Analysis
-
max time kernel
96s -
max time network
189s -
platform
android_x64 -
resource
android-x64-20240514-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system -
submitted
22-05-2024 22:20
Static task
static1
Behavioral task
behavioral1
Sample
68d50271154720e5a9d868892c21f818_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
68d50271154720e5a9d868892c21f818_JaffaCakes118.apk
Resource
android-x64-20240514-en
General
-
Target
68d50271154720e5a9d868892c21f818_JaffaCakes118.apk
-
Size
12.3MB
-
MD5
68d50271154720e5a9d868892c21f818
-
SHA1
d44969715ddde6acc9d38012da21257503428e41
-
SHA256
76300b4b84762786c448cf99fc2f878a7eb013aada0a53b0c7014943989e7da8
-
SHA512
ddcd83f775c778ccde2a0a60ef1da15d902b7a14dfee043642a412ceeffe41d0dc4e99138aba04e097ca451948ac44ecc742431d9a41c121a35ccabe84265e54
-
SSDEEP
196608:+BD26pDmV6zUKX2q5pqN+lqN2KmPPSX6OuwedO/C4Mf4coMBpkhgaN+6L/706ddU:+BHsq50WqhfC4QBpMdT0slTKUTNuOG
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 6 IoCs
ioc Process /sbin/su com.sogou.androidtool /sbin/su com.sogou.androidtool:remote_proxy /sbin/su com.sogou.androidtool:push_service /system/app/Superuser.apk com.sogou.androidtool:remote_proxy /system/app/Superuser.apk com.sogou.androidtool:push_service /sbin/su com.sogou.androidtool:channel -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Requests cell location 2 TTPs 4 IoCs
Uses Android APIs to to get current cell location.
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.sogou.androidtool:push_service Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.sogou.androidtool:channel Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.sogou.androidtool Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.sogou.androidtool:remote_proxy -
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
description ioc Process File opened for read /proc/cpuinfo com.sogou.androidtool -
Checks memory information 2 TTPs 3 IoCs
Checks memory information which indicate if the system is an emulator.
description ioc Process File opened for read /proc/meminfo com.sogou.androidtool File opened for read /proc/meminfo com.sogou.androidtool:remote_proxy File opened for read /proc/meminfo com.sogou.androidtool:push_service -
Queries information about running processes on the device 1 TTPs 4 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.sogou.androidtool:remote_proxy Framework service call android.app.IActivityManager.getRunningAppProcesses com.sogou.androidtool:push_service Framework service call android.app.IActivityManager.getRunningAppProcesses com.sogou.androidtool:channel Framework service call android.app.IActivityManager.getRunningAppProcesses com.sogou.androidtool -
Queries information about the current Wi-Fi connection 1 TTPs 4 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.sogou.androidtool Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.sogou.androidtool:remote_proxy Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.sogou.androidtool:push_service Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.sogou.androidtool:channel -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 4 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.sogou.androidtool:remote_proxy Framework service call android.app.IActivityManager.registerReceiver com.sogou.androidtool:push_service Framework service call android.app.IActivityManager.registerReceiver com.sogou.androidtool:channel Framework service call android.app.IActivityManager.registerReceiver com.sogou.androidtool -
Checks if the internet connection is available 1 TTPs 4 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.sogou.androidtool Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.sogou.androidtool:remote_proxy Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.sogou.androidtool:push_service Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.sogou.androidtool:channel -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
description ioc Process Framework service call android.app.job.IJobScheduler.schedule com.sogou.androidtool:channel -
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
description ioc Process Framework API call android.hardware.SensorManager.registerListener com.sogou.androidtool -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 3 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.sogou.androidtool Framework API call javax.crypto.Cipher.doFinal com.sogou.androidtool:remote_proxy Framework API call javax.crypto.Cipher.doFinal com.sogou.androidtool:push_service
Processes
-
com.sogou.androidtool1⤵
- Checks if the Android device is rooted.
- Requests cell location
- Checks CPU information
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:5175
-
com.sogou.androidtool:remote_proxy1⤵
- Checks if the Android device is rooted.
- Requests cell location
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:5392
-
com.sogou.androidtool:push_service1⤵
- Checks if the Android device is rooted.
- Requests cell location
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:5667
-
com.sogou.androidtool:channel1⤵
- Checks if the Android device is rooted.
- Requests cell location
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Schedules tasks to execute at a specified time
PID:6082
Network
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Scheduled Task/Job
1Defense Evasion
Execution Guardrails
1Geofencing
1Hide Artifacts
1User Evasion
1Virtualization/Sandbox Evasion
2System Checks
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
36KB
MD5eb230124b8d877a017fc8706554ca810
SHA15180ec1a76119cf74337f362328f49e2a9e64147
SHA256fb3495bc59e8996fa5752e6bc6cb701a428d210cf888b5dff76ee32cb6f988f2
SHA512f294a592876d7c9cda6adbcd01e91c9ec0cc39a7d3c5351e2ef803894cda88da363cbec91c7b45dd650891a6fba6cdc8e64c98d682072e60fb90a23765b2ce87
-
Filesize
12KB
MD562c7c57358c88fc70fef911e677e17dc
SHA1208465bff7a29d1e6ce7481298b23fcd5d6a89fa
SHA256ba61cadc1da4a182e8a13df21ebb4b88e8b4cd97a6794fc2d44a92dcf6a3828c
SHA5121027361f3d8f9d0ffe07bd9d4d0a19e2ef024888d61cc7ce6e6e601ecc1181d6f134df53f7f1f57934f4737740f9fdfd57c740b67f8153918d00ad8c16f3ade2
-
Filesize
12KB
MD5f3e8d64203446cc65ddddf175cb8c6aa
SHA117e37dbbd9611e44924dc541082a76e701f8a46a
SHA256f0c3c013489115b37ef36a2bd3450334f20f34db6c7d0e48ec512c6faae81cf7
SHA5123805a5ea686c5e9152bf786644a470febea4974c71ed99f1f1a1c5f13390ab33f1efc941b4a5af8ce751f8c2a5b266615e9f424dba978f4ab0dd18c02256c76d
-
Filesize
12KB
MD5f1a098e62f4067bafbf44f34163782dd
SHA146bdd410cd601271fcae8955585cf5b54000f809
SHA25641b40c93f99072497961f10b5c80c0c41ec394cfd5881d84d0a3a3afeb46eb38
SHA512b9035e41ece84d903de8f4c63e3e1c3b8c512b5ce88fb5d2c591c15d219f3f5c77f821da84685dae93cd95128b22b99b1d5623c894a3577621b421daeeeb95a3
-
Filesize
12KB
MD5b6e54ab5432a1c193dddc99bd566c769
SHA14060300d76a0c82338cce216f7f75a022466b9e3
SHA256c8e0cf474d8e770cee50db08206b2ec8df15d48a3f12a712d9dc84c7a9331aba
SHA51222f5b0136f4725d5028a6621e3e03dd667e9ae3afc8e8ad42aea367550cb6a932e284d3f2765d2cfa512e89fa9f0f8959e3d5e6435b4838804ecefd7832861d6
-
Filesize
56KB
MD52e43ced20a16f43bb44ae953d36b1d36
SHA16187bc1616500884b2619c377ee330709f2f2b7e
SHA2562166d842af8ec871a6b06251d01bebda70498a4d3aa268a0bfb3247da4d59b3a
SHA5129f47ae917d107dd7ec01e387a08873f0d5697de16e303caf4a1c581c395c497634decdf56110ae2c0c22ed706b5c87860085d454ddeaa8997ce8abb60879c38b
-
Filesize
512B
MD5f42442857937d5c97c5545908c12dcee
SHA1b0822911366564132347504e2295da943646c88d
SHA256190c0134c2d91f536d80ef185060a5b56ae60cd4f7ba3d59e58ecaed0908374d
SHA5125676ed60d1b3eaf0f96cc25fedaa75d364fae5d277e60bc2f1e52e950da8e279b5e4162386113e88ba10d099a75305a23c6639aa5e483437aef5e1db9e7cf67e
-
Filesize
8KB
MD51bdb1830cfbd04bb5fab62b839b841f5
SHA16448bd5930e552bcc524426333eea42bcff0f598
SHA25650c93106b4f6e59a74bda33e2562a1fd3e9c61d84cffe7d8b726e97bca343db2
SHA512b89bc388523a94c6f130d920e6d53f872390ed3eb9bc9fc7916d590ff96ecd0233ab1f9f5d0dee9cc473d61dec877573edf5c4a4f84183d708d55e787796d929
-
Filesize
8KB
MD59c5df9ba32fdae45ad587a46c682a400
SHA1e9ff6e07bb17ac816d0ed28efe6e9adb281edf26
SHA2569d7dba78e1f55ce10b9a9e11a9b1dc49afd594b71c185f8131e5a610d0e08932
SHA512798ffcbfa3308373d1dcb3f0bfa8041d26216f55d81a18f463e3005bb26eb728f4904439b815e5c07cb6b59b74515ab85d73fbb14409b0865675d38667c5d530
-
Filesize
36KB
MD5b2aec2a775854360f68b021ce413f83a
SHA179a0abbf123e70ad97d516cbcaae1db9a56f5f7a
SHA256e9210840283cc5362216e5b8f0c07b44bfc403173969142e4e9c0089feab340c
SHA51222c4efd2119511d8887e4063c9b28d8dcce5392b170eafb760e3f56d5492659d4df7551077aaf541528e7ad7d455c5e889bb8f883a8782000926fcbebae0737e
-
Filesize
512B
MD50f9f2d558b658f30266771e3f775c65c
SHA12db645035d5137be3fa66f05eb84898379607687
SHA2565467f89577be4ed97c7c25badd65855bfd53d4d396ed216e65e92179aa1f1b39
SHA512cb9677e9aa3e32c0c5440171d11adee743765ccb7fce6013a36b2286e30111227972764967c2a31237f654658cb9644ab1d4753a131d7b08d70b68d7442d7a20
-
Filesize
8KB
MD542861f8a8b3aa705d89c546631ecbee5
SHA15b17e6ca7876d12d968b13a61b9ec687a8dd32eb
SHA256359d43540f11c4d9be61f788cf20af77e090bf09cdbd23dbf1443d6910d62bd4
SHA51254d281f5f23dfdec404db88415f1ee3e07922917ea49dfb6f04bb63549b10642d900519822cd551ba63a067b2ae82f7b8fced573a35ebadd6daf78664e8ee3d5
-
Filesize
8KB
MD56895e74abc388a3e1a9558b882384185
SHA16e257893bf206fdf6c2c0652b3be6a9a3d1a3bac
SHA2563c34ad77551103cc7ded66970c2c3cd2698e988026a08f9364a751f8022cd509
SHA512c3d2b0137e33dcea669fdddc7042fa9b78358bd69e42c0dd9d0e689e48b1bf19d901756af17f64ed11d584655759dea77be22aed974f9031a3b52bada02eaba1
-
Filesize
20KB
MD5d95e1280cc553509d7b5b7851398db12
SHA1121eb76ea37f3407d0f3b56392f6f67893fbe649
SHA25658e0eeb309805e54342d5ccb3f9006751543d5a1306898dad2c09048b294153c
SHA512f52c432894144ad581d36d447ed61ac50485dbc931ddd9b2ba5ce399642dcb361502e6492f28e05dc7cdbd5f19126bbc6cc09e62586b73bf449da950a6de1284
-
Filesize
512B
MD54a65df746f727aa3132e162a75d43cbc
SHA13acb2d5b4a83cea7f48c5214268536dd54825d6f
SHA2562aa6bf13295a3bd23e8fcb6e71be83046e5046b8b308ddaf945b1a169aca0b26
SHA512fc6e2d61c6934556fa7d8faf1cd6d7f09b1cb4cdc8d8ef83b6067f903eca369ae2500f6cf6f98b09f83516ab63c100e36e061301061e6e14027f004eda34f0d7
-
Filesize
8KB
MD5ce0a2ced08b3ad454a3d4b4939ec3788
SHA1e581dae3f5856a20c88c381cf0fecd1a7d1966bf
SHA256e4bb1dcf12ff7521ea38925e6f048b460cf362352cb6b163c9c075c738b9d840
SHA51200a24a062da5281b6f6b7b9e86f6588380d484b49a663dda981467f6e3f8673e6be569d82f38498afcf1e2475fd0b533fb0f9d4edd72fb9349245996e1677bb8
-
Filesize
8KB
MD5f38607c41aedd535c705610050d318d9
SHA1276e31cfb1035f520b54c8942aed3ac0d092722e
SHA2565fa40ba7abc1a49cf4a94f99e58c339734b38037f6aeaf068b7752baffc6437e
SHA5125380d4e0feeb45a23331a1f7e4be8e12a451cbadf5d9f311b49e1967a706c9fedd37dbc03e8798294f9406509f2eb87c51f79533092e5c3ab7ab1d17490d5da5
-
Filesize
60KB
MD599be217ede76f18ff81c52fd0a0efd5a
SHA174d89a67ac819d6a26321c1473d4341a06966ecc
SHA256e584b01af25900411179f0ead8c28517481b985d6d40b81399fadfca6806ef9b
SHA5121e9becce6ff4791926f61cb2d4f8d52187af96bf16e422882e98f4a719bed0a104a06d7d73eb6e7cb946e697235be9d1a610fe94a5e310ce02a9a041faad2575
-
Filesize
512B
MD55983b12d5dd88590880d8c0d68224b99
SHA1a9414d14d7b254fbc73a85489a151e6f08d6cd13
SHA2562fd7bed3548b33a3737afd263a60b395773e7f0f8bbc345fa65250769284d670
SHA5125eb6c22f4a51d3e3455fba5749b88e46eb088cea5c26b770aba191314525159262b3de8248f0a935f196fba079e42450eb652b232717d935f061e92276faa59a
-
Filesize
8KB
MD508c7af1ab6ce2a309fbf12d5dff72537
SHA11605571869e5486e6b985a36c93dc8ca680c3e73
SHA25610f47df491afed3f98213de4bc25f9829b75bef334addcb7c79ab14f3c16908a
SHA512736b5d293f76da0cf23692a4721a1267144f13eacd4dadb25dea14c3251253ee6543398fc13020f2825c3bb6edaf54562d9796044ced5c42facaf45361d416dd
-
Filesize
8KB
MD5e52e6d205ba35da055de0e1a4374775a
SHA11b780bdd6fd73e68e8c322000fd69e9768ba2e8b
SHA2563dfc04cbe4055d4e841611e0d2bcd6345d51527aad46d734ee0f207912e4ba45
SHA512467b0a0f05e0a52c5240069cccfadcf602f3023f9b96f1614188b66e244f640ce28c6cf6b3c6f0ac10f2126027172641cd44fbbd62ae6f6b64405a96ebb48d8f
-
Filesize
12KB
MD546783f25c7943546d2e4a6a3b5da7d3d
SHA1a3e32af362e488c33fde5eff3426261bcc0e0303
SHA256c28cea0c82b8a43d1420fbd0d614a0417038d19797be9f0bdb3942e8e6c14649
SHA512a0ac640cfc3dae371faaffe4bd3d299f556d72aff0305bf08a45d3ed9e1b1a20e915550a1c5779e292c7a7b2d6c6ff24c5b5e9e657791c13bb8bc0251dee1ab7
-
Filesize
12KB
MD5db18c4b760a74dd454a0a21b088a152b
SHA137b067c06cd8ffddf5964ddd36d314bdc3c2c516
SHA2564782e39948ffd33df1a91dd4a1f65d1b20172b6255077e3321752932b23cc333
SHA51280ee390a6542b57c23d72e23f028466eb68f5eca83174d8133297c3295baf99cb7b52ca58fd4a370154650fd5d980720cca0ec9846a594d1177aa1bf1e937e7d
-
Filesize
12KB
MD55b58d19cc88098c4f258bd25168d7ce4
SHA1a3b8a2c28cbef726a2a546c68567d3d75088add2
SHA25622491bff4127c1d22482b309db12a1ee3b998d2df01fc6f5a6f345a591d82fe1
SHA512e3e544a9c6e00dd05258d3bf3a286871b2ee54197f4c79efe9ae2732468a306dfaaca84c90befa4b64cf3427fcb41be1d9729abc3cf6f976b6d42846885907d4
-
Filesize
28KB
MD59f6197ae09a4565c0a7432308d84f786
SHA15e25c3c40cd202ac8871c8e59b95b34aa588e7a0
SHA256e48f49399e19ad3cab7d410c013560d592ddc7b683cb63cfe369e606e732dc4e
SHA51252f3dd7ca20afe6125e28c0b0e744c9ae06043e46c21c8c9c5045053ba7c5128b1407e9160d92eabb0c911e84f9c4b15c7ca65d67adc21013ad43f65f09e0e03
-
Filesize
512B
MD58258857b808aa2375d40acf3a9238946
SHA13df01a38b9e1adfd9ff55cd5e8ba776acbee9273
SHA2562e9d1ec329aa6e3d2bc2f3dcffaa3a2b52a50b7bd8d19b50f917eeb003451bc6
SHA5121b0c90733af9265e20d93d52270fb0c2d9eebb2a3c84ead32813ee2d5510c7b4777fafc3766fa71e25132af355dcc9848f2f0c2703703e78e7491c0bbdc590eb
-
Filesize
36KB
MD550f3d63f4b9241e212be8ec20bf3e374
SHA110353f506f0aa9dfab398275482eb42da167232a
SHA256be9049dfc1751c212273b6e4d07202e47cc7de289dd84d388a27675609056653
SHA512dfc6dc641041edc77b5b77bda43ebbfd0eb6c0f4d55d05a7a914f77c58f2f465e8d29aa7e2c9773ec93a257154a6c779a6b165b8765a214aa154976887d8ff7c
-
Filesize
8KB
MD597aa3522b2aa994dc5e82ad9e24088d1
SHA1cbb7f153c774747177c365aafa9af11097881c38
SHA2568ac6cd7f273792680f04e3d775354bb4a444f7a8a17abfcc633f59d0a674a04d
SHA512d65167f0b4ce130a1cdd1903c2f5317c569adca4d1ff1e2f112983237aaa2c4a8eeff7794777543353cc3f59ae78bf79239cf55e7a57394dee45805ade3563dc
-
Filesize
111B
MD561d06435326e2030bf0b1cf17d1fa73f
SHA1bfe067f1fe7dc8a5983b7be8d44e40b60086847d
SHA256efcfabbd1754808da155fdaa341430e46d5d1406f45c54518ea40bd878a82fe8
SHA512f27cba045b1a891fab99ae38a742231ff2c31f73a3c4e329aebe86a078ed96f1cbf641b008dc27515e5adb66b3a5c00c9d35b6457c3231892219ed1c6bf2a147
-
Filesize
213B
MD56eacdb79291fb73ae6167362907b23dd
SHA16334d2867552c533644dcfe403a3230c7d5b572b
SHA25629d7b8b7ce444872b09a157f27052e82791481a797285c3462c7f083ccdd4a0b
SHA512890acaf22ceab59843d7749a68acbfa15156eade5b42a139c271742bbd1913e51410ee7bda5d61f159e1886786932a868d7590cafbb7432d176782d4dfc12a8d
-
Filesize
65B
MD59781ca003f10f8d0c9c1945b63fdca7f
SHA14156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA2563325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA51225a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03
-
Filesize
111B
MD5ac60127a3bbf29f8515628662fd06f39
SHA1ed904dcb6ba51b229b226cf85df5d9f2a9356b42
SHA256a0fbaadcd1d3c01c9f485ce5306e3700ceb02cce0d2251e5d53ed2895fe2b9e5
SHA51232d30de2ebb03713f421d0743ac7d41c68203bafcbabb51c628da053c3cf4502b32034f5e41269b46d8b2fc67f2e7a7e8095fbbdbff54f305fdbbd5bbff19ad2
-
Filesize
167B
MD5e65bf4077611c36217f339767817d98c
SHA1d528c1ac2a322431740f8262d8a57e36458b8d46
SHA2560202d3e037a83b6523e35fd83e114dc43fd2312b20705700f47da2577b360c3e
SHA5128cfcd84a323a380eb246f74cfbf845dbf272b11322bde6dd6441b1086a3cc0c5d4d77348a0782576ec56cffad0f822993d6f83906f394d31e0195a64a49e9df7