45ac35c5bfe1493f29ccac61955d3d88651711637699ab430444d235a16f9f8c

Analysis

max time kernel
12s
max time network
130s
platform
android_x86
resource
android-x86-arm-20240506-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240506-enlocale:en-usos:android-9-x86system
submitted
09-05-2024 03:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2814db335078649763ab613a13ce60ba_JaffaCakes118.apk
Size

22.2MB
MD5

2814db335078649763ab613a13ce60ba
SHA1

46ba736539bfb717558d974a0ff48f4bf498af28
SHA256

45ac35c5bfe1493f29ccac61955d3d88651711637699ab430444d235a16f9f8c
SHA512

64670639f7a0b495cfa8fe9a8f29c9e5f3721afb9d0b766d49f807148443eb1ecde41ac2da2efa014fdf02ca939b2493bcc367ed4364fc52f3e5f0e34843ced8
SSDEEP

393216:1g5DRtCAE/cJsUuFH/A7OX9/JV/eiN+S0//uVyaN5RJB4oB5kG/wsRGSVtSzm0u:1ggAE/cju1Jde3S0//uwaNjDwTcek

Score

8^/10

collection discovery evasion impact persistence

Malware Config

Signatures

Requests cell location 2 TTPs 1 IoCs

Uses Android APIs to to get current cell location.

collection discovery evasion

Location Tracking

T1430

Geofencing

T1627.001

Processes:

com.sohu.inputmethod.sogou

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.sohu.inputmethod.sogou

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

Processes:

com.sohu.inputmethod.sogou

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.sohu.inputmethod.sogou

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

Processes:

com.sohu.inputmethod.sogou

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.sohu.inputmethod.sogou

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

Processes:

com.sohu.inputmethod.sogou

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.sohu.inputmethod.sogou

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

Processes:

com.sohu.inputmethod.sogou

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.sohu.inputmethod.sogou

com.sohu.inputmethod.sogou
1⤵
- Requests cell location
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4495