5ace37bded1abda4cd447b906cbfe8964210cc8df8327ce7ff9220fc285185a6

Analysis

max time kernel
2599778s
max time network
157s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
23/12/2023, 17:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5ace37bded1abda4cd447b906cbfe8964210cc8df8327ce7ff9220fc285185a6.apk
Size

12.3MB
MD5

4dab0c20e84158561ef70f03aaac8e73
SHA1

0abcb0da61b56a7f396639d80a3ec9993dd293c8
SHA256

5ace37bded1abda4cd447b906cbfe8964210cc8df8327ce7ff9220fc285185a6
SHA512

7a5da592fcbe5edaa7f7454183a9356e64a16d7a5f11369098bd9a78eef16cd6bde336f59076eefc6a124e5d3a261c8a4cc0d293e4309590f0078661615129cb
SSDEEP

393216:N2hn8cD+5vTEgC4QBpMdT0slTKUT8uCLt:M8c4vTEgC3BmJ0GTKRx

Score

8^/10

Malware Config

Signatures

Requests cell location 4 IoCs

Uses Android APIs to to get current cell location.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.sogou.androidtool
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.sogou.androidtool:remote_proxy
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.sogou.androidtool:push_service
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.sogou.androidtool:channel

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.sogou.androidtool:channel

com.sogou.androidtool
1⤵
- Requests cell location
PID:4480
- chmod 777 /data/user/0/com.sogou.androidtool/cache
  2⤵
  PID:4509

com.sogou.androidtool:remote_proxy
1⤵
PID:4740

com.sogou.androidtool:channel
1⤵
PID:4926

com.sogou.androidtool:remote_proxy
1⤵
- Requests cell location
PID:5045
- chmod 777 /data/user/0/com.sogou.androidtool/cache
  2⤵
  PID:5072

com.sogou.androidtool:push_service
1⤵
- Requests cell location
PID:5129
- chmod 777 /data/user/0/com.sogou.androidtool/cache
  2⤵
  PID:5166

com.sogou.androidtool:channel
1⤵
- Requests cell location
- Uses Crypto APIs (Might try to encrypt user data)
PID:5239
- chmod 777 /data/user/0/com.sogou.androidtool/cache
  2⤵
  PID:5268
- /system/bin/sh -c getprop ro.board.platform
  2⤵
  PID:5365
- getprop ro.board.platform
  2⤵
  PID:5365
- /system/bin/sh -c type su
  2⤵
  PID:5390

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.sogou.androidtool/databases/MessageStore.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.sogou.androidtool/databases/MessageStore.db-journal

Filesize
512B

MD5
11225c4a65b0e4c474ce19fe8fd4ddda

SHA1
4ad5a1975c99beb2f68c3ab71c7fea0f2b978351

SHA256
794163734142367a181d357cac39cce2c8f4f94157c5c486496902ecb95cd075

SHA512
720c6236d6e91e85612705f559368a603ac14abff443a85894e7478aa50de70ded9f80d6b0c62aa77574aa7bf9453bcad7af9adf594d89007ccdbd7655021070

Download Submit
/data/data/com.sogou.androidtool/databases/MessageStore.db-wal

Filesize
48KB

MD5
f778a6f11a7da91127448216b1abf683

SHA1
3a2ca485d90b652cbda8dfa2479aa4f48154f654

SHA256
152a4c310a21d53ba1c05d1749d67c33fad87930a0ed67985d0b33b0043f2ef3

SHA512
4be492a7f9dcaf99b7763ba223ed6c54ed9910d4291ec2e6688e4f1afe6659d33ce692aef4f8c29f0a0f17cf6bfa0a9813e4320ff0aed5520f2ed5978eb20659

Download Submit
/data/data/com.sogou.androidtool/databases/MsgLogStore.db-journal

Filesize
512B

MD5
3e38830b2c72ad5a3db04a8a7183e59e

SHA1
eed4cea69666e40fe8f0459222d50e5107186697

SHA256
913a66ce63aaf54bbcb1c87321f99baaaef876fda635607979f39e06befea067

SHA512
8c7b0bf3cc5ecedefeabfd66b9ed5d4959dc10295690569083016252f061af317e6baac43191691cd9f2323842922f449934b77d844b3e37dc41572e84af84c8

Download Submit
/data/data/com.sogou.androidtool/databases/MsgLogStore.db-wal

Filesize
68KB

MD5
22a47141ffd8891c581e8a69b784452f

SHA1
4fa35420a401779984f86712e99e874537fbf25e

SHA256
af65214bad5ccf1ba0236156fc88b56ed585b61416d79ed3138a23c7d0196dad

SHA512
109d593e2453717666363117d16f9ac4677e04c08c87d2057f8124b69097a19d23d6c52ffc0024a88b3722c54da1f7864b51d92276467dc86dadee656cf7894a

Download Submit
/data/data/com.sogou.androidtool/databases/bugly_db_-journal

Filesize
512B

MD5
c3f8d2f8955c4386c526ac0e990c32bb

SHA1
e586ffcb4044e78c26d4552aa015233f9350dd03

SHA256
c5ccb6c594f074638567576df3e30a5fb3013995f474e7bb62d836a9b08705d8

SHA512
b6f753c9a64ff582a93ad568dd2e61935ba22d35683c619de71e74ea8d6fe16d59a1d87104bba8091c720e9fd5525c06c56f3b9535eff2dcad45d4a4a0abb0d8

Download Submit
/data/data/com.sogou.androidtool/databases/bugly_db_-wal

Filesize
16KB

MD5
b79fd2ca7a5b2d20db3442a6a4ff5271

SHA1
0c1a8b5c6cb25e78000ffd36d8b150517b222e28

SHA256
5dffd5c73e74281604d0be053ed83e676964985877cd6caeb978cf8a8e4a85d4

SHA512
84c5b008fb30c3c42ad31499b6dbf30d917a6920ec0e10dbf161af5d759ed4ae313a930f28880a0640871059cc90d1feac3b264b074976519bf12d7a1e8b7440

Download Submit
/data/data/com.sogou.androidtool/databases/bugly_db_-wal

Filesize
257KB

MD5
0e9a0e903b3009f104e803e5c68adc0b

SHA1
5ca03afc6809bf283b013ca5b64497b90b567830

SHA256
5b3bead5643be66283a6df0f4c9b8a260aa3ae95e031a011ae175921fe4803c2

SHA512
8776a71a8137dfe598ea7b2bb4a7e43b2268d89fe96cabe02eef137a51b29031234a316fc6e6cd212c1d2001b625f8e1fe2d32a1a6c98624a746d5e4192eec17

Download Submit
/data/data/com.sogou.androidtool/databases/bugly_db_-wal

Filesize
185KB

MD5
02c64a9b0e8f648087db89b233e4f513

SHA1
f32d6db7163df36797b525062b0963f0fa3bc7c3

SHA256
874da63e77739e59fd67eedb461ef87589c3362733ff55d7c00b6b2e197d5ca5

SHA512
6c9c231ec691d8369b6650460b06c21d8716e78b4dc0f1940ce69d10b61e274a679734e82837bdecf4167eb3493b79861ed9c8f4e58f19cb468247ee6944744c

Download Submit
/data/data/com.sogou.androidtool/databases/bugly_db_-wal

Filesize
209KB

MD5
fdbb2e7e7f86701dc5cd79786275bc24

SHA1
a6488cd2b53531508e438b77047a04ece8b7a439

SHA256
dab183d837b5221fd2fc0f2e5689ce538956785086f9bc33936a32cb5375f0bc

SHA512
f6df88c0938bb1c945e79fd00e3cee7610c281544386c1e965d889698c22c4ab5a643d28810d6cb3d6ba012d627206601386e56e83af572a4b66b6f64ac48f57

Download Submit
/data/data/com.sogou.androidtool/databases/downloads_classic.db-journal

Filesize
512B

MD5
a5c7df1c2937c0d90a608fd6c7dee518

SHA1
b335d649f2770631b404a2c047d445fe57204c77

SHA256
ebbdc4666b45f6a445a553589193d72628efd626fbdbef0dca9b3d41c59fd337

SHA512
0a3972e5b6ff030aa54b21bc69e10e2c8d478750ea44363ce5ae2c62ebb4318452e7e6b92471437b6d535c47c9ff55b84dc23288f8139d1dc024f20c61703bbc

Download Submit
/data/data/com.sogou.androidtool/databases/downloads_classic.db-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.sogou.androidtool/databases/downloads_classic.db-wal

Filesize
40KB

MD5
02966f3b34ed0217fcf7486302c56343

SHA1
0fbaaf2b7980c12d7b97966b216960f4578da37a

SHA256
ad48e6f4c5a57268a15776235e470cd6f3f212ae44e144aeccfbeedc0612b89e

SHA512
7164f47209becf07ff47b8b4d9f9d92af10c4cdc292755c5e6a997e921ca6c38b06e3094c4970bc6b039efa06e3b7efe41bea9e5afc45be9586d755af6b69fe8

Download Submit
/data/data/com.sogou.androidtool/databases/message_accs_db

Filesize
36KB

MD5
486e2bac2b3e9e1cb411d2838a4854bd

SHA1
81dd0a7537f4af319b830ae834908986be85da8b

SHA256
5644a250fa6cef16c2c802b98275656a5fc39dcf89bcc22193742d85c7313f57

SHA512
c146789563dae163e373489b3df53f22efebd32b69643992969241eb5ad5eec668de67e7cd2aaf5c3a8af57b0842115d00183825734f57643d3fdb09835fe681

Download Submit
/data/data/com.sogou.androidtool/databases/message_accs_db-journal

Filesize
28KB

MD5
74eacf2cdd58b81e2edbfb7a2daa1ba5

SHA1
c3cb5118cd520097ea19e6b8fcc2a3f16f040f73

SHA256
9956881af5e7750806d479681a3d4cfd3157437970e8b86d0977d9ac2b66c608

SHA512
beedd523f618cd361182fc57ca9fbe33550d3097fe9a52f89b2a681f572d91daec389b1b65cc22a53946a2357a6469b82535d293925669cab79689161917ebdf

Download Submit
/data/data/com.sogou.androidtool/databases/message_accs_db-shm

Filesize
28KB

MD5
16fdbd121cbd0c01e71275b54650b8bc

SHA1
902914f2fa467cab3bb2fbdb31216b6a99b713f0

SHA256
e8cdb11e4bfe86129351b49f39928dab01cfa5806fc2857a584a6a0dd0e52258

SHA512
f8896bfd2096706b5a093595f867b7986267bddff1563bb3f18935729ad93d9892bf8597c549418231abc8848646f5073fecaaefae9e790c4aac616abee6c2a3

Download Submit
/data/data/com.sogou.androidtool/databases/message_accs_db-wal

Filesize
48KB

MD5
b471458b39e19e6dbb114675ac3f3eeb

SHA1
7cdec3d7944968f220468f35ee7b1d0af1ca7892

SHA256
b37454009e2336118174673ffdc7b0a7bf2b2c12f4db8ed05f24ebfbe12a5f1a

SHA512
e763d8a97c6588366f7d7379aae61d35e0745888c7590904fb7c91f660c12655faa3720a1c420b7037566560294e82927e9b45191893e5598106c6688a292322

Download Submit
/data/data/com.sogou.androidtool/files/agoo.pid

Filesize
68KB

MD5
d9f1fe493a7aaf35a3a8ccbe026f968e

SHA1
03476df8d69845f9d27c5e28dc5e9d6e202bc5fa

SHA256
f53d0f8c2fdec2c4714ba74adf87fd986990a7cf4209375d2136ee4d2b76f2fe

SHA512
1ac37bfae5e480dcb70a1bdd096417e883a7afeb227bbec8311b7b3e8d281229f6b471a4f78df0561e077909049261755638cd0803fb0b13b24c952b89ca5077

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
48KB

MD5
be3f409c8d20e79d9dacb4c4a2ccca87

SHA1
56625c3f70326789079deeae2b16446f5e4424b7

SHA256
369655dc2608d74618d5fb7f1e029e42bb25aaa02f6c4b3ce1c2fb5d5d98682a

SHA512
e51514847b78a024388171551bb0227893537ca258e941337111dd4df4ccfc3377ffaab27e39f151951880f775021364feaf570691664c0672601d17c91be914

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
512B

MD5
53b7c40c2f0f3070b84919fdfd994f93

SHA1
a50d2b91088e75c491c60a0d2b0b8dfe16ebce8f

SHA256
f9bcbf3768ebfe8dd3eed9b0e48d7331eca925f15e3fd691000fcca96328d2b5

SHA512
9e31c75c5d9dd42fd2c4a834b87361bf372a8dd3bc01c8a4e7abbd862765d2477afbf67f56715a344a43e1353cc28353be886a3736ef71035574946c521a3a0e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads