1ee5cce12cda78ac95dda9d9cb54c6cabc065868d9d34988e4bd7e9469977ab3

Analysis

max time kernel
150s
max time network
158s
platform
android_x86
resource
android-x86-arm-20240506-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240506-enlocale:en-usos:android-9-x86system
submitted
12/05/2024, 07:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

390e506ecb5806f36faf664365a91530_JaffaCakes118.apk
Size

8.1MB
MD5

390e506ecb5806f36faf664365a91530
SHA1

2cabec52f951a411564fa436f7e04ca3a6d7ff19
SHA256

1ee5cce12cda78ac95dda9d9cb54c6cabc065868d9d34988e4bd7e9469977ab3
SHA512

5c383011b976fc07425bdb1e3987c15a43b6a9962bbd58b3109932c0729d20d24f2385fcbe7c9f5d14aab58b7da52ba5348810baa61e082a87ae4f5653aebf93
SSDEEP

196608:Sn94/5cryrakiPRZ7LkuwUz/MWCdWZ5E3rgHGk8:SnucGakiJJhCn3O0

Score

8^/10

collection discovery evasion impact persistence

Malware Config

Signatures

Requests cell location 2 TTPs 5 IoCs

Uses Android APIs to to get current cell location.

collection discovery evasion

Location Tracking

T1430

Geofencing

T1627.001

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.sogou.androidtool:remote_proxy
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.sogou.androidtool:push_service
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.sogou.androidtool
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.sogou.androidtool:remote_proxy
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.sogou.androidtool:channel

Checks memory information 2 TTPs 3 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.sogou.androidtool:channel
File opened for read	/proc/meminfo	com.sogou.androidtool:remote_proxy
File opened for read	/proc/meminfo	com.sogou.androidtool:push_service

Queries information about running processes on the device 1 TTPs 5 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.sogou.androidtool
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.sogou.androidtool:remote_proxy
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.sogou.androidtool:channel
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.sogou.androidtool:remote_proxy
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.sogou.androidtool:push_service

Queries information about the current Wi-Fi connection 1 TTPs 5 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.sogou.androidtool
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.sogou.androidtool:remote_proxy
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.sogou.androidtool:channel
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.sogou.androidtool:remote_proxy
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.sogou.androidtool:push_service

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 5 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.sogou.androidtool:push_service
Framework service call	android.app.IActivityManager.registerReceiver	com.sogou.androidtool
Framework service call	android.app.IActivityManager.registerReceiver	com.sogou.androidtool:remote_proxy
Framework service call	android.app.IActivityManager.registerReceiver	com.sogou.androidtool:channel
Framework service call	android.app.IActivityManager.registerReceiver	com.sogou.androidtool:remote_proxy

Checks if the internet connection is available 1 TTPs 5 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.sogou.androidtool
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.sogou.androidtool:remote_proxy
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.sogou.androidtool:channel
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.sogou.androidtool:remote_proxy
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.sogou.androidtool:push_service

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 3 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.sogou.androidtool:remote_proxy
Framework API call	javax.crypto.Cipher.doFinal	com.sogou.androidtool:channel
Framework API call	javax.crypto.Cipher.doFinal	com.sogou.androidtool:push_service

com.sogou.androidtool
1⤵
- Requests cell location
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:4252
- chmod 777 /data/user/0/com.sogou.androidtool/cache
  2⤵
  PID:4315
- chmod 777 /data/user/0/com.sogou.androidtool/cache
  2⤵
  PID:4337

com.sogou.androidtool:remote_proxy
1⤵
- Requests cell location
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:4496
- chmod 777 /data/user/0/com.sogou.androidtool/cache
  2⤵
  PID:4603

com.sogou.androidtool:channel
1⤵
- Requests cell location
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4697
- chmod 777 /data/user/0/com.sogou.androidtool/cache
  2⤵
  PID:4741
- getprop ro.miui.ui.version.name
  2⤵
  PID:4773
- /system/bin/sh -c getprop ro.board.platform
  2⤵
  PID:4981
- getprop ro.board.platform
  2⤵
  PID:4981
- /system/bin/sh -c type su
  2⤵
  PID:5038

com.sogou.androidtool:remote_proxy
1⤵
- Requests cell location
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4847
- chmod 777 /data/user/0/com.sogou.androidtool/cache
  2⤵
  PID:4873
- /system/bin/sh -c getprop ro.board.platform
  2⤵
  PID:5151
- getprop ro.board.platform
  2⤵
  PID:5151
- /system/bin/sh -c type su
  2⤵
  PID:5176

com.sogou.androidtool:push_service
1⤵
- Requests cell location
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4956
- chmod 777 /data/user/0/com.sogou.androidtool/cache
  2⤵
  PID:5001
- /system/bin/sh -c getprop ro.board.platform
  2⤵
  PID:5196
- getprop ro.board.platform
  2⤵
  PID:5196
- /system/bin/sh -c type su
  2⤵
  PID:5221

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Execution Guardrails

T1627

Geofencing

T1627.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Location Tracking

T1430

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.sogou.androidtool/databases/MessageStore.db

Filesize
273KB

MD5
6821db477623624a009ec485503c4585

SHA1
e3dc6d4b79ebe46f458594fc73752e3ec1bb32af

SHA256
83a2b394fea9fa7ee739e6c6600600d52699aafe3f900992e200b80a226cc8ca

SHA512
65e911dd587fee3075664b96a349bccdebe5ae82703ab7ec17185b0ab69aa7b25cc1eed03e4d39cba007bd378ef9408214f9354051a73419914ae4a0cf7b3e4c

Download Submit
/data/data/com.sogou.androidtool/databases/MessageStore.db-journal

Filesize
512B

MD5
268ef4cfaf5a7d801f21740314e53820

SHA1
1942586da53f6ec1b91f7ed0edd33d275e86c022

SHA256
093ab0ef7da4601cc956a3ce3ad5daf7b04a94206750976b4f4f1841de5df69a

SHA512
960a5542723c648681b31ff7e46bf6018aee9082116e363e7ae11dddc677a91ae92cf388ed2f4058fe49228c87b8f48ce2a7c76de6d67d85914db315e2938886

Download Submit
/data/data/com.sogou.androidtool/databases/MessageStore.db-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.sogou.androidtool/databases/MessageStore.db-wal

Filesize
48KB

MD5
beebc120abcf2b027e53e4d9ed2b53aa

SHA1
c91f03aebe9305a0d747c2bd9d4184e0a0240af0

SHA256
d753c68b114e24c794e2e0c7f3501a29558bc46521375d644532bc237e25f8f6

SHA512
58fefb859b87f83978f7bda7f8b00ce5915247da34ea69a9a45a4a4a955ff415f037517b7e1cba7a0add08727398dfdc7cbefab1dee7f983ec94651346556d11

Download Submit
/data/data/com.sogou.androidtool/databases/MsgLogStore.db-journal

Filesize
512B

MD5
293661abc54e583fd1bdf399598df71d

SHA1
6d9ce1ab0209125859c3aa738f271e556a426995

SHA256
daa650ad37bcffd6b8f6e657ffca1f0e4979f6e247f47cd906624be4d1ea4b4c

SHA512
f48d376fe3d6007b07e888e9a40ae62e743aa6c5c677eea3234796d24f344cdebb7b30903835d5af5d45e7217bb2435c8bbc7d723ae46afc72a3869e830773fd

Download Submit
/data/data/com.sogou.androidtool/databases/MsgLogStore.db-shm

Filesize
36KB

MD5
acd70b37915fb22886241bbfb0f4b596

SHA1
8f8fff8c7da699c8e5ca6524eaa372a31a03383e

SHA256
63ad16a21b5c35ca5670af40f648199e0d3f7fd909551b8f807b409a66d824da

SHA512
4ab9ba63ae9a4e4e10276603c484e3b097a4fe989d35e0d8a8696384328ae6ca404948fe32a538e9606c907812aed60c4e2fd44ba44ae25fbf34aba827a87f00

Download Submit
/data/data/com.sogou.androidtool/databases/MsgLogStore.db-wal

Filesize
68KB

MD5
d0c8d4d0b0bb5f74e01f277f88ce397b

SHA1
7872a8e8d7bfb347dd7e5761ac1c17d224e0d322

SHA256
c3d09385162ef5aa725a19ea65c38cf85fb4920cfb757682010f4dfb5a8fcc87

SHA512
75c39e51c56d34e2ce1443ed4c9a3ed458d05aa8490045932481239e7bec5a5080030cebf5d5d04a76b39ad36958328ab28ab81b79a1c3500942b178418f3279

Download Submit
/data/data/com.sogou.androidtool/databases/bugly_db_

Filesize
4KB

MD5
6c8cd286d72d003c6ba6b9c64f4d225f

SHA1
f8eeb52190ba6d4cfa1b21e0e1aa90bc1d18ca27

SHA256
ea0e56eed6928fb2f246502dd49a55220100ad304e14d0eb1ae2c16573a97f84

SHA512
eaaab51d9a22fc1963872e324ecdb81cee2c723e512ab7adc09b549c445c0e8239711dc7774a13366a739c314aa5d670b8e34d9dee7a03d92e562b840d440ffb

Download Submit
/data/data/com.sogou.androidtool/databases/bugly_db_-journal

Filesize
48KB

MD5
cb3cf8e97528c9b771f267b365b5755f

SHA1
bd8d990833cadc9ed543a2780f0d8c99eb3c789a

SHA256
b7819acd765c08799d199017ab83cf8efc8ba1052bfe3ee0c4d122a9f69f5fdf

SHA512
57d0a4244f5b34ebea42162b715ba231b8acd0701b50181df43634c9bedbf528ce07eab7d50752ad70103d40d14e9fdf4388e570d2177af83d2ceff35a03d706

Download Submit
/data/data/com.sogou.androidtool/databases/bugly_db_-wal

Filesize
88KB

MD5
34f6c6e3db5b75ece13164ec75ffe579

SHA1
4eebfaca110b5d3d4f59515a824105cfd688d496

SHA256
329bc3025e574ffff678e12d18e14c13814648184a046ceff3e5da441fbaf246

SHA512
a3d5003dca6e09792053a12f8fcaadf59cf1bad2d4b053cf7326d5a6f466eb9d832ddd51dfce9346a85d5ee3324b17aea39bcf1f83d22d9ae892d0923ebdea99

Download Submit
/data/data/com.sogou.androidtool/databases/downloads_classic.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.sogou.androidtool/databases/downloads_classic.db-journal

Filesize
512B

MD5
bfb3f9ba48610d1d8cb7efe0c6350259

SHA1
5014cc190a6551db324c0d4b7a6cec997710d7ab

SHA256
184f4a6f9c3fa381b25c1ba1b107b832ed3a65e3ee17c7a668c4a2bbe65c9e71

SHA512
605fff80bc3e643ac3bb01024149a91d94cb31e77899c68a4a35e1caae453ea9aadbfdcc65d3583eb997188befa82f3babf9b78eeb6ee343d6baac3e676182e5

Download Submit
/data/data/com.sogou.androidtool/databases/downloads_classic.db-shm

Filesize
28KB

MD5
1fbc05c9296c3f4de7b801349a28e253

SHA1
fc6b9223c9c6f40f0678bcb9f3fa44bbec836f41

SHA256
bacdb21be59e6ab5ad2b619be1e2d7e997a98a564a89e2d807a637b3a6b43b50

SHA512
1c5eeaf013022ab98b80db1e40f6a76cb83d63a82c3c5de804f6669f0c937aebfd2e34b5317ca3fe21698fad0be6aab59966f96c9c6b3bf49a576e5b7efe1f55

Download Submit
/data/data/com.sogou.androidtool/databases/downloads_classic.db-wal

Filesize
40KB

MD5
c4724ac887ea8a1d777ef1474b83186a

SHA1
a4f803bdf964f66560f740068256497fac36333a

SHA256
f1a7b7bb7738e5d92b90ecd92dbb20516fbccc60ec334a45f7ae73cda134bf8a

SHA512
e7913a6fa72522ae57bb6ed24f0db06afaf906836c201ea791666953638efbc5aa23a7460453e6df3bb29dedf490e254ecbfba86185b050b25b028edfff81ed5

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads