229a4459d93ca271b1af41c2d6c79ef7cdd8ddbff8251ee72796619745758faf

Analysis

max time kernel
12s
max time network
159s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
17-05-2024 17:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

50c05abf202aab569a598af71270ff00_JaffaCakes118.apk
Size

31.6MB
MD5

50c05abf202aab569a598af71270ff00
SHA1

2a3277b82e478643c4ace9d2037cbe5bf01cc5e8
SHA256

229a4459d93ca271b1af41c2d6c79ef7cdd8ddbff8251ee72796619745758faf
SHA512

2c7989856bb8363a2e08cc4cd370f6b0bfa696cd5b5d1a00f7dcbc9720ca61d20c6e32cbb8e3d7b281cc97d008cfcb9104f4dafbe054db5e29422fe485c729e3
SSDEEP

786432:UR3AWyiIacB3T6lx3Q88iWrONIb8Xz2qHGBcnFi3:UNAPiITB3T6bQl/b8D2qHGyo3

Score

8^/10

collection discovery evasion impact persistence

Malware Config

Signatures

Requests cell location 2 TTPs 1 IoCs

Uses Android APIs to to get current cell location.

collection discovery evasion

Location Tracking

T1430

Geofencing

T1627.001

Processes:

com.sohu.inputmethod.sogou

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.sohu.inputmethod.sogou

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

Processes:

com.sohu.inputmethod.sogou

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.sohu.inputmethod.sogou

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

Processes:

com.sohu.inputmethod.sogou

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.sohu.inputmethod.sogou

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

Processes:

com.sohu.inputmethod.sogou

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.sohu.inputmethod.sogou

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

Processes:

com.sohu.inputmethod.sogou

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.sohu.inputmethod.sogou

com.sohu.inputmethod.sogou
1⤵
- Requests cell location
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4295