e7858e0c3ac80b923e07b79839354a5312cf5aa111ea0ccd761eff679fea3739

Analysis

max time kernel
72s
max time network
160s
platform
android_x64
resource
android-x64-arm64-20240221-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240221-enlocale:en-usos:android-11-x64system
submitted
18-04-2024 07:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

clean_robot.apk
Size

138KB
MD5

4b31ed065618d2553b64c83127ecf698
SHA1

aa5cee4147e90c362e9f1e804f31af06cffd60c7
SHA256

0ef662cefa04b69c128212edb3847a0b14876a52cd4175527c9489f87d0136cf
SHA512

6febfe8d2ad16ded31439917775e2a032bfe3d01b1bb37461d3c104faeaa978fe5d771af5b845777575ace8007a0bd8bbc823314c41c0e4aec089209ee5c3fe6
SSDEEP

3072:/5DT5xLlH4v9tmgcn6sQfqCeqR6Z188nWFcFXq80:/5DT/LlHQggK6heqR6IyCcF0

Score

7^/10

discovery

Malware Config

Signatures

Queries information about running processes on the device. 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

Process Discovery
T1424

Processes:

com.sogou.clean.robot

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.sogou.clean.robot
Queries information about the current Wi-Fi connection. 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

System Network Connections Discovery
T1421

Processes:

com.sogou.clean.robot

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.sogou.clean.robot
Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes:

com.sogou.clean.robot

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.sogou.clean.robot

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.sogou.clean.robot

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.sogou.clean.robot

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.sogou.clean.robot

com.sogou.clean.robot
1⤵
- Queries information about running processes on the device.
- Queries information about the current Wi-Fi connection.
- Uses Crypto APIs (Might try to encrypt user data)
PID:4406

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1424

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.sogou.clean.robot/databases/pb_db

Filesize
20KB

MD5
92c44d4d6330463d863409b443807244

SHA1
31e4824d4ec1cb33b76e9c7bfbce1065a7cbcafa

SHA256
94b10ffe36c04d98bda139042e929f1cebe0d1bfc3f21d19470ac5e12622e8c2

SHA512
fb7cca447b772b0e02d39cf4e57adc80808a08a516e92fccefbcfec8a434d1c10394f816ab2aca3ec1815f6379b9a75f109dc8f0beaaff169952b5d038212d31

Download Submit
/data/user/0/com.sogou.clean.robot/databases/pb_db

Filesize
20KB

MD5
4f84ec056a04b00aafaa74b62f2f1cbd

SHA1
4a6c86e79350da51c4fba2f0be23aa353376c951

SHA256
5a5207e4e21419aa194127ea0a0f668407414718e4ce8b7f9dd20742b6d4bd28

SHA512
d7fec66e92eabdb576f7aeecea1b0529c0ef183515dce3656eb9536d37a3276ae6d85b72b7c9f03cbd0dfa232cb77f129b5c0e8042efbe151fd8ad02314a8d4b

Download Submit
/data/user/0/com.sogou.clean.robot/databases/pb_db

Filesize
20KB

MD5
2d8b69ed4e6062b1578c522b56ed068e

SHA1
a1d87f49a1f1205c4ce8a9ac1ffd6a50896b2220

SHA256
812f87c297c6fbf8a5eb324bae7704e74a3b5b9e6a320f6d10112e49dacda2d6

SHA512
e66f4b6bf73dc1faa2b3366b7f34414b901de964200cb93dc2cdd3f31dcbe0232c8553475c7799b9ce62a9aef40951c540bbdcc7552e8e6ee7cf40b0793cccdf

Download Submit
/data/user/0/com.sogou.clean.robot/databases/pb_db

Filesize
20KB

MD5
c6556a79bc8b9033481e3ae888d31cf4

SHA1
38d9fae80b8ce22082b39e1ede169555abc5c1ce

SHA256
0cb18297d9d08f38b06cc708705b64823f5e84989d14edeeeb45dd70f68e5b3e

SHA512
987eeb97b54799225cca89b7bf18998be4443b5c74c0d34256ebf9ab2022ba7c227ef0c22e56366a16bd4d0fdb6e46a9be41506efd9f3e7ceff243aa358e9c95

Download Submit
/data/user/0/com.sogou.clean.robot/databases/pb_db

Filesize
20KB

MD5
d6f5217344f198fc69cca3ad4a06d110

SHA1
9d900e8d4e240cbbe04d454a945e531c1133588d

SHA256
1ccb7c1c433b6ec36915f16007449a3092d51f453994801f111433e53b38cbf9

SHA512
20fcbfb0c63b11ec21553e6044a47a072cf42a6e72953913a6653707bacf833032d2291e3d1683b3b5968143ef63f3fccb284f0cb45a4e0910f89b0c2a5bee31

Download Submit
/data/user/0/com.sogou.clean.robot/databases/pb_db-journal

Filesize
512B

MD5
b617c581e099f36ce0a91002e7fa15f4

SHA1
82643ca75d683b513a66f90b61d6506333d4fec0

SHA256
db398811e6859bd3964776bb5c0646d134546cc97a10a40ae38472f9d7130cb1

SHA512
058700163b1567b6b62a027297ad52327af3562ad47880027d4a6cb65144432de8583050a037264c38081327a3e99443ec93f59081b35bb77ae06b11eb798ee2

Download Submit
/data/user/0/com.sogou.clean.robot/databases/pb_db-journal

Filesize
8KB

MD5
23a9cafa8eab69dc0db50eab37da80de

SHA1
4588ac29f983ac2992b23afbf21a95b964792309

SHA256
1ecc9af126d56ef3820c7aab483e1ae2ac44feb5a5296df445b9148bd3d78fe7

SHA512
da62837617c4992571d00d03a7d1e747dd160087ace11d2a96b36bba5f61238302aaccf2f735c0f880cdb9a7f5e0d0653d7e5a454455ad5db3b0c27190a1cbf6

Download Submit
/data/user/0/com.sogou.clean.robot/databases/pb_db-journal

Filesize
8KB

MD5
f4172e9be31ffba8dbf6a549ec7e15a9

SHA1
03af2b69e4f61de7e1d7e7de7ef3ef9299581164

SHA256
8c788d7734d05d431489a5ebdfe6596eef86da69d040982f4e69d3b3cb125095

SHA512
ff2340a530787586c197fa7a0c32fc3c1521651b5acca73eb9b8a4fcc1c8086bd4c41749eba7a08cab2709299b2df914df69ed2a88ae6a9e19cfd8ab3821637e

Download Submit
/data/user/0/com.sogou.clean.robot/databases/pb_db-journal

Filesize
4KB

MD5
6eb3a343aa51fb9f7f5b71f4f9dbc5d7

SHA1
6494dc533349955c4d1d8dd474f0b2d0d96692d7

SHA256
470f9d9950cd16e8656082f10dc62e0f3891433aad5ab2b883335834c4bbb41e

SHA512
a2c3e62ebbcb2208344cdff14c7d4e9e4d2a0c8ef8dc754106360896b1d493cc1103db9f27ebe824a0d74fc303b40e33af57a14c55d9b1fcf6e7e400ac19e0e4

Download Submit
/data/user/0/com.sogou.clean.robot/databases/pb_db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/user/0/com.sogou.clean.robot/databases/pb_db-wal

Filesize
8KB

MD5
b8bfdf5d62c9e33452317008e4f44d0b

SHA1
7ef5800a15b3f7354cb1613d208696c15f63b438

SHA256
fb3f21f0c8b32d283143a789f8fe59783eed53596002da959952137c7b490ec1

SHA512
188862b29e4264c6dae589e5c1dfec7a3ddc7a4e7d0f89f4ed39b1866973ce8e9b956c5c419601d6e2ca52716d546b71a5574a3d56f8b0e565d93d5a1bbda761

Download Submit
/data/user/0/com.sogou.clean.robot/databases/pb_db-wal

Filesize
8KB

MD5
c850b17575401081fef9219d4c795068

SHA1
daa78b98268cefe968342df3d4068350e5dfa916

SHA256
918e8d63f1c9a06cc778aeff7d66f99f9c227a77612b6fdd3a98791c17a68109

SHA512
dc8c7d9d383294f0e2e7fdfef16477961f3e8ac8a836f3f752e03260b13d700e85a78f834d5bddcc37d1a2eb689b0a5027ebffca5303d921113400ec8e4188ce

Download Submit
/data/user/0/com.sogou.clean.robot/databases/pb_db-wal

Filesize
8KB

MD5
068476aa5d8edc06e3a41f9d6dc872bc

SHA1
6b50992970772ae0ae1493d7f2ac5b54af302ee1

SHA256
a749b5b3b7b17c5cc65ac3ff687ea7aed4d5c5c456d4a52e2ae53a081c361cd8

SHA512
2a4b821da028c8c545c66214c2d0418ffb2e223f919c1cb7c32795fa8a5798bcf5aa1594aeaa9615ea05a7c604172c7b629b96f1d5858b0002f51a3242d968e3

Download Submit
/data/user/0/com.sogou.clean.robot/databases/pb_db-wal

Filesize
8KB

MD5
2bdf1db84098e2cd4902e3a0f260a347

SHA1
ff845570fa796c1f8accb3c43f7dca4c5afcd016

SHA256
065417ae2b79ab3f54227263d65f9d5b102ad2caddc4804d84a8d993ca05f95b

SHA512
e16aa502fd8ec80d1cb20cdae20ded8f8ddc79dc1d8a80546e1cfe3771e64706ca2c6c8d746c915c6d6a07c28888f84fb59ffb7607dc138dca5aacf19baa49c1

Download Submit