Analysis Overview
SHA256
25b7de548db5031389c17dafaf3b2f11ec82c78c8c695c14440f6af6c40d87b0
Threat Level: Shows suspicious behavior
The file 9f834a5d8ff02316cb478cc295792140_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Queries information about running processes on the device
Declares broadcast receivers with permission to handle system events
Requests dangerous framework permissions
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-06-11 21:06
Signatures
Declares broadcast receivers with permission to handle system events
| Description | Indicator | Process | Target |
| Required by device admin receivers to bind with the system. Allows apps to manage device administration features. | android.permission.BIND_DEVICE_ADMIN | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. | android.permission.SYSTEM_ALERT_WINDOW | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read or write the system settings. | android.permission.WRITE_SETTINGS | N/A | N/A |
| Allows an application to collect component usage statistics. | android.permission.PACKAGE_USAGE_STATS | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to record audio. | android.permission.RECORD_AUDIO | N/A | N/A |
| Allows access to the list of accounts in the Accounts Service. | android.permission.GET_ACCOUNTS | N/A | N/A |
| Allows an application to request installing packages. | android.permission.REQUEST_INSTALL_PACKAGES | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-11 21:06
Reported
2024-06-11 21:09
Platform
android-x86-arm-20240611.1-en
Max time kernel
12s
Max time network
137s
Command Line
Signatures
Queries information about running processes on the device
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
Processes
sogou.mobile.explorer.online
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.212.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.204.78:443 | android.apis.google.com | tcp |
Files
/data/data/sogou.mobile.explorer.online/databases/MessageStore.db-journal
| MD5 | c31ff9be2121f4a92b8599ac98426e05 |
| SHA1 | 57dac098deeea901bbd4c6262b3275e7f283d0dc |
| SHA256 | 363c314d7dbea15b65d2edd865cb11e39501195d2d5057b76933316bbcf59c6d |
| SHA512 | 2b7dcecdbeb82ace37ff5e5b6c4288e1ffd7dfa550437f446a28745a0e9ad783c030fda3f4d1a5d78705b8a0407cf460be5916a3f533a9f762741eac90763ad8 |
/data/data/sogou.mobile.explorer.online/databases/MessageStore.db
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/sogou.mobile.explorer.online/databases/MessageStore.db-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/sogou.mobile.explorer.online/databases/MessageStore.db-wal
| MD5 | 96326133e891237181a3a5b75442089b |
| SHA1 | 4f8865635af240bc044c22d492e6eb65aba6098a |
| SHA256 | cf9923543c720d2b64618ca149b39607eba4107d7617af29db6b9a24d2dc1925 |
| SHA512 | ac5aeec2fde1eda7767b4fef7df99181ce99ead478ecd8b8f01e66d1f26b88e96c294a7d628275cd83410a38ee9459e11c8adcd9948da2372f9f8de1f8be1875 |
/data/data/sogou.mobile.explorer.online/databases/MsgLogStore.db-journal
| MD5 | 33ebe0a4b79977f09d06ee4b722ac95d |
| SHA1 | c54bffc21fccec0dc3f792170e0040d5a7736a29 |
| SHA256 | 30827cdec4142db3c9791fd84c7bc8e187e7b1d713e5e1cdb117ef3595729123 |
| SHA512 | 9864a4e90437a4d777810d960420fcb5cc421eb86e73b34929aefbf2e4593f6df83098a75c6fa9ae67be95f6fc34e8b64b234a17c40e1b817dd1281468f34f1a |
/data/data/sogou.mobile.explorer.online/databases/MsgLogStore.db-wal
| MD5 | ff8e1a6a36dc08069ff281b3f1293fed |
| SHA1 | fb3caf07a5ae23a5ff6251cdcd3f93d862ff1172 |
| SHA256 | fea6844c598d771bca6e0e8096da7bad322dc8be629264e153bbc36a646d4d07 |
| SHA512 | 451f325d387dd9a0f229c703203f733665eaad5abd6cae8e7e1a5a88bcdb272caf194cf64e0b87b7392318562576f184e817fcb3663f773de11315200650debf |
/data/data/sogou.mobile.explorer.online/databases/sogou_mobile_athena.db-journal
| MD5 | 8b8b222c3e65fc54e09582a0ba59af39 |
| SHA1 | 856a6e2edd3db0e205990c7ba5e59fd649ec8235 |
| SHA256 | be3b47055bd5edb81a84c42692f911c6c64840519473f780c87162e3faa1b8c5 |
| SHA512 | ff7531960cfdd4d61d262f1873230482de19cde72f3f8c7630135fc52ca6473bfb864064a1121bf265d9ee7f0b7978b4725f2b7f7fcbef1288a3377d4040b4e0 |
/data/data/sogou.mobile.explorer.online/databases/sogou_mobile_athena.db-wal
| MD5 | 4fc77656797fcd20ded2ff1f260d98a5 |
| SHA1 | 3b5f502dab9177325e2fe713bb6e0ba83b88c7d4 |
| SHA256 | 48ee5a77d32baee07a8a0033a74cf5557a59faeeff24d63f9253531d9f71ad2d |
| SHA512 | 351680b3e996f3d3bfa452215798fd6ae30c9a1ca1b949fdf940c8dc6a28dbed0a905fba8ec8cd4118301aeb10ecc06c26f02024a2b5be8036fff0b0b151dc01 |
/data/data/sogou.mobile.explorer.online/databases/sogou_mobile_athena.db-wal
| MD5 | 253c7d7702e56c041f156785aa937873 |
| SHA1 | 1760f3939880d9382a5a97a4453e64ecd65e6090 |
| SHA256 | 727f826fa8ecea3e19503ba0602a6d30ebc95c1a9ddf692c5677ca075d88d49f |
| SHA512 | fcea685933292de7daf5b2955d55ff1fec9e3350b25c139bcfdcc8f0bd8c7a4a001c329f5b89c899662e110d78260f86de36ef7a137d63db3152e0fc3b5af840 |
/data/data/sogou.mobile.explorer.online/databases/sogou_mobile_browser.db-journal
| MD5 | 6fc24381601c968e671e414a6d4e4668 |
| SHA1 | f96a39d469f94d5d0450cf5807962cd9e67f3700 |
| SHA256 | 2c57a444cf45fc8b6014d51f390c8b90e7ad3d6d308cac235e5f27ee72e61e88 |
| SHA512 | ec6340231130f4e1df176f0d3c5a41caa207739de99977e964759167caab4c7cd8292b8fad5e8a13a5b877a78d9c92f9eabe8a3c275ffc451308f6eab2775c7b |
/data/data/sogou.mobile.explorer.online/app_sogou_webview/paks/zh-CN.pak
| MD5 | c2a39b44d8497651dbdd47de3914cda4 |
| SHA1 | 9f7cc545f3be8e3ca2dbbe7121e8fbe48826b365 |
| SHA256 | af50e136022980a392a15ad42195ea186fd523f37b06a020ff4093b985b662c2 |
| SHA512 | 13bd9efd6abf4befa2de2982a6959d3147e35bc9f17f225c825df8c50a52dbb41171eb7649764cad39d8cf2e34ceb76b19b3be79a978113b0e968a0e07db2a89 |
/data/data/sogou.mobile.explorer.online/databases/sogou_mobile_browser.db-wal
| MD5 | 42944ff1fe284258f31eae5137b362ab |
| SHA1 | 2d5c65538ebdcfe1adee183a067285e45259d308 |
| SHA256 | 7d76d0901cb77f475883348e2589933f2c69bc14de4c77743bc0160c8428f1c0 |
| SHA512 | cf8f62b6999d01b310dc3506c1cfc2a1f25e983341253a8f31893eda230c5197a8c1165093852477b6a35ac3d22cbb56fb051f2e7744a9f22e18bd8a355f02e9 |
/data/data/sogou.mobile.explorer.online/app_sogou_webview/paks/en-US.pak
| MD5 | 7f3c99719fe3022daa185b88a664123b |
| SHA1 | bd52a290b118918f261a45cbec7742639afdd1f1 |
| SHA256 | 69ec6ddf905061e51197191e6f2d8dab11998b41a5937ee343349a6f0f8232b7 |
| SHA512 | 9d1047310a2e9ee3a653bfbbc0c7c40a93e6152034f701288de6264292f1d67729db84af38f27617171e27bfc5d03907d9af4268992d8063cdbd8c06ad281102 |
/data/data/sogou.mobile.explorer.online/app_sogou_webview/paks/chrome_100_percent.pak
| MD5 | 4e2c21b2b1675fea6aadf96d0f320451 |
| SHA1 | 7e348adaf79b8e9250dcb3fc8fe1f17378390fc5 |
| SHA256 | 056b2aba76de8466b87efb4b44e29bf49fb55e0c0df334ac2cfd4e219a1ef18c |
| SHA512 | ed7438593b23a18774e29aac2b5f2c9425feb37203761989b6f508abb44993f41c1adab895c651871b711b043b2feab8c90337d3333c794461b15f36c65020a7 |
/data/data/sogou.mobile.explorer.online/app_sogou_webview/paks/resources.pak
| MD5 | 0acff537e108ad6b4c64dcd241e8a392 |
| SHA1 | 95e170574e39bb2c58fae5d75a289477e9b0c9c6 |
| SHA256 | d1efb3419ee6949011547907badc3c61875aaa4ce53a8dda7e4177129a0c51cb |
| SHA512 | b414266168328d890d8f540af80313cae37e9e4626daf4eebdbe9cae8f27e06b7d063fbef3467fbb9f4898347797fe119f1394cab03d0869727bafc9ba6bb88e |
/data/data/sogou.mobile.explorer.online/databases/sogou_mobile_browser.db-wal
| MD5 | 4d0065d94e44444ee0647bd3bafa9f56 |
| SHA1 | 8e1ba54b286861cff99453f5b006c74c23c31265 |
| SHA256 | 2a815c2dc5884e8ccaf3da0cc10b92ed2779e4b42f3176624540590427a0f043 |
| SHA512 | 1b2ea102ba6a02e150183546acc49c1d9c2414dbdd2ea2d27b97226f3cde67bc76df3e0474d664278899132fe832298f65a289c35ac1fd9d4e74e82b1978e209 |