Analysis
-
max time kernel
146s -
max time network
156s -
platform
android_x86 -
resource
android-x86-arm-20240624-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system -
submitted
03/11/2024, 17:59
Static task
static1
Behavioral task
behavioral1
Sample
8cc4d36de1acd4d4d785b3035732f762_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
8cc4d36de1acd4d4d785b3035732f762_JaffaCakes118.apk
Resource
android-33-x64-arm64-20240624-en
General
-
Target
8cc4d36de1acd4d4d785b3035732f762_JaffaCakes118.apk
-
Size
7.9MB
-
MD5
8cc4d36de1acd4d4d785b3035732f762
-
SHA1
f81eb6f54be61f401a602c7f644a0eaafb38ec58
-
SHA256
c514baccac98175a0e933c13a132a1512f731cfd02aea8ceaeebe457ad00f122
-
SHA512
831a46de2a93324012a0ddafdfb6a399adfb224c7652f9ed025c193af3432cf8e2202c777f756b61195f41766aff54143f03feb750418e6247209dcf790f4914
-
SSDEEP
196608:URc9kIMQvYgyIJzHTe+ol8wUz/C6dJZ5EgiUNq:URcfSQzH6dlQC6UDh
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 8 IoCs
ioc Process /sbin/su /system/bin/sh -c type su /sbin/su com.sogou.androidtool:channel /sbin/su com.sogou.androidtool /sbin/su com.sogou.androidtool:remote_proxy /sbin/su com.sogou.androidtool:push_service /system/app/Superuser.apk com.sogou.androidtool:remote_proxy /sbin/su /system/bin/sh -c type su /system/app/Superuser.apk com.sogou.androidtool:push_service -
Queries information about running processes on the device 1 TTPs 4 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.sogou.androidtool Framework service call android.app.IActivityManager.getRunningAppProcesses com.sogou.androidtool:remote_proxy Framework service call android.app.IActivityManager.getRunningAppProcesses com.sogou.androidtool:push_service Framework service call android.app.IActivityManager.getRunningAppProcesses com.sogou.androidtool:channel -
Requests cell location 2 TTPs 4 IoCs
Uses Android APIs to to get current cell location.
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.sogou.androidtool:remote_proxy Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.sogou.androidtool:push_service Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.sogou.androidtool:channel Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.sogou.androidtool -
Queries information about active data network 1 TTPs 4 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.sogou.androidtool:remote_proxy Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.sogou.androidtool:push_service Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.sogou.androidtool:channel Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.sogou.androidtool -
Queries information about the current Wi-Fi connection 1 TTPs 4 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.sogou.androidtool:remote_proxy Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.sogou.androidtool:push_service Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.sogou.androidtool:channel Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.sogou.androidtool -
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 4 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.sogou.androidtool Framework service call android.app.IActivityManager.registerReceiver com.sogou.androidtool:remote_proxy Framework service call android.app.IActivityManager.registerReceiver com.sogou.androidtool:push_service Framework service call android.app.IActivityManager.registerReceiver com.sogou.androidtool:channel -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.sogou.androidtool:push_service Framework API call javax.crypto.Cipher.doFinal com.sogou.androidtool:remote_proxy -
Checks memory information 2 TTPs 2 IoCs
description ioc Process File opened for read /proc/meminfo com.sogou.androidtool:remote_proxy File opened for read /proc/meminfo com.sogou.androidtool:push_service
Processes
-
com.sogou.androidtool1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4307 -
chmod 777 /data/user/0/com.sogou.androidtool/cache2⤵PID:4336
-
-
chmod 777 /data/user/0/com.sogou.androidtool/cache2⤵PID:4359
-
-
com.sogou.androidtool:remote_proxy1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
PID:4542 -
chmod 777 /data/user/0/com.sogou.androidtool/cache2⤵PID:4649
-
-
getprop ro.miui.ui.version.name2⤵PID:4681
-
-
getprop ro.build.version.emui2⤵PID:4716
-
-
/system/bin/sh -c getprop ro.board.platform2⤵PID:4925
-
-
getprop ro.board.platform2⤵PID:4925
-
-
/system/bin/sh -c type su2⤵
- Checks if the Android device is rooted.
PID:4950
-
-
com.sogou.androidtool:push_service1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
PID:4773 -
chmod 777 /data/user/0/com.sogou.androidtool/cache2⤵PID:4808
-
-
chmod 777 /data/user/0/com.sogou.androidtool/files2⤵PID:4874
-
-
/system/bin/sh -c getprop ro.board.platform2⤵PID:4983
-
-
getprop ro.board.platform2⤵PID:4983
-
-
/system/bin/sh -c type su2⤵
- Checks if the Android device is rooted.
PID:5011
-
-
com.sogou.androidtool:channel1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:5039 -
chmod 777 /data/user/0/com.sogou.androidtool/cache2⤵PID:5076
-
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Execution Guardrails
1Geofencing
1Virtualization/Sandbox Evasion
1System Checks
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
512B
MD5ab91b0f160aa842f7f4b3f33816e747f
SHA153ba5c10899317a3954011c37275f7422e6ed013
SHA256ff6e73a928738a5d84a0de9e015073f1584dd789977321dbf1d87ff0fe7fbf10
SHA512573dae35ee73a0dc08eb64f576e1fc60fd6f97d44ee022bb284004ad5c3c7a051b63811360be352f20563741ab20ecbfa25a27d08768b57917d559e58f310871
-
Filesize
28KB
MD512a9b2257e9a7a0c95a5b6dcd7d2eae1
SHA1376d22cbc5b90ca040d86fa3d156145f9b30d46b
SHA256863474453534927e47298ef1139dc295e89248f3fdbc1fea409766ce474ce299
SHA512f3be79798c3537fb275f742fabebb93a33ae53d6028fe970e75983edc9e0221b10643577b25bf2c55876e7f16af55cd81b24a91a95bd357a4fb7d0320dc1ce93
-
Filesize
48KB
MD59d4621fb694bd2fd0d782365d1c1a526
SHA1a9e38a4334677af3138dbb447b7bcdd8e3c8e652
SHA25670901be1101428a7ead58ba5c9733a15a7c2e096720a260a86c36c2d2d87bec9
SHA512bc595475ea8fe1611442b19052c6f94591331cceebe49be53fdcdb88f923f47a45a0c7f1a42c937bca6700e157d96c825df0473b2529b2cbda4bf052ee91310a
-
Filesize
4KB
MD59061c397eb7ea97abec0e11fb97a02c8
SHA133c14e4b613f4351b0a1d20ba2f56ddee16dff6e
SHA25689a97fe0a1b14f62f9a106b4f610765e6608afb0f5163d9aedea1b36d7ae9ad8
SHA5124def31e175bb75ec4309934493ecf303d53d8fc7b63f18b31c6c35f6d0cb7c1a3b90630985ac69c96843d2a8ce82a0b096e034be6924a8c7212e945e52da68af
-
Filesize
512B
MD509496da0d5ffda4ecfa8db6022540c6c
SHA1c92f31216374afcada20697b7185e501318e8665
SHA256d5072cfdf869e9698f974f0ec6f9f585cc150ecfa042f2a3daab6e08534c7a26
SHA5126ca3fb0acfd404c792ff4e843863666b1e23ff6cabf596b38f0ddf75e12dbe6c40396b7024c739c12597da2adac9844ba05164e1112554b1cb3e6c2d03381ee1
-
Filesize
28KB
MD55dba79369ffe93a9224fa488567d4e8c
SHA1f2e00882b608de9255da0d6a11dd4ed0e7cd95e3
SHA25627f83f6a37fd35c604f48a567505823314d3927b1560260b2131704f0ae46c09
SHA5122e881b4cede1a98e1628750e97aabe881d78b47b30790d38985f03e5b1b4500b4a559061621745118d004027d5ca105f32d435311d888e64a6a932386c3396c8
-
Filesize
68KB
MD50a7dab6fd505702d7f93988b28a18899
SHA19aed5521bc96557979e542e27cddc525f0cd8a83
SHA25630cb7ae0b6237493ae7d9832c3afe204860c144a03fdb2669f90acd1312387a5
SHA5122629f0164d9635de6f771651a2d696cad822c4f514c5c3b06fb35876b02cb57069868677a65107483f44aa5f57ab9fb88712efbb5ac61d11d0c3ed12dcae1b66
-
Filesize
4KB
MD5d7c09653d28bdba7b663b0df68c2f0ef
SHA11af94446d39e1c07aa699a8e21e8120ae4fcfd8f
SHA256b46a5caa2a07834e94fde714c6d683a71ede48f41b7964e0b9e3e7e57017e6ae
SHA5120f3127a6831dd6df3cf12e0d69195394e415ab31e9ab7751e2a230be9010f0e6d436d2fb0859c70373e2192a712083134b676ecdf2b8cfe39ff26fda3f828018
-
Filesize
512B
MD520aea10d47445074c7ae1c9fd74ec162
SHA1f7f4224784a15e47b2aef0f2dacc7e228a2ff410
SHA2564c40890bba498491b9a1f4441c01f1eff786710d42209deee362304f5f057b02
SHA512465684ebc0d75e2895ccede3c764fb4370813ffd598992761ad8b76358511d880da5e955e3e9e5fe0c2edeb77bb77f09f0da77dd796a684bc80983b75fd80c58
-
Filesize
96KB
MD5c451d70c3df15999e8dcf1b373d02091
SHA1e4f7e768409765b077738c7d19ee4f7a19d1c7e9
SHA2560523d1ac7ba581e26e0488c96335af693a7e265f356b43160d2fceb5931fef8f
SHA512a98b47b487bdae10f71ff17d20814201954d9f63e12ae211ca46f8354f9cc133e9c8c067757f5fa51e1af9b7fae84ea6e819bbca0ae4d35c550470842bd9cdb4
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
237KB
MD5ebd9a5c9b8079c201161bd18f8d3c1bd
SHA1f8fd32dee4adb9077559e4ab8e5233f7f4e44f8e
SHA256b3778e5b89aff670653122c7acb44a147b928d6948ef1f9ae1be5baa36e7bce2
SHA5125dc181c7ce4526cdaef042464d1ee491e2f1072a15fef9660dbb3dd2308f942c75be44cae27e164a1278e18bd9449b32a3e5e57ffc749f4778f09c5ed59e9f2a
-
Filesize
28KB
MD5cf845a781c107ec1346e849c9dd1b7e8
SHA1b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA25618619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA5124802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612
-
Filesize
40KB
MD5450cb208bb5721659de4f1b8553e818a
SHA196b19e1c556b4a4ae49d8166a0265e8855e16a13
SHA2564c669077f80cfb748246e9a85eb74966ea179e388ece09231880def4eee2aefd
SHA5124ed134c532ff6bdbf570562eded7ef5b09457fb063cf068c3af575c54b4ff5b3a4d9bb05cb5c4ff23a87f85b543d689f522e655a8620824c130f45d3867ba025
-
Filesize
20KB
MD5650956f5790780ebe873a98ec3c6208e
SHA193d153640b298e9214eca32825ec30b181f9e8ce
SHA25636b4a521ca7add4a85d3ceffd27777e37c0c0e06c44977492e58657664d59cab
SHA5129fcc0dd8a702424908286f597c6418516a939038d264c2d31f65dc48fc5b025d7a4c85d85a54dbaf33708b7ccb0c703c2bb0762033a6fcfe7917287c6d307449
-
Filesize
512B
MD53001b912c620a54b77495db42359a641
SHA1516bd8add595f0c4ebb6cafb9c7c4b3c4d379183
SHA2565d5412792dca1cc71d72edc1362ad2ae75b6acb1db45315a5b7c18792740d273
SHA5129c0095f096cde9c1e69958c6523cf9feda1498278e94d45b16c6c21ddcca018b5c255c4d9e0294e24b2898b6cf828435406f6c5585e27d135da6e24fdf1372ab
-
Filesize
32KB
MD57c32834df396b83488ca24e771914b44
SHA1baf7061040077c90326d15311681f7fd4496030c
SHA256089357ded832d6e1676072cd39cebdf557dfc4aa099d7f94c1cfa577d2c0ce34
SHA512425eded9936aba492b63c6cd4b7916dec5b5aa7f5c8202b578c873eb4c33cb1d84154fd0dbed379e37e57b682eeba9f5e95100fb085847cb4ea1f1054909476f