Analysis
-
max time kernel
74s -
max time network
153s -
platform
android_x64 -
resource
android-x64-20240514-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system -
submitted
22-05-2024 19:17
Static task
static1
Behavioral task
behavioral1
Sample
68540843979bfc1cdad23957d1b54cff_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
68540843979bfc1cdad23957d1b54cff_JaffaCakes118.apk
Resource
android-x64-20240514-en
General
-
Target
68540843979bfc1cdad23957d1b54cff_JaffaCakes118.apk
-
Size
10.7MB
-
MD5
68540843979bfc1cdad23957d1b54cff
-
SHA1
6e9430d3920423a90d9ef560ef7f57a39ea9ce54
-
SHA256
28631b5c7e1f701e15adfdd23c029023af681d8ad7f663846f83f4391a2b0243
-
SHA512
8f715de81547dde9bbf1ce71bd346ce2f5d1b22b9c9fa48a883860d31d4c2202fe872b580dc152a7672aee1cab068b8e19b8190ad9a06fd2a7b9db79249f3994
-
SSDEEP
196608:7XjoMqwCxKEbA7tpDfvVbDSrtgZQpmP/KQNwDnEzjm48UL366XUPvh:7XjoMHCxKy2ztSrtgZ1P/P+nmV8ULVXe
Malware Config
Signatures
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
-
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.hsgene.goldenglass.activitiesdescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.hsgene.goldenglass.activities -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.hsgene.goldenglass.activitiesdescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.hsgene.goldenglass.activities -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.hsgene.goldenglass.activitiesdescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.hsgene.goldenglass.activities -
Checks if the internet connection is available 1 TTPs 1 IoCs
Processes:
com.hsgene.goldenglass.activitiesdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.hsgene.goldenglass.activities -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.hsgene.goldenglass.activitiesdescription ioc process Framework API call javax.crypto.Cipher.doFinal com.hsgene.goldenglass.activities
Processes
-
com.hsgene.goldenglass.activities1⤵
- Checks CPU information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.hsgene.goldenglass.activities/files/.um/um_cache_1716405520780.envFilesize
678B
MD528918504c9a4d692e415b3b5fa5b1013
SHA15b9d62289292ce9503be0efc694d850b3969f90d
SHA256fac1610596bc140a6facd1944624c60565fb849e20443fe75d4f75042423b475
SHA5123b2932aa3c77966ecc16c54e079f9da76c852e8ce09ef786eeccbab219171bc6866d6d8db42f5cfddc5ad578421f4a35c239f3d53abbd3aa40a52dfa16478d2b
-
/data/data/com.hsgene.goldenglass.activities/files/.umeng/exchangeIdentity.jsonFilesize
162B
MD5d7697ea07fd37d52e9c27acc7a1d4a29
SHA1813f1b0e514b9849a00a8080d3ade73bbc432000
SHA2567e1eab356dbbd407f1e768b151b809297efd05bb1a1064d6c6e0e653b304ce95
SHA51228b487423892d5e4f8012c919d62d3136c511915df1511ab38e044f7b8fec529a66c923909e89eb5e942f0c472795d4be88109514fdd494af10373785ddd137a
-
/data/data/com.hsgene.goldenglass.activities/files/umeng_it.cacheFilesize
352B
MD5c91aee672568e0b99e00641bb541eca5
SHA1e8a8f214aba971a95d78302d6ee015e7e6472794
SHA256ada86eb609d6e135909bbcc498afe4538e7cac968dee72ec19a3f412a4499ffb
SHA5123d6be2809191f029045d35854184f98d22c7c5293ef2485d56f184a193652883070d5b528392d05aff0c15616de05426851fca9965c04dc6c474a067287cf371