
4a5436709db9adcb7245be604b9e1c7c

SHA1
a7cb3dcb5e012347106a3268b2cb0db90d403165

SHA256
8cb1e14f0fd68af81b37aae21b14183eade163ff4f5d097692621198629efbd7

SHA512
0960c43394b8a2e3fdd1b61320ad29d05c41084b69fd763d339ffed1be8182c38eaf3872094f4d763667ad441e036a04d522141dcaf8c311ea61024428c29cb6

Download Submit
/data/data/com.glimmer.connections/files/jpush_stat_cache.json

Filesize
119B

MD5
10d2b8f338657e4c072c0d494637f1db

SHA1
ce2a5505cbc39f4d68a34a312654bda666e2c99a

SHA256
2d07865ccfb25ef49575fca43fc4eaf5eba529d199d30ffb4d01c0668c54653e

SHA512
df0d2f794da16709e2aceb7c867306b4110771d67a11ba9114edd3e039feae00b2c15f8eaf3c2ea53307043edd60e9ca846126f9579dd3e4c90c9f9f3632590c

Download Submit
/data/data/com.glimmer.connections/files/jpush_stat_history/active_user/nowrap/5e8b3384-fe7a-4f07-b7c5-aeeb000313ef

Filesize
159B

MD5
d7d62493081131ed707543c6da2ed6ae

SHA1
ebda991ee784ece2e562808e419d9e3f118cd93e

SHA256
1d4bf5c9f7c308730e1706259c568cf944cf079e03c3d5b0a693f179db61282c

SHA512
5489b16c46600d9dff6f007b3f77a1e943d2b6f732937ed8f66dc77487b46a6c658172c65ba3c381ec1b121d36856c32754f63b6b037e67cdc2f2b6cc615a2f2

Download Submit
/storage/emulated/0/Android/data/com.glimmer.connections/files/nrtc_config/official_config

Filesize
1KB

MD5
3fc0502c98f19caf765316816028894c

SHA1
ef0dc30e3391b0a1836bd6edbdf8a5f5e33c160b

SHA256
67925a7d66bab20e3fde580664e738974518917c672a998681e8e6bfd1435ba7

SHA512
2f5481b5ed20ea31e60bdcbca50c5c6316de935b823b031de05a9f6869725dabf2efe78d6d46193a1ff6798b9a2d1e3c078d640577ccea4ed0b7f15c4edba746

Download Submit
/storage/emulated/0/com.glimmer.connections/log/demo_20240510.log

Filesize
112B

MD5
68f5620effb1942ad235eec81e6a4ea8

SHA1
63e88008e7b73fc1ecad690b70850adb17142a3a

SHA256
b4a9c34b37f73aa1ec02e145871d9e605c33b9412f1e2c3f89df01e0e0a76961

SHA512
042b5e62db0c87b77145a007157032b9eb68da969c32983be0d183b1e1459efe9446472cdeb8aea3c684194e098e3a084a4aa416a526fbe528169171328c8969

Download Submit
/storage/emulated/0/com.glimmer.connections/log/demo_20240510.log

Filesize
45B

MD5
c1ca1164cb4e4e2d1009d6f675d973ac

SHA1
9f309a6dad39730ffeac7b19bbb140fa50c346b4

SHA256
0aa499ceeda8023f3649019b9f43436e858bdeda964788049df9f35aa31a329a

SHA512
b644c485d402d7a6b470aec2d8d50c48f164e0af31e148136769bf74c534f29a8826aa2d729b4ef1bb1b0387c62ac25ad3edc41fe1721e60386f0b99b80061fd

Download Submit
/storage/emulated/0/com.glimmer.connections/nim/log/nim_sdk.log

Filesize
95B

MD5
4e89441c79ea2ba938d76e354958a8b8

SHA1
28b7f70dc67e0e14ad94995515205106bf04c69b

SHA256
5f438d579929b7155855c18300d59a78a1d015ba2b2ad35b75ea41bd7a67b06b

SHA512
688e9123871a8386552d53118867fcd676411f5838be71356244a73eac3f94a829a27288699b02b8930620ecb7246c0eb8107bc5cd48567046e110558989b486

Download Submit
/storage/emulated/0/com.glimmer.connections/nim/log/nim_sdk.log

Filesize
8KB

MD5
d00237ff859e13406a9421509b685036

SHA1
4314c57a427e5913e9a24edee8c089c62eb524fd

SHA256
9466eea25c495f2806f0d1a588321d62e7f47b28ea05d70de8658306406f7185

SHA512
458173703e4077df626b5657637cab42c480144b54cdecb28bcdddbbae9fd7ec9ca69f5574197ca3284d93a48bb48b043d3299f9f940dd72d08f89b8235c9ab1

Download Submit
/storage/emulated/0/com.glimmer.connections/nim/log/nim_sdk.log

Filesize
8KB

MD5
d0779772f40e89d908c3946be56249d4

SHA1
117524de00561a4d8321cb0a0877c09432f579f3

SHA256
6c5eb8cd092b3e596afe3fc6f62095b6002e857635e1b3267ef7af3e750cb8a9

SHA512
d06d0f2a6236cf96e250b95d163b5a6b557b239b1511dccdfbb049824b64cde2504cdfd30237e0fbe0953b7661064edf2056a14debadcd955bbe8ec8ead01912

Download Submit
/storage/emulated/0/com.glimmer.connections/nim/log/nim_sdk.log

Filesize
12KB

MD5
28ece9108d0da3e013ace8a2f1be1ff1

SHA1
76ddaac8312daa296803acc6379d230db030414f

SHA256
88bbe00faa27e934e9ce12d1bab4c7d11ac34f432a83dae15b8b455d3d537434

SHA512
aee7fc3be1e3418ed0bd76b24138b20cfa6d7fb2fdeb605c125830292142010e19c1e78036bef534f7fcd7068a345068f46200d3ee013e126602e4a218ad2b21

Download Submit
/storage/emulated/0/com.glimmer.connections/nim/log/nim_sdk.log

Filesize
96B

MD5
c08ef63434286b49fe267f51b2463923

SHA1
93000f7df059c43d4c5e8e3759af2f62ea525fbc

SHA256
f785996612e0cf9dcfb935202780f60551a2103e323ded218c6bb01bc78b46c6

SHA512
1ef8abf28721bad785dafe7c22ce011ef3edbfe490ff1e17fc5a7a26ce49a1098d2c42e5348fa06715805c5f785e4795ba35186113270b796eaebf62aa528452

Download Submit
/storage/emulated/0/com.glimmer.connections/nim/log/nim_sdk.log

Filesize
9KB

MD5
2b19f92f432d30b1252904a2c2f05f99

SHA1
5fb8ae6c1f861143a4eaeff917d9eb8b138287fa

SHA256
c577857e2a1421d89c3eaa4d04994365d9a055a2d7b490baa02d5c312d64262f

SHA512
47a384d7f32144fa90d207f00453648b2e1f6988c1206526bb70a5c5ae3c7c3ddda885d0105d67e4db79cb72eeb88c1a0221c52566f4c00562bb7b31f0cf485b

Download Submit
/storage/emulated/0/com.glimmer.connections/nim/log/nim_sdk.log

Filesize
94B

MD5
6c2cd28654381edac655a2d17618cbac

SHA1
d790a128d47ecee90c433dd1fe2a2baa8e4fda1e

SHA256
fe0f98cb7baebca5653b359f7c5eb30994dd0445e7e29a1e15f053f778a18f61

SHA512
0db27eeb3c02210fee9419778dce1d846a04950c1cb13ef3be8f5dfa79ee64a6614035750e3c7ed3c699e461cee8cbee72c15107094bba0879e7c6f5874ed588

Download Submit
/storage/emulated/0/com.glimmer.connections/nim/log/nim_sdk.log

Filesize
652B

MD5
bd2d925654568e6aebecf80a71adef77

SHA1
6244d4bdc158c7227869791a3d7c56177e4e4e0c

SHA256
fbb0ace4cff61f900b2c88c5fd1fa004d3ddc23b5dfe50f849645ecaabaa56dd

SHA512
fa2820580b12c1bf236cc54276643d48e3793116e485e9c6eb222edbe095bd6154f3199c593234ad2ff099af4b9d9b9fd66776812aab873747e43a7b34fd015a

Download Submit
/storage/emulated/0/com.glimmer.connections/nim/log/nim_sdk.log

Filesize
161B

MD5
d8f190f0c6b3440de2c7fb6cb47ff034

SHA1
85b9eba48ecee5a59eca4ad4cfde774bbc92725b

SHA256
fd39d450cf6c44f8b73ae62767801d239bb45a7ac3519b2c0be362882ae5d202

SHA512
e522eadc2d6b65d28fbe8448ed7aa5ee13e2d1b83a8da553a1955d4b05ddbfe06345dc086516624ec82a03a5dde58143844a5094f592f28dd199a5a3a50785f0

Download Submit
/storage/emulated/0/data/.push_deviceid

Filesize
32B

MD5
41a8fdbb701e75d22c9cdbf194d0da59

SHA1
7f9b6096b2772c2abc5cc73976d86e2f24eaee19

SHA256
d4bc4cad5ffa66b361fdf49bd48ff70b0f39f0b9bd1011254b9f1b445663e386

SHA512
092135f0a8f13b0fd0b315b053fd7216761d55a9bbe4e89cf55afcf49933ed22046f26f793dfd1808b0c798204840c1bc57d70f1863097eff1145791d8ca797d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads