Analysis
-
max time kernel
6s -
max time network
131s -
platform
android_x86 -
resource
android-x86-arm-20240624-en -
resource tags
-
submitted
27-09-2024 02:00
General
-
Target
f9810ad84eb635973c097bdc5e04f6e4_JaffaCakes118.apk
-
Size
20.6MB
-
MD5
f9810ad84eb635973c097bdc5e04f6e4
-
SHA1
7b04dd038926b3dcc2e329008ddd9839a2a2665e
-
SHA256
95e9654e1195db1a83c0400369dd201c4fe4411beed2a8cd35b46c6f34751fa6
-
SHA512
faca823a0d285b5b234f582dbede35db950d54ed87c95aed33b2109682c91e00a8b9a490f9d78ae3fa4c6a20ac1fab206f6f51c9c464554f0035aa71a84f058a
-
SSDEEP
393216:KWprHwhmLxLW/6Qd90MsvCuSB9Zag0H3tTyQCx4FJs6KSmGwDTI20X:KWRwUFJdauqmZjHFJGSa020X
Malware Config
Signatures
-
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
-
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
-
Queries information about active data network 1 TTPs 1 IoCs
-
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes
-
com.sohu.inputmethod.sogou1⤵
- Loads dropped Dex/Jar
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
-
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.sohu.inputmethod.sogou/app_dex/hackdex.jar --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/com.sohu.inputmethod.sogou/app_dex/oat/x86/hackdex.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
-
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD50a7e6637ff3d975cce6deae36e12de7d
SHA10f7c575c6a13577cf9162095a966cd7f1d87fdc7
SHA256f1af15d8664dca960e2a1a243396caf1478a7d4edfdc621457e0a55b6debc3d5
SHA5124d7cb5e1549c4fe2d0784c02e58450e9d296fb082c9fde7657f5b4d18fced25287e4f862c50e0343eec9cd8c25bac8004715426d2f50a904540c436f41588b71
-
Filesize
1KB
MD59fb9041f13445db228104461fe7953d6
SHA19b2ad35505ec10aafd78fad01e5d2c6a28e86d86
SHA2568c0bf0963d7af1bae3a33c9e443d2790bcdd0da197d30ede593fb5c6d289ccd5
SHA5124561a200bb391d870958e0253380270ca67d4b5def2dafdefb2264fedf76708bf027d15515c094fd1090280a6eca345045fbb424b70e900ac316b24c7495b726
-
Filesize
1KB
MD51de5f41c10bff7e7adcd5548fdb39c07
SHA13dfe70b1011a191cb6f619b8868e5acd3fc24df6
SHA256f0a108f89600e5c3cf05066b46a10e5e9cf3aca5bd005293d3b300fb3d67f483
SHA5125309086e9a1d6a80c144367918555ae465d0512eb26cbfb2a0d479aa4b4b1eb49b126823f5ad1cf938c4c72b3ae9a521fd68f3f92d1be3fb36a2dba8d3cb7df1