Analysis Overview
SHA256
2c64b3570597f0a8a6ca83943be338b78e0d048309596ee171ab535cbc253d28
Threat Level: Shows suspicious behavior
The file 5317bbac93b3477260ab2ffbb840826e_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Queries information about running processes on the device
Queries the phone number (MSISDN for GSM devices)
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Queries information about the current Wi-Fi connection
Reads information about phone network operator.
Requests dangerous framework permissions
Queries information about active data network
Registers a broadcast receiver at runtime (usually for listening for system events)
Uses Crypto APIs (Might try to encrypt user data)
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-17 18:31
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. | android.permission.SYSTEM_ALERT_WINDOW | N/A | N/A |
| Allows an application to read or write the system settings. | android.permission.WRITE_SETTINGS | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-17 18:31
Reported
2024-10-17 18:34
Platform
android-x86-arm-20240624-en
Max time kernel
133s
Max time network
151s
Command Line
Signatures
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Queries information about running processes on the device
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
Queries the phone number (MSISDN for GSM devices)
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Reads information about phone network operator.
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
com.sogou.appmall
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | api2.sharesdk.cn | udp |
| CN | 115.227.43.65:5566 | api2.sharesdk.cn | tcp |
| US | 1.1.1.1:53 | api.app.i.sogou.com | udp |
| US | 1.1.1.1:53 | pb.sogou.com | udp |
| CN | 36.155.183.169:80 | pb.sogou.com | tcp |
| GB | 216.58.204.78:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.178.14:443 | android.apis.google.com | tcp |
| CN | 36.155.167.208:80 | pb.sogou.com | tcp |
| CN | 36.155.183.168:80 | pb.sogou.com | tcp |
| CN | 36.155.166.212:80 | pb.sogou.com | tcp |
| CN | 36.150.217.117:80 | pb.sogou.com | tcp |
| US | 1.1.1.1:53 | api2.sharesdk.cn | udp |
| CN | 115.227.43.65:5566 | api2.sharesdk.cn | tcp |
Files
/data/data/com.sogou.appmall/databases/appmall.db-journal
| MD5 | ff153e66ac95138b69691ae4a4e70672 |
| SHA1 | d221b88da2f87656f9e130821696c534c6548b97 |
| SHA256 | 776c4c80e9990977bd33dd1abf78a221f0d5a6b7088cd04720b17feddb2c212c |
| SHA512 | 125e4d2ad6267eb074d51b76fa5186aac76400f3184ab5e074d8d199a577ce347cb442ad5e64f97a7d1afcdaa3754fc4becc579b59614eae0c430326f500b76b |
/data/data/com.sogou.appmall/databases/appmall.db
| MD5 | 3a9fc2769bc39c698ecb05e61110f951 |
| SHA1 | 554f2ce58813a9496f0592c9965a5e180e5126ed |
| SHA256 | a74b00f41f411b651cdfa7915d744930faceb3a65fc3f64dda8365860d4ba78d |
| SHA512 | 4a4f5d207f9e5db20678a8d678d583f5fcab4fff14196f45f348e57879bf0ce8bbbd86a290da34dd83a211943fb095b4dd333717f31a2c6cf5269f0a378d320c |
/data/data/com.sogou.appmall/databases/appmall.db-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/com.sogou.appmall/databases/appmall.db-wal
| MD5 | 67513d3d3e7099f1a90df6760f3afc25 |
| SHA1 | f1cb8e0ed6b7b2d3c1fb0f8ff147eb70794f8f85 |
| SHA256 | c4fb7a910014565d6c43f455f72cf373fff5f17a4aea361f91030b1ceaddac8d |
| SHA512 | 541c68ad9cfca6b40e0cd91259239ab776c98417e68b50318c27cb95bed3b471a562d7f1e04f0a3092650dfe499175e919abd4d7ba5d7e7734e2d89234e0f2a1 |
/data/data/com.sogou.appmall/files/from.cfg
| MD5 | 5a1c145c55125fb2e1ed38f69d7b6af8 |
| SHA1 | 64f16262542fca0724eaaa12d533d6318006cee1 |
| SHA256 | 48ff134c8b60b845bb4d76dd291748356d0fc20d6366bf8caa60a82055d119ef |
| SHA512 | 665434921a604b12e7c3449337050692ad51a38668e18373cc61e0e8fcab3ff3b9a60957a9898a2a7cbabab0b8c593921087a86f013ecaa92efd8df77f8ec200 |
/data/data/com.sogou.appmall/databases/sogou_upd_downloads.db-journal
| MD5 | d119f8fe0c4fe8e79e45355369607ece |
| SHA1 | cd7152e111c481460e5ed741d1f7703746f8eff1 |
| SHA256 | 463eae74fa3744501918645fa220e1110fceba17e2c3271a5fcf8edcaba7f2d4 |
| SHA512 | 84a76e63ac96141e83a578d872e500607dbd48c18f871318689005a135f1c88e596a3afa0509d0a8b90b6bf54ed220876829305c71e657fb99a2303b4239ab18 |
/data/data/com.sogou.appmall/databases/sogou_upd_downloads.db
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/com.sogou.appmall/databases/sogou_upd_downloads.db-wal
| MD5 | 19d8fe08c06dd8d9657bbcfad0d5aaa6 |
| SHA1 | 4345f980be69510fb1c779cbf4f704747695fb4d |
| SHA256 | 9697acb013ba2dd5531d609e46707fdd3cfe664879761d224764b4e00fa03e20 |
| SHA512 | 3600f5a5266db4707305985ceb5beab9c8319861bd8c9fec5ad4dd24b7c8eb25453b2e4d888f306aa8e422fe47498ce1d8b347ad2e50ca613f7880fd9e6ec61a |
/data/data/com.sogou.appmall/databases/remnant_fp.db
| MD5 | 6b784e56b1f695399bf853cd14e73526 |
| SHA1 | d0a6aff2f3f2c515af7ca643fa30c7c2fc445265 |
| SHA256 | 3ec1f9d73d13e495322f2bc2f4188d24fe2d81917c2b1446cdf39082e00cb568 |
| SHA512 | 24a2b464195193f730e88f275e95688addbef971ea7eb15bf031d4448a2d50be106954a0d8b56f8d7ec2f891391f3a56e3aa3de34b19cbf5febad2c8d18c7894 |
/data/data/com.sogou.appmall/databases/remnant_fp.db-journal
| MD5 | 65a8ad05e13642a2b50f74a61b39842d |
| SHA1 | 0ddcd74919c0dbf485fad96cf6b23d7881233e42 |
| SHA256 | 0190ed7663ddd873fe1848e1456540b27cd69f760115e902a988548c6a176572 |
| SHA512 | 8f822050b8596369618b738ef98058aed7b9b218000ad4d59b062b48f6c230f3490c665fa91f078e7496c03dc6ec2a1e788c55db995a11a8c23d24f75bc5f741 |
/data/data/com.sogou.appmall/databases/remnant_fp.db
| MD5 | 47c80b07db4ce22f3dea0ce05e360050 |
| SHA1 | a3850d41186da11ecaf9211b0c7b41452888e2e6 |
| SHA256 | e6f1592bca3fa3b834bb5ac6b304e560f0d4006523442024ea0930e383a13242 |
| SHA512 | 2b844035359fe00aac41693429d2ec12e71219bd8b1bf161335e644305a9c49db649cec0c2c40a07543e93f3d7fe4aa8e085762f06871abed82d97dbbe4cf8fb |