6aa45b6f2e9a8a00cde6f0d63461d2011052f13f692a6e77b498a558abab2970

Analysis

max time kernel
150s
max time network
162s
platform
android_x86
resource
android-x86-arm-20240506-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240506-enlocale:en-usos:android-9-x86system
submitted
14/05/2024, 01:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3d5a344d039d950086bbf56aa7bd8849_JaffaCakes118.apk
Size

10.5MB
MD5

3d5a344d039d950086bbf56aa7bd8849
SHA1

3797992d9e70ab133ab508a61de567510c5c51d3
SHA256

6aa45b6f2e9a8a00cde6f0d63461d2011052f13f692a6e77b498a558abab2970
SHA512

48486d80feefbbf0828237dcb666b8208a571b3ee0bad99774a568bf0e374ce6ec5c771f5e73d9cb749dd3fca9ceb27abc69d561d243622a8e652b09c5649c27
SSDEEP

196608:wGmFKS4u8ry0MCYuAquAQyrhF7Ys3BRwedO/C4u7UCkM/maN+6L/706dR9tRGCkk:zugy/Cz9Q+hF7J3B8C42/LT0sRiq

Score

8^/10

collection discovery evasion impact persistence

Malware Config

Signatures

Requests cell location 2 TTPs 6 IoCs

Uses Android APIs to to get current cell location.

collection discovery evasion

Location Tracking

T1430

Geofencing

T1627.001

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.sogou.androidtool:remote_proxy
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.sogou.androidtool:push_service
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.sogou.androidtool:channel
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.sogou.androidtool
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.sogou.androidtool:remote_proxy
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.sogou.androidtool:push_service

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.sogou.androidtool:push_service

Queries information about running processes on the device 1 TTPs 6 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.sogou.androidtool:remote_proxy
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.sogou.androidtool:push_service
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.sogou.androidtool:remote_proxy
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.sogou.androidtool:push_service
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.sogou.androidtool:channel
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.sogou.androidtool

Queries information about the current Wi-Fi connection 1 TTPs 6 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.sogou.androidtool:remote_proxy
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.sogou.androidtool:push_service
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.sogou.androidtool:remote_proxy
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.sogou.androidtool:push_service
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.sogou.androidtool:channel
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.sogou.androidtool

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 6 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.sogou.androidtool
Framework service call	android.app.IActivityManager.registerReceiver	com.sogou.androidtool:remote_proxy
Framework service call	android.app.IActivityManager.registerReceiver	com.sogou.androidtool:push_service
Framework service call	android.app.IActivityManager.registerReceiver	com.sogou.androidtool:remote_proxy
Framework service call	android.app.IActivityManager.registerReceiver	com.sogou.androidtool:push_service
Framework service call	android.app.IActivityManager.registerReceiver	com.sogou.androidtool:channel

Checks if the internet connection is available 1 TTPs 6 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.sogou.androidtool:push_service
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.sogou.androidtool:channel
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.sogou.androidtool
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.sogou.androidtool:remote_proxy
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.sogou.androidtool:push_service
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.sogou.androidtool:remote_proxy

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.sogou.androidtool:push_service

com.sogou.androidtool
1⤵
- Requests cell location
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:4281
- chmod 777 /data/user/0/com.sogou.androidtool/cache
  2⤵
  PID:4311
- chmod 777 /data/user/0/com.sogou.androidtool/cache
  2⤵
  PID:4336
- chmod 777 /data/user/0/com.sogou.androidtool/cache
  2⤵
  PID:4367

com.sogou.androidtool:remote_proxy
1⤵
- Requests cell location
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:4525

com.sogou.androidtool:push_service
1⤵
- Requests cell location
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:4725
- chmod 777 /data/user/0/com.sogou.androidtool/cache
  2⤵
  PID:4766

com.sogou.androidtool:remote_proxy
1⤵
- Requests cell location
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:4797
- chmod 777 /data/user/0/com.sogou.androidtool/cache
  2⤵
  PID:4856

com.sogou.androidtool:push_service
1⤵
- Requests cell location
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4966
- chmod 777 /data/user/0/com.sogou.androidtool/cache
  2⤵
  PID:5023
- /system/bin/sh -c getprop ro.board.platform
  2⤵
  PID:5277
- getprop ro.board.platform
  2⤵
  PID:5277
- /system/bin/sh -c type su
  2⤵
  PID:5310

com.sogou.androidtool:channel
1⤵
- Requests cell location
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:5060
- chmod 777 /data/user/0/com.sogou.androidtool/cache
  2⤵
  PID:5141
- getprop ro.miui.ui.version.name
  2⤵
  PID:5189

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Execution Guardrails

T1627

Geofencing

T1627.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Location Tracking

T1430

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.sogou.androidtool/databases/MessageStore.db

Filesize
297KB

MD5
353aff76b3882c2a2b1dd3c67824abae

SHA1
1a405a797186c70714a418362461e11b7eb05c0a

SHA256
6a71e93683564a5acb7c9f408d0f56d7ebd44f30b19acfb6be373617ca0eb4d4

SHA512
081b668013eb66def71268ed9b0df92237ebf0da7eafc0a2831acb3f2184cdbe3b2d3bcf3867fb7e909c00a9d51b44e8b0069ef4c0166eeccebbe99a93716afd

Download Submit
/data/data/com.sogou.androidtool/databases/MessageStore.db-journal

Filesize
512B

MD5
5dc3ad843a0a24541487b6fe051dde44

SHA1
d489c59fdf6956bc8b5503156fae4513e49f4b19

SHA256
31872cc0e782e5fa71a6076f87442af0562b800656d3480959356781f00eebc8

SHA512
364a1d993e28fb058f83bda90db2803501886ba2ec281404103d28cca023b256e004a10f0728d58be5379dd190c6ca1bc262637f0b9cfcc42bbf5994ed816599

Download Submit
/data/data/com.sogou.androidtool/databases/MessageStore.db-wal

Filesize
48KB

MD5
0686ae6bf45cf81f08d008d9164a498e

SHA1
5de56145bdbf0bacf235bc54c44940d921a56c93

SHA256
df73b5d8db86916eb6f7b633ad57f5c863144de8be83f7afed18c3b0e17b05d9

SHA512
119ef29259c660bafb051fd29915918d1c2b240ee1798aae4b5e2ff61de3d178c66b6df9f25a2ccb8618b37b2eff427ac082ecd1e32f4db51bafa0417f31d8a3

Download Submit
/data/data/com.sogou.androidtool/databases/MsgLogStore.db-journal

Filesize
512B

MD5
5250832afa01e03eb4caf7a60cbe7f9c

SHA1
4a9c54a10e6c685d3fe13104ac35e3497cf40373

SHA256
aecf62274f1bcbbad91ccac0a151136e1c33b9d97cbeda938ee678087a863964

SHA512
7baec5555d8a229565dfd1856f69ce13301adcfb3c6f21d40447e2229c975f9f5ff69a71e8397bfe0299b3432ff856ffb8a735e51429bf39e83e52135a1d496e

Download Submit
/data/data/com.sogou.androidtool/databases/MsgLogStore.db-shm

Filesize
28KB

MD5
e5732622adbd8d6e20e8ed50d2315d3d

SHA1
e7e5838f429f4fc95f0cc069c243b569749022b5

SHA256
90315e4cfda88f7fb0d2afcad4dfefeb1d6995405521d79f47577737d4cef41c

SHA512
b445a66b1d40dfbfd51e17605ca8952fe269b81b0d874f9e6ace71ed27b0134816a553be9b579f752ebd5263184b2758a263694786e90f6a86ab247ecafcc368

Download Submit
/data/data/com.sogou.androidtool/databases/MsgLogStore.db-wal

Filesize
68KB

MD5
e0b7a6ddf4fa35b3f979b7a666c7ac87

SHA1
0aa3b3881c81887dac9729c8e1feb93e5ae4705e

SHA256
f4bb031381a35f947442b5d9ac3b6f810e22f50899ab0a823f5b72a2205c7f04

SHA512
128a7a1baa3f8724d4e72ece787dd800f8666f381acb7bd66a084f5a487c0b9a19afe6a288effe40db011d79dcf56f4d832f8a65a77a234b34d8264dfba0325b

Download Submit
/data/data/com.sogou.androidtool/databases/bugly_db_

Filesize
4KB

MD5
a6362f1fc7b3a9adafaee918140b121a

SHA1
6383c1c033ee3372eaaf05fb4ae0117907285e1c

SHA256
62cde0cc9552a00e829e2f06d20c7ba662478ff9c4bb150fb095d06af2e4bd52

SHA512
6f93333a1744d50afc908010a788ee75863952b5429909612c1c9862fdc7acf373c2ab0daf0e21376be0d703cff3910229f142d36073d5f9d6ea01573053a051

Download Submit
/data/data/com.sogou.androidtool/databases/bugly_db_-journal

Filesize
512B

MD5
b76e8d5b52476235493fce6b967b88d7

SHA1
5d3f5936132a30db012de85f0c0d568da3958b4d

SHA256
cab498a16ec1a4e1879c4f7e145a0b509b89b23c2df9fa30afb241bfb85d31c9

SHA512
10957c7c21b1ba2632d9ddcbd90f6dfd3446570dd31a8497bc879d342bfd0a8daf0cf4160963f1cfd5ddc1ba5fe57691675a4e3b1a1dbc1cd621325d3e070911

Download Submit
/data/data/com.sogou.androidtool/databases/bugly_db_-wal

Filesize
88KB

MD5
0593b3ddb17784387be34bacddc8f3e3

SHA1
69db54c2d4731c242715a45710f7328f7c3c4e04

SHA256
1e27825a793a521734d28ace3e5c15ce0618d5fc5eea9ea529c240160176fc54

SHA512
d1eaedf519aa6483e0d690d6ae959b479e1913e93f0cf7fcf2137698c0ba106eefeeaf4bff63aafe67c18a2d596d867fadd62f5afd7cea51c8cc1680ccb6e179

Download Submit
/data/data/com.sogou.androidtool/databases/downloads_classic.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.sogou.androidtool/databases/downloads_classic.db-journal

Filesize
512B

MD5
99df28215b718e77ad6ab2f3665bc6a3

SHA1
fd41771262e3dd7e27b8ec850d21d3d1ee079004

SHA256
78dc643e10ed34bff9a746235688a6274d17f1f8c05e3aca6a48dd706870bfd4

SHA512
d8a3aa9f7fd6c7da083b9ab47b0d0f2591802561e26d5fc81a66753d9eb13890cc65005bdf198da1ec04b022c4fdde8d1c95139e263106cd5e3c7f69f5fe637d

Download Submit
/data/data/com.sogou.androidtool/databases/downloads_classic.db-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.sogou.androidtool/databases/downloads_classic.db-wal

Filesize
40KB

MD5
ee30f160ba3bd9c62880d54429794b79

SHA1
63659af10e63c1ddf5837547257ed1d34aef890f

SHA256
3920f0225b2f5b9f6665489f01b93202bbbbbbf147b9b40f136ce63e4d2186f3

SHA512
491c9b1cefb3b5bf40d586386aeeb248f608393b95ba233b1ddb5f7ee342a8b275676681d154ae0dd7d8e32ee434a40f13ba1ca9a8ed850ffc65ed7eefd3fc13

Download Submit
/data/data/com.sogou.androidtool/databases/pb_db

Filesize
20KB

MD5
650956f5790780ebe873a98ec3c6208e

SHA1
93d153640b298e9214eca32825ec30b181f9e8ce

SHA256
36b4a521ca7add4a85d3ceffd27777e37c0c0e06c44977492e58657664d59cab

SHA512
9fcc0dd8a702424908286f597c6418516a939038d264c2d31f65dc48fc5b025d7a4c85d85a54dbaf33708b7ccb0c703c2bb0762033a6fcfe7917287c6d307449

Download Submit
/data/data/com.sogou.androidtool/databases/pb_db-journal

Filesize
512B

MD5
baa6682112411a2cdb019e00c6f9620e

SHA1
0e23d6c88d22e032ac2fea9dedaca834de1949cc

SHA256
2c1d8f30902202d2afe30231ad74c212b1ffe0a3b31a860465dfb70d0a918f41

SHA512
cc6d4b57ccc3d680dba652170a0a029410e5b3774f6c295410950dd405d9816587af6c180e6b189981975bfd1fb1dba46cb8f94d928fb776d677e6ee71a5b31f

Download Submit
/data/data/com.sogou.androidtool/databases/pb_db-wal

Filesize
32KB

MD5
fe5e38f00154173efbfeb4dbd8c45253

SHA1
9ea41c871e71f46e7ce452808f62b197a13704d2

SHA256
9871450bac734e683d3043cb0edb81ce999de9d9bc29f124db94a1b789fb06da

SHA512
547ee7365e7625e57c2ef2a779bf598f4a0443ce659a6a68487b7e2eb84ffce05d2a6cf33cde982ad95765fa6717b52922db05cfb69b2a5a85f1aedd99a3a168

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads