Overview

overview

7

Static

static

6

6854084397...18.apk

android-9-x86

7

6854084397...18.apk

android-10-x64

7

Analysis

  • max time kernel
    74s
  • max time network
    153s
  • platform
    android_x64
  • resource
    android-x64-20240514-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
  • submitted
    22-05-2024 19:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    68540843979bfc1cdad23957d1b54cff_JaffaCakes118.apk

  • Size

    10.7MB

  • MD5

    68540843979bfc1cdad23957d1b54cff

  • SHA1

    6e9430d3920423a90d9ef560ef7f57a39ea9ce54

  • SHA256

    28631b5c7e1f701e15adfdd23c029023af681d8ad7f663846f83f4391a2b0243

  • SHA512

    8f715de81547dde9bbf1ce71bd346ce2f5d1b22b9c9fa48a883860d31d4c2202fe872b580dc152a7672aee1cab068b8e19b8190ad9a06fd2a7b9db79249f3994

  • SSDEEP

    196608:7XjoMqwCxKEbA7tpDfvVbDSrtgZQpmP/KQNwDnEzjm48UL366XUPvh:7XjoMHCxKy2ztSrtgZ1P/P+nmV8ULVXe

Score
7/10
discoveryevasionimpactpersistence

Malware Config

Signatures

  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

    evasiondiscovery
  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Checks if the internet connection is available 1 TTPs 1 IoCs
    discovery
  • Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • com.hsgene.goldenglass.activities
    1⤵
    • Checks CPU information
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:5180

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.hsgene.goldenglass.activities/files/.um/um_cache_1716405520780.env
    Filesize

    678B

    MD5

    28918504c9a4d692e415b3b5fa5b1013

    SHA1

    5b9d62289292ce9503be0efc694d850b3969f90d

    SHA256

    fac1610596bc140a6facd1944624c60565fb849e20443fe75d4f75042423b475

    SHA512

    3b2932aa3c77966ecc16c54e079f9da76c852e8ce09ef786eeccbab219171bc6866d6d8db42f5cfddc5ad578421f4a35c239f3d53abbd3aa40a52dfa16478d2b

    Download Submit
  • /data/data/com.hsgene.goldenglass.activities/files/.umeng/exchangeIdentity.json
    Filesize

    162B

    MD5

    d7697ea07fd37d52e9c27acc7a1d4a29

    SHA1

    813f1b0e514b9849a00a8080d3ade73bbc432000

    SHA256

    7e1eab356dbbd407f1e768b151b809297efd05bb1a1064d6c6e0e653b304ce95

    SHA512

    28b487423892d5e4f8012c919d62d3136c511915df1511ab38e044f7b8fec529a66c923909e89eb5e942f0c472795d4be88109514fdd494af10373785ddd137a

    Download Submit
  • /data/data/com.hsgene.goldenglass.activities/files/umeng_it.cache
    Filesize

    352B

    MD5

    c91aee672568e0b99e00641bb541eca5

    SHA1

    e8a8f214aba971a95d78302d6ee015e7e6472794

    SHA256

    ada86eb609d6e135909bbcc498afe4538e7cac968dee72ec19a3f412a4499ffb

    SHA512

    3d6be2809191f029045d35854184f98d22c7c5293ef2485d56f184a193652883070d5b528392d05aff0c15616de05426851fca9965c04dc6c474a067287cf371

    Download Submit