Malware Analysis Report

2025-01-19 07:50

Sample ID 240611-zxpe6a1glr
Target 9f834a5d8ff02316cb478cc295792140_JaffaCakes118
SHA256 25b7de548db5031389c17dafaf3b2f11ec82c78c8c695c14440f6af6c40d87b0
Tags
discovery
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

25b7de548db5031389c17dafaf3b2f11ec82c78c8c695c14440f6af6c40d87b0

Threat Level: Shows suspicious behavior

The file 9f834a5d8ff02316cb478cc295792140_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery

Queries information about running processes on the device

Declares broadcast receivers with permission to handle system events

Requests dangerous framework permissions

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-11 21:06

Signatures

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to collect component usage statistics. android.permission.PACKAGE_USAGE_STATS N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 21:06

Reported

2024-06-11 21:09

Platform

android-x86-arm-20240611.1-en

Max time kernel

12s

Max time network

137s

Command Line

sogou.mobile.explorer.online

Signatures

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Processes

sogou.mobile.explorer.online

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.212.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp

Files

/data/data/sogou.mobile.explorer.online/databases/MessageStore.db-journal

MD5 c31ff9be2121f4a92b8599ac98426e05
SHA1 57dac098deeea901bbd4c6262b3275e7f283d0dc
SHA256 363c314d7dbea15b65d2edd865cb11e39501195d2d5057b76933316bbcf59c6d
SHA512 2b7dcecdbeb82ace37ff5e5b6c4288e1ffd7dfa550437f446a28745a0e9ad783c030fda3f4d1a5d78705b8a0407cf460be5916a3f533a9f762741eac90763ad8

/data/data/sogou.mobile.explorer.online/databases/MessageStore.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/sogou.mobile.explorer.online/databases/MessageStore.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/sogou.mobile.explorer.online/databases/MessageStore.db-wal

MD5 96326133e891237181a3a5b75442089b
SHA1 4f8865635af240bc044c22d492e6eb65aba6098a
SHA256 cf9923543c720d2b64618ca149b39607eba4107d7617af29db6b9a24d2dc1925
SHA512 ac5aeec2fde1eda7767b4fef7df99181ce99ead478ecd8b8f01e66d1f26b88e96c294a7d628275cd83410a38ee9459e11c8adcd9948da2372f9f8de1f8be1875

/data/data/sogou.mobile.explorer.online/databases/MsgLogStore.db-journal

MD5 33ebe0a4b79977f09d06ee4b722ac95d
SHA1 c54bffc21fccec0dc3f792170e0040d5a7736a29
SHA256 30827cdec4142db3c9791fd84c7bc8e187e7b1d713e5e1cdb117ef3595729123
SHA512 9864a4e90437a4d777810d960420fcb5cc421eb86e73b34929aefbf2e4593f6df83098a75c6fa9ae67be95f6fc34e8b64b234a17c40e1b817dd1281468f34f1a

/data/data/sogou.mobile.explorer.online/databases/MsgLogStore.db-wal

MD5 ff8e1a6a36dc08069ff281b3f1293fed
SHA1 fb3caf07a5ae23a5ff6251cdcd3f93d862ff1172
SHA256 fea6844c598d771bca6e0e8096da7bad322dc8be629264e153bbc36a646d4d07
SHA512 451f325d387dd9a0f229c703203f733665eaad5abd6cae8e7e1a5a88bcdb272caf194cf64e0b87b7392318562576f184e817fcb3663f773de11315200650debf

/data/data/sogou.mobile.explorer.online/databases/sogou_mobile_athena.db-journal

MD5 8b8b222c3e65fc54e09582a0ba59af39
SHA1 856a6e2edd3db0e205990c7ba5e59fd649ec8235
SHA256 be3b47055bd5edb81a84c42692f911c6c64840519473f780c87162e3faa1b8c5
SHA512 ff7531960cfdd4d61d262f1873230482de19cde72f3f8c7630135fc52ca6473bfb864064a1121bf265d9ee7f0b7978b4725f2b7f7fcbef1288a3377d4040b4e0

/data/data/sogou.mobile.explorer.online/databases/sogou_mobile_athena.db-wal

MD5 4fc77656797fcd20ded2ff1f260d98a5
SHA1 3b5f502dab9177325e2fe713bb6e0ba83b88c7d4
SHA256 48ee5a77d32baee07a8a0033a74cf5557a59faeeff24d63f9253531d9f71ad2d
SHA512 351680b3e996f3d3bfa452215798fd6ae30c9a1ca1b949fdf940c8dc6a28dbed0a905fba8ec8cd4118301aeb10ecc06c26f02024a2b5be8036fff0b0b151dc01

/data/data/sogou.mobile.explorer.online/databases/sogou_mobile_athena.db-wal

MD5 253c7d7702e56c041f156785aa937873
SHA1 1760f3939880d9382a5a97a4453e64ecd65e6090
SHA256 727f826fa8ecea3e19503ba0602a6d30ebc95c1a9ddf692c5677ca075d88d49f
SHA512 fcea685933292de7daf5b2955d55ff1fec9e3350b25c139bcfdcc8f0bd8c7a4a001c329f5b89c899662e110d78260f86de36ef7a137d63db3152e0fc3b5af840

/data/data/sogou.mobile.explorer.online/databases/sogou_mobile_browser.db-journal

MD5 6fc24381601c968e671e414a6d4e4668
SHA1 f96a39d469f94d5d0450cf5807962cd9e67f3700
SHA256 2c57a444cf45fc8b6014d51f390c8b90e7ad3d6d308cac235e5f27ee72e61e88
SHA512 ec6340231130f4e1df176f0d3c5a41caa207739de99977e964759167caab4c7cd8292b8fad5e8a13a5b877a78d9c92f9eabe8a3c275ffc451308f6eab2775c7b

/data/data/sogou.mobile.explorer.online/app_sogou_webview/paks/zh-CN.pak

MD5 c2a39b44d8497651dbdd47de3914cda4
SHA1 9f7cc545f3be8e3ca2dbbe7121e8fbe48826b365
SHA256 af50e136022980a392a15ad42195ea186fd523f37b06a020ff4093b985b662c2
SHA512 13bd9efd6abf4befa2de2982a6959d3147e35bc9f17f225c825df8c50a52dbb41171eb7649764cad39d8cf2e34ceb76b19b3be79a978113b0e968a0e07db2a89

/data/data/sogou.mobile.explorer.online/databases/sogou_mobile_browser.db-wal

MD5 42944ff1fe284258f31eae5137b362ab
SHA1 2d5c65538ebdcfe1adee183a067285e45259d308
SHA256 7d76d0901cb77f475883348e2589933f2c69bc14de4c77743bc0160c8428f1c0
SHA512 cf8f62b6999d01b310dc3506c1cfc2a1f25e983341253a8f31893eda230c5197a8c1165093852477b6a35ac3d22cbb56fb051f2e7744a9f22e18bd8a355f02e9

/data/data/sogou.mobile.explorer.online/app_sogou_webview/paks/en-US.pak

MD5 7f3c99719fe3022daa185b88a664123b
SHA1 bd52a290b118918f261a45cbec7742639afdd1f1
SHA256 69ec6ddf905061e51197191e6f2d8dab11998b41a5937ee343349a6f0f8232b7
SHA512 9d1047310a2e9ee3a653bfbbc0c7c40a93e6152034f701288de6264292f1d67729db84af38f27617171e27bfc5d03907d9af4268992d8063cdbd8c06ad281102

/data/data/sogou.mobile.explorer.online/app_sogou_webview/paks/chrome_100_percent.pak

MD5 4e2c21b2b1675fea6aadf96d0f320451
SHA1 7e348adaf79b8e9250dcb3fc8fe1f17378390fc5
SHA256 056b2aba76de8466b87efb4b44e29bf49fb55e0c0df334ac2cfd4e219a1ef18c
SHA512 ed7438593b23a18774e29aac2b5f2c9425feb37203761989b6f508abb44993f41c1adab895c651871b711b043b2feab8c90337d3333c794461b15f36c65020a7

/data/data/sogou.mobile.explorer.online/app_sogou_webview/paks/resources.pak

MD5 0acff537e108ad6b4c64dcd241e8a392
SHA1 95e170574e39bb2c58fae5d75a289477e9b0c9c6
SHA256 d1efb3419ee6949011547907badc3c61875aaa4ce53a8dda7e4177129a0c51cb
SHA512 b414266168328d890d8f540af80313cae37e9e4626daf4eebdbe9cae8f27e06b7d063fbef3467fbb9f4898347797fe119f1394cab03d0869727bafc9ba6bb88e

/data/data/sogou.mobile.explorer.online/databases/sogou_mobile_browser.db-wal

MD5 4d0065d94e44444ee0647bd3bafa9f56
SHA1 8e1ba54b286861cff99453f5b006c74c23c31265
SHA256 2a815c2dc5884e8ccaf3da0cc10b92ed2779e4b42f3176624540590427a0f043
SHA512 1b2ea102ba6a02e150183546acc49c1d9c2414dbdd2ea2d27b97226f3cde67bc76df3e0474d664278899132fe832298f65a289c35ac1fd9d4e74e82b1978e209