c5e9aee5c084939d3426e828b673de2f11af900c324928d9f8825af329e78fb6

Analysis

max time kernel
589784s
max time network
154s
platform
android_x86
resource
android-x86-arm-20220823-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20220823-enlocale:en-usos:android-9-x86system
submitted
29/10/2022, 06:05

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

c5e9aee5c084939d3426e828b673de2f11af900c324928d9f8825af329e78fb6.apk
Size

1.1MB
MD5

2101ca4eb3de71ddaa2d7b1a02291be5
SHA1

c3480fbf36b15cacf693a36418ac1707ad465bce
SHA256

c5e9aee5c084939d3426e828b673de2f11af900c324928d9f8825af329e78fb6
SHA512

fb8a210b7aa79d00c6f73a6f65f50d804b91914d700a28d8b6e364ad6a0fedf7dcc35d7c0c55e8f8a473ea4c7c9478920a95bc44cc7a6db67fb973987ba7b837
SSDEEP

24576:KW2O0K4/zHYTbNReVO61DYALeXFTNBuSkjazX7qRRqQ+9bfC:KZKI4TbNR1ALcBuSkjaL72RV+9bfC

Score

8^/10

evasion infostealer ransomware

Malware Config

Signatures

Requests cell location 1 IoCs

Uses Android APIs to to get current cell location.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.qihoo.app.bangzi

Reads the content of SMS inbox messages. 1 IoCs

infostealer

description	ioc	Process
URI accessed for read	content://sms/inbox	com.qihoo.app.bangzi

Reads information about phone network operator.

Removes a system notification. 1 IoCs

evasion

description	ioc	Process
Framework service call	android.app.INotificationManager.cancelNotificationWithTag	com.qihoo.app.bangzi

Uses Crypto APIs (Might try to encrypt user data). 1 IoCs

ransomware

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.qihoo.app.bangzi

com.qihoo.app.bangzi
1⤵
- Requests cell location
- Reads the content of SMS inbox messages.
- Removes a system notification.
- Uses Crypto APIs (Might try to encrypt user data).
PID:4097

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.qihoo.app.bangzi/app_webview/Cookies

Filesize
64KB

MD5
cb7543c4df600f2af58097cce0e334ba

SHA1
83cc92f38c27fdb4fa519b1ce2f37912f24af1f0

SHA256
64c022ae708f94ffde986e105d88f708884de325720bfb9925c4160a6d417233

SHA512
ad51cad0472327bd68aa2d791341cfafed58971752352537bb603ed18b15a3f9185e9150983a28ecd09606e8dcaef6d1c9d93213dd246ef7720f39842eb3d980

Download Submit
/data/user/0/com.qihoo.app.bangzi/app_webview/Cookies-journal

Filesize
1KB

MD5
1bc24d8d2537bf6c9a195e737f65dc7d

SHA1
b7d328e3a5d10d88b5e3b258a86378c057156d9a

SHA256
9825cdd87e008c929b7052c1f6231737059a99dedc70167a08fbf6ba6adab989

SHA512
25abf3daa724ee073c2a4f431fd906b6602ef786ae563e9b6a9df42613eaeba7269351184ef32c435f9a26ad464331ac595e67e36a1ce2b4c77fceb42cbb2381

Download Submit
/data/user/0/com.qihoo.app.bangzi/app_webview/GPUCache/index

Filesize
20B

MD5
93027d42b314432c4216e6cfca48b384

SHA1
43448dd8102979c3926828182579691945eedd4e

SHA256
3cda72e67c62e52a342309c44f2cb3b6c1019c7b11822e2f628e48e254e2b41c

SHA512
a52d13cf7f5be196d1e2f135b8a010f80558c5d35e90e7792441d1c976517d55cf1c9587949db69ebef294cc6ef79529a65e7d779964793016efecacd152f70e

Download Submit
/data/user/0/com.qihoo.app.bangzi/app_webview/GPUCache/index-dir/temp-index

Filesize
48B

MD5
ed9b00d6bc487353da7d124e4e2675eb

SHA1
9ac4913b050792c2f108cea53496231486c89d13

SHA256
6b42f01c6dd28aaabedbe80208f3e1758ca92a9ad690467a18106c2bf8bffe6d

SHA512
da8920a2ba82b972676c755169e0bd018e322e9da5d4509d39ba67b5e2fb69c846e4d4886b9b02429b107a0d0bf2314e8b7eb8a12516625408b9944487d1356a

Download Submit
/data/user/0/com.qihoo.app.bangzi/app_webview/Web Data

Filesize
104KB

MD5
dc79f9ce5f3ab5270b33e61119dfc959

SHA1
1844bf222a5144b513dcf2fb50a18c011701c647

SHA256
47e65f4de08deabfd52ecdb8b0a29c61c482188b92c36182e2112ca0a8f4ff65

SHA512
18b8894a7f35df516f423bbdebf1e05ce09eaf4345b139e59e603cadb81f8d1fa20f793438c28e8fd9a64e64f0684223d90ce6f10d3f93cb0c781049a8cff03e

Download Submit
/data/user/0/com.qihoo.app.bangzi/app_webview/Web Data-journal

Filesize
1KB

MD5
90ae904646f6b64a8d05da13dac4a47f

SHA1
0718d64a4b4dca868c5e857f77c2bea89dbe0f2a

SHA256
38dc77b2efa9dfd51a38a47d65907cb1b10562f79721ddb7d325163489332a74

SHA512
0a9dde9a96760b9b1eb936f37e6a19a2b15b44e6c988ed57d39a81f32e1ec6c4aef4cf33405e6aedd0ce33f73908b8e61d9308dde4df90f07ac2cca39887b43e

Download Submit
/data/user/0/com.qihoo.app.bangzi/app_webview/metrics_guid

Filesize
36B

MD5
3830e87b0b63eb27696a0ae8e3a54ed6

SHA1
ade4f17f8c0160b24641920196b6848594651df6

SHA256
6e945841b8d56006bfcf124c2c0260343e63615d54d7b9333683fe0053711bc4

SHA512
37fd46b22ec691601b0dc179436c850369f85d6dd6891ecfac0e59205c1e4900bc76651bb90375480ff85543d73868aaf2753d47340f65b81427b805531219a7

Download Submit
/data/user/0/com.qihoo.app.bangzi/cache/org.chromium.android_webview/cc692f94b316072d_0

Filesize
189B

MD5
7e6e34ba1b7109e1453e06fba79659c8

SHA1
2123d11499dd9e02de96884028dd5c1007122086

SHA256
85c79e6f2f6ed6c35ec68012376ef324030b2658a6024005adf04cefff387129

SHA512
b8c9356f676d4be56e58c50d8b92c7cbafc5076a483af42cd541c233e0190b4e22043073d9f25f16ecfdd9ba60b578c23e93a581f8cfcdbcfdcc7300482bbc10

Download Submit
/data/user/0/com.qihoo.app.bangzi/cache/org.chromium.android_webview/cc692f94b316072d_0

Filesize
189B

MD5
7e6e34ba1b7109e1453e06fba79659c8

SHA1
2123d11499dd9e02de96884028dd5c1007122086

SHA256
85c79e6f2f6ed6c35ec68012376ef324030b2658a6024005adf04cefff387129

SHA512
b8c9356f676d4be56e58c50d8b92c7cbafc5076a483af42cd541c233e0190b4e22043073d9f25f16ecfdd9ba60b578c23e93a581f8cfcdbcfdcc7300482bbc10

Download Submit
/data/user/0/com.qihoo.app.bangzi/cache/org.chromium.android_webview/cc692f94b316072d_0

Filesize
117B

MD5
897028928b35ede46e6049811d0a736d

SHA1
dcf10c6e512c41ea13a417a29b6c2c6ccea818e4

SHA256
14bd94b2c723bf0ca974f3b7d58c7b384cff441e0b48d0af794d68f352add9aa

SHA512
adf21cf3701e4cfe330ca3f2335e29cda76d6f08a338805d013cfdd018149ec256b7ad251955d0c3a168627b84d434d3558fef2a7fc19220a8cae8ef92eb9009

Download Submit
/data/user/0/com.qihoo.app.bangzi/cache/org.chromium.android_webview/index

Filesize
20B

MD5
93027d42b314432c4216e6cfca48b384

SHA1
43448dd8102979c3926828182579691945eedd4e

SHA256
3cda72e67c62e52a342309c44f2cb3b6c1019c7b11822e2f628e48e254e2b41c

SHA512
a52d13cf7f5be196d1e2f135b8a010f80558c5d35e90e7792441d1c976517d55cf1c9587949db69ebef294cc6ef79529a65e7d779964793016efecacd152f70e

Download Submit
/data/user/0/com.qihoo.app.bangzi/cache/org.chromium.android_webview/index-dir/temp-index

Filesize
72B

MD5
bbe267cc5babec1a1d4bce0972c48290

SHA1
dc3cb7964bd70c83d97842f347d743ef6e665bff

SHA256
893a41abbf4ea705d0a10aec0060e74777012267c52085b83bc200b04328c4b1

SHA512
ca71f37b7f160cda6bba239f4d37c0820eeba2bf03c270962f5ef70322744395566184f5f0e0cbc5467476dba5e2faabdd281ed04b5a9585d911f079eaba70dc

Download Submit
/data/user/0/com.qihoo.app.bangzi/databases/hy.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/user/0/com.qihoo.app.bangzi/databases/hy.db-journal

Filesize
524B

MD5
bafec61b07c9995257352f5d95676863

SHA1
7abc31db2bf777623f06bc7f6b02b47760b6ef5a

SHA256
b94dc0bfed49c032f8153bf81ed7ed5d113bfa5779b17e1f89b4e69f646615c8

SHA512
c181efc92ca9b18994ec7506f6ec270671e22c1f2a27514a48b81744d8df598834f25f702ff5db8102dcdb0515ff927a0326e2c87cb467d469eb50446d2e0f4e

Download Submit
/data/user/0/com.qihoo.app.bangzi/databases/hy.db-shm

Filesize
8B

MD5
7dea362b3fac8e00956a4952a3d4f474

SHA1
05fe405753166f125559e7c9ac558654f107c7e9

SHA256
af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc

SHA512
1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

Download Submit
/data/user/0/com.qihoo.app.bangzi/databases/hy.db-wal

Filesize
124KB

MD5
d13fb1549ae7ab20cc1897836ada7d3f

SHA1
90477bd167dd7670a4c3c6262787746031c162a4

SHA256
3e2b22819383d0cd34fa6088994ce9d8c79e7211be8844ea821b4f9c587a89d6

SHA512
bea3f1b8409982d9d4a82a72c96b4a286edb273bbb7f097ba8ab55538d3d5b28ac4b8ffa19a74d0c5d7fc9bc5412301a826962c8053a32b952bc7798cbc0d185

Download Submit
/data/user/0/com.qihoo.app.bangzi/files/.imprint

Filesize
902B

MD5
c450b31d00102bd9aed87ba87c40df1f

SHA1
2e7fe97162a0f9a17202942867cb27057cc1bca1

SHA256
6a2e1fca411914ea948db0742c1cc70fd8edc0eb7b804b44379dc52d8eae3834

SHA512
ef8c0be85652751f3b5dc3534cd1e74ef024b8d57255cc5968d4f2333447a2196c37c20fd068a7f393310aac9010e07a73f5a8dd132acac70b907d1ea89970f6

Download Submit
/data/user/0/com.qihoo.app.bangzi/files/__local_last_session.json

Filesize
131B

MD5
1d856b1a890107d67fdbc19a649d6081

SHA1
d19781b701e6b035086109cf9eb0e1ef139a85a7

SHA256
7b60120fd2bc1573c7ea3cec070c29d320db5260c113d2d6dbf5d5eb23a23ad6

SHA512
308590459cd7f22e21a39d009b2ea948aeaaa14de4437e835da1acde7d363751a4c60ece14a7f810539864623c88f5b15a07f101927037a6d26ee95e48250320

Download Submit
/data/user/0/com.qihoo.app.bangzi/files/mobclick_agent_cached_com.qihoo.app.bangzi2

Filesize
1KB

MD5
c0453df9cede6b446da324be7ed3c139

SHA1
de1f40c17d9bd3f13f7269777fd9b8acd9188a12

SHA256
a26423922f86053a0eb0ca1dfecd6559882f9075b7091000bddee02a6b79ca4c

SHA512
8815b70de1c63560b2f7966de2b60b217129412408f54ecf2e02eda41885cd26698e833eba6612d9680e44095aa87e7f11e9e48dac4b96a0df874e98556b2b40

Download Submit
/data/user/0/com.qihoo.app.bangzi/files/umeng_it.cache

Filesize
310B

MD5
3fa9ae2cd9997f3222cfd043ed3e670a

SHA1
5c7d273fc80794fc1470397a23f06c1a1f0126c0

SHA256
0a9090295b502694c23521683102f2c6dcf251ffd16e02c76a64e3492b51c345

SHA512
150aad30fbfe97cc1053687cd009d1bd10a163ed3b8f0330bbc54800220f617a3327fcfd85eede60d03529a8f26c54f815cb51984c246a92b7102fa98a0fc7d2

Download Submit
/data/user/0/com.qihoo.app.bangzi/shared_prefs/WebViewChromiumPrefs.xml

Filesize
127B

MD5
21223e9184445fe043476484cd8cb1f9

SHA1
2b4813f849121d60ba35eb0889080668bb62c778

SHA256
bb61b7c087c2ae2de93a7740ff75707342940557146366e92b840284cd9446af

SHA512
be21408de0cc643650e5d9ab9057a8f9de88e37fbdc6417cfeba160402ec4cd14fccbc82cbbfd941ecfc0bb3d4056ee61ac199efdc99d647d53e65818835fd48

Download Submit
/data/user/0/com.qihoo.app.bangzi/shared_prefs/mobclick_agent_online_setting_com.qihoo.app.bangzi.xml

Filesize
124B

MD5
a200fdf3c1db6acb28fb37b7a6efa9aa

SHA1
373bc8631a9f52d58a685264cf9000105ca7930b

SHA256
1c460147e5322a20724ce8347ca5d43757fbeea00c08e3501df86aa55cfdeea0

SHA512
e19ecaaa76ec3894d535622c751f979b3e18ed4ffdf237eec2312de3f352f800d8b32f468ab5ef457cfec99d6ca9d3e6501d34fe9bf078a8b39493280003b546

Download Submit
/storage/emulated/0/baidu/.cuid

Filesize
89B

MD5
dc71687cb8f098278505516c42865fc9

SHA1
b0d1a8e368c0447e22d90c69299046e907d770d7

SHA256
8d741eddcf3977b90983d8b9570685bec108b6647464586b4a11b2a464180619

SHA512
8cd6472731bff838dfc338f89b58cee9d8a3dfc450826df4c071193044dfb95e94612c711c17367db4c1570756f94934372ee3c042ceea251eee1a3e5e94b320

Download Submit