0857e52aa944ed12c2e3fb49ad27d84e039251d64cebc3ac8d98d47da103b970

Analysis

max time kernel
173s
max time network
187s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
24-05-2024 05:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6d6acc344150ac351c331b42c3553687_JaffaCakes118.apk
Size

12.3MB
MD5

6d6acc344150ac351c331b42c3553687
SHA1

7dab5406bd10b5423556e37d570d6221c5baaf5d
SHA256

0857e52aa944ed12c2e3fb49ad27d84e039251d64cebc3ac8d98d47da103b970
SHA512

ecc85d565be3963df93cd65e75ac9be5dd10b1608053b8585e7cc0ace7696875f2a8f10055c4e0b3a35703f5e688ef55b69ab14fd3e132fe37bd0adf181ce5f1
SSDEEP

393216:39x9qLhQRBuwGT1C4QBpMdT0slTKUT8uCLJ:RXuhT1C3BmJ0GTKRt

Score

8^/10

collection discovery evasion execution impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 8 IoCs

evasion

System Information Discovery

T1426

Processes:

com.sogou.androidtool:remote_proxy/system/bin/sh -c type sucom.sogou.androidtool:channel/system/bin/sh -c type sucom.sogou.androidtoolcom.sogou.androidtool:push_service

ioc	process
/system/app/Superuser.apk	com.sogou.androidtool:remote_proxy
/sbin/su	/system/bin/sh -c type su
/sbin/su	com.sogou.androidtool:channel
/system/app/Superuser.apk	com.sogou.androidtool:channel
/sbin/su	/system/bin/sh -c type su
/sbin/su	com.sogou.androidtool
/sbin/su	com.sogou.androidtool:remote_proxy
/sbin/su	com.sogou.androidtool:push_service

Requests cell location 2 TTPs 4 IoCs

Uses Android APIs to to get current cell location.

collection discovery evasion

Location Tracking

T1430

Geofencing

T1627.001

Processes:

com.sogou.androidtoolcom.sogou.androidtool:remote_proxycom.sogou.androidtool:push_servicecom.sogou.androidtool:channel

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.sogou.androidtool
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.sogou.androidtool:remote_proxy
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.sogou.androidtool:push_service
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.sogou.androidtool:channel

Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.sogou.androidtool

description ioc process

File opened for read /proc/cpuinfo com.sogou.androidtool

description	ioc	process
File opened for read	/proc/cpuinfo	com.sogou.androidtool

Checks memory information 2 TTPs 3 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

Processes:

com.sogou.androidtool:remote_proxycom.sogou.androidtool:channelcom.sogou.androidtool

description	ioc	process
File opened for read	/proc/meminfo	com.sogou.androidtool:remote_proxy
File opened for read	/proc/meminfo	com.sogou.androidtool:channel
File opened for read	/proc/meminfo	com.sogou.androidtool

Queries information about running processes on the device 1 TTPs 4 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

Processes:

com.sogou.androidtool:push_servicecom.sogou.androidtool:channelcom.sogou.androidtoolcom.sogou.androidtool:remote_proxy

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.sogou.androidtool:push_service
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.sogou.androidtool:channel
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.sogou.androidtool
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.sogou.androidtool:remote_proxy

Queries information about the current Wi-Fi connection 1 TTPs 4 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

Processes:

com.sogou.androidtoolcom.sogou.androidtool:remote_proxycom.sogou.androidtool:push_servicecom.sogou.androidtool:channel

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.sogou.androidtool
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.sogou.androidtool:remote_proxy
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.sogou.androidtool:push_service
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.sogou.androidtool:channel

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 4 IoCs

persistence

Broadcast Receivers

T1624.001

Processes:

com.sogou.androidtool:channelcom.sogou.androidtoolcom.sogou.androidtool:remote_proxycom.sogou.androidtool:push_service

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.sogou.androidtool:channel
Framework service call	android.app.IActivityManager.registerReceiver	com.sogou.androidtool
Framework service call	android.app.IActivityManager.registerReceiver	com.sogou.androidtool:remote_proxy
Framework service call	android.app.IActivityManager.registerReceiver	com.sogou.androidtool:push_service

Checks if the internet connection is available 1 TTPs 4 IoCs

discovery

System Network Connections Discovery

T1421

Processes:

com.sogou.androidtoolcom.sogou.androidtool:remote_proxycom.sogou.androidtool:push_servicecom.sogou.androidtool:channel

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.sogou.androidtool
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.sogou.androidtool:remote_proxy
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.sogou.androidtool:push_service
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.sogou.androidtool:channel

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
execution persistence

Scheduled Task/Job
T1603

Processes:

com.sogou.androidtool:channel

description ioc process

Framework service call android.app.job.IJobScheduler.schedule com.sogou.androidtool:channel

description	ioc	process
Framework service call	android.app.job.IJobScheduler.schedule	com.sogou.androidtool:channel

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

Processes:

com.sogou.androidtool:channelcom.sogou.androidtool:remote_proxy

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.sogou.androidtool:channel
Framework API call	javax.crypto.Cipher.doFinal	com.sogou.androidtool:remote_proxy

com.sogou.androidtool
1⤵
- Checks if the Android device is rooted.
- Requests cell location
- Checks CPU information
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:4288

chmod 777 /data/user/0/com.sogou.androidtool/cache
2⤵
PID:4317

chmod 777 /data/user/0/com.sogou.androidtool/cache
2⤵
PID:4340

com.sogou.androidtool:remote_proxy
1⤵
- Checks if the Android device is rooted.
- Requests cell location
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4605

chmod 777 /data/user/0/com.sogou.androidtool/cache
2⤵
PID:4750

chmod 777 /data/user/0/com.sogou.androidtool/files
2⤵
PID:4799

/system/bin/sh -c getprop ro.board.platform
2⤵
PID:5003

getprop ro.board.platform
2⤵
PID:5003

/system/bin/sh -c type su
2⤵
- Checks if the Android device is rooted.
PID:5028

com.sogou.androidtool:push_service
1⤵
- Checks if the Android device is rooted.
- Requests cell location
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:4829

chmod 777 /data/user/0/com.sogou.androidtool/cache
2⤵
PID:4868

com.sogou.androidtool:channel
1⤵
- Checks if the Android device is rooted.
- Requests cell location
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:5063

chmod 777 /data/user/0/com.sogou.androidtool/cache
2⤵
PID:5097

/system/bin/sh -c getprop ro.board.platform
2⤵
PID:5198

getprop ro.board.platform
2⤵
PID:5198

/system/bin/sh -c type su
2⤵
- Checks if the Android device is rooted.
PID:5222

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Execution Guardrails

T1627

Geofencing

T1627.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Location Tracking

T1430

Process Discovery

T1424

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.sogou.androidtool/databases/MessageStore.db

Filesize
237KB

MD5
e4260985de3722a5ae118b3d04c60f7d

SHA1
da8d404b0ec50dc536a54a084712757b5f876dc0

SHA256
e1a6a11191bf2a1392e31c20a4fb6de0c8d28225013530fbbcfaecc0c517020b

SHA512
ac25869fa20fad9fcd517497eead57a2d1bb86e4a4b76b554dc55874e4fb50bac71b242c2df95b68542df1f8ca59cb295c99a7e1bbfc1abf407528ed0f97e048

Download Submit
/data/data/com.sogou.androidtool/databases/MessageStore.db-journal

Filesize
512B

MD5
c85a7ae336d3f69b654b176e4da4ffe9

SHA1
9f68fd6054343ed192a76424ccb26dac311bdc19

SHA256
04f07271b40d888df757cd0c21b224eaba33ad14f754e8a1bcf5f6b969ed259e

SHA512
02bf7b646b69190fcc3064cbfb85212fa35f3e96316eaefd339f6569da978104dd4b21ef97ee8c61d3d1899028cb6b6f3670afaf0569b4f84328b2507f8f674b

Download Submit
/data/data/com.sogou.androidtool/databases/MessageStore.db-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.sogou.androidtool/databases/MessageStore.db-wal

Filesize
48KB

MD5
e9791fb4d37b76ee007919a5db5e4777

SHA1
687269d5108c020c890fc23e586f71500b1c60f9

SHA256
ce9b7a04d5e181a3a4df902f80e093ab8592258305830353c2481924e7cde161

SHA512
b9efeb6bb3fcf610950133a66505f9309afbbb64bbaa68a3b47144e46b54c944e84cbe02f3d608bf6884b2cd3c64bac3440a2977e163aab7846be5ee14588e62

Download Submit
/data/data/com.sogou.androidtool/databases/MsgLogStore.db

Filesize
4KB

MD5
8249e68e78aada3b5865f800cbedad39

SHA1
d881413b25afd922945b44600da14a0464b0c410

SHA256
2837e2dbea6fe8431bdf8728254137b733365dd4738c3947835bf2d2b75e6d59

SHA512
4067e969c7f85692d54165031d9c4f228ea09d03c5de28716474d48c4233cc0cf7c73975491fde4086c4ff2ca4e65f2919f7ed7fcd69c8c743a89584c55fd46f

Download Submit
/data/data/com.sogou.androidtool/databases/MsgLogStore.db-journal

Filesize
512B

MD5
dcdbc2f48fe64ff67bfd18eafe8e39db

SHA1
396db7161ddb80dcee10fed8024a03dde28c4ba0

SHA256
5e2536d0e19e4307c3b1b2a5cd384b33f6a95d695d7d79f5790d56d41b01b446

SHA512
35324fad8edb86031fd7353e8765e2e89807de3c45140021595a82ca21ef3b47fd07a489bfa8c5f26fb9121578b6c06e79832594243593bf46443fb057b3ec7b

Download Submit
/data/data/com.sogou.androidtool/databases/MsgLogStore.db-shm

Filesize
36KB

MD5
486e2bac2b3e9e1cb411d2838a4854bd

SHA1
81dd0a7537f4af319b830ae834908986be85da8b

SHA256
5644a250fa6cef16c2c802b98275656a5fc39dcf89bcc22193742d85c7313f57

SHA512
c146789563dae163e373489b3df53f22efebd32b69643992969241eb5ad5eec668de67e7cd2aaf5c3a8af57b0842115d00183825734f57643d3fdb09835fe681

Download Submit
/data/data/com.sogou.androidtool/databases/MsgLogStore.db-wal

Filesize
68KB

MD5
5d11e6ced54e751213b14cd9fc5a2f4a

SHA1
571c067e98bc975ad37771130cc44683ac470595

SHA256
06002f057b08dc959c0e32a0d1b42fd9a0680cc9000a0f2f5c488cb46298a080

SHA512
05ce8e0317582182eefd97e15bb7451d776d3692410c57b5bfd34240a40b3c334236667a42001d97ed775c38cec157ce86902c9653f1f025bb7aacb4d9c15c3e

Download Submit
/data/data/com.sogou.androidtool/databases/account.db-journal

Filesize
512B

MD5
736caba005b7e98009121f83f2ac6f9d

SHA1
d6006c288984c3e7f5882858be32f51621d156b6

SHA256
95ac447c1d7562ce36efb1337e6632aa55cebca0e35bab4cc655edd314aaa2d0

SHA512
e13a5d1073dce6100723299193237e761cf0b4d7563e71db38b4d7ac3c60766988be685df78027f64561f98afed7a07ed0128f4f820f96c36a9dc71f45aabda4

Download Submit
/data/data/com.sogou.androidtool/databases/account.db-wal

Filesize
8KB

MD5
1c58abb67888391d72b103804f74b307

SHA1
390fcf4ee9980e9fd6ad0504bfe7e31bcdc1659d

SHA256
ac04cfff6a79be6e5ed52666f71e5ef5bf364917012768a7932c04541dac65f5

SHA512
6e93124596dd50013b696e7b997210f908fd8a31a585a660de0fac56480fe738f31601994c2bb4f3e7e9035705fefc8054d63639767f5bc419b18ba7b6527c5c

Download Submit
/data/data/com.sogou.androidtool/databases/bugly_db_

Filesize
4KB

MD5
29990b205c233c35ca32f735c849dedb

SHA1
81902574067708fa022c0ad1a4c035ea376f8101

SHA256
f6abd62b29ff2eb6fd12fc6ab33e4158ea201ef9f06cb3e92225373793ef4a45

SHA512
7d85078ba9f4072553b33e89072c5d1b68829373d46133c551677c8b12671df4a12115ef4c955a31db0117ad2734390c5cb566e8f62ed483ef7d203e7e086d7b

Download Submit
/data/data/com.sogou.androidtool/databases/bugly_db_-journal

Filesize
48KB

MD5
c8c1ad7112c5e8cb208e693d850d2512

SHA1
f0605a5217e6da19200aa74ca88a2e5fe7737cc0

SHA256
a1d525a7f146961a94c8e3c07d1bbff9080cd6dd0d99ff3a3b282f582a641ea1

SHA512
fa968099ba9789dfcaefb7bc28d1e6584dd93efa5ee7bd3ebb6e194f362857da4fa77a335bfbcd842522fbca1e791e9eb2d67f90b03990b2b341f4b97a17a534

Download Submit
/data/data/com.sogou.androidtool/databases/bugly_db_-wal

Filesize
96KB

MD5
0b84834725258919b3cccd5777176dbb

SHA1
04c1f571edf22ba4975a14e1801f0a117298c4e1

SHA256
fe982b1f4c12085b78f59eb75b6644270ee8dbfcafeaf731b623cfdf9f22f7d4

SHA512
daf002707dc21eefb1920ae4b2499fd82ecfa0f976a6bc327e695d29d72b8b3257a6b2ac76303b22b5c888fd65a479e92a771b79ac8edc14b2af0b066ff1d034

Download Submit
/data/data/com.sogou.androidtool/databases/downloads_classic.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.sogou.androidtool/databases/downloads_classic.db-journal

Filesize
512B

MD5
3a299254c382fbfe44a11aace3bc8404

SHA1
138dec47849fcd2dd9670e5d2d9ce9b8182d5c49

SHA256
6699b9da1f776536431b7d99addaa562c70ad6db1c45bfd69f714f546bdd2bda

SHA512
450e85483a4d40d8e3b9ff3434af12ed8031c5f7361685e382d64921b8fcc8c7c90a561011c50064b7b5526538d99303ea53066455c9c5447201e03874be39ab

Download Submit
/data/data/com.sogou.androidtool/databases/downloads_classic.db-wal

Filesize
40KB

MD5
8991b621258d14e67b88fc0f35783ab6

SHA1
b8c91277374bb7ed09405f4f8456c75d7cd3342a

SHA256
3a9daccc85027cb7706bd473d222bd5711a43e1708154127451f901613e862a2

SHA512
a404ad9d228c43a730747dd71fe940de22d0da7704ff697b7502b2e7c52d7a3c8c85190163532fd538f83050b856171aea112818f7a60c5fbd5092f7c7174d45

Download Submit