Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
162s -
platform
android_x86 -
resource
android-x86-arm-20240506-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240506-enlocale:en-usos:android-9-x86system -
submitted
14/05/2024, 01:17
Static task
static1
Behavioral task
behavioral1
Sample
3d5a344d039d950086bbf56aa7bd8849_JaffaCakes118.apk
Resource
android-x86-arm-20240506-en
Behavioral task
behavioral2
Sample
3d5a344d039d950086bbf56aa7bd8849_JaffaCakes118.apk
Resource
android-x64-20240506-en
General
-
Target
3d5a344d039d950086bbf56aa7bd8849_JaffaCakes118.apk
-
Size
10.5MB
-
MD5
3d5a344d039d950086bbf56aa7bd8849
-
SHA1
3797992d9e70ab133ab508a61de567510c5c51d3
-
SHA256
6aa45b6f2e9a8a00cde6f0d63461d2011052f13f692a6e77b498a558abab2970
-
SHA512
48486d80feefbbf0828237dcb666b8208a571b3ee0bad99774a568bf0e374ce6ec5c771f5e73d9cb749dd3fca9ceb27abc69d561d243622a8e652b09c5649c27
-
SSDEEP
196608:wGmFKS4u8ry0MCYuAquAQyrhF7Ys3BRwedO/C4u7UCkM/maN+6L/706dR9tRGCkk:zugy/Cz9Q+hF7J3B8C42/LT0sRiq
Malware Config
Signatures
-
Requests cell location 2 TTPs 6 IoCs
Uses Android APIs to to get current cell location.
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.sogou.androidtool:remote_proxy Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.sogou.androidtool:push_service Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.sogou.androidtool:channel Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.sogou.androidtool Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.sogou.androidtool:remote_proxy Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.sogou.androidtool:push_service -
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
description ioc Process File opened for read /proc/meminfo com.sogou.androidtool:push_service -
Queries information about running processes on the device 1 TTPs 6 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.sogou.androidtool:remote_proxy Framework service call android.app.IActivityManager.getRunningAppProcesses com.sogou.androidtool:push_service Framework service call android.app.IActivityManager.getRunningAppProcesses com.sogou.androidtool:remote_proxy Framework service call android.app.IActivityManager.getRunningAppProcesses com.sogou.androidtool:push_service Framework service call android.app.IActivityManager.getRunningAppProcesses com.sogou.androidtool:channel Framework service call android.app.IActivityManager.getRunningAppProcesses com.sogou.androidtool -
Queries information about the current Wi-Fi connection 1 TTPs 6 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.sogou.androidtool:remote_proxy Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.sogou.androidtool:push_service Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.sogou.androidtool:remote_proxy Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.sogou.androidtool:push_service Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.sogou.androidtool:channel Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.sogou.androidtool -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 6 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.sogou.androidtool Framework service call android.app.IActivityManager.registerReceiver com.sogou.androidtool:remote_proxy Framework service call android.app.IActivityManager.registerReceiver com.sogou.androidtool:push_service Framework service call android.app.IActivityManager.registerReceiver com.sogou.androidtool:remote_proxy Framework service call android.app.IActivityManager.registerReceiver com.sogou.androidtool:push_service Framework service call android.app.IActivityManager.registerReceiver com.sogou.androidtool:channel -
Checks if the internet connection is available 1 TTPs 6 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.sogou.androidtool:push_service Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.sogou.androidtool:channel Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.sogou.androidtool Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.sogou.androidtool:remote_proxy Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.sogou.androidtool:push_service Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.sogou.androidtool:remote_proxy -
Reads information about phone network operator. 1 TTPs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.sogou.androidtool:push_service
Processes
-
com.sogou.androidtool1⤵
- Requests cell location
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:4281 -
chmod 777 /data/user/0/com.sogou.androidtool/cache2⤵PID:4311
-
-
chmod 777 /data/user/0/com.sogou.androidtool/cache2⤵PID:4336
-
-
chmod 777 /data/user/0/com.sogou.androidtool/cache2⤵PID:4367
-
-
com.sogou.androidtool:remote_proxy1⤵
- Requests cell location
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:4525
-
com.sogou.androidtool:push_service1⤵
- Requests cell location
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:4725 -
chmod 777 /data/user/0/com.sogou.androidtool/cache2⤵PID:4766
-
-
com.sogou.androidtool:remote_proxy1⤵
- Requests cell location
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:4797 -
chmod 777 /data/user/0/com.sogou.androidtool/cache2⤵PID:4856
-
-
com.sogou.androidtool:push_service1⤵
- Requests cell location
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4966 -
chmod 777 /data/user/0/com.sogou.androidtool/cache2⤵PID:5023
-
-
/system/bin/sh -c getprop ro.board.platform2⤵PID:5277
-
-
getprop ro.board.platform2⤵PID:5277
-
-
/system/bin/sh -c type su2⤵PID:5310
-
-
com.sogou.androidtool:channel1⤵
- Requests cell location
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:5060 -
chmod 777 /data/user/0/com.sogou.androidtool/cache2⤵PID:5141
-
-
getprop ro.miui.ui.version.name2⤵PID:5189
-
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Execution Guardrails
1Geofencing
1Virtualization/Sandbox Evasion
1System Checks
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
297KB
MD5353aff76b3882c2a2b1dd3c67824abae
SHA11a405a797186c70714a418362461e11b7eb05c0a
SHA2566a71e93683564a5acb7c9f408d0f56d7ebd44f30b19acfb6be373617ca0eb4d4
SHA512081b668013eb66def71268ed9b0df92237ebf0da7eafc0a2831acb3f2184cdbe3b2d3bcf3867fb7e909c00a9d51b44e8b0069ef4c0166eeccebbe99a93716afd
-
Filesize
512B
MD55dc3ad843a0a24541487b6fe051dde44
SHA1d489c59fdf6956bc8b5503156fae4513e49f4b19
SHA25631872cc0e782e5fa71a6076f87442af0562b800656d3480959356781f00eebc8
SHA512364a1d993e28fb058f83bda90db2803501886ba2ec281404103d28cca023b256e004a10f0728d58be5379dd190c6ca1bc262637f0b9cfcc42bbf5994ed816599
-
Filesize
48KB
MD50686ae6bf45cf81f08d008d9164a498e
SHA15de56145bdbf0bacf235bc54c44940d921a56c93
SHA256df73b5d8db86916eb6f7b633ad57f5c863144de8be83f7afed18c3b0e17b05d9
SHA512119ef29259c660bafb051fd29915918d1c2b240ee1798aae4b5e2ff61de3d178c66b6df9f25a2ccb8618b37b2eff427ac082ecd1e32f4db51bafa0417f31d8a3
-
Filesize
512B
MD55250832afa01e03eb4caf7a60cbe7f9c
SHA14a9c54a10e6c685d3fe13104ac35e3497cf40373
SHA256aecf62274f1bcbbad91ccac0a151136e1c33b9d97cbeda938ee678087a863964
SHA5127baec5555d8a229565dfd1856f69ce13301adcfb3c6f21d40447e2229c975f9f5ff69a71e8397bfe0299b3432ff856ffb8a735e51429bf39e83e52135a1d496e
-
Filesize
28KB
MD5e5732622adbd8d6e20e8ed50d2315d3d
SHA1e7e5838f429f4fc95f0cc069c243b569749022b5
SHA25690315e4cfda88f7fb0d2afcad4dfefeb1d6995405521d79f47577737d4cef41c
SHA512b445a66b1d40dfbfd51e17605ca8952fe269b81b0d874f9e6ace71ed27b0134816a553be9b579f752ebd5263184b2758a263694786e90f6a86ab247ecafcc368
-
Filesize
68KB
MD5e0b7a6ddf4fa35b3f979b7a666c7ac87
SHA10aa3b3881c81887dac9729c8e1feb93e5ae4705e
SHA256f4bb031381a35f947442b5d9ac3b6f810e22f50899ab0a823f5b72a2205c7f04
SHA512128a7a1baa3f8724d4e72ece787dd800f8666f381acb7bd66a084f5a487c0b9a19afe6a288effe40db011d79dcf56f4d832f8a65a77a234b34d8264dfba0325b
-
Filesize
4KB
MD5a6362f1fc7b3a9adafaee918140b121a
SHA16383c1c033ee3372eaaf05fb4ae0117907285e1c
SHA25662cde0cc9552a00e829e2f06d20c7ba662478ff9c4bb150fb095d06af2e4bd52
SHA5126f93333a1744d50afc908010a788ee75863952b5429909612c1c9862fdc7acf373c2ab0daf0e21376be0d703cff3910229f142d36073d5f9d6ea01573053a051
-
Filesize
512B
MD5b76e8d5b52476235493fce6b967b88d7
SHA15d3f5936132a30db012de85f0c0d568da3958b4d
SHA256cab498a16ec1a4e1879c4f7e145a0b509b89b23c2df9fa30afb241bfb85d31c9
SHA51210957c7c21b1ba2632d9ddcbd90f6dfd3446570dd31a8497bc879d342bfd0a8daf0cf4160963f1cfd5ddc1ba5fe57691675a4e3b1a1dbc1cd621325d3e070911
-
Filesize
88KB
MD50593b3ddb17784387be34bacddc8f3e3
SHA169db54c2d4731c242715a45710f7328f7c3c4e04
SHA2561e27825a793a521734d28ace3e5c15ce0618d5fc5eea9ea529c240160176fc54
SHA512d1eaedf519aa6483e0d690d6ae959b479e1913e93f0cf7fcf2137698c0ba106eefeeaf4bff63aafe67c18a2d596d867fadd62f5afd7cea51c8cc1680ccb6e179
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD599df28215b718e77ad6ab2f3665bc6a3
SHA1fd41771262e3dd7e27b8ec850d21d3d1ee079004
SHA25678dc643e10ed34bff9a746235688a6274d17f1f8c05e3aca6a48dd706870bfd4
SHA512d8a3aa9f7fd6c7da083b9ab47b0d0f2591802561e26d5fc81a66753d9eb13890cc65005bdf198da1ec04b022c4fdde8d1c95139e263106cd5e3c7f69f5fe637d
-
Filesize
28KB
MD5cf845a781c107ec1346e849c9dd1b7e8
SHA1b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA25618619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA5124802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612
-
Filesize
40KB
MD5ee30f160ba3bd9c62880d54429794b79
SHA163659af10e63c1ddf5837547257ed1d34aef890f
SHA2563920f0225b2f5b9f6665489f01b93202bbbbbbf147b9b40f136ce63e4d2186f3
SHA512491c9b1cefb3b5bf40d586386aeeb248f608393b95ba233b1ddb5f7ee342a8b275676681d154ae0dd7d8e32ee434a40f13ba1ca9a8ed850ffc65ed7eefd3fc13
-
Filesize
20KB
MD5650956f5790780ebe873a98ec3c6208e
SHA193d153640b298e9214eca32825ec30b181f9e8ce
SHA25636b4a521ca7add4a85d3ceffd27777e37c0c0e06c44977492e58657664d59cab
SHA5129fcc0dd8a702424908286f597c6418516a939038d264c2d31f65dc48fc5b025d7a4c85d85a54dbaf33708b7ccb0c703c2bb0762033a6fcfe7917287c6d307449
-
Filesize
512B
MD5baa6682112411a2cdb019e00c6f9620e
SHA10e23d6c88d22e032ac2fea9dedaca834de1949cc
SHA2562c1d8f30902202d2afe30231ad74c212b1ffe0a3b31a860465dfb70d0a918f41
SHA512cc6d4b57ccc3d680dba652170a0a029410e5b3774f6c295410950dd405d9816587af6c180e6b189981975bfd1fb1dba46cb8f94d928fb776d677e6ee71a5b31f
-
Filesize
32KB
MD5fe5e38f00154173efbfeb4dbd8c45253
SHA19ea41c871e71f46e7ce452808f62b197a13704d2
SHA2569871450bac734e683d3043cb0edb81ce999de9d9bc29f124db94a1b789fb06da
SHA512547ee7365e7625e57c2ef2a779bf598f4a0443ce659a6a68487b7e2eb84ffce05d2a6cf33cde982ad95765fa6717b52922db05cfb69b2a5a85f1aedd99a3a168