7b44d91b522dcbd1be99d526f2c68064c969e7585d2707c756d4a0a2f09b22d6

Analysis

max time kernel
2373616s
max time network
159s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
20-12-2023 01:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7b44d91b522dcbd1be99d526f2c68064c969e7585d2707c756d4a0a2f09b22d6.apk
Size

6.8MB
MD5

d2e6c0cbd4431fb01982db16d043dfce
SHA1

b33a9ec3915fd95ebfec45c29729f0e9c28fb74e
SHA256

7b44d91b522dcbd1be99d526f2c68064c969e7585d2707c756d4a0a2f09b22d6
SHA512

2ec35bb4e7b3c415a31224afc45b9ef1be46a070c2cb710e593241e269acfbb58fd0a55ae8f78cf3da2919cb01513f1594ca227ade58745a89267025a924821d
SSDEEP

98304:Gr761NF7mPgOA0bzmrxQuB7MmNnt1d/AYs/I09XfbCFXruTcECHD+/OxN566D6b6:GrsOtM2uxMGwJCFFZ+/jqguPn

Score

7^/10

Malware Config

Signatures

Checks known Qemu files. 3 IoCs

Checks for known Qemu files that exist on Android virtual device images.

ioc	Process
/system/lib/libc_malloc_debug_qemu.so	com.qihoo.daemon
/sys/qemu_trace	com.qihoo.daemon
/system/bin/qemu-props	com.qihoo.daemon

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.qihoo.daemon

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data) 2 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.qihoo.appstore
Framework API call	javax.crypto.Cipher.doFinal	com.qihoo.daemon

com.qihoo.appstore
1⤵
- Uses Crypto APIs (Might try to encrypt user data)
PID:4261
- /system/bin/ping -i 0.5 -s 56 -w 10 -c 10 221.130.199.88
  2⤵
  PID:4602
- /system/bin/ping -i 0.5 -s 56 -w 10 -c 10 221.130.199.88
  2⤵
  PID:4722
- /system/bin/ping -i 0.5 -s 56 -w 10 -c 10 221.130.199.88
  2⤵
  PID:4756
- /system/bin/ping -i 0.5 -s 56 -w 10 -c 10 221.130.199.88
  2⤵
  PID:4808

com.qihoo.daemon
1⤵
- Checks known Qemu files.
- Acquires the wake lock
- Uses Crypto APIs (Might try to encrypt user data)
PID:4291
- /system/bin/sh
  2⤵
  PID:4427

com.qihoo.appstore:critical
1⤵
PID:4447

app_process32 / com.qihoo.appstore.rootcommand.persistent.CoreDaemon --nice-name=com.qihoo.appstore_CoreDaemon --daemon
1⤵
PID:4490

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.qihoo.appstore/databases/_ire-journal

Filesize
512B

MD5
8d69f3419e24ba1b4a23de0218c81fa0

SHA1
26bc78c7e6b9e110108f1ee71cd012424af5b710

SHA256
eeefb6957e580920d817deaede3f3e1bb6a2f0db46536014dfd68f1c5589793b

SHA512
a2c04880bfa739fde206a10c1ad61755f26c812900b163c4c7100b56ea0865c1f9905f940cb7d602006afc7dda6125d1ad8ba8b373faec61875b66ac5579e152

Download Submit
/data/data/com.qihoo.appstore/databases/_ire-wal

Filesize
20KB

MD5
20b617151f33df43f471dbaea91b3ea5

SHA1
bbaf52cc41c2b0385e46ffe98096b1f770ce38a7

SHA256
73ef628cc2b667f04955299a3088dcff3e86dc1379e542a8d66821a83f8bad22

SHA512
011259ea4eaca067cf3c9cc3b9044c0ad822252d5ac5aaff15948d4268259f4198e9a31b9e7f6da3c8c1cfa1b63e3d0622819517fc0fd7e6ba6526fd213bcf81

Download Submit
/data/data/com.qihoo.appstore/databases/download5.db-journal

Filesize
512B

MD5
abc13049fc966be3189a60c725c759ba

SHA1
757f472c2507df6b01dfe05d11e763b1e4652e06

SHA256
965b036a9eab2712e482ef4efd69f01d85f210eb49cb006d119cbf1e1a8676d9

SHA512
369d42965dbfe33ddb29c60a61f20e618f816b88bb3b078fc8b00795b8b9e12db28b8ecb6a44c95c062fc81e6fd5190a4cf929932101e6a13c32491cf9b05749

Download Submit
/data/data/com.qihoo.appstore/databases/download5.db-wal

Filesize
16KB

MD5
39da9e30dcfce4ebcd58b0985ae22946

SHA1
cd19a0fa8beb4d9cfb5d39fcfe6110bd9bc079d5

SHA256
80710941e8d72fe61ebdab002a017017adcbdf4c2810de96e89ab71a698d99a8

SHA512
9014b0f0a76c750807aae1faeaa7942eeac4af24aa6a41528e5a0ca870bcc9fda50a6ed8535ad9cf3a448a5adbd1b7636bfd9d25baf1f6333e933af6163b0d05

Download Submit
/data/data/com.qihoo.appstore/databases/filelist.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.qihoo.appstore/databases/filelist.db-journal

Filesize
512B

MD5
f87092f3002134be7dfcca47befeefe7

SHA1
e5a4c973ae17b63b5fe16536ac479e1d3b5b09ec

SHA256
6e740463b92e7ba7acb867c3b68c8ed9eee41b6f273d6ad469bd4069ec5f9e9c

SHA512
4505820563b9396634cd658d0d9c7ca2ff16f6a6f39847fd0d6f4041fdda488c76bcfc868219ccac797fbab2c2c8a0d36fa2b1460a96e9cc84324256ff0b93df

Download Submit
/data/data/com.qihoo.appstore/databases/filelist.db-shm

Filesize
4KB

MD5
620f0b67a91f7f74151bc5be745b7110

SHA1
1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d

SHA256
ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7

SHA512
2d23913d3759ef01704a86b4bee3ac8a29002313ecc98a7424425a78170f219577822fd77e4ae96313547696ad7d5949b58e12d5063ef2ee063b595740a3a12d

Download Submit
/data/data/com.qihoo.appstore/databases/filelist.db-wal

Filesize
12KB

MD5
f378a06f8c8b089e1375d3e9c1df3ded

SHA1
1a9adccdb047280fc170cc8e6a5a8b6cb412b036

SHA256
a59add88798d563a6f00fcd684b606087379264aa53d8fb236a4f23c77982f5e

SHA512
03de26d6d038a7319422c88d3ae8e06d6042aa899801cf86b15a1ab4bc430d0cf6757f87d66ea5a1fb0d933cbd1e87083e5af49ff77d53a30594b944ea3b26da

Download Submit
/data/data/com.qihoo.appstore/databases/new_downloads.db-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.qihoo.appstore/databases/new_downloads.db-wal

Filesize
16KB

MD5
2d0703d2224097820bd5f39cd5c9be4d

SHA1
e5c36ec0ec2e6217fba5e385f104c5d0103d265d

SHA256
1cc2fd49eb70dcf320bcad74a3708135de49d248100303e48c95743abbd9c43c

SHA512
327135edb7a5c7d2fd6e1b3b7335f0e1278d309e087139fe26c4f4dd2f8232ad66f42987cb9b37701065e910b97610e888a29517c9145c6be51dd2786222e6e0

Download Submit
/data/data/com.qihoo.appstore/files/360/sdk/persistence/Y29tLnFpaG9vLmFwcHN0b3Jl

Filesize
1B

MD5
c81e728d9d4c2f636f067f89cc14862c

SHA1
da4b9237bacccdf19c0760cab7aec4a8359010b0

SHA256
d4735e3a265e16eee03f59718b9b5d03019c07d8b6c51f90da3a666eec13ab35

SHA512
40b244112641dd78dd4f93b6c9190dd46e0099194d5a44257b7efad6ef9ff4683da1eda0244448cb343aa688f5d3efd7314dafe580ac0bcbf115aeca9e8dc114

Download Submit
/data/data/com.qihoo.appstore/files/360/sdk/persistence/backup/Y29tLnFpaG9vLmFwcHN0b3Jl

Filesize
32KB

MD5
b660985f611d21f06a74de259e50ddc1

SHA1
a050ef7c89d88bd0ce4fb169b6f9b1c09e2b822f

SHA256
0fbc233399c9d762841b659c32380499ca26ed1f63c789e20c8418d33969589b

SHA512
5b159721991b16e5b5c64925c1f75a7df851ceced554b258c553e4c49a2198c4c6ada7df94c9d9a9ab5819e32e77cfe92e31d77d57d9523ffddfd6fb99219ab9

Download Submit
/data/data/com.qihoo.appstore/files/360/sdk/persistence/data/Y29tLnFpaG9vLmFwcHN0b3Jl

Filesize
4KB

MD5
ace956bd4b87b3a90a8b15aeffbdd751

SHA1
6877416ff6e04f16aae7ef52e264fd2a4cacb7e4

SHA256
208b01c6d879653fb1e977b38c566f3e29e3e8a81a9f2de032ace6af224d9db8

SHA512
9aa78645b35fffaf6a9cf5525cbba9fe1df84c0e9339022d78384f9b1ac172de92a8607010724f3501bcc5cfbc2ff7d6014a93f0742496f0eb5554e7dc505e2b

Download Submit
/data/data/com.qihoo.appstore/files/360/sdk/persistence/data/Y29tLnFpaG9vLmFwcHN0b3Jl

Filesize
512B

MD5
aeb552fd48fcb847c9fa96dec71e037a

SHA1
a78e5e3a9ee2177f3fa56fbcf0583457eae06816

SHA256
68e5174af5d244e79ceea862a3bec1b454b08ae8a5825c9141aebee323813bba

SHA512
d8b9ab2b697075e8658cbdc3f4153d7c647f0a736475243c834f58495dc0aaf7065159c837bcc10300a910c759b167e4c61ab6c38e28f3294d163502b09a2fb0

Download Submit
/data/data/com.qihoo.appstore/files/360/sdk/persistence/report/Y29tLnFpaG9vLmFwcHN0b3Jl

Filesize
77KB

MD5
553453cf91b490aabe195ea75ee2c825

SHA1
5be22feaef8cf2771b3659abf8f93a173b0af658

SHA256
9ffaaf83370e54533da2f8ff7f97e272b0ab5e5cb1a70af926e48908cef4d34d

SHA512
dc0f42bb687d2ff78c3b421c507c3c2473a0631d72a2f178136137495e1d6a2e73e388af797ae578bc9bb216aa6f1f4cf65ce46f20f5c10d59fde83316c995c7

Download Submit
/data/data/com.qihoo.appstore/files/sllak/opt/4261/finalcore.jar

Filesize
77KB

MD5
c14c8a2f5d3a7c47eb2ca8c1b6e69adb

SHA1
4e57b3c0f34427aba8a5be40c2e9b627172a89c8

SHA256
7d7ada76ea057847b5c47ed0f16a6d0e52cdbebbbdb08c1a9519acf70a1a4107

SHA512
2be420b849c0fa84d3c594ab6bc85255eb54915e05aac5fd3d711e8dc93f484c5a2add2c662a858d4c2ce316a716c9e930122e9cb1047be7482c495242d766e4

Download Submit
/data/data/com.qihoo.appstore/files/sllak/opt/4261/finalcore.jar.tmp

Filesize
73KB

MD5
ab06c7904c3e47d3cbe728cdb1915983

SHA1
f0213bd9dd942d6318c5521a0e7cff15869718fa

SHA256
cdbb16f97330c683401bfb51e8f359c6e638ce1bb73c0642742a33f7b3835ced

SHA512
a18402409510c39ba36ef02bec42dc702229a998b03ccf8c55098fdc46b62f2cc755ac5b805db283865b84f53423e181cfd0e5fbfb8cede876198ff656cdbf0b

Download Submit