Analysis
-
max time kernel
59s -
max time network
137s -
platform
android_x64 -
resource
android-x64-arm64-20240514-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system -
submitted
24-05-2024 12:32
Static task
static1
Behavioral task
behavioral1
Sample
hmjxc.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
hmjxc.apk
Resource
android-x64-arm64-20240514-en
General
-
Target
hmjxc.apk
-
Size
8.1MB
-
MD5
2b678932f208688b47b1f8d5927fa78a
-
SHA1
122117950f22877bfdcd28db6c5b9f66a09127f5
-
SHA256
bd1286cc2a33b98bc3e5c4a36c9d87ce9b067451babd9eaaea11e71fff1cb9ef
-
SHA512
0eed2ec57088dcd0d158429b64d94463987f4ad31fff6749d4dd41f39ca047ca268fdfd253804e15bbc69370f8451124cbf898217d4bb41da0d901a3ae07d29a
-
SSDEEP
196608:062sEKE0U7yRoqOvFQrLx09K0qRPt7y65:oivvo/ON6KxRZyS
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
Processes:
com.hmgc.hmgcdescription ioc process File opened for read /proc/cpuinfo com.hmgc.hmgc -
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
Processes:
com.hmgc.hmgcdescription ioc process File opened for read /proc/meminfo com.hmgc.hmgc -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
Processes:
com.hmgc.hmgcdescription ioc process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.hmgc.hmgc -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.hmgc.hmgcdescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.hmgc.hmgc -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.hmgc.hmgcdescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.hmgc.hmgc -
Checks if the internet connection is available 1 TTPs 1 IoCs
Processes:
com.hmgc.hmgcdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.hmgc.hmgc -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.hmgc.hmgcdescription ioc process Framework API call javax.crypto.Cipher.doFinal com.hmgc.hmgc
Processes
-
com.hmgc.hmgc1⤵
- Checks CPU information
- Checks memory information
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4600
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.hmgc.hmgc/shared_prefs_ext/test_appFilesize
27B
MD5ae180f351a0068fb8780e4e533f75cc8
SHA10dd7558eae50376b2a29d515d610bbc273790d55
SHA256d42e9ef60861084e7f52f1915243173d028c0c4faa8154f6095c7ecd142acc13
SHA51240a0cd2c80d4871bac966be822e5dde9bea07e1930849a4bb23a03bdb831b70bffc3e65161da389eba2998ed3263a4251322538d624841b745caefb9057dbe3f
-
/data/user/0/com.hmgc.hmgc/files/cnc3ejE6/eje3cncFilesize
39B
MD57769d4507985f59116153463f09235a2
SHA1b081e84d14300ac7a7947aade9c025fa83bc17fb
SHA2565ba33c69421ad27727832442cb5939d5bc853acecd0d8162d7c10a6b96757dcf
SHA512ce5bb431a31eaba24c0cf467bedb1abee2205b74c4533067058b09ce7e8f9480b8baa01866e3dc89d1800d07da6007f36c1b4fea811e3da164b187903480d29f
-
/storage/emulated/0/.imei.txtFilesize
32B
MD5c9b1488c8640c2850308c7a5fad8d4fb
SHA14beeccf30ca5c8ec96d2366832cef9792a3ed0f4
SHA256eeb21b33f41bf6daa491377bd94023fc6efb18aa97e055d4a72988957f41bed3
SHA5129b0e832206b1671fa9f7c4ed6799155c9c86b1210beaf3d43f2c693b3e1acecec36ce186b5db5b4407bad172cb78144dd9e93e0e9cfd655385227639b073f635