28631b5c7e1f701e15adfdd23c029023af681d8ad7f663846f83f4391a2b0243

Analysis

max time kernel
7s
max time network
139s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
22-05-2024 19:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

68540843979bfc1cdad23957d1b54cff_JaffaCakes118.apk
Size

10.7MB
MD5

68540843979bfc1cdad23957d1b54cff
SHA1

6e9430d3920423a90d9ef560ef7f57a39ea9ce54
SHA256

28631b5c7e1f701e15adfdd23c029023af681d8ad7f663846f83f4391a2b0243
SHA512

8f715de81547dde9bbf1ce71bd346ce2f5d1b22b9c9fa48a883860d31d4c2202fe872b580dc152a7672aee1cab068b8e19b8190ad9a06fd2a7b9db79249f3994
SSDEEP

196608:7XjoMqwCxKEbA7tpDfvVbDSrtgZQpmP/KQNwDnEzjm48UL366XUPvh:7XjoMHCxKy2ztSrtgZ1P/P+nmV8ULVXe

Score

7^/10

discovery evasion impact persistence

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.hsgene.goldenglass.activities

description ioc process

File opened for read /proc/cpuinfo com.hsgene.goldenglass.activities
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

T1424

Processes:

com.hsgene.goldenglass.activities

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.hsgene.goldenglass.activities
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

com.hsgene.goldenglass.activities

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.hsgene.goldenglass.activities
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

com.hsgene.goldenglass.activities

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.hsgene.goldenglass.activities
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.hsgene.goldenglass.activities

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.hsgene.goldenglass.activities
Reads information about phone network operator. 1 TTPs
discovery

T1422
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

com.hsgene.goldenglass.activities

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.hsgene.goldenglass.activities

description	ioc	process
File opened for read	/proc/cpuinfo	com.hsgene.goldenglass.activities

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.hsgene.goldenglass.activities

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.hsgene.goldenglass.activities

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.hsgene.goldenglass.activities

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.hsgene.goldenglass.activities

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.hsgene.goldenglass.activities

com.hsgene.goldenglass.activities
1⤵
- Checks CPU information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4283

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.hsgene.goldenglass.activities/files/.imprint
Filesize
1007B

MD5
17da5dc91a6aa0102ec61f46f6ee1919

SHA1
209b6af2623a5b51416c0f8d6ffff7f379ab9496

SHA256
a5cd08d9cf004a05cb3ad2727105563ea334008900aa643adb0d98d1afdf2fc8

SHA512
8c3892797899ff6f63ba3b01932fb46badfe5dcdb3fe5764de146986f00a6412138c003f1f23778436e32db552e18e0304ddb2b1dbce6ebcb43dada5ad8608d2

Download Submit
/data/data/com.hsgene.goldenglass.activities/files/.umeng/exchangeIdentity.json
Filesize
162B

MD5
09a4bc21f94bc421ac6c4f996cc5ed41

SHA1
321e3f532c4840c4dc09e7faa25116401ea7f689

SHA256
b0b631ed9199ad739fc8f66aec4c00e479bbd330bfe37910d2f19ddc58bbc628

SHA512
be4a5d0a47398e5862324b10fc5dfce3f67bf27f65279ed899408a60fc5a2703a595ebc34262f6153759371375a7c665e832ed4da89f00fb26470b79bd8f20c3

Download Submit
/data/data/com.hsgene.goldenglass.activities/files/umeng_it.cache
Filesize
415B

MD5
90fda3532e4fec1a03ca3c2d905cad06

SHA1
8addcaca3efbc1869628825d158de44cdf442273

SHA256
7084dd53535b58b35e6c1f659ff05436ea2e4d46bd584170f4f735a1751a2cf1

SHA512
d65c200e5518f77ecb98a12e197f86b9671bf96503ee22afd54758c3db90e57360b242db4cfe2dfb1fc589fbc722d55cdc8c43548b34eafcc0b1940d1c71f58a

Download Submit
/data/data/com.hsgene.goldenglass.activities/files/umeng_it.cache
Filesize
211B

MD5
d8358ef2c6026348075e64bce7c0994c

SHA1
1a7818433a5063fb87fb4e70267025a515a70e66

SHA256
2b46a1cb413dfb3a9c538adb3da9ec951d5c9eb7693864b3166010e006405e88

SHA512
cccb6505127b802a98406ec0fe4bf5c29094c498124192052ef9ab0885d0ed2d93c648472517ab5295e34f9d4b6ecf240590e1a3f548f4d3d284cb4d5b39a67c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads