e7858e0c3ac80b923e07b79839354a5312cf5aa111ea0ccd761eff679fea3739

Analysis

max time kernel
72s
max time network
154s
platform
android_x64
resource
android-x64-20240221-en
resource tags

androidarch:x64arch:x86image:android-x64-20240221-enlocale:en-usos:android-10-x64system
submitted
18-04-2024 07:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

clean_robot.apk
Size

138KB
MD5

4b31ed065618d2553b64c83127ecf698
SHA1

aa5cee4147e90c362e9f1e804f31af06cffd60c7
SHA256

0ef662cefa04b69c128212edb3847a0b14876a52cd4175527c9489f87d0136cf
SHA512

6febfe8d2ad16ded31439917775e2a032bfe3d01b1bb37461d3c104faeaa978fe5d771af5b845777575ace8007a0bd8bbc823314c41c0e4aec089209ee5c3fe6
SSDEEP

3072:/5DT5xLlH4v9tmgcn6sQfqCeqR6Z188nWFcFXq80:/5DT/LlHQggK6heqR6IyCcF0

Score

7^/10

discovery

Malware Config

Signatures

Queries information about running processes on the device. 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

Process Discovery
T1424

Processes:

com.sogou.clean.robot

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.sogou.clean.robot
Queries information about the current Wi-Fi connection. 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

System Network Connections Discovery
T1421

Processes:

com.sogou.clean.robot

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.sogou.clean.robot
Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes:

com.sogou.clean.robot

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.sogou.clean.robot

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.sogou.clean.robot

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.sogou.clean.robot

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.sogou.clean.robot

com.sogou.clean.robot
1⤵
- Queries information about running processes on the device.
- Queries information about the current Wi-Fi connection.
- Uses Crypto APIs (Might try to encrypt user data)
PID:5036

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1424

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.sogou.clean.robot/databases/pb_db

Filesize
20KB

MD5
09f820c93e859ec750d3d98dea6c5919

SHA1
7f2351d858576faeece6790ca662c8d8e074c25d

SHA256
24a937e220e4145ca69aa28e9f714f0b6c6c7e760a871fde091d0eb803ef2fd5

SHA512
dd339cfabe04133224458d246a210da9745ce7f86d664bd3360741647b8a8a392270404a21201b6ba0412e505d5b6f12e56964ba299647dafdf1cf2aa18216a8

Download Submit
/data/data/com.sogou.clean.robot/databases/pb_db

Filesize
20KB

MD5
35990b11c393140c24dab69d1b696dd5

SHA1
2d271fa3436ca4a223344201d65e8498779d9efc

SHA256
78e60097c4803f280eff83f8969331ea960fef6c05c1bce5a9e2809d000b35c1

SHA512
765af4554df5899d625b2f09748a89755f5f08f03699b97d8e3ef050c166860e961e4d0e87b6231a6193bd819383a83f86f7abdc6bb59250f249ad1322d660c3

Download Submit
/data/data/com.sogou.clean.robot/databases/pb_db

Filesize
20KB

MD5
7362d9da941882c0825a7f5b7f828c32

SHA1
657229c3a2cd822ca9186be6b3289b7d8f720b3b

SHA256
63ab15225771ea817499dceca896353b61f3aaac83d012f71fd6a5c57c989557

SHA512
ac25475922007898c43e046e674cbef05fd6d62409106c75babb8849582d30086de3dbea5349502325da9d4835cbf8e7d61b21197b7638e947834037742e0b14

Download Submit
/data/data/com.sogou.clean.robot/databases/pb_db

Filesize
20KB

MD5
df8ccb1a3e99628452d0cd8c786d1f5f

SHA1
533958ffb54b1e23135528e0e3f42e64ac75992f

SHA256
176b89594882b2c51096ece85842b1097c81cacfa06be7fc12d2cca5645fa6be

SHA512
76a462815559f8aab5a5b85e218b80d18f6ba76d1194a99c998aff49c6b6279e01e207c644658ab6b507a26087dad04f6bade1cb4a818e8fd07dc0e7aa0c9df0

Download Submit
/data/data/com.sogou.clean.robot/databases/pb_db

Filesize
20KB

MD5
6a4406dfe82dd196a36db2d99c6df362

SHA1
fb3d30af7335925a6d226c74dffe551f1bac8055

SHA256
31cc66a8f484574504875a47c19620cd44a12277af86df927c48ee52b5da8146

SHA512
9deb6d63dca2b79156c6bf5fd07710d3098307be22c9b49fe115ba86b64cbf964fb8094051cd8548d7fa73b5a80ebfd884d987ba767482e8c8735b2247920f6d

Download Submit
/data/data/com.sogou.clean.robot/databases/pb_db-journal

Filesize
512B

MD5
3e807a05db680b70646efebfe1993178

SHA1
47dd976f05034c12b74eb752d8e59c95028c9f77

SHA256
55acb1b06f845545088afcc0e1ac36bd62ce514b18c386b6c3eec622d2d7ae7e

SHA512
4ddc8f21cc77214b0074ab1ac10c33622641ff25b4db4c46d63b9de7e1d87c1fb345bd845932b4e6319e489203acf7d08053b9e140c691e9aef1753359cb1e92

Download Submit
/data/data/com.sogou.clean.robot/databases/pb_db-journal

Filesize
8KB

MD5
6a6f2eac8658cd83d2f2036ad33d58b3

SHA1
24fc64fafff35f562a3e64104c61d259b6f790ed

SHA256
48ab742bcc0020dbb351703f24f4f73df20c03e7da97a4efd073d513459bad00

SHA512
e3117ec515450ab6993309801ac5b15f537b29b1c137545b02db6b8a62037dac93168920343ddb41cc4578422ce87c19ca888b7c70fb59371e17b14b48f39ed3

Download Submit
/data/data/com.sogou.clean.robot/databases/pb_db-journal

Filesize
8KB

MD5
ea0298b34f16fc4872a19e4288a5f84f

SHA1
146d1ff90f7dbecc053a0b25df23710190f19dec

SHA256
325be3cdebac9675a88ff0db9e2bec488b4b5d3f81ab11841afbd0bc38aedfd3

SHA512
903e845e9f5cc23d709b3640a2ebcf9a7b104ec29302abcc3d1098062cd65a55d201647c2b47819517aaf1d9677087fff54bc143990712ece0a476314a7f46b7

Download Submit
/data/data/com.sogou.clean.robot/databases/pb_db-journal

Filesize
4KB

MD5
15cb716663e5580d87566084115e7a8d

SHA1
89fddd138189317581daf8b84abc61554f12f2a2

SHA256
37bc854a7a7eca4d45002fd81691a641fcb9ea060f41e821eaf8f261f947bb53

SHA512
92b912fe788da03627377f7cf6634eaaca179ca06d673125e8a7b837739df2f7ae6864a76ca8f05ba4abd637acdb4daef601888763fb5532b85bc7cd7f1f329b

Download Submit
/data/data/com.sogou.clean.robot/databases/pb_db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.sogou.clean.robot/databases/pb_db-wal

Filesize
8KB

MD5
1a2f658cb6bc99c155508758c735ede4

SHA1
2df552d99b603fef880293455d70e0fc4886e560

SHA256
e22014237c0a5b30f568c2c7d1e0efb2c2cdd43fcbeb796c94cb167940a56e64

SHA512
832a6b17ffa82a115d94605b4b171ff4f2d4a00049d43ab73b942286ffd2ce52b3f37d509fc01875b425659d88313477590d7252c03a245a77ecf07e51ca34e6

Download Submit
/data/data/com.sogou.clean.robot/databases/pb_db-wal

Filesize
8KB

MD5
e31ef76daff63d59c5ee003e4dee4fe6

SHA1
15c9a9bf90f34eb8fae6f01e1cc11e8eacfecd21

SHA256
091706f9ffddff6e41b90f3a9edeb565ac0afc519a0f79f5ec7cad7199657ccd

SHA512
14c1e703cb4b7dd02f733300e280df1fd22a071ff6bad22d8bfac6ea84f3b42f6cb2c9909b6fa5d25a905ff0e073da6ccb69e496b2deb1fb2770fa19958821d1

Download Submit
/data/data/com.sogou.clean.robot/databases/pb_db-wal

Filesize
8KB

MD5
e530a3836ae6d466b942e8ef6b9bca0b

SHA1
14e642ae5076ce8c5fb8a283748dd3df88948c0a

SHA256
d79a458c214561f1b149b9a00d7e651ea9db46d5a12ec6298b52e83499ae8bca

SHA512
312f28cf3ca575d3f3c4955716f6b76bb8d956fcfb3630e19eb754758988a0e020272a8ab62be3bc201dc98f86e764a5ae92e9559658c20ccbf8c5dca74dfdcd

Download Submit
/data/data/com.sogou.clean.robot/databases/pb_db-wal

Filesize
8KB

MD5
e8a466cc3a53e88bd99230903bd9b2f7

SHA1
9fbc3c929231f708b58f462c17935b830bf8c52b

SHA256
1ef1cf6bb7fd3cf597229d8321efbfecb8747dafe0d7d29f4ecc612b91967cce

SHA512
ff7d510b8dc9f60dfd31cc57f5d9c2c78c650862599df772ab2de5b1b42dce8124a0a7cbb78b0b34cf18b51c644cf8d9e3831e28ff42c9bc9edd7299057d31d1

Download Submit