Malware Analysis Report

2024-11-15 05:40

Sample ID 240604-b44xesgh9z
Target 93502131eb88c4093df220e25a4e54ca_JaffaCakes118
SHA256 aeed6b73622dbafa0afcdd711ea7584f1743b3fe5a504cfb85c1207ce17f4227
Tags
discovery impact evasion
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

aeed6b73622dbafa0afcdd711ea7584f1743b3fe5a504cfb85c1207ce17f4227

Threat Level: Shows suspicious behavior

The file 93502131eb88c4093df220e25a4e54ca_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery impact evasion

Loads dropped Dex/Jar

Queries information about running processes on the device

Queries information about the current Wi-Fi connection

Checks if the internet connection is available

Declares broadcast receivers with permission to handle system events

Declares services with permission to bind to the system

Requests dangerous framework permissions

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-04 01:42

Signatures

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A
Required by VPN services to bind with the system. Allows apps to provision VPN services. android.permission.BIND_VPN_SERVICE N/A N/A
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A
Required by in-call services to bind with the system. Allows apps to handle aspects of phone calls while they are in progress. android.permission.BIND_INCALL_SERVICE N/A N/A
Required by wallpaper services to bind with the system. Allows apps to provide live wallpapers. android.permission.BIND_WALLPAPER N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows the app to answer an incoming phone call. android.permission.ANSWER_PHONE_CALLS N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to collect component usage statistics. android.permission.PACKAGE_USAGE_STATS N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-04 01:42

Reported

2024-06-04 01:46

Platform

android-x64-20240603-en

Max time kernel

73s

Max time network

146s

Command Line

com.sogou.clean.robot

Signatures

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.sogou.clean.robot

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.206:443 android.apis.google.com tcp
GB 172.217.169.14:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.40:443 ssl.google-analytics.com tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.238:443 tcp
GB 142.250.200.34:443 tcp

Files

/data/data/com.sogou.clean.robot/databases/pb_db-journal

MD5 9f9fc50cd162d0e3a259cb2627a2a3bb
SHA1 c00a3fb500e7779081a1b6c7d64ebcc467a680ba
SHA256 32e295d4c6295f9ba45be7eac6633bd845871500d463d82f3af5e0be53f9c92d
SHA512 763c23beedccf8de62c619a6c2ecff0fe1a07487034f46664fe5d94cc6e6f8f0d16959475a9424e5c5281f27c65cba727bede0d3622f529c16346036590f86b6

/data/data/com.sogou.clean.robot/databases/pb_db

MD5 09f820c93e859ec750d3d98dea6c5919
SHA1 7f2351d858576faeece6790ca662c8d8e074c25d
SHA256 24a937e220e4145ca69aa28e9f714f0b6c6c7e760a871fde091d0eb803ef2fd5
SHA512 dd339cfabe04133224458d246a210da9745ce7f86d664bd3360741647b8a8a392270404a21201b6ba0412e505d5b6f12e56964ba299647dafdf1cf2aa18216a8

/data/data/com.sogou.clean.robot/databases/pb_db-journal

MD5 985c61458ed5dca02029d968a4fdd0c9
SHA1 267476d1a7e4340e62051ce7dfedfb05a9cb3e20
SHA256 5a9785fe231bb6090c4fe9b3563bc62dc2172d886dde2f06e3ef0dae05a4cf7b
SHA512 43a88be6e9dcaa8cf101e3467447ec71a2b8f4649c3f9fccf9c4fe8d191e7533052af635a8b302202a1bef9448f7b04c9f48acd58966ac8d2dc9c9404271e8d8

/data/data/com.sogou.clean.robot/databases/pb_db-journal

MD5 1f18b36e01fc3adf745cd705ec25a214
SHA1 6594c9712462ed43dd3afb6cc242264f1fd9fdce
SHA256 9a6b76c7df7e3012305267ea5f3c40cfb8e11fd004d0a27bbf7e5cef67001e83
SHA512 fb4ee68787cf5835d1c1c2d14b4a3fd50c85ebb8232c46fbcfaa7fed8b43f5c74881b792d83397060d08fcacbdffd6e754f994ae5e32d89eb11acbaeba0cad6d

/data/data/com.sogou.clean.robot/databases/pb_db-journal

MD5 36fd551e150545b81e4bc6dc3f3a148d
SHA1 a7bd5566c624d4823b7bbeda769cba1cfec9b931
SHA256 049a6e861e31a0e46bf847ec2dccc187c96d5bc78e78f1558782ac392d7392dc
SHA512 1bacbab19362d06f69d64701b00b7930da9f1452e7c75b54975320578383e4bdded03e1cfca9039c1a455291972c3f0b26ce822d26bafd60c24895cd0becacf6

/data/data/com.sogou.clean.robot/databases/pb_db

MD5 78ae73f15ff6d944a499766f67384fb2
SHA1 42f230f00fb0a4b8aff8adff1f4a8cf1468087e0
SHA256 c8a4b2558fcfb16b1a17e6cbb5cb59eb6c21ca0fbf484b9addb3f420f84122e2
SHA512 26516c244644f5bbafa8c36492a33cfd8ed66b1b75fe8f0d0ef81375f6ff1958865452aa38435b568de9b406b0b60e775d9a5fa0182e157622b6c98fb43fc619

/data/data/com.sogou.clean.robot/databases/pb_db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.sogou.clean.robot/databases/pb_db-wal

MD5 1660f01dee19c73bc1d3674799b1a124
SHA1 2d22dc4e45c796b9388b1f244aa8263a9d8edee8
SHA256 e41db54426c3aa106f214dab1b599dfb251cbea0ab8aaf44151e91ed62e48bfd
SHA512 87cb67a74f72b8a8525f3a608a8c64d290cc4322344c2c4b6fc5513fed9b0902229729d8d2167fd87e25d59692203738f8257a661a44f94c5b5f03ca7345d027

/data/data/com.sogou.clean.robot/databases/pb_db-wal

MD5 dc0b6b0f5950b2edd64697eab8039bbb
SHA1 41533487dc6c31c3d877857926ffdbad625d92b8
SHA256 5fa691ad6a058a0922e4ecac239969b28c9745d46210fee4a1b7f7964d671c11
SHA512 febe1aae21f32dde74c335b0198b4d98b8c30c46ac69f2500a4efd03698100cc7635e7d3c2e1069e24b23c2ecde5ba3616cb8a52f76d492a42f36ffb5e3a77d8

/data/data/com.sogou.clean.robot/databases/pb_db

MD5 b288620100b1b3021f40625a8cc29b5a
SHA1 bc025f3df9f78d4d5a4fcb424d9ae09817545bef
SHA256 ecf57b7d1d97c0e099b65fd96a95808d70d3acc0f2257cbcfb2a3f3f98035c95
SHA512 cac7fe0a3c903c1deefb0f38a83d289a5153c7cd49cbecc8a899c622747ed25fe59901aff84744ee2b85340482b8e469a803998a634e4a6bd1adb8b62e7e852b

/data/data/com.sogou.clean.robot/databases/pb_db-wal

MD5 dbedc8d4aa589ea0153017d3993a28ee
SHA1 dfa0e00c6918209a5c5ee0746397380747a884e2
SHA256 edc149bf9c297082c52c374743cdcb2ff9def37ad34447704c7a7a4ce1bda111
SHA512 9f4b50d5e6e054539fbf351450152eb5f8e7e763030e1ea7fa4362899cce9032f1415230efc4f3b111fdc7390a041c39753081e201bcad6ba61c655c816139b5

/data/data/com.sogou.clean.robot/databases/pb_db

MD5 d2d0383cc05103c35937e1f00dcd8567
SHA1 e9a00245d15b8e51973e463fd2b152357584c339
SHA256 7ad668d39006836b821405b5907a93b0c9d946f6f2684e314fd183d2bc0ac20c
SHA512 505989a03e4d2a1c560a64d638976b413ea0ecd844ed203cebc5bcf7b5f05265eaaf275a702571fc07ef7f56ec06e1300b7e24287d3aec9faebfe144fbbc6452

/data/data/com.sogou.clean.robot/databases/pb_db-wal

MD5 c6a25435cb60bfcd10d394083817c255
SHA1 e3513d7019ecd00b9666416b64b9da8ac233d7be
SHA256 134bee9de70881247b7f1a777067bc9a34ca0bab455a457e4741fd6694421a16
SHA512 bc4d99cff5b600f19aa42d09365faafea669dd3580acb377536bdc5ec92a38079869dcd3dbb695a2c0b2dc45009b3efbf78082ed95487e92d100ded47806541d

/data/data/com.sogou.clean.robot/databases/pb_db

MD5 853458ec0dbfe732b1b7934778a30c6f
SHA1 821e04c735b9f31bcb8532bbb3526b6c4d0fb62f
SHA256 fea9fc14b9a8089d757baa5fb906e474e99d6008656fc75cf79b1d60ae23b27d
SHA512 71948efeae504c6e978c201065fee09eeb16ff33657bc5c3fd82a3b53e359e348a2aea283a8d88b128c760c85c4cf95821ed85ac11c13b4cdfe777a69f1dbcb5

Analysis: behavioral5

Detonation Overview

Submitted

2024-06-04 01:42

Reported

2024-06-04 01:46

Platform

android-x64-arm64-20240603-en

Max time kernel

73s

Max time network

134s

Command Line

com.sogou.clean.robot

Signatures

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.sogou.clean.robot

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.179.238:443 tcp
GB 142.250.179.238:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.180.8:443 ssl.google-analytics.com tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp

Files

/data/user/0/com.sogou.clean.robot/databases/pb_db-journal

MD5 d7ea94027d5bbbbc7150e6a3a1f69ef5
SHA1 4d370027efa4e93962887f0e6806fbe7c6845236
SHA256 076b4d2047a27a61e1b63bed8b684562279b7295ccb8aa9cf88e6e15a80935a6
SHA512 91965668434dfcaf39b1a4c76d80723c264e0775e6e6208eed44dec9399823fec5e999e77152a5abcc7c4ed5bd955c4688762fedd2f663afed29e747a338955d

/data/user/0/com.sogou.clean.robot/databases/pb_db

MD5 92c44d4d6330463d863409b443807244
SHA1 31e4824d4ec1cb33b76e9c7bfbce1065a7cbcafa
SHA256 94b10ffe36c04d98bda139042e929f1cebe0d1bfc3f21d19470ac5e12622e8c2
SHA512 fb7cca447b772b0e02d39cf4e57adc80808a08a516e92fccefbcfec8a434d1c10394f816ab2aca3ec1815f6379b9a75f109dc8f0beaaff169952b5d038212d31

/data/user/0/com.sogou.clean.robot/databases/pb_db-journal

MD5 f1d8703527fae120faee2ad9a1a18b63
SHA1 cb5f5446780ba09427fe3ecfb21b800a88b75924
SHA256 f4707c2be379247d5e0c875185c297d4e6f25f08186856a8b4bc6aec7997449b
SHA512 6cc2bb7875dc1944ba16268c4e92949bf48a7f0de32e58836b611805fda1cc4438db26195a08a0a1bdfe0ff6a8b7ebe757d9c1d5bb33df0fc21c4136a471a04a

/data/user/0/com.sogou.clean.robot/databases/pb_db-journal

MD5 7d1eedc86e38075ded39606d26fca4f0
SHA1 a2b0678930e8be15fa39e0abe1047fd8dbadfd74
SHA256 8ecc123f81370ef5697a2a29226fc758f2a00781c1427dabd927a9d5f0f34133
SHA512 aaa3bcf9d5b1a8ac0e32d9a5f758d4ca4e57526b60f1e113ee06451fa1f7b6d500300a2f7ee031cbd3f467682cc0805111d71e1e36d7636acf6ae7d42fa594e5

/data/user/0/com.sogou.clean.robot/databases/pb_db-journal

MD5 1775664d45cae0146a973e811787522f
SHA1 86106f2ee785df3938e089d3a3d82004d6193cad
SHA256 1aa364b71b2791bd1d0d2f3e041b0ff495f3114c9a66af01b9791e37154de6d9
SHA512 051ce78d980a08bb09793fefc38eea9d0737fdb3ed825afe5acbbc0104ea02df6bfa27aca4751a32181d8c05410021e7ba0dc6b9da2277613d98f616ba6564a9

/data/user/0/com.sogou.clean.robot/databases/pb_db

MD5 bdc096c23fcf59d3d66a7d28c539d82c
SHA1 07de4d58d13c2bc250ee94658797f9e78404c923
SHA256 fd6ae85c485bcdf880442c0a4f4021710285e8755a7d9d7ca7533d6160a661ee
SHA512 69d840f7ed01a045eabc90a2e3a82de3cf660e46c3244eeaab64128a34659aa552c11e8d4d8ebfb725ee9ab3261cc2dc91bb672fbec7495a222c552c51cadc28

/data/user/0/com.sogou.clean.robot/databases/pb_db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/user/0/com.sogou.clean.robot/databases/pb_db-wal

MD5 7fd2ae9e722cd1288bcfb68cf3df28c1
SHA1 c2b0e9f511554fc0f1ffe33b40297c40745ff962
SHA256 f754d4e0aedf734886c1787c155371d9ddeb490922e95f879871d2b6dc38f7df
SHA512 17ebe87990a8f968ca7d41dd81e69db27ee31efa70bd123af1546b590bcdce9752817d505ec175acd4944a2f197582697268cea44167b28313916099a55db487

/data/user/0/com.sogou.clean.robot/databases/pb_db-wal

MD5 5cbf4d9d02d8996679e687f1912e1603
SHA1 092fd25adf2b82a9ed9db60b6b9ae96bf84c40cc
SHA256 2ae18395f17386320b863c0cf0fcdc13e081b2de9f389aeadc899e1b903399ad
SHA512 1cc998f48894b7f2244447e43bf85bec927faf5c8764b725d4bd90bd2da793f5e000f460cbe32c87027ceacd9cebe4225ed8347ec282eb64218cbf3b63262e9a

/data/user/0/com.sogou.clean.robot/databases/pb_db

MD5 80b41a4892f440f71c54abe51a14655d
SHA1 595dc1ebc14800ee3a2962788b230dc49998098d
SHA256 6ec8eeedc700c5d8f048da1c933ac1dd25efacb7ef1611f21ab89cd69b376a51
SHA512 0910471bb457e264f486a862d28456b64b280679c5d484ee8f672169121c171a35db5c0cf74373b6fd9a863b8bf1782a979428f7daa5f54c658129c8dfe70016

/data/user/0/com.sogou.clean.robot/databases/pb_db-wal

MD5 28700c57800d67e6e162a3f3d5c87bcc
SHA1 39282f0d3e5f88f503491f01e50a49d093c369eb
SHA256 28a9b22c51c0569e7588e422e785cb099c3ad0cfee7ce5dc30ef3bd3f9834e77
SHA512 7a7b35ca753ed28a088bc3e2e728f418e112d4c5f2a34e22a962215e462bc861b52d3bd7b6cadd722264d0c323112e1b4d7e19b77acdbdf27af4512e5bea0b7e

/data/user/0/com.sogou.clean.robot/databases/pb_db

MD5 12b124cf54893fdb481905417d5b80b2
SHA1 b25251f19dae246971102b06c8bdbd6010449cc1
SHA256 62e406cc9d96de07abb19cbcb052162d37630b2e70300c10db9946e1810f2b54
SHA512 e0dc46b06c6f53e671ef12451898278d7d6201027c1f2aa6844b6d00f6a5a647132be12df1a293e6b42394fdaccf91e7e9e3565921e312d29295d688b3f0333b

/data/user/0/com.sogou.clean.robot/databases/pb_db-wal

MD5 14493d42e1a83814b11f698fee856114
SHA1 37d39378fd6be295fb1942d21710bb4bc54d06ac
SHA256 a9102e24bdbc9ad728b76b2eebafadd70586bb9d6f3c80d386931f53b8f04941
SHA512 ca99e949a56a51a7073d247524e84c160a2730be20eb0e68cb2f887fb88811f0348a5ffadbd1a7dde94680157d00436547200ca011f1c946a1a044183fc93d0e

/data/user/0/com.sogou.clean.robot/databases/pb_db

MD5 8d93915fc7c1ad48dc50db12d1f391b8
SHA1 b5df4223d0da5ed1af80f91806abd8ee59dc84e1
SHA256 90a2d34358d1f46dc06a19cd655b71b1def2794f1aeada6d3cbb725676ff924b
SHA512 8224930bb51b4f42d9a59db1f96a4e08df33d9d8b7bde22508dec6a229803672f548c086ce63555fa23bf8674a95657e00f54371766d0679c32bf85677fd8c7c

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-04 01:42

Reported

2024-06-04 01:46

Platform

android-x86-arm-20240603-en

Max time kernel

32s

Max time network

134s

Command Line

com.mobiletool.appstore

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A Anonymous-DexFile@0xcb5f6000-0xcb60774c N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Processes

com.mobiletool.appstore

chmod 777 /data/user/0/com.mobiletool.appstore/cache

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 awpping.mse.sogou.com udp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp

Files

/data/data/com.mobiletool.appstore/.00000000000/39285EFA.dex

MD5 75a8168e7080b90fc2956592c268371f
SHA1 3702da56d31f381525473364f031dc884e37076d
SHA256 0b9c032080788add7f5989d0ce145e66a4686ff3a43b0e48dec60bf18bf75701
SHA512 33536573c834fffab7236dd96c22cbc3d075ab70b622ff7787381e5c7c262ab62e0252f0d07313c9227ccc8308cd93cd96373e57fa55a066691d5b5cfb55f5d3

/data/data/com.mobiletool.appstore/.00000000000/39285EFA.dex

MD5 02f69eb4fe05ebc6c9f736d83e5f7e26
SHA1 777d75e14a73f5721fc4ae34f49a9a4b82311373
SHA256 13502356b7d3f910107aeff131e9c4a2b892744a125a2d1a2a206b219dc36042
SHA512 7c1f5d68d40bf37aef2e59aa9a4f96d1ef642a8db7e53295953b0b5fa3a63cd7546c5cf8ad3fc17f6b84a795a08e13024d8dcb3db828ca3fad634964cba69bcc

/data/data/com.mobiletool.appstore/databases/MessageStore.db-journal

MD5 98e4e7b0ba211ee30650c948b4196ca8
SHA1 28eaf2ac7141884bc86e9e6d2e21aa5b41be749e
SHA256 df0fa725d03bb39e3c002beb29a362c7aec1529f7b853900e67b9d622492fdcb
SHA512 8581ee24a5e1b261cad39c058e2138977aa8a40b426af00e0db1e9b4c87691f1009d1ad3a9c66fe29827fb65a21bbc8eca3c7cfc143a33ed0122af0a1ea2585f

/data/data/com.mobiletool.appstore/databases/MessageStore.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.mobiletool.appstore/databases/MessageStore.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.mobiletool.appstore/databases/MessageStore.db-wal

MD5 0353655b8da997877073ac783bb6e102
SHA1 84cfa6f71befb4c7123feb38f343a061c2ec9efe
SHA256 f57b655d1c7a17a233c7676a78263af82b979b5d22b6772c573e256879f5116f
SHA512 2e59c924c85b136a33185eec7b7b744729a4e1150d3f1b2108de6cd2ca9e2f3977d179cb18683b798c2007137ae1f84273689fb9a212871a0ee7b8494940d19d

/data/data/com.mobiletool.appstore/databases/MsgLogStore.db-journal

MD5 af8f4132255ffcf220ec795aaadce3d0
SHA1 83e731e63729ca6228ed6668a9c1e0335c905d8e
SHA256 e75dd836e282d076d4d20e0a71f7c2741b973e517fec2c884a145c7d4d86cdfd
SHA512 0e30f7639361610f7cd6bffa7bf5a49632673581ffebc6aaf27ec401851732d2d9132db51084786c86ed1f0410db74f8a5a07228429f3cc51c8634876d4aec4a

/data/data/com.mobiletool.appstore/databases/MsgLogStore.db-wal

MD5 b8fead1d8b14686e674a3c8d3c963444
SHA1 78ef42309e6c4f1e36b68ce2dfffdbeb700b2979
SHA256 ae9d35d0b8e343cf7572a3f52f068c6f79430e65670ecbb170650a1724438152
SHA512 ff017d3e762cc032bc7da61fd210e6a65318ac197410ddb4cfa4bc312de7d8b5706d2897242b8134aad19adc86e702300bb8f63cc9990c4e64978af4445d1cb2

/data/data/com.mobiletool.appstore/databases/downloads_classic.db-journal

MD5 28177a16366ff6069c313109c42121d2
SHA1 6752cdbff2d7b4f0394d6ec4adb2615b72c6d81a
SHA256 377220aba8847914c5346fde87ec3b4c0c884b8899b702a29c6bb718e6b2270f
SHA512 aa1b9e368600b2e4e8e57f537a73eaf6a1002c2429a52cfbda950e0413e5dd917be7630dec9d0cd437d2f62e31b2b4d1290b9f69728b1a9792268d451f4b6fa6

/data/data/com.mobiletool.appstore/databases/downloads_classic.db-wal

MD5 0a21068340d1fe93d8d312e240e929b8
SHA1 c2e0e9df024da5544551823efe10b3a5f7a568a7
SHA256 ba75e1d359de1fc7499e3d92ed35bd54ea70a17a16986f8474b9273b966287ac
SHA512 df4628d3cbc159efc4c107ceb24b1af928101ddc5b999e2cbe0d63dc0a0978db2f6abac808733b2b6475a489d823a63ed5604fe8e7f043065e7c2c3a11fe88f1

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-04 01:42

Reported

2024-06-04 01:43

Platform

android-33-x64-arm64-20240603-en

Max time network

9s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 216.58.213.4:443 udp
GB 216.58.213.4:443 tcp
GB 216.58.213.4:443 tcp
GB 216.58.213.4:443 udp
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-04 01:42

Reported

2024-06-04 01:46

Platform

android-x86-arm-20240603-en

Max time kernel

72s

Max time network

132s

Command Line

com.sogou.clean.robot

Signatures

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.sogou.clean.robot

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.238:443 android.apis.google.com tcp

Files

/data/data/com.sogou.clean.robot/databases/pb_db-journal

MD5 4c7d2de2c3c13a5519ae0d1e0ac7b91f
SHA1 48f089e11fc85c58b97cf1292d0ac1e00abfb0a6
SHA256 bd072b33df546a89fc705bb9147137edf33d9e9ac29b52e297b40d1e804e250b
SHA512 efb61258c4464f570e73b843fef7ed86dc33d349738c84efbbf2704a2c09d9da2b61b3c7536acc7a9483042ab9806b704867b5711fbe16ee7aa96c883f98c835

/data/data/com.sogou.clean.robot/databases/pb_db

MD5 650956f5790780ebe873a98ec3c6208e
SHA1 93d153640b298e9214eca32825ec30b181f9e8ce
SHA256 36b4a521ca7add4a85d3ceffd27777e37c0c0e06c44977492e58657664d59cab
SHA512 9fcc0dd8a702424908286f597c6418516a939038d264c2d31f65dc48fc5b025d7a4c85d85a54dbaf33708b7ccb0c703c2bb0762033a6fcfe7917287c6d307449

/data/data/com.sogou.clean.robot/databases/pb_db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.sogou.clean.robot/databases/pb_db-wal

MD5 6f4d73d18b66aa125ce68b0e6e27ca07
SHA1 d91fd10a5dc8785d42b11b1dfe676120bc09faf2
SHA256 e799833c7475d10ba6597607cb86506f4b64fca2b3455f05ff513f0b4dd5935e
SHA512 4ad9896442eb5536af6d5ac13f3e4501b8450f2979dda8684be242f34614f33d52b07554d30dc638eed921992bc81dc14d48761b7825c8ebfe16a058bfa68d67

/data/data/com.sogou.clean.robot/databases/pb_db-wal

MD5 1e619a2bc5b56379701f1bba6395b623
SHA1 1f72436d18ea1fb2b86b6a4b6741dc9ee2b42b65
SHA256 b5fc7d9b06705fa83128e5261c15cdb8f0d5b0be5314c3c7c6fcf5a2de67d3e2
SHA512 96a5a68def5a67bbed469e6537fcedc75b5e12aa32fbd23cc00468b8e520f235c40e0780d34dad293d27058091ca5ff9786363aaee774c63dd9038ed36a6a85d

/data/data/com.sogou.clean.robot/databases/pb_db

MD5 037dd2a905ca31753086a86a6988b5e5
SHA1 031620aa4ea80784cd467c4d451d6e3b4f4fff3f
SHA256 e5f3e67a37dae034e73f9f75c42c9d8cdf370a5f225da2e661c3d6eb3c2c0d1d
SHA512 49ca5bda8bfe26a88af9d949792c54ef49eec6b515cddbe3656c8f06a8a8dab7f9b7923404eb4429c745c1cebe9e9b71f84054db3bfb527456396f1f710bb983

/data/data/com.sogou.clean.robot/databases/pb_db-wal

MD5 fd52529ac0a15b4499846fb2a5b1f4b9
SHA1 f3dbaa6e173a82b17157a0c847c415d0768f2914
SHA256 e42b1f697535bc03dceda0ac79c3002760dbac494b1b834e5c05c921938476b1
SHA512 a619329de9ab3b47cc333f188e539f773c5ce6ca6cdd650fb72127b43979498984827d911cf76217ccec7854fc7332d1b4bfc65952c00a86c809d0ed737f6da0

/data/data/com.sogou.clean.robot/databases/pb_db

MD5 e4fff47de57891acd0c66f5da0228c82
SHA1 c679d3b808bea436321889c3b1f34bd086056103
SHA256 3593363066cb8883642d1f8e77d7c804d62f9f8c79a9017b3ab033e13388961f
SHA512 edea8fbcbf1de933a793ac99f9dafeafd1efa11138d8633b38131a1704bd2f818b7730091a93100ec342096cb00ab8a9030b9d5ec127ec09c845269927322a88

/data/data/com.sogou.clean.robot/databases/pb_db-wal

MD5 2335f96a9daa1e4430e5ceed1fc58a4e
SHA1 ec75769a3f1c728a25c76d284ea6e527f983579a
SHA256 58525b5682dc81401a5ac120b34d368f01031b223880e1a71f85e80352186e24
SHA512 33c03670c3033b6e77919e57aa9bf97293a779787a31c574a28576d0301a8f438e2b4a4acaf27c23993be2fd566a93093f7f072f5e48b749f253707df4c9f371

/data/data/com.sogou.clean.robot/databases/pb_db

MD5 3ca2ad7b69ac863a714a2236a39e86cc
SHA1 3d90990637e19f5fccf0e2ea8d341190faeb7673
SHA256 050cccfffcb087b9869f6292e44669815259d0917da686c936190ec290247f52
SHA512 8d3e40b3e035ca3ce4a36dd54dc268a7620fc9b2455a9cbd9a36a77faa787ea56cd54a6635c5e48c1ad65720b55d3c6b17932f841a2d75ebb177b02401212a2d

/data/data/com.sogou.clean.robot/databases/pb_db-wal

MD5 54824068b3c98356ac21f662f3fad7cb
SHA1 6ee914cd645039e2ceb7c91a3fb745e0b7b07f18
SHA256 e4290a9130baad6bc6a7281cff89201ddd5282bed67e28154ed6cd777115298b
SHA512 dc30f38b24874a19b1345d7bd3e0e820d356fee871a395895ed3aec720f0c98efdb02aa80b0df7b252373bc654f117de72cc8f6db7f741855106d61dc8a7e2f7

/data/data/com.sogou.clean.robot/databases/pb_db

MD5 c7777e2176a388295d0967f5a8a60487
SHA1 9d672695c286d927de9a24a01a1c11e966a93a92
SHA256 bda0c73b511c801219c1caef8096bfad8a104de7fd715c0808b1869449d64dbd
SHA512 ca343dba2d7a2ae7a39a90d7b84f2f1c050a5e7d6b0ecb31f5cad17a69a54968913f721de812c42fd693166148969d4bb14302c911e4f17ac73467edc06347f8