86e4e9f43d0640e2c4c831f0f7c97496f4a69dd3acf8e9e09db2b6191c94bf0f

Analysis

max time kernel
147s
max time network
159s
platform
android_x86
resource
android-x86-arm-20240506-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240506-enlocale:en-usos:android-9-x86system
submitted
10-05-2024 17:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3046a2107eb377e13514f90472ff1fba_JaffaCakes118.apk
Size

12.3MB
MD5

3046a2107eb377e13514f90472ff1fba
SHA1

47465be7678c9e09c20b88f7382f42e11a45e70d
SHA256

86e4e9f43d0640e2c4c831f0f7c97496f4a69dd3acf8e9e09db2b6191c94bf0f
SHA512

6a6920b58d3bf9d122901cfdf7ff58f046ab2d3f88bc2ac820dc211948e4cbf6b66532892b4cf5e63e1b74edf98d18bb57abc2254067ef980060b0927936d2a7
SSDEEP

196608:vvD26pDmV6zUKX2q5pqN+lqN2SHTF6+MwedO/C4Mf4coMBpkhgaN+6L/706ddllg:vvHsq50WqHHZ9C4QBpMdT0slTKUTNuOa

Score

8^/10

collection discovery evasion execution impact persistence

Malware Config

Signatures

Requests cell location 2 TTPs 4 IoCs

Uses Android APIs to to get current cell location.

collection discovery evasion

Location Tracking

T1430

Geofencing

T1627.001

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.sogou.androidtool
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.sogou.androidtool:remote_proxy
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.sogou.androidtool:push_service
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.sogou.androidtool:channel

Checks memory information 2 TTPs 2 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.sogou.androidtool:push_service
File opened for read	/proc/meminfo	com.sogou.androidtool:channel

Queries information about running processes on the device 1 TTPs 4 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.sogou.androidtool
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.sogou.androidtool:remote_proxy
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.sogou.androidtool:push_service
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.sogou.androidtool:channel

Queries information about the current Wi-Fi connection 1 TTPs 4 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.sogou.androidtool
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.sogou.androidtool:remote_proxy
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.sogou.androidtool:push_service
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.sogou.androidtool:channel

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 3 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.sogou.androidtool:remote_proxy
Framework service call	android.app.IActivityManager.registerReceiver	com.sogou.androidtool:push_service
Framework service call	android.app.IActivityManager.registerReceiver	com.sogou.androidtool:channel

Checks if the internet connection is available 1 TTPs 4 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.sogou.androidtool
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.sogou.androidtool:remote_proxy
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.sogou.androidtool:push_service
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.sogou.androidtool:channel

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.sogou.androidtool:channel

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.sogou.androidtool:push_service
Framework API call	javax.crypto.Cipher.doFinal	com.sogou.androidtool:channel

com.sogou.androidtool
1⤵
- Requests cell location
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
PID:4283
- chmod 777 /data/user/0/com.sogou.androidtool/cache
  2⤵
  PID:4311
- chmod 777 /data/user/0/com.sogou.androidtool/cache
  2⤵
  PID:4335

com.sogou.androidtool:remote_proxy
1⤵
- Requests cell location
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:4494
- chmod 777 /data/user/0/com.sogou.androidtool/cache
  2⤵
  PID:4637

com.sogou.androidtool:push_service
1⤵
- Requests cell location
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4721
- chmod 777 /data/user/0/com.sogou.androidtool/cache
  2⤵
  PID:4769
- /system/bin/sh -c getprop ro.board.platform
  2⤵
  PID:4955
- getprop ro.board.platform
  2⤵
  PID:4955
- /system/bin/sh -c type su
  2⤵
  PID:5022

com.sogou.androidtool:channel
1⤵
- Requests cell location
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4890
- chmod 777 /data/user/0/com.sogou.androidtool/cache
  2⤵
  PID:4924
- /system/bin/sh -c getprop ro.board.platform
  2⤵
  PID:5076
- getprop ro.board.platform
  2⤵
  PID:5076
- /system/bin/sh -c type su
  2⤵
  PID:5101

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Execution Guardrails

T1627

Geofencing

T1627.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Location Tracking

T1430

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.sogou.androidtool/databases/MessageStore.db

Filesize
237KB

MD5
ff18b67f81530cee2357054f416a0e01

SHA1
8d83b4c77d31eb16bc60e40ffc15c0c3cc09df20

SHA256
adaf2e9607ba18d538f754265a0b3ea4207232ddc4991bc4b424da200b274d61

SHA512
eb5bdd5fc6f0d6625649c5a391e23a9042bfbb5deae1ef20046fb80b038639757743a9f7cf63f4a10047d020fdb3bca58b5b524c869f5293a2f1f2e022316aee

Download Submit
/data/data/com.sogou.androidtool/databases/MessageStore.db-journal

Filesize
512B

MD5
35a78a62de0db30af8ca4af2ca8a6de8

SHA1
d76018037c2a210fa0cdd7b68224269c1853bbf8

SHA256
49f09ccb4f80f23accad3c2180d3b09ee42fcfcbc97a8faeb1f4e992037a6d7c

SHA512
763ac4c3817c3778ec9e3e33e7dd151d34829677c81db0ffcd03f7257712e64efd0cc6c63ce6998b68d74be57fca3adfd0a6c822053ed7643e7c2416da297f82

Download Submit
/data/data/com.sogou.androidtool/databases/MessageStore.db-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.sogou.androidtool/databases/MessageStore.db-wal

Filesize
48KB

MD5
06d0700f8cfedd70e038d3726bb6d3de

SHA1
ac45e19cd0df128c92a8b5392147a1f4e56ea08f

SHA256
66977ad8b3dddb3d3e6af451cbc3a98e1504f119306f8ed9c4e8aedf16c1b4db

SHA512
1c67858230a93ea7432c73266238a0f44b33d379474e95df4321072b7cc060eca87c340fd3117bca4bf9ed0e472e085468a636cb5c798976894cf3c3b1cef4cb

Download Submit
/data/data/com.sogou.androidtool/databases/MsgLogStore.db

Filesize
4KB

MD5
28862050cbfaf4fe09401297071510d5

SHA1
4990a4eeb15cc922fbc7df74a4bb8d12947785cb

SHA256
9bb424979e7bd5d1c7408db447422c3e9541a4e527da9138d731e00436fb9da4

SHA512
152204ba961edb2dfec99cf5f7baa1ac0b72e8412acbd5bd26533b8950bba66e4ef2e0c6e9ecad557be869bfe5912cfc1b0cefb9a9cc4c445be43bc52aeb1537

Download Submit
/data/data/com.sogou.androidtool/databases/MsgLogStore.db-journal

Filesize
512B

MD5
8ecace057445cfb7e725421e42a4be8a

SHA1
64e50cff3c4140d9a0751e3f7f9d923f10d97ed8

SHA256
c3332e52cc503dd0dd452c61d87bffdde475c1a4cc2bf31eefa34f4b9e07dd85

SHA512
0b8986590279cd98e2f3f10050d96fa42068e6544c2aa8a2f59098b652065312af3c73614ead8bf6866e2b72aef71341d7f71f6b05bd87a8130aaa6eb5a95e4c

Download Submit
/data/data/com.sogou.androidtool/databases/MsgLogStore.db-shm

Filesize
28KB

MD5
0950155e4d12d6bae30322c2a0fa0aeb

SHA1
745b681e6884111935b31e01067cf7e522bc6564

SHA256
6e078ccfdfc000ec44accf46b1ea5c268221ae309001aa11fedb704d85b9fc74

SHA512
04b28c20749946e8520cb0f09deb439451fd744e7142d95804807f699d67e9bdea4c38a0b19d2837b319869fa6fb3661003be1059c41b8c642489bf54b87b6ba

Download Submit
/data/data/com.sogou.androidtool/databases/MsgLogStore.db-wal

Filesize
68KB

MD5
fd8218648027e8516dbf8a62d966771f

SHA1
484904c7b63b4c758ddf51385fbdcc26ebd90f10

SHA256
83eb5afd7ea1586b02576b999563bf4a6677556944f0e134daa5c833159ce03f

SHA512
538ba8f2496617baa46a042786cdb64215e43632ba350035df1891612e6fbca3b8994d4b1a6a17d69a27367a0069ca024656020f432b9338c1d570a5a1ab0430

Download Submit
/data/data/com.sogou.androidtool/databases/bugly_db_

Filesize
48KB

MD5
579b80a0ff401d5dd3e3e1c74842d46b

SHA1
fff92db484188245657cfa8a731e418138942827

SHA256
75317823956e8a95a9f3979b2d204af1d12ab1552cde3664dc424a40ba76274c

SHA512
e1e27c260ed592821e638573bff1c89a04916dae5576820c5c7b77a19bc44470fb1099e83d7f6e0153299b74693623bea1f588b4663af1fd07c079e0eb3c833c

Download Submit
/data/data/com.sogou.androidtool/databases/bugly_db_-journal

Filesize
32KB

MD5
dec6da323c154676d3e0d5ec5b3712af

SHA1
7e69f2ec972dfbe515d92a29676cac5bcf318358

SHA256
63c53c427ecfc1ad784e0f52b7f22412b35f2ec3b0be03851a0cf163d9ad8c1e

SHA512
faf7882b7fa8d0f7381ffacd91c884c592a16237feaecb24dc41fa3e041cbeb02ead1716eaeffa02f2fdd07ea4209ec73d9568abbde974d8a2e0a9332aa25fa7

Download Submit
/data/data/com.sogou.androidtool/databases/bugly_db_-wal

Filesize
88KB

MD5
52ecaeb6bdf795cc4ab257316bb69d7e

SHA1
44597c0b9567a73f517af278e9557c759d3c7743

SHA256
1f60c9f9c36efd5a2f27dfa1811d937eb8a428478fc7ba076820b96243930f70

SHA512
dd2a1fb955d746f0b47c199717da3cac6880c043079403a8235ae880ee74e805233e19ba200323721ad79fdcf048ba82def0a81ecffe2be6aabff0006c1ff461

Download Submit
/data/data/com.sogou.androidtool/databases/downloads_classic.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.sogou.androidtool/databases/downloads_classic.db-journal

Filesize
512B

MD5
c9c2e7bb7b7e53b439f49373745458e6

SHA1
9b01f505c83a92233855661b5fbbea7ef8e2c767

SHA256
d2f35975aa923efc44c73248ce11a65c49a80879bd01d71a05dc13134105ce4e

SHA512
99d136e10b3dedee6a5fa3fbfebf085110677ba1c895cfb71c96e5f81d0f80910bea4774dcdd5ad2e831acff5d30bfe874b681e8a2192f188182b9d023ad2f81

Download Submit
/data/data/com.sogou.androidtool/databases/downloads_classic.db-wal

Filesize
40KB

MD5
262edffc75ed49d2ff668991988f11af

SHA1
7a5afa0d7328a43419c8efe0ae48cc4f901f35f1

SHA256
2443b9df316092e1c25ed9d7cd8956ec79e355a276044db82a192f170920eeee

SHA512
8639067c56fcc5f7fc61770db33762d984c7adcbda44e581cae98e74b4a97ad135b4de7147aca2f81d03ebd98e7783a0626ee50b0876ee2602e99868a83ba0ee

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads