Analysis

  • max time kernel
    173s
  • max time network
    189s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240611.1-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240611.1-enlocale:en-usos:android-11-x64system
  • submitted
    12-06-2024 09:14

General

  • Target

    a027813482b259f8839d0d712a2b5aa8_JaffaCakes118.apk

  • Size

    12.3MB

  • MD5

    a027813482b259f8839d0d712a2b5aa8

  • SHA1

    dc8e030e22eb9fc091f1ec294a717ada8647898e

  • SHA256

    908174a824f24f671be6a634a49463c4193f5688a8c104fec9b444b262fe3feb

  • SHA512

    be3e14476962548ef5244912f06184eb47f44e9a96f14b3be94a9e2195969eeb8084cedb54a404912a993b9aa8ba40dba7dff651a7e7ae3a2034ac06b0c3908d

  • SSDEEP

    393216:dgG5SIlQ6oBjcvMBkBC4QBpMdT0slTKUTNuOn:GQSH6eqM0C3BmJ0GTKb0

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 7 IoCs
  • Queries information about running processes on the device 1 TTPs 4 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Requests cell location 2 TTPs 4 IoCs

    Uses Android APIs to to get current cell location.

  • Queries information about active data network 1 TTPs 4 IoCs
  • Queries information about the current Wi-Fi connection 1 TTPs 4 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Reads information about phone network operator. 1 TTPs
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 3 IoCs
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 4 IoCs

Processes

  • com.sogou.androidtool
    1⤵
    • Checks if the Android device is rooted.
    • Queries information about running processes on the device
    • Requests cell location
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Checks CPU information
    • Checks memory information
    PID:4458
  • com.sogou.androidtool:remote_proxy
    1⤵
    • Checks if the Android device is rooted.
    • Queries information about running processes on the device
    • Requests cell location
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks memory information
    PID:4776
  • com.sogou.androidtool:push_service
    1⤵
    • Checks if the Android device is rooted.
    • Queries information about running processes on the device
    • Requests cell location
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks memory information
    PID:5052
  • com.sogou.androidtool:channel
    1⤵
    • Checks if the Android device is rooted.
    • Queries information about running processes on the device
    • Requests cell location
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Schedules tasks to execute at a specified time
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks memory information
    PID:5310

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.sogou.androidtool/databases/MessageStore.db

    Filesize

    36KB

    MD5

    cccc1a6584d11fac73a0a1add112c342

    SHA1

    47a0ebd7598407e5cd723fdff617bc8b3e691367

    SHA256

    2d23a423eafa48dc712396d9a9390de1fe79f4e0d24ed9423c5e9e5c506316b7

    SHA512

    f66453986ab73c48d897203006d970d060975646531b7ac83b30b9e6a0121eb1a6ced7241da5369a08b6770005d2fff4817628596d977019310f4a8ec28719c6

  • /data/user/0/com.sogou.androidtool/databases/MessageStore.db-journal

    Filesize

    12KB

    MD5

    28ea1c7a24d381bc7e4d60b40f9bb191

    SHA1

    4fd17f5bed4fe843259ddb91ff5659e0e6698984

    SHA256

    40a6fbd9d90f813abe5c83be26972753b09f7435f699832565bab73fd3586c4c

    SHA512

    70a3f1863bc7fa44527851265528102dc673d22924a151948e18427b55af0c94f8f1d1588ce140cc075aaefaae755205290416c9ca70fc73689d4fcaafd684ed

  • /data/user/0/com.sogou.androidtool/databases/MessageStore.db-journal

    Filesize

    12KB

    MD5

    c224651a9215a6f004a96576dbf06eec

    SHA1

    ea5dd5ab141ef57efb31efa147fe126ef135e0b4

    SHA256

    5d273148edaeb13bd4ec031634204f8a8f22afcf831a4aad99815b6cc9f1a752

    SHA512

    e9148ff7a8b9919b10b3f7a695e94035e015c2a39a735006c04f60272d67dc6c0cc0756a37f32570a651a682327ffdbf5fdbe6e5d9f63c3838b9edc9b0aa57a4

  • /data/user/0/com.sogou.androidtool/databases/MessageStore.db-journal

    Filesize

    12KB

    MD5

    81118d4448e385eabb887003864f0f87

    SHA1

    167db71bc7ade130270e5441fa112e0eeee69014

    SHA256

    810538a63556832fda72d34827487807bfdbd2cbd207247d856adc778a99eb78

    SHA512

    65bb4ef1e2768af8ab8ef791e8eb2029abc75b86bb92f50923ae175cc3f8b18ee588d27f3e68802f1e3a5bb00470651c584c6f00e59e0b2d6fb0bb03720e459c

  • /data/user/0/com.sogou.androidtool/databases/MsgLogStore.db

    Filesize

    56KB

    MD5

    f04cf32dba96ec5613d9b3ea29a95ae6

    SHA1

    26bd89f3d462528719b9c765c1cb4fd72970550a

    SHA256

    a49248a2336dd7c433d8155d8854f03fe36d60b3c640a5d9d7ee7821d62bd25a

    SHA512

    571ad26c55b66e1737ad63675cb06d763ad35c80a6f9027a1a3f7eb2c225291e9c5163a93be0ae282c34a9e6614b067382415265c36b6b9ce973ae746a4a20e8

  • /data/user/0/com.sogou.androidtool/databases/MsgLogStore.db-journal

    Filesize

    512B

    MD5

    e9909275401d3da474145aa49f68543c

    SHA1

    15f6b63f537dd2bef3b816772521c9cfb368a0f1

    SHA256

    909009f0ab67d464b498bc95606bff49267d7900b436410fed971092b9f8abd8

    SHA512

    5355bdc60386403f2c5b57128d58a1b1ba2e172d3e0a995747a481875b45a26d513d269eac19ae4da8424bca73ce4515a4fecc71f637a8627ad0369db4445565

  • /data/user/0/com.sogou.androidtool/databases/MsgLogStore.db-journal

    Filesize

    8KB

    MD5

    a3ef35b09c1bbc32cdfeec1bf4bc0f16

    SHA1

    bbad9d6d0db67ce2811a24e73779257a1b4c1c1e

    SHA256

    cab249ad278fca7e43e4f23e1fed7ffa2d2ad135a344074c6cb5459d36be70b3

    SHA512

    cdc1b8da0ed7b1ebcc72ff5d0d3405bce727e06097d9a4d4961699d386aa300c2f3b4f046e6102fd779b182414562067f84648e83f1b082b14565f92d2816cf3

  • /data/user/0/com.sogou.androidtool/databases/MsgLogStore.db-journal

    Filesize

    8KB

    MD5

    4bb33c43ebd467e76ed2c9f12dbe02df

    SHA1

    0f30404de7d1fc5fb982df971dfe01e4fbf04b28

    SHA256

    6961bc00b2e923a964464f7f8de642cdaf18ee10144a40fde082b4ad2dbf75d9

    SHA512

    f0ede6bd430f0687210179a7ea43572fe742243afba05c21aa63adee6c6486dacb2656c8627decaedcc4a3c86bc1c4b78bd533954f31744640806cf4dd0f6d2a

  • /data/user/0/com.sogou.androidtool/databases/account.db

    Filesize

    12KB

    MD5

    171aedf968e17a2744d2585715606cb9

    SHA1

    bbeddeb3b89fcf809619c35b4a318a80e7d5b029

    SHA256

    d2ab452d9360848f46af866b870b5c6fc98230b09c72b89cb1a4b2778586678e

    SHA512

    78a0f517ee3d21c153dda6dbfec4187ebaee9d520d7b1b63f358bcb125d08aea53f26943907a56fdeba40161d9fc7e4fd63f9ae3154dd2ad887ba0162738285b

  • /data/user/0/com.sogou.androidtool/databases/account.db-journal

    Filesize

    512B

    MD5

    a4d482bc8c9283740f4e3295a8251e17

    SHA1

    99c6d87f5861269890228ed1eac722221e693a55

    SHA256

    4a708a3c8d066530b03446787ab4dd74ee482f9754371ab3767b96990e7ba7e9

    SHA512

    be6dce4721db7d770571cf28ed3496ca1bb8ecebe120912859f8c3c04739b4e604b60ff23297f78d8758388fbeed898343d4b0a011f0a7201227176fdf9f4b83

  • /data/user/0/com.sogou.androidtool/databases/account.db-journal

    Filesize

    8KB

    MD5

    ab20ccb1a858cf0bfad0bd92713b9cb4

    SHA1

    69b975577dd90507dc93c85d1cf44390d4fe920f

    SHA256

    7b34619b8485de7f555d28639da2c4efb3938066a35c7679dfe8619f7cb272ed

    SHA512

    ca9e1d9bbbeccef7899c132bc5a3ab9ac6e72ca54eaecc2a76a5748a4c9edd7080ab5e792d99516caff5a9c55eaa739fca7d77236c142bd62bc6e99962412e92

  • /data/user/0/com.sogou.androidtool/databases/account.db-journal

    Filesize

    8KB

    MD5

    8260006316d0562dfbe429257143ccc2

    SHA1

    c8e6832f9ad54cb27a6e8a7289ffc4cf3fb6c630

    SHA256

    31ee9b60dfdf97772b6ec572b9e03cb9b7fe0f93b40220d3c7e30560c7c6342a

    SHA512

    2eb8d95253aee468ecc848b1843375d26a96adf8b750a86c9b1162c12d9a7900fd11f2095afb18efa3cf5bc5ee7715a36585b5a6948e1d8b018e33a893f241f0

  • /data/user/0/com.sogou.androidtool/databases/bugly_db_

    Filesize

    60KB

    MD5

    dfd336dcae22e08572c06dbf526f5ce6

    SHA1

    3fcb59ea7afe82689f8898ce82538b52fbd2d202

    SHA256

    5376ff2725ff53a18ca109790eba4d22059b467371d19d3e67edf1f73cc0a858

    SHA512

    cdb54ba14f91775a0a7a16f8060a47e86454f95999d1017c71491b18688ee33fd4ec127a70f3174677fb47f7405006182912d692fc3f7add6bea87e4ea1db13a

  • /data/user/0/com.sogou.androidtool/databases/bugly_db_-journal

    Filesize

    8KB

    MD5

    9e9472a634aafef0e8dbdf9827f4b78a

    SHA1

    d6a3883f88f7bdcb9f35d590f482361d99e29c55

    SHA256

    6eb8035876caf371294dc900c4504f9051b63ecf53d24ab4f18d1995fbd4f83c

    SHA512

    f2bf4dc8f28f02162845046e10be4f3529f15c7d48f5ce20c8e79854aaaed4646fd8da330e49188f3de0bd462567ffda84713ee3fbb877086c8d328355490b9b

  • /data/user/0/com.sogou.androidtool/databases/bugly_db_-journal

    Filesize

    8KB

    MD5

    fa3964b32c6463043e6115c7a1105514

    SHA1

    0f24f819ef2b745874789cbfe313a517ca42b399

    SHA256

    2f95a004984b1c5df28cfc32e07bc8fd7d9f873f385fc3e70d80692fb525f88b

    SHA512

    3d59df32589097445808da54f66527012fee287657304987c1fee575621413a54be2baf350985664d9269047fd7f6be4a5224b03d3da8e8fff4a5258d3468840

  • /data/user/0/com.sogou.androidtool/databases/bugly_db_-journal

    Filesize

    8KB

    MD5

    43a6959bdec60d69261a63cc471f2578

    SHA1

    0fc38e8f274188d5204d3c5c1577ff7b91e33fb9

    SHA256

    7eb2dbf04c99d38e1ef88833dd672c63df8e0789e064444a868fe02e1ac1a66e

    SHA512

    4a26236445ae97eb18e6dcb151c45e330cb9183130a25b54dc88e83726b89ababf052d7dc45b0dfd06715d172edfd11d31922ba237d28f7823e8ebcc1c800c62

  • /data/user/0/com.sogou.androidtool/databases/bugly_db_-journal

    Filesize

    12KB

    MD5

    e2cd6d101a8f95107f975256f0a0a265

    SHA1

    00e1d0217053106c8e43c051a5994540f9974768

    SHA256

    4da292c0569f8cfb5e2b366e4cb19d45db402084c73f9a94d3a1a631ef3d4244

    SHA512

    05a246a24ea48e6e37bd2b99b890162407a5dde5bcd4a08ad15ca7591af9e91d3a3489dd3ea35e0ba7c2dd22e8c059a913598b1caca5ce5fcf6bb38f84f97ee2

  • /data/user/0/com.sogou.androidtool/databases/bugly_db_-journal

    Filesize

    12KB

    MD5

    4fc74ec97e493696e27300459f8cb2b5

    SHA1

    0d766545d97bc15d00d346d233a075a3e9ceaee9

    SHA256

    cc09c4be48fad52504f47b6953c1f09e485aabda32338b0b2e6d07f8a85b0664

    SHA512

    31029b3e5704d39780059b26cdea9673f6a95a36331cdafe2795b53f551ac6de699db26184814efbbc347dc644100f68ceb0aadfe37c067276e66c7852c60d25

  • /data/user/0/com.sogou.androidtool/databases/bugly_db_-journal

    Filesize

    12KB

    MD5

    0df07767a0fd2c8e5d34600bb65aeb05

    SHA1

    ba86e20569705cdca58d238d0a0e67a6b62971a2

    SHA256

    0db25550fea802700f76a067d8bd7edb0c2cd618706c779440945b9a535d5da9

    SHA512

    64601f2718d065650f46695c13ceda64ccbd4ee5b7b06ee6cc174228d437b90beb5763f5479dc4cff8da6e89db19351ffda2649a82136349a96a86981e6390b5

  • /data/user/0/com.sogou.androidtool/databases/downloads_classic.db

    Filesize

    28KB

    MD5

    570f7ef22343ab3d1295cf0e6d09030d

    SHA1

    e124c66119048c50378cddd08364183f848f2f18

    SHA256

    fed4fe36b9be49602c9e44a3c3db111c24c9749fa4360401698f8baaff2afac8

    SHA512

    b4c418383350e98f739577434184449065f4e525cca0a21a7470e6bf3f8190ef6ef35f89e29cf956c11b00df277a08141f542cdefc4604f0f2f4671e3c3fccd3

  • /data/user/0/com.sogou.androidtool/databases/downloads_classic.db-journal

    Filesize

    512B

    MD5

    06d9b2f1919683e291a1b7174521749b

    SHA1

    b6abbad64148bfe5ef95da5d555f33a03e3fe29b

    SHA256

    fa145fec848fd9b9a5a59b3efd29b9c7c3125aef81ffb69276697523bbf26d94

    SHA512

    d463d3dbe499bb5feeb05a33df063db613f60959454d196d36ac0925b4b4010da1346eebb802d937a51294d65311f3fae856640c1780973b497b52989259c875

  • /data/user/0/com.sogou.androidtool/databases/downloads_classic.db-journal

    Filesize

    8KB

    MD5

    27214a0e6505ef4a406347804cfb473c

    SHA1

    4691b351ed1cb968aecab4d889cabca6a3814c63

    SHA256

    9d6d78dfbd261a914b0fac1939eb7042d34a60313b42d61d20da8f5ed0559d54

    SHA512

    b5552d69efdbd1cc177076e49195768a7b48964fef7c7679cecf799de48d1751f68baf9a89dec7ae17a0b4310c24bdbbede21183548b4662e776df9d2274ea1e

  • /data/user/0/com.sogou.androidtool/databases/downloads_classic.db-journal

    Filesize

    36KB

    MD5

    7c0b5c6d1120bf3635cb815eb5e29f28

    SHA1

    cbb58092e164d3d098e750a608f3833f85a06476

    SHA256

    f2434b69ad5ddbdeb3796b9e34fa428cf6fc31bf987dee42c12816e3632a128b

    SHA512

    151d69445e8311fc78f40b5781e2e1f1d631e879e87a08d1076ac69d7ad5bbb8ee017fa4d5be934f9eaf1cd3a0aea87c40be405c2a601a845820d73705ec7a36