6aa45b6f2e9a8a00cde6f0d63461d2011052f13f692a6e77b498a558abab2970

Analysis

max time kernel
152s
max time network
165s
platform
android_x64
resource
android-x64-20240506-en
resource tags

androidarch:x64arch:x86image:android-x64-20240506-enlocale:en-usos:android-10-x64system
submitted
14-05-2024 01:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3d5a344d039d950086bbf56aa7bd8849_JaffaCakes118.apk
Size

10.5MB
MD5

3d5a344d039d950086bbf56aa7bd8849
SHA1

3797992d9e70ab133ab508a61de567510c5c51d3
SHA256

6aa45b6f2e9a8a00cde6f0d63461d2011052f13f692a6e77b498a558abab2970
SHA512

48486d80feefbbf0828237dcb666b8208a571b3ee0bad99774a568bf0e374ce6ec5c771f5e73d9cb749dd3fca9ceb27abc69d561d243622a8e652b09c5649c27
SSDEEP

196608:wGmFKS4u8ry0MCYuAquAQyrhF7Ys3BRwedO/C4u7UCkM/maN+6L/706dR9tRGCkk:zugy/Cz9Q+hF7J3B8C42/LT0sRiq

Score

8^/10

collection discovery evasion execution impact persistence

Malware Config

Signatures

Requests cell location 2 TTPs 4 IoCs

Uses Android APIs to to get current cell location.

collection discovery evasion

Location Tracking

T1430

Geofencing

T1627.001

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.sogou.androidtool
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.sogou.androidtool:remote_proxy
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.sogou.androidtool:push_service
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.sogou.androidtool:channel

Checks memory information 2 TTPs 3 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.sogou.androidtool:remote_proxy
File opened for read	/proc/meminfo	com.sogou.androidtool:push_service
File opened for read	/proc/meminfo	com.sogou.androidtool:channel

Queries information about running processes on the device 1 TTPs 4 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.sogou.androidtool:remote_proxy
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.sogou.androidtool:push_service
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.sogou.androidtool:channel
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.sogou.androidtool

Queries information about the current Wi-Fi connection 1 TTPs 4 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.sogou.androidtool
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.sogou.androidtool:remote_proxy
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.sogou.androidtool:push_service
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.sogou.androidtool:channel

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 3 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.sogou.androidtool:remote_proxy
Framework service call	android.app.IActivityManager.registerReceiver	com.sogou.androidtool:push_service
Framework service call	android.app.IActivityManager.registerReceiver	com.sogou.androidtool:channel

Checks if the internet connection is available 1 TTPs 4 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.sogou.androidtool:remote_proxy
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.sogou.androidtool:push_service
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.sogou.androidtool:channel
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.sogou.androidtool

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.sogou.androidtool:channel

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.sogou.androidtool:remote_proxy
Framework API call	javax.crypto.Cipher.doFinal	com.sogou.androidtool:push_service

com.sogou.androidtool
1⤵
- Requests cell location
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
PID:5085

com.sogou.androidtool:remote_proxy
1⤵
- Requests cell location
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:5363

com.sogou.androidtool:push_service
1⤵
- Requests cell location
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:5650

com.sogou.androidtool:channel
1⤵
- Requests cell location
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Schedules tasks to execute at a specified time
PID:5909

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Execution Guardrails

T1627

Geofencing

T1627.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Location Tracking

T1430

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.sogou.androidtool/databases/MessageStore.db

Filesize
36KB

MD5
8efee9d34a56f57e288b2cb6e20ba6d6

SHA1
b0928e7ba6a825727f53872b612afa6d31a58328

SHA256
8d3a6f8bc81d4528fc67ef296804935e93d85cfef46e200705961410be674079

SHA512
a7b018e1b71d590d95c2448ffd48e09848ff1dea7387e63f4eaa958be1fabbd4c0c5abca3920ec05f486220404af52dea18e3f41d1530ac3dbff04ae28ddd8c5

Download Submit
/data/data/com.sogou.androidtool/databases/MessageStore.db-journal

Filesize
12KB

MD5
98bcd4e6449ff937c0625f4c66b19f70

SHA1
152555e21782ad772f40dfeb5fdac25460f70f76

SHA256
c7b3691000709417e9dbd87f6aed52ea7151ae378fa83acdbc265368839876a6

SHA512
d1ff4a88280e95aa8826fb15db2324b3ca29741e7aab8ac9deb458d442ab555bcb1b4ac1a7e87861681d31dcc51ea5ee10de73f166c45b3f2c992748a8cd4a41

Download Submit
/data/data/com.sogou.androidtool/databases/MessageStore.db-journal

Filesize
12KB

MD5
1e09d19736f228f93b5feb757f0d9d50

SHA1
319cd5bd9389118cdae8839b10f4c190263c698f

SHA256
1adbef4956d5b8404eac8328422ee10d100a93fefb2c6c6e107f4430e3072745

SHA512
cc796795b57ffadbb2e01347f02d3200f70a7748a6a4cb45392b979ed7b76c765e4afae4a59aa7395333180f06184b483f4669ea2fdcd3eff1526200121b337a

Download Submit
/data/data/com.sogou.androidtool/databases/MessageStore.db-journal

Filesize
12KB

MD5
2f148f2a4992e36af45a00131c06e8fc

SHA1
eb94a6e8a225bac2f5497bb4c24cb90435321a12

SHA256
f66811477e40c969e31e5d99c42098cec0a03223801b9b8fd6b224572481c227

SHA512
bde5399f57457a65cc5c1b9768a5ad224e783d66439288d3de710915e1514c54f7fe50580aeafec9868004624bb344b74205fbb7521b2e128d83b7c148b3a074

Download Submit
/data/data/com.sogou.androidtool/databases/MsgLogStore.db

Filesize
56KB

MD5
e1e209e0627aceea5f1ceb90c0d5c5f7

SHA1
c3f66fe20dfac9f2d4a39fa66a593495cd80c937

SHA256
7ebebc694fb372b617c9e29d0f75f134ee6d78d350cf9c5357910061df7ffe2c

SHA512
1cbf74405bf444d128d3b36e27b43315fddf8306fa7b37004f9fdd5f66f9aafccd2dfbe8a4f924f09bea2575cf948cef0d89cc40e06162da6c8716c66be73a34

Download Submit
/data/data/com.sogou.androidtool/databases/MsgLogStore.db-journal

Filesize
512B

MD5
64ce5397b3c3a2f5dae6c4fa37e03a66

SHA1
3468ae8163d40644100ebdf390445829bd4eb29e

SHA256
0de9f34ca287287e10a5530e668b65fb21539baeef8df873707054e99e1fcaea

SHA512
8823b63143fc2473b8375a0182d3123efc0282deb3fe40b8d290a8a9282225aa97efa437eb2956707537101ec16b6ba6d34daaf90043774ee4a440db2bff2dac

Download Submit
/data/data/com.sogou.androidtool/databases/MsgLogStore.db-journal

Filesize
8KB

MD5
771bba7acc79042216210bf48719cc47

SHA1
0484a3e03842e99e0fb5c06fca0b311027033859

SHA256
5948bbe2842e242a018629b41adfced3b44daeb0bbb5e2c7b549eeb93ba84dec

SHA512
b7da25f44bf5abc108bcff291b988ebac7a65cd282826eeb6b4e781fe5cd6a4d1f22122054700b86db7a9d27a1b6b3a941c17453f135a5df272a7800f569c092

Download Submit
/data/data/com.sogou.androidtool/databases/MsgLogStore.db-journal

Filesize
8KB

MD5
8f4143523611266e69d4b0eb2e4cb267

SHA1
94e6e346bd7a414d3013c7a0301aa1dec9ace499

SHA256
abdc140e2a153161639d77def5404f08ab49c6369d783291a085a58689f5a2bd

SHA512
6f723e0fa07aac3539849ed06820a635011231263c5e7c11f0835f140fb4bb568b67497134cc3312f97cfe80c5696836f1cc7a185bf04eef82c06b840ed12cd9

Download Submit
/data/data/com.sogou.androidtool/databases/bugly_db_

Filesize
60KB

MD5
5df0908f18901749ec5c129c3bee7b44

SHA1
a2d4542533a1b403ec0f5050a06f825aa0f5928a

SHA256
1be83a7e61510d2a2c20f3dbabe31404785307196e4de0e3cb9e96d7657e685a

SHA512
9d52957800643bde15478a9de64c685167bde94454b9d86db179851e0b82dc88c28810b6a2266007a1063d6b28ff395f09283115f5bd8480223a0f39c537caaa

Download Submit
/data/data/com.sogou.androidtool/databases/bugly_db_-journal

Filesize
8KB

MD5
4e0b8479a76c412d976b2809dad5b768

SHA1
8a92807f055ea783059f197970b14ebffdbf61c5

SHA256
bdbf89807bc6eda5d70b61b47499eaeb38ec03050994aaa680f530f0716be0b4

SHA512
fbd94ec73948c1b5af87e9eb1e8b1e1bc5cc6dd201d215373cca820b72f867e6651e44e492e8ff675a8dcbc3dfef4a8a4c08f7325b32943b817fe665bfe35541

Download Submit
/data/data/com.sogou.androidtool/databases/bugly_db_-journal

Filesize
8KB

MD5
b2e320ce98272028e0c73d004a853d4c

SHA1
947232a76ed3d7186aabd89f57e2340acb1fe837

SHA256
ff3f58db1ef7924b1a0a0990b57cfc09432eb75a2b512f9193332118b9cc0184

SHA512
ffc964a5b8c816e47d5c34bd30440bef930ffd0b54e00e5e2b61cc2926faf64bf8abbd7360ecdf4de6b28d193439faf364948b3ced9b8c0ca7680b97f6d27a85

Download Submit
/data/data/com.sogou.androidtool/databases/bugly_db_-journal

Filesize
8KB

MD5
b66046a2b5efe5351eaccb080346b0eb

SHA1
d1d5ab0b1bb333766199617c49fe7fa6927e1255

SHA256
ce22218b7050815aac261aed335f124acb6df42c229e69a0a20d38186e53fc55

SHA512
1ad1ac5f4e3c793df969a7f8a5fb850eccf556bb2a1ad175ebb1cecbaa57611c24633e193505d82a7f1030f73f987b5cc89a2fd545cc59094f39c94e7224f599

Download Submit
/data/data/com.sogou.androidtool/databases/bugly_db_-journal

Filesize
12KB

MD5
76916136d70a94b4e7458bc66ace1c6d

SHA1
1162199f6a93c3626f8fe9fbe44016823eccc9b1

SHA256
ce63db0541fbad08ece23f874b11e50902d7a79482e085494b33fe57505de368

SHA512
7c654546c86629836aae6960f1f08583baa0d5134beaa324c438a2129bf1f93e1106c09c2e945426176da94ad0e8e3b729e60845e7b7f614ce2121d7409a257e

Download Submit
/data/data/com.sogou.androidtool/databases/downloads_classic.db

Filesize
28KB

MD5
d5f18b8f59c9b48a641be38549075a6e

SHA1
f79fcac2ea7f580a58ed95eea3cdbe9569133085

SHA256
1cb9e0b83c09803d54755f425182eff61db67c83e409c86fbccdeed30c0594d6

SHA512
34a30d6d0cfa2043d3702a0092570f10863050d88e6b18313bd35846e47b9be1207379f005004b75eb430dbd4baabe5d02af41747961610ea4765c02bcd2643a

Download Submit
/data/data/com.sogou.androidtool/databases/downloads_classic.db-journal

Filesize
512B

MD5
532805852f18f2ecc5e0be04b1f835ea

SHA1
68add6cc53a91156d49cbeb55fad499e6f499d8a

SHA256
af9815f3980bc2bf24f511f245951764deef905015c40d4bb779881e0cb04997

SHA512
879d3b6d3c36e8ce666232fd920b66c4c8692667366eb203272f392ed2ce96368887822173685adaf2a0c019e6bdee64acdbef83f1d3b719b5934b5f3f1cabe6

Download Submit
/data/data/com.sogou.androidtool/databases/downloads_classic.db-journal

Filesize
36KB

MD5
50f3d63f4b9241e212be8ec20bf3e374

SHA1
10353f506f0aa9dfab398275482eb42da167232a

SHA256
be9049dfc1751c212273b6e4d07202e47cc7de289dd84d388a27675609056653

SHA512
dfc6dc641041edc77b5b77bda43ebbfd0eb6c0f4d55d05a7a914f77c58f2f465e8d29aa7e2c9773ec93a257154a6c779a6b165b8765a214aa154976887d8ff7c

Download Submit
/data/data/com.sogou.androidtool/databases/downloads_classic.db-journal

Filesize
8KB

MD5
7ac32ff5c4162c9d4dd167ddb5a0f317

SHA1
be5fe53a100ae0c57e99104cf9d22ddb81e2a7f8

SHA256
72ce655735808f72e418e2eab18b68b21233ee0ee744005a2e52811561b520d4

SHA512
0691a6064c478051fda7a62d86626637e091095aae1dbe3ebbe2914a3fe46801bc8eadd63ff1be865f9d28c75e84bf0439b6125fa1c508adef4bdfb2565b31b2

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads