7093bf50949b3ae6dffe4206cf2d976810d9ee9a2425d583c0beb49118ae10f4

Analysis

max time kernel
2665914s
max time network
165s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
23/12/2023, 18:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7093bf50949b3ae6dffe4206cf2d976810d9ee9a2425d583c0beb49118ae10f4.apk
Size

27.6MB
MD5

040bfc60e37fdaf3bda61ba8af5a5e3b
SHA1

cbc92bfc7fd437415e80f0eea1875ffe5951671c
SHA256

7093bf50949b3ae6dffe4206cf2d976810d9ee9a2425d583c0beb49118ae10f4
SHA512

3a5fa7465b5ef38f5cdb2b277c26b5d0f12133362f9748d167e8b1bd3bd710757bea934fff2ed78d553feaf845dc3baefc6e61cbc6253a85b15396a69aad16ff
SSDEEP

786432:Rc9EqCfPq3rfOlIBtUV47Pl5vw2jaHpL1/3ifu:Rc9EqCfPCWGBI47Ple2sF3ifu

Score

8^/10

Malware Config

Signatures

Requests cell location 1 IoCs

Uses Android APIs to to get current cell location.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	sogou.mobile.explorer:service

Loads dropped Dex/Jar 1 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
Anonymous-DexFile@0xcb2ed000-0xcb2fce88	4264	sogou.mobile.explorer

Uses Crypto APIs (Might try to encrypt user data) 3 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	sogou.mobile.explorer:patch_service
Framework API call	javax.crypto.Cipher.doFinal	sogou.mobile.explorer
Framework API call	javax.crypto.Cipher.doFinal	sogou.mobile.explorer:service

sogou.mobile.explorer
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4264

sogou.mobile.explorer:patch_service
1⤵
- Uses Crypto APIs (Might try to encrypt user data)
PID:4301

sogou.mobile.explorer:service
1⤵
- Requests cell location
- Uses Crypto APIs (Might try to encrypt user data)
PID:4392

sogou.mobile.explorer:push_service
1⤵
PID:4501

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/sogou.mobile.explorer/.00000000000/A3AEECD8.dex

Filesize
63KB

MD5
ed73a80eb949bacc52428b8d5a087fa5

SHA1
07e973549a2cee61ffeeb6439abc419cd8a489a9

SHA256
f0ead1ad60e0cc310c1a40685c28fc7a69aa346604552816c51dd3c1718a1e76

SHA512
4bc26c18ca3a2edfe38ca1e14ad1e1415268b4a69cdff3c0f8e2b8fa910c67c2e4bc4f32c21274e586e8e139122ea3dbde7ec507c4722b4a9a778ee2598090b8

Download Submit
/data/data/sogou.mobile.explorer/.00000000000/A3AEECD8.dex

Filesize
63KB

MD5
5061e4948844f7d366972ac8005e9f13

SHA1
a2b79a1c79afb095ddebf0f16a1f9db64482bcaf

SHA256
3aa6caecfcd101531539147e01382bc530b4fdc61e98937d63cc4648793c6a45

SHA512
223d18ce248912df18cdea3c8e864ea5e6ec058ca42cc5fde738188c54abcd260d7f24ac53d4987d3e32f4ae3e1e40e01354054d035bb100eef51b2d695f5299

Download Submit
/data/data/sogou.mobile.explorer/app_sogou_webview/paks/chrome_100_percent.pak

Filesize
68KB

MD5
187a0b381f7d08428ec2763827b0ac36

SHA1
84d8433c758c71a6ea79eba15ed72554d6b69f54

SHA256
86fc3e5a39f29cbb79c7acb73cfdc27bb42491c2bfbaa2f0283aed4d52013af3

SHA512
88a7385db14e60ba4f417c3ddb52aa07b340eebe1d5ec92755fe06c53eee5659eb43069350e33c4fc960f8ac37ed8b6a1bb7a895fdccc3a967683a3402976a9f

Download Submit
/data/data/sogou.mobile.explorer/app_sogou_webview/paks/resources.pak

Filesize
365KB

MD5
5150e3e081660b4061beb65d97a9466c

SHA1
065f23e455aab90f59b1f457d841e1c5d35016cb

SHA256
31ba6d4a88fe1cbfc799d5d3e494f659c6f69424289ae5a4fde45e476ce3c499

SHA512
a7a97b1d0f9dde1b98bdde2e91813dbf580ff3fe4d0d9ffc27726ebf127ec69421a1a1e816db643572346f94b87f7045e7b7b28c5c43772c436a58fdd311c599

Download Submit
/data/data/sogou.mobile.explorer/databases/downloads.db-journal

Filesize
512B

MD5
3066b52002678256f4c3b8d10707f3c6

SHA1
c411ab86506761f8d9ff4a85bd4429e8d08d562e

SHA256
10a1a571438f124853288b3d2c93551061dd9f7ebdcfb8242c0b2a7e1385c5d3

SHA512
a36a174a42b0c8ed3df9d377199ecb2cd64cd5518cef44e55ade734e1e5d4776e6b49a551a64955539cfddf5e63126baade16cc00e62e0f72d18569ead7ef427

Download Submit
/data/data/sogou.mobile.explorer/databases/downloads.db-wal

Filesize
16KB

MD5
ee00f082d4a0fdf4f2c281147c2b4ad3

SHA1
1c28fecf104f48493baf24a861d09f2c276323b6

SHA256
8aa20a66a3abf0303462ce51f68736afd797207eca22e5facfee25660108bc65

SHA512
86a5616db0a5149aca9c398f3729a277b99dc821308c1f9ace23ddd6536077104d2fec761691e4e954126de945f67820fd154440804b219cfc75b5c3ede3b18c

Download Submit
/data/data/sogou.mobile.explorer/databases/downloads.db-wal

Filesize
32KB

MD5
6d4a6eccfc87e7d9ef4821d0b184edea

SHA1
aabe21e5776ba4138b79d2c1254200f4bce68292

SHA256
991a9a4d368ab5d09a3b6cc81e67119807a3d6113813353a85289edc2fbf89da

SHA512
7d3353f346adff9110b8afcdcf5976e60b90571e6a032b69db171e452a46b58df9974ffe1be02f3362d035fd0f6ba40c13c31c8b1faf29be0c6ad20e207846e5

Download Submit
/data/data/sogou.mobile.explorer/databases/sogou_mobile_athena.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/sogou.mobile.explorer/databases/sogou_mobile_athena.db-journal

Filesize
512B

MD5
3f38a4148b110aa30879402d57f090da

SHA1
1268102f266b97cf61286cc1978002effa237c82

SHA256
1257d01042893138cbcd9293a7f787cda1f968d11249873fa8a3f73ed3ef20d7

SHA512
642520770289ad6822e030e8d572403af12cac5eeee0964d547d0d2a745c7ac635d87192f4d6a00797c52d08c8f5cff1c050630c375e6ee2533096a11909b579

Download Submit
/data/data/sogou.mobile.explorer/databases/sogou_mobile_athena.db-wal

Filesize
32KB

MD5
f3333afdb27a8ec2867ac02e13a89ecd

SHA1
dfd280053a9fbc174abae8c386b963c7f4fc97e5

SHA256
9ae1629c5fe7e19fd054f4f1cb813fb56fddc7c83a88abfd13217cf1a5207371

SHA512
8b902344997de3013dae6e0b4ccb45f4b5c11f68f87de4994e8f746540aa3b7f7e40fdeea36bdc20004c54c5798e28aa3f783eb4136491644d82aa9f24b6573c

Download Submit
/data/data/sogou.mobile.explorer/databases/sogou_mobile_browser.db-journal

Filesize
512B

MD5
fa1528db241de12ceb34f8402b2134ae

SHA1
fbb89411ac42ddda37b9738283a23e17f1fb7a6d

SHA256
407c8af08b95af77405ab13c577d3d8ad4f8735960d7fe52046e5c64cc4b8367

SHA512
3c5d77e4d71555dfebc7660aa6e6c4958611ebbe9dbcb0c4ec8c7181789102e20f9da8f8c247a3aa4cffafc2b558d81d8486b5a25f1838044a2cd46796e1a82a

Download Submit
/data/data/sogou.mobile.explorer/databases/sogou_mobile_browser.db-wal

Filesize
16KB

MD5
b8a8700d428526c849e473eb1845ae4c

SHA1
8fd7501b1cd8d028564b64b35bbb21e9ca307a82

SHA256
c20411388fafe31491e9f4b97d66a8315f1c7e8e8573d07b87c2f893cdd79af9

SHA512
5d086f69bc17ec0d8c5d90ec4792d1c8df2d61875a00d9394c2ee1e4cb822e6fd9c6ac19765a7dc3fae4ebb995edec443fd430e86677da2c009d6b2e69b742d1

Download Submit
/data/data/sogou.mobile.explorer/databases/sogou_mobile_browser.db-wal

Filesize
136KB

MD5
48c8957d56bfbc006414a3247e3a8561

SHA1
e0fed85660efc8a51fdb8f2042528f5c3ec8217a

SHA256
eef73fd0e75789d0e53659b2f577c7d7f9b05b5a6cb07425e3d5026995895e92

SHA512
412a8e5a4ac9d7d4f821fa30b0e22b07b4afbecd16eedde215f0b8f5e667a5293db087eb3a987deb5ea71bcafe10095a5edb76fc512de44de9a5ec9db4f178b8

Download Submit
/data/data/sogou.mobile.explorer/files/default_parcelable_file/211e41ad316b35f05b01bf58c5ed3437

Filesize
512KB

MD5
59071590099d21dd439896592338bf95

SHA1
6a521e1d2a632c26e53b83d2cc4b0edecfc1e68c

SHA256
07854d2fef297a06ba81685e660c332de36d5d18d546927d30daad6d7fda1541

SHA512
eedb6cadbceb2c991fc6f68dccb80463b3f660c5358acd7d705398ae2e3df2b4327f0f6c6746486848bd2992b379776483a98063ae96edb45877bb0314874668

Download Submit
/data/data/sogou.mobile.explorer/files/default_parcelable_file/211e41ad316b35f05b01bf58c5ed3437.crc

Filesize
4KB

MD5
620f0b67a91f7f74151bc5be745b7110

SHA1
1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d

SHA256
ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7

SHA512
2d23913d3759ef01704a86b4bee3ac8a29002313ecc98a7424425a78170f219577822fd77e4ae96313547696ad7d5949b58e12d5063ef2ee063b595740a3a12d

Download Submit
/data/data/sogou.mobile.explorer/files/file_log.txt

Filesize
4KB

MD5
d8bbf6d4f4ba206e725e04a31a5c5e19

SHA1
c30d92f14f1e30d9081a5e1824d731cf5dff4cd9

SHA256
8ef5ac7f1c11d679eced8c6e6670bce3eea98c3190b2fb731f541ff172a3f7f5

SHA512
23d48a21a61aea57d2e6a336b331d1360066a055d8c55e56ef38da7b3fbffb44a8453e378db0eb1c314b201b0eb9132af5067bf40ec13521b3440502db0c9184

Download Submit
/data/data/sogou.mobile.explorer/files/file_log.txt

Filesize
4KB

MD5
6c3fd16aff6a1995a6d53e22d3c0e9f2

SHA1
f36a303d3f4d42a03c5d175ea50fc9ed67a0175f

SHA256
d12964ee0e04835dda02cb99db7082b05e8a4ddab652c58cd4a6a8e097bea489

SHA512
4a40ab3570de5e4268c4c983999896c39b3812cc96b77a1662c2da22a4b55434614db081b57aae397bd0feca6509719ddbbbd574bd6403d7119ad00bde0694f8

Download Submit
/data/data/sogou.mobile.explorer/files/file_log.txt

Filesize
512B

MD5
1b8fada8ca988e70e84408700e019904

SHA1
88b479be9e5eacc478a52c4cae0983fdeb0cdb93

SHA256
8031fb7b9db8c6fe42c14f6282ad03c2fc4a8b6254ffc1e0dee7e2a7818e28c6

SHA512
473b4a90e14ccb03bc3c56669b5d5cc75fbde2abd5de4b333d575f76d5c6a47b57b3edccf10fc2b21b4734708711174e5f51ac801ed94e27efe74b8f0e76ec92

Download Submit
/data/data/sogou.mobile.explorer/files/file_log.txt

Filesize
68KB

MD5
421d7d5f66234479340fbd1d1b50582a

SHA1
3e600385a5f1c84a0762a9cfd9089fa5238a69b0

SHA256
88259b4371583253e19eb43fe19c28c7b42f8486f1ff805555f68292accdc908

SHA512
a6bb9d4a574a6ac4a18ab386af18f4857056b05de3ee557ec2ddcd01df3b7316e0c9fce5c2ebcfb6516ae0f5156d40f04862685253844617e54bcc27cf2119ad

Download Submit
/data/data/sogou.mobile.explorer/files/file_log.txt

Filesize
32KB

MD5
31320204b5dc8fd688adc19ad74fafee

SHA1
5295450205911a813c9c09f29ca308fdc740a97c

SHA256
3fce498ade680561d5f31fd7c4c9b969ab4aa6bf5d8df4acbd9f3db13bb53b6a

SHA512
be72263b2f294d1be9cec1e7af58eea16f08a3a7bd40769453db29bfabb9a7fc378d46f70c319aeb6c4a179b67988b90188aff6cd4359a4ecb07f799ce517aa8

Download Submit
/data/data/sogou.mobile.explorer/files/file_log.txt

Filesize
4KB

MD5
636c87abc5a9a46f6f817c7efeb53214

SHA1
abbad6434c7f97939bf7c03af7fb94a58479cf60

SHA256
9a66b221f6a287ab6a43f3f8be56764b8bab392235d90c7acc422ec3b9549d8e

SHA512
94e3fa2ecd31c08473d500d7070a2637e05165e3caddf49222accbd0c4b0cc5f03a7ccc19cf3e82faa9f17c6cdd44a4a918b509fe7938397e7417d53c529f1fa

Download Submit
/data/data/sogou.mobile.explorer/files/sogou_mobile_explorer_preference/sogou_mobile_explorer_mmap_id_patch_service

Filesize
48KB

MD5
c09e3ba1f92923ef4b5f07831bc9a689

SHA1
dcc9b0020b36ac81a84e7db173a95aa913c5ca5a

SHA256
380a2309005da6fe04d83f59b55c520aee63681b3e8968bc1abbecdc371926d8

SHA512
e858ef97d6912b3a6562ed6f0dcc7fff04bdeaba8f71118e6d3f3f612232fac648519b4a7467800e173b75ab35027527d6a3083eedcbcad2a7671fcd01f39f0f

Download Submit
/data/data/sogou.mobile.explorer/files/sogou_mobile_explorer_preference/sogou_mobile_explorer_mmap_id_service

Filesize
56KB

MD5
d5d259781c80b8015de3a4bb35bac126

SHA1
a9f53d42603af6371eb6ac741920edbc5ddcb95f

SHA256
68da3b498d9dcd1fd1fcd3a101d66c173bf9f882252e96c75812a247322a93b9

SHA512
1c517e73574586186baf000e308c18b0bc45a33731c27d6102468b5f108df75a9767fb2a4b676329d71504a9b098bc8669e41ebed4224a390c858aaf48522f83

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
111B

MD5
570e9abce2f8c34639111bbfd880f532

SHA1
c451f250e40e3a535516b36192b340ccdf636c37

SHA256
d9ed8020c913eac3be1a6592da21ba0ecb249562103243dd12bff0f30bbb44b7

SHA512
a341ff594601bef04277ac6914a23b30941192f81a86eb8e1bc0e537a47199c5eb7ab522ff5f79fab1778f76ca544366a8a9666eac8b4676a3a26f9afc342b06

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
111B

MD5
d7cd8250d6b89bddd10e53cb2b62a3d8

SHA1
c23774669b9bf5ceb8b80db28eebdcc5bd01c5ec

SHA256
d22c225749ffb3862afd7ce658132c9de44601ae55c526a3edbd1ca9f1fd2ef4

SHA512
335317ba8503a42964c23ca6906c30889c7b210d177516a2b12f3609c3f12f62b956a947d79de805e1c0357b76b31d6740c91277ef5b0b17de961b2193ca192d

Download Submit
/storage/emulated/0/Android/data/sogou.mobile.explorer/cache/okhttp3/journal.tmp

Filesize
32KB

MD5
3350993d3acb259fd776de3dac4cb777

SHA1
190da179c53d28ff37d254d35f3e22119ed6535d

SHA256
f82ecc5bb756e104b5aef2263e8f5c107814e80ff35ec011637bf555e6defe56

SHA512
2dd8398730148f49a23b68ef1757d3c1e030de5e494c96ae25a8acb04b4a64b11c7b280a6c48ef407d49ba74c402c68eeac7823586633c5eb02bfb30395829f2

Download Submit