Overview

overview

10

Static

static

10

8f4d4efd4e...44.apk

android-9-x86

8

1.apk

android-9-x86

1.apk

android-10-x64

1.apk

android-11-x64

9.apk

android-9-x86

9.apk

android-10-x64

9.apk

android-11-x64

hackdex.apk

android-9-x86

hackdex.apk

android-10-x64

hackdex.apk

android-11-x64

talkback_c...ex.apk

android-9-x86

talkback_c...ex.apk

android-10-x64

talkback_c...ex.apk

android-11-x64

Analysis

  • max time kernel
    169s
  • max time network
    140s
  • platform
    android_x86
  • resource
    android-x86-arm-20240514-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
  • submitted
    23-05-2024 05:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8f4d4efd4e3eb7f5876f35ebbda5d5b7bc2449cb97580de4941647e3b2bc1744.apk

  • Size

    31.1MB

  • MD5

    69dd2489d2d014550ea74d1b5ee2d22b

  • SHA1

    b4ad5364d974d4c493a8b180123644a343eadca4

  • SHA256

    8f4d4efd4e3eb7f5876f35ebbda5d5b7bc2449cb97580de4941647e3b2bc1744

  • SHA512

    61350860e0a2a867eff91303afb89999247840f00b426aa3a06397c55356731f8b5f78e4358a76efaee454363dd7788932bb15bd5532df5a9835c943ef2c6565

  • SSDEEP

    393216:VkIWctHv57mLOWOlRSsegD982RAaUgSvtyVa4op8Gk9/XlUZR+NfA7yG4oGM+3rJ:VttRnWyD9XRAaUfv8vg+Nkyzt/3et347

Score
8/10
collectiondiscoveryevasionimpactpersistence

Malware Config

Signatures

  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

    collectiondiscoveryevasion
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Checks if the internet connection is available 1 TTPs 1 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • com.sohu.inputmethod.sogou
    1⤵
    • Requests cell location
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4280

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.sohu.inputmethod.sogou/files/.dict/crash_collect
    Filesize

    25KB

    MD5

    5478fde52029187d5d905509ce6c1993

    SHA1

    e58ecac8f295029d8b2db5e45109cbe5981f8d49

    SHA256

    4718b3e9617355ef53948fe8d7599019e5fc7378c077a9881ca9a8c9efc098b8

    SHA512

    ebac3d120708831b3b31db43cb628ffb3ead81ba84bffd5de96ceb62b8a157a0966505bc2d01cf4fe0e2b683b952abe1679a2dece5197f4ed3a58cb05e4c8f3f

    Download Submit