Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

6

7d53b2d525...18.apk

android-9-x86

8

7d53b2d525...18.apk

android-11-x64

7

Analysis

  • max time kernel
    172s
  • max time network
    188s
  • platform
    android_x86
  • resource
    android-x86-arm-20240514-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
  • submitted
    28/05/2024, 14:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7d53b2d5255a0fab1c685e7f988cac3e_JaffaCakes118.apk

  • Size

    12.3MB

  • MD5

    7d53b2d5255a0fab1c685e7f988cac3e

  • SHA1

    d2da0e0b92190383406649ba04a7a4947f2586fc

  • SHA256

    6f147d7da4a1a4595dd35774464741a00eddb3b5022c3cb794a059e1ab186f53

  • SHA512

    8a3f7421ff32f210eb6824012ff0ee987670c731c5d5b8fcba75ba9e9abc4218614fd6581c9209607a5ec202493506f60717d4beddbdf3c322a280c5a3cc1fe4

  • SSDEEP

    196608:Y5D26pDmV6zUKX2q5pqN+lqN2e9z7owedO/C4Mf4coMBpkhgaN+6L/706ddll9qb:2Hsq50WqlRlC4QBpMdT0slTKUTNuOi

Score
8/10
collectiondiscoveryevasionexecutionimpactpersistence

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 5 IoCs
    evasion
  • Requests cell location 2 TTPs 3 IoCs

    Uses Android APIs to to get current cell location.

    collectiondiscoveryevasion
  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

    evasiondiscovery
  • Checks memory information 2 TTPs 2 IoCs

    Checks memory information which indicate if the system is an emulator.

    evasiondiscovery
  • Queries information about running processes on the device 1 TTPs 3 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 3 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 3 IoCs
    persistence
  • Checks if the internet connection is available 1 TTPs 3 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • com.sogou.androidtool
    1⤵
    • Checks if the Android device is rooted.
    • Requests cell location
    • Checks CPU information
    • Checks memory information
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    PID:4277
    • chmod 777 /data/user/0/com.sogou.androidtool/cache
      2⤵
        PID:4306
      • chmod 777 /data/user/0/com.sogou.androidtool/cache
        2⤵
          PID:4330
      • com.sogou.androidtool:remote_proxy
        1⤵
        • Checks if the Android device is rooted.
        • Requests cell location
        • Queries information about running processes on the device
        • Queries information about the current Wi-Fi connection
        • Registers a broadcast receiver at runtime (usually for listening for system events)
        • Checks if the internet connection is available
        PID:4530
        • chmod 777 /data/user/0/com.sogou.androidtool/cache
          2⤵
            PID:4674
        • com.sogou.androidtool:channel
          1⤵
          • Checks if the Android device is rooted.
          • Requests cell location
          • Checks memory information
          • Queries information about running processes on the device
          • Queries information about the current Wi-Fi connection
          • Registers a broadcast receiver at runtime (usually for listening for system events)
          • Checks if the internet connection is available
          • Schedules tasks to execute at a specified time
          • Uses Crypto APIs (Might try to encrypt user data)
          PID:4785
          • chmod 777 /data/user/0/com.sogou.androidtool/cache
            2⤵
              PID:4819
            • /system/bin/sh -c getprop ro.board.platform
              2⤵
                PID:4921
              • getprop ro.board.platform
                2⤵
                  PID:4921
                • /system/bin/sh -c type su
                  2⤵
                  • Checks if the Android device is rooted.
                  PID:4965

              Network

              MITRE ATT&CK Mobile v15

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • /data/data/com.sogou.androidtool/databases/MessageStore.db
                Filesize

                4KB

                MD5

                f2b4b0190b9f384ca885f0c8c9b14700

                SHA1

                934ff2646757b5b6e7f20f6a0aa76c7f995d9361

                SHA256

                0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

                SHA512

                ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

                Download Submit

              • /data/data/com.sogou.androidtool/databases/MessageStore.db-journal
                Filesize

                201KB

                MD5

                d6ca7ce151687d2b4e8ec892445cd2cf

                SHA1

                3d947559a68ee138d20719f55901719139b79297

                SHA256

                7d101c9ab2e240b8e1e8623cf5cdd40f012497e30bb5e2e59a9f0801a4d90f1f

                SHA512

                1a77bc10068faa81d9689779afb5c7ed269c4205778494b3be80c71164a2a58959fd28d1f6b64a3f1b6479d8021ec99b1244f1313e50e1492ff348947d6eeb7e

                Download Submit

              • /data/data/com.sogou.androidtool/databases/MessageStore.db-shm
                Filesize

                28KB

                MD5

                cf845a781c107ec1346e849c9dd1b7e8

                SHA1

                b44ccc7f7d519352422e59ee8b0bdbac881768a7

                SHA256

                18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

                SHA512

                4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

                Download Submit

              • /data/data/com.sogou.androidtool/databases/MessageStore.db-wal
                Filesize

                48KB

                MD5

                80a8b941d76f5f3636d1c918e7f1bf73

                SHA1

                86b3e5d7079c559fa6d9ee5efb6d21cb21071b36

                SHA256

                3aa24b0ac954ee907ce927606849efbdf426f91a0a3bf15798fdc67824f98a72

                SHA512

                f8a0dc358de6d68cea21f5a8d8b0f0dc02aae4f54ef27aa4677227bea1dafb10ec1703fa25a8edc04fbfd46ea812b2166895a02127bfd9a1e3aefb79f97fc008

                Download Submit

              • /data/data/com.sogou.androidtool/databases/MsgLogStore.db-journal
                Filesize

                512B

                MD5

                65259e76731d3313719f4c6b98a2872e

                SHA1

                8aca79c1cae1fb75517bbf48c3547649271f9bba

                SHA256

                3b8d3a6c698c9243c72d5d3c94293949ff50b46dd5904478e6bd4c64b72199b5

                SHA512

                f7d4edeb41386ede360fd1a5e04dc223fa9d5a27c190b769ef90663f5d81f07fd64da9ebb363992f737a97f426b916cd70ff46e62722dbe2c20552353b0efd92

                Download Submit

              • /data/data/com.sogou.androidtool/databases/MsgLogStore.db-shm
                Filesize

                36KB

                MD5

                486e2bac2b3e9e1cb411d2838a4854bd

                SHA1

                81dd0a7537f4af319b830ae834908986be85da8b

                SHA256

                5644a250fa6cef16c2c802b98275656a5fc39dcf89bcc22193742d85c7313f57

                SHA512

                c146789563dae163e373489b3df53f22efebd32b69643992969241eb5ad5eec668de67e7cd2aaf5c3a8af57b0842115d00183825734f57643d3fdb09835fe681

                Download Submit

              • /data/data/com.sogou.androidtool/databases/MsgLogStore.db-wal
                Filesize

                68KB

                MD5

                e476cb67ab406d6857977b0679a80d57

                SHA1

                2ca08e97d193d5f6c3b2a185ea92b662cc70b475

                SHA256

                757acd08ed76fffa8be9afd3c9d0cbd2cd9cbdf7b83f553554cc7fa708fbd759

                SHA512

                b6bd3c1b55fcb22ef73501cbe376c721f336f42b2154d8a0872972aae8bf41b44c551306b25e5260c7f641090a2ea01f44c4e9453b3e223267195539ca9e5ea8

                Download Submit

              • /data/data/com.sogou.androidtool/databases/account.db-journal
                Filesize

                512B

                MD5

                d86feb313e1efcb574fce4438d59e362

                SHA1

                ecda65e730e845f67463face41ecce3687b384bc

                SHA256

                c79350a55a4e502ae61a6367343eede38f21aeab377ae655e5473629159683b1

                SHA512

                9d4f2fb4b6cc34d1180e751a820ce554a8d23fc453d9dc2a6c6d9225252ea9035d6df6997f6afdb1f8147fd35a8f645091e33cab40ce1a1072bd5a8d2b181655

                Download Submit

              • /data/data/com.sogou.androidtool/databases/account.db-wal
                Filesize

                16KB

                MD5

                82e4d31def68c92c5d8cf6f8dcf87e89

                SHA1

                a17bfdd0f786b9bfbcba49566b3afa229baec1f7

                SHA256

                dd72f19692ffcb764ef8e104b59b694dd589c49e109649ae2bd64f1122c3f906

                SHA512

                b384f9c5395d071d80d0b64e7c19cbd77ebb8d8c8c6f864964fb0c136638690455c1337e94c5693981d3023df6442e87f73508b730c0b36ab08f113df5f14c22

                Download Submit

              • /data/data/com.sogou.androidtool/databases/bugly_db_
                Filesize

                4KB

                MD5

                1f1be8534d46f39efdd7abe97e59b40c

                SHA1

                887d99b4c7c9789a78a9ade5c70b01b0440f22bd

                SHA256

                0b81e17b0211dfeabade18396f6477e9936b0076d8216683ad9524edd885933a

                SHA512

                b90ff3744ba666a29e24e0ccf3ebf4bf4464d46506ef6473944c53ddd98af92a762e895da961144ee49d48974c1092386d561d612c0f19c5628166b0f0e67db0

                Download Submit

              • /data/data/com.sogou.androidtool/databases/bugly_db_-journal
                Filesize

                48KB

                MD5

                2737647aa92b727f959521d998c54d8f

                SHA1

                bcf6e835d01dfa18fc76cfc506ff744fcc7f4095

                SHA256

                6bf2b10ff7b7cff181642c7f26102e661036d0632ca937b40143854eb5ad2841

                SHA512

                b905acb7430bf8059a19bbf39fd40a57ebc6147493bb461e5ab4ac0a4c78adaa356ebcfcce0e59f6e69746c260db04db1a3403a6e4bbbe91ff70441615c9282b

                Download Submit

              • /data/data/com.sogou.androidtool/databases/bugly_db_-wal
                Filesize

                96KB

                MD5

                e3ebfaf1ac68845ce494f3cb6ea668d1

                SHA1

                bf313a5180165a0d8248be04dab07ef152fb5ada

                SHA256

                1828c778bf5d4e32d9e6708d75e7c80639310562a07da69174b2bea83b448217

                SHA512

                75ff23d5cb30541fe4d1f8def966564e21e5f6680c800371e66333ca1f3a97abf9bff37390fc19669857999b1a6f64084fa0dfb0592e9fb83e7bcd29632c0059

                Download Submit

              • /data/data/com.sogou.androidtool/databases/downloads_classic.db-journal
                Filesize

                512B

                MD5

                50239f7d7ac28097c0d124d0e4c54166

                SHA1

                ab5ed4ca295342da5d674083bf8131c8721ad4ff

                SHA256

                ca341428130c9e0377489702c83d9bfdc80c93a8c2b3bd2e3b95bfc1670033a2

                SHA512

                3ba7688d104ee1fc10e1c60068b0ccfe429e59d2cd8ed1cdf5a8207d19373a180ab19b5064f3f5d24495accd0d1c7edcd80b57f52b08cb748c337d27585f6cee

                Download Submit

              • /data/data/com.sogou.androidtool/databases/downloads_classic.db-wal
                Filesize

                40KB

                MD5

                59075d832d20cd9f90d365a097374031

                SHA1

                fde0b3561ad84276a80ef48e351c379f834d4941

                SHA256

                c3bf954f527a17e14d34e599902a7b9ef51803f278ae09d8302674a37cf062bd

                SHA512

                10d1af085405a99988aa438f63bee8c35d68cbecc4b042f75e6bc5cf4b3fa10befca8bc574b13e0cd3d1823d91198aa9937a876dea0b57b336f374f3a4878182

                Download Submit