420845a545d0e62c51ea4e5323bfc97f83c54d06bdcd500fc0042315e0bf770a

Analysis

max time kernel
2942962s
max time network
156s
platform
android_x64
resource
android-x64-arm64-20220823-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20220823-enlocale:en-usos:android-11-x64system
submitted
25-11-2022 09:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

420845a545d0e62c51ea4e5323bfc97f83c54d06bdcd500fc0042315e0bf770a.apk
Size

7.6MB
MD5

1dc8b7140dee61b956b5afecd38df9c3
SHA1

e1c63236ec35ec81c0845618217a55bdd2349056
SHA256

420845a545d0e62c51ea4e5323bfc97f83c54d06bdcd500fc0042315e0bf770a
SHA512

39929c53928795dbd6878804ba5ce3e5b1649c2f6731949d847a643441c926548dd82180e86388142dd85ce7154c2c7a3e1b84d9be969692b296eab7560351d2
SSDEEP

196608:H6i76DkJNqT6dX4jzG+feuQCEC7tLKUd0pb:2DkJNqT6do7l7Ub

Score

8^/10

ransomware

Malware Config

Signatures

Requests cell location 1 IoCs
Uses Android APIs to to get current cell location.

Processes:

com.qitu.market

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.qitu.market
Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
ransomware

Processes:

com.qitu.market

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.qitu.market

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.qitu.market

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.qitu.market

com.qitu.market
1⤵
- Requests cell location
- Uses Crypto APIs (Might try to encrypt user data).
PID:4633
- getprop ro.miui.ui.version.name
  2⤵
  PID:4762
- getprop ro.build.version.opporom
  2⤵
  PID:4790

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.qitu.market/app_webview/Default/GPUCache/index

Filesize
48B

MD5
6d7d499960179766cd4261d12dacc411

SHA1
e6f8553b0015e12b23cc551afe98763f3b1c9bed

SHA256
c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

SHA512
6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

Download Submit
/data/user/0/com.qitu.market/app_webview/Default/GPUCache/index-dir/temp-index

Filesize
96B

MD5
03d90b5035b326cdd2fa183e5307caf7

SHA1
449973ab16a3585e5f23ef01b9483ff33818363e

SHA256
758c72649e0e0a8f4c86aa1f868970779eb314a6303d48ff4abb9b0360dc47e8

SHA512
3d7d94ec36e047ce881710fd43641e7d28c259631b8f3962e20433c122c373186cce1201ad65785eef496a894238d128cacf1f0e2b18609ae6832ebcc0f5c26e

Download Submit
/data/user/0/com.qitu.market/app_webview/Default/Web Data

Filesize
120KB

MD5
a48cd9324b1f8754b07f00d863b840f3

SHA1
11c6614775b35a58f440971dfc87c8aaac6d6173

SHA256
8859a216183793485d4699bf69d7ed96904679834188d07b9a70424d47eb1420

SHA512
35fa712f0af4a5eeed7e00e4e59ed5027dc6609d268462fe79d92043be9ae0c5961ce9e1d2f64b1a196c9b6aa6242b8b83817b3ee4c1058596c58a99c45478b1

Download Submit
/data/user/0/com.qitu.market/app_webview/Default/Web Data-journal

Filesize
2KB

MD5
09da847b98c09a28aab871eab77b97b4

SHA1
28131e23940779594b1f0de72bb05db0dcb72d04

SHA256
3925be3a594e0d908f08ece37dfb32e97c214f0528ebcd21fa5213709580d703

SHA512
c47ed9341b4ed14e5fe11e114e6e580190b5a6061912609238dfe978209700ed70183da9d6d444d4dccdb4d2a3a359d9f18ffdf49e467a3255515277c78e3b43

Download Submit
/data/user/0/com.qitu.market/app_webview/variations_seed_new

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.qitu.market/app_webview/variations_stamp

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.qitu.market/app_webview/webview_data.lock

Filesize
21B

MD5
06191dc6d634d05306b0751b0e9dd9a7

SHA1
1d43cb24068d42678245dac2ba9119322fd49631

SHA256
4f8eb04b3e281cf867551f88e7097815d705523a882d4bf2cec34750a31ce5b0

SHA512
481f9afe24f9b2a03a0ffb88b7c3ec03265075c0a69c3674372f36ee32017f38d402e74e933a5971b987d26ef3c2995175fd5dbc2e9bad60b6081e9bc0c319c5

Download Submit
/data/user/0/com.qitu.market/cache/WebView/Default/HTTP Cache/Code Cache/js/index

Filesize
48B

MD5
6d7d499960179766cd4261d12dacc411

SHA1
e6f8553b0015e12b23cc551afe98763f3b1c9bed

SHA256
c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

SHA512
6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

Download Submit
/data/user/0/com.qitu.market/cache/WebView/Default/HTTP Cache/Code Cache/js/index-dir/temp-index

Filesize
96B

MD5
aa7d2286a6d462cd77174ca0dcb99ac6

SHA1
dd5bfae79a74aa25c6166a1327a1af55316243c0

SHA256
e7ec05db922a4303b4ed03696e7631235595a604334feedc034fd9565796d77c

SHA512
ef9254196bd7aa89a19c6c1a3ed27feecbf4dbd9a8118e818280138c1080c194896d39bb7c47819240e4d6976cce0b5e42058747245c7ca47bdf00a5f5784529

Download Submit
/data/user/0/com.qitu.market/cache/WebView/Default/HTTP Cache/Code Cache/wasm/index

Filesize
48B

MD5
6d7d499960179766cd4261d12dacc411

SHA1
e6f8553b0015e12b23cc551afe98763f3b1c9bed

SHA256
c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

SHA512
6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

Download Submit
/data/user/0/com.qitu.market/cache/WebView/Default/HTTP Cache/Code Cache/wasm/index-dir/temp-index

Filesize
96B

MD5
738b74612a9a8a22de19cd90b16ae22d

SHA1
3c10b90158d5a4e5bf381eec6f9d7db70ed3fda1

SHA256
935e87495f0dcbe716c11d7196cedef23424400b133b463feeec9013d36700e4

SHA512
72d3f9be7fa063c04a52aa73e1c154d3b0df8867d8cfa5a733f7e9866f5312ad43ada0a96a0f1f2f2faff6bc003a7a2ba9e7498819ceab9515182a6bd41c0218

Download Submit
/data/user/0/com.qitu.market/cache/WebView/font_unique_name_table.pb

Filesize
57KB

MD5
f080fa2a56ab5479d58063e5ea871447

SHA1
4b3fd57a98916fa5784305b76ba30af26b5253d9

SHA256
0aa374bc456330fd1b5daf18d25b4bb8e2df1998dfa85466f2c31843ff56e815

SHA512
8aee3186a95b389d39882620b7c4199a29aa50580aa98a381b2931a934de6406943c89d4d00ebeabff21e2b03b4a4adcc01e37e32a2335c4838be24bdbf61936

Download Submit
/data/user/0/com.qitu.market/cache/uil-images/journal.tmp

Filesize
31B

MD5
8c92de9ce46d41a22f3b20f77404cc1d

SHA1
8671a6dca00edb72be47363a7071be65cf270373

SHA256
68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

SHA512
30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

Download Submit
/data/user/0/com.qitu.market/databases/download.db

Filesize
72KB

MD5
cebc684f40b4bfbfce75a3344f98cb4b

SHA1
e9f32e93b56fb02c5746846a7f5e4eed0fc7cd56

SHA256
56cc03a9608480a0ffc6aa9275a4c42fb740dc3fb6471b3a7eb62dd785cf6bcd

SHA512
347c4b334ae853bc68050d0f6cfa99a1ca624c22ca40be870f6df8d8d93be7cce71d19c6488b4ac5712836bce5007c497829da207f86cc8e66d786a63661de36

Download Submit
/data/user/0/com.qitu.market/databases/download.db-journal

Filesize
1KB

MD5
5bb134ab977a3483efcc1596951f0860

SHA1
e6c51e3543bedb4e4af8a1905c812c6927d7ed0f

SHA256
87a7682e54f568b15adb188fa49a3123086a20798d00510139e16db784392013

SHA512
750adc061ce36512abce46f8e04ab1c215b3c28e3254c405253244e128cd532f31b1d3d4b10797075e330f1b815fb5e67965aa10c41a29fef4956d2538c575a4

Download Submit
/data/user/0/com.qitu.market/files/libcuid.so

Filesize
109B

MD5
eefad3d9a4f64bda07032d237b9730f9

SHA1
53a89354530f33fd0668f0a8ffb70246f6c670f4

SHA256
5c4ebf35bb538948f913117aca91cb40a119efab3ca530ed521f2bc5c46f463a

SHA512
1a192ca78421cc1b940ab04b2b984917107d10d1c202710b44257ccbc7f1524aa7477e4a9a7bb5753242aba2b39fdad0331c182b6ba04d262712a5014b60f0c0

Download Submit
/data/user/0/com.qitu.market/shared_prefs/WebViewChromiumPrefs.xml

Filesize
127B

MD5
97ccd9a2b2063143df56b6937f961ca4

SHA1
5e78a91ae5df289ce83443cb7d5589dd3504fb5d

SHA256
248ff7928128015b1cfe3e6517c8f9b8c9511bfb8c8baf44fc1370640eac61fd

SHA512
86c05a5bb3d7eedea390664796966e9e5a5bf846c85808da54407788a76b3ee25b91428242a1e76d8765bfe51e1ba3636617fbab6e7dbb39fcc433e07c3fcd3b

Download Submit
/data/user/0/com.qitu.market/shared_prefs/qitu.xml

Filesize
115B

MD5
c982644d1bb901f7265b92a2bffaeba9

SHA1
99b4d0add311eb02ef369018763a5af3778ff119

SHA256
70113b13c4b1b2433688d66aa9aa5411d1c6ab5580a27f19e1a2fc8fb8e4f63d

SHA512
2c70c5eff3275db1f662d2229c6faaa53b5c614940d17e3bf706ed62e33ddb8ab2a195ce264c8f92f4fd86118cdd8a0840c89069e6dfc26359f55c634989f4bb

Download Submit
/data/user/0/com.qitu.market/shared_prefs/savemodel.xml

Filesize
142B

MD5
37d14d99ccb767d98368a1ff20600749

SHA1
ce06e3691d6543f3922c508bdd2cb73064e2377d

SHA256
ee0b30d13dcfd9ce9c4478ea66627cabc4d8199a49ef551b1a01470313bf6e70

SHA512
9e0c4eb67bd3e6d7ee1d6b4198065c34b07d9b00d49d354ff13787dc260a05f3b37556dc8a2d38fa22bacfba17578eed755968e913925553b9de6bc4051e9f59

Download Submit
/data/user/0/com.qitu.market/shared_prefs/setting.xml

Filesize
152B

MD5
890e3309ad9eff6c35e0e2f8ec2008d9

SHA1
57be86a77ee7be40c15f4342aa060fbfd6e4e9c2

SHA256
ed71e6d465b44c147c1e923df7a932df8318431ad473d951b1451de6ef02ca53

SHA512
5ac793fffb78f3b75074314017e177009b942205188479138bba031742a73ec4728f5b760497c5c1233cb24853a2f21a89bf517a9144c5b0a842a00e758ebbca

Download Submit
/storage/emulated/0/backups/.SystemConfig/.cuid2

Filesize
109B

MD5
eefad3d9a4f64bda07032d237b9730f9

SHA1
53a89354530f33fd0668f0a8ffb70246f6c670f4

SHA256
5c4ebf35bb538948f913117aca91cb40a119efab3ca530ed521f2bc5c46f463a

SHA512
1a192ca78421cc1b940ab04b2b984917107d10d1c202710b44257ccbc7f1524aa7477e4a9a7bb5753242aba2b39fdad0331c182b6ba04d262712a5014b60f0c0

Download Submit
/storage/emulated/0/backups/system/.confd

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/storage/emulated/0/backups/system/.confd-journal

Filesize
1KB

MD5
22f20118cbc437eb237384762aace76a

SHA1
7fa8c5a76102f228fefaffc753e45e3d4154c1b4

SHA256
4c19ea6c3c1f1dea6f38132538f9674f5b04c15d76ac02a92e3c71f5742d85a1

SHA512
579823cbbb59c8df55d546765f46b821da79daf24ed9a5a6f0959779d846f4f757cae5c5e4003f8f354496a49265c2424d3840778b9d627a47f34cf4ec7537c5

Download Submit
/storage/emulated/0/backups/system/.timestamp

Filesize
25B

MD5
d96bb317ad0d8872cd71f412f433a2a8

SHA1
2778fd5c431766e8f7550d37a12975a68a6cb58e

SHA256
03e81055d757f41b7dd0b453396af9b171ad5635afb5c9cb824234dc34c9702b

SHA512
593658bbdc2705d2420ed4e47f8457a3d294d406b8cb1760474c2ef118ee354bd71a1ba96eb374608e8bed15ad0b6e29e04ef6020de932b7044e45a8c23cfa0f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads