8229ee75f48de348d71c41e42fdb150a69b86915e1c768dcb277a71f0afe6be5

Analysis

max time kernel
2408685s
max time network
160s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
20/12/2023, 03:55

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

8229ee75f48de348d71c41e42fdb150a69b86915e1c768dcb277a71f0afe6be5.apk
Size

19.8MB
MD5

ebdb39f087ac10df8847aeb201fb770b
SHA1

392c1ac685da0508c6d1d61da0e5084db90e8ed5
SHA256

8229ee75f48de348d71c41e42fdb150a69b86915e1c768dcb277a71f0afe6be5
SHA512

cb4658c34caf0516759b8fa712997b295429b99154afa5f26fddbb79df2e40a3468827452bde5225a263df9c37fc87345c6a9cb5fad66a3dc589a6ae9457bd42
SSDEEP

393216:e8n2Ji6oWLGhuvWsGorIhpDnQTkfZ9LQuzVeGIsgL6RSrqXBmwSyFy:XX6oWLdWiunXfZlL4t6YR/yFy

Score

7^/10

Malware Config

Signatures

Loads dropped Dex/Jar 1 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.video.newqu/app_e_qq_com_plugin/gdt_plugin.jar	4266	com.video.newqu

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data) 2 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.video.newqu
Framework API call	javax.crypto.Cipher.doFinal	com.video.newqu:xinqu_process

com.video.newqu
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4266
- /system/bin/sh -c getprop
  2⤵
  PID:4470
- getprop
  2⤵
  PID:4470

com.video.newqu:xinqu_process
1⤵
- Uses Crypto APIs (Might try to encrypt user data)
PID:4307

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.video.newqu/app_crashrecord/1002

Filesize
225B

MD5
1f0082f43922436f28fd895b6e3652fb

SHA1
44af364ef6a5aebb6ff4f850c537f7306c1ac166

SHA256
1bf5f25b8d479d3b5a45d389f3d870d0b6a47df3a82be9a703378c6179b69248

SHA512
7eea255724605454aa6cc1e82b938ba846df9e42ef275618b1002b248a6662da2b57909f97369b7a24da9915ba97da4579a4b25cf295cf7dea0734fdc7b1bfd6

Download Submit
/data/data/com.video.newqu/app_crashrecord/1004

Filesize
225B

MD5
9a80728a530cf443249d20222b9a3d64

SHA1
5f99cced76e614410b982e88d28f73c8c105e4a7

SHA256
ddd00186cd29d638a456bb8d34970fd4511fd7f3c80273c548215d8b395dbee1

SHA512
6cb2fcfeccdb1b60d5a433d34e8df1c1a050d880acb82eef5fd2cf0cf8ccfce66703ad059a5d4e30e309c2b5b5077d2135f18f311cb88abfff37fa0530eb6d44

Download Submit
/data/data/com.video.newqu/app_crashrecord/1004

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/data/data/com.video.newqu/app_e_qq_com_plugin/gdt_plugin.jar

Filesize
241KB

MD5
b95166c2f63e536b6fc4b5b811444dec

SHA1
45fc74323bb2e66f4c2a493b65b70e0de2aeb77c

SHA256
2f92b98f55c7d4417dff3fc2af9245c66aad3ab8be65177954ed7a4f13bae20d

SHA512
65eb813d39270d83e6d43956ec139f04779dbea58e517da1727a0f4fad9de32bb4cd49bed1dc1fec31b95a95b1c653c22b327aa38cba1645330c9d256d94c087

Download Submit
/data/data/com.video.newqu/app_e_qq_com_plugin/gdt_plugin.jar.sig

Filesize
180B

MD5
d76981bb850c22bf261d52dd424dd3a5

SHA1
d2b52e926d51927588c2b426836587e63fe68597

SHA256
70ae375f7ebea59b98fc436ff2587d4784dcd83d7e4c94fd059afb49962fa250

SHA512
a3379600f571a7e69cd8b640dcb172f7f0ca0de56ebd4256f65735d2f6053504e02d7756e0ee568489665274c8aa3756d8fb438fea9505d9137dc1216d9874a4

Download Submit
/data/data/com.video.newqu/app_e_qq_com_plugin/oat/gdt_plugin.jar.cur.prof

Filesize
250B

MD5
4f660cfc55d1524735a7f6a6c64eb6b6

SHA1
c6eb81a14ec687489d67849edb65876ff8bd2562

SHA256
db053e2500b6498dc1f17cbba490f42ee4a2e415312bd68ac6a2622e3962ec14

SHA512
4240f3480bc707f79043c324c632cd54ca68320c7cabfdaac0856383bd3ad31a1748d7ca30e27e82e5cf43b1baf3ba33b4c1f80f902062a9928e450dfe284085

Download Submit
/data/data/com.video.newqu/app_e_qq_com_plugin/update_lc

Filesize
4B

MD5
dce7c4174ce9323904a934a486c41288

SHA1
e117797422d35ce52f036963c7e9603e9955b5c7

SHA256
0c030586945fe504b604ecc2e875c38ede400cd5cd73da9730302162e6b02c6f

SHA512
d570ab6a8f4a7b54d426b0481219074b5277ace37d88438d87ab97eb387938eca1cf7b09fa42d596c56ada860710d2a7385d2a96e1cedff58ad6ed8900f1b143

Download Submit
/data/data/com.video.newqu/databases/.ua/ua.db

Filesize
32KB

MD5
d604a3bf1f8d992cc320ea5b1f7609bd

SHA1
247f88df0b55c7d523ea5398637711a0e4a483a4

SHA256
329940b4d46326d58e73c842dd099704061d0ef7338777bf31ad895f29013c17

SHA512
67e28f6713cb5c238a9664df128f01a89a2efb7c8c9330c1e45bc0d40ebab81fa20df5166743d84d81dc0386a89ff0329f022281c098339baa2e851ff0a1e1ab

Download Submit
/data/data/com.video.newqu/databases/.ua/ua.db-journal

Filesize
512B

MD5
a581dafdcd12e7e3c2f4824f148e6563

SHA1
4a8d92bfc685f877e136755744cfef28181743bb

SHA256
3489363f0b826fe78f959b27a758a933ac0015292320990fd74711b3fd16fe51

SHA512
784fd0b072b4048c3692973669a40347c7b26ae41fc76ffb1547a3bfb5169dc1be2cd5c7e426a4c6d009a9491b54d0e88af65033cce54ec495581aa41bba34de

Download Submit
/data/data/com.video.newqu/databases/.ua/ua.db-wal

Filesize
44KB

MD5
3d4e92d81ea3032cb42fd43b15968015

SHA1
cb25f5efd5ad0a27c08eae97e1b9ea12dbd8c837

SHA256
3e1d0051621f3667adb072c6d20884862dae76e37611caf36299ee21a2093f4d

SHA512
fb9c361f53f694fd5739de7b289f69d1a3167102a2833dd36adbc0402e063485dca0a1ad2ef13d77ffafa19046480a84a2fb8d1a0801ff90e2d7ab7094b72a66

Download Submit
/data/data/com.video.newqu/databases/.ua/ua.db-wal

Filesize
8KB

MD5
dc441a00aea1c0739038995364010ca4

SHA1
d64b96666718bbe4316d9edd164c66e1bff7bb2a

SHA256
69256a4013130afd69cdab96897a51828dc38e40341cdec1534f109974a1db4e

SHA512
e9320dc5eacb02626d23b4e60c9c048ba3e1782e30a717266c167c6cdf0eee9ac50b1bfce2fbe81a9411508c9187e73335af1812198d56667a67a612a8bec57f

Download Submit
/data/data/com.video.newqu/databases/ThrowalbeLog.db-journal

Filesize
512B

MD5
6126661a3ed765315e94867e598bb2c5

SHA1
1436d29de4c4c05717fe4dfca6a9291f9076f582

SHA256
d657136c900b5735c36cc2cdd23c94312d5ffc26102a842a0da6c0d609ca6caa

SHA512
e8300ed857e463d30e2338b7d197035fcd7d06d10784fea40afab2ce0a5bfdad07424d220d76262893a15f90228e70a7934343dd8b54953d5d1818b39f3895b8

Download Submit
/data/data/com.video.newqu/databases/ThrowalbeLog.db-wal

Filesize
32KB

MD5
48eca2fb74631c7a1b087a27cf90af67

SHA1
76e7aa109f9f643c591b1c52c9a1212b9af874ea

SHA256
e3507d565b941c50b593487f308985e4e500031f3893ba9f50eda28babf29842

SHA512
63e6e63d2963f9df3886a2efe7b048e6f9e1d6421180289d4b89075433f5d0a11f518cb44a72c4b045530fdd2aebdfab18d9d84c38c3cc06ef473f6d0e82b77c

Download Submit
/data/data/com.video.newqu/databases/bugly_db_-journal

Filesize
512B

MD5
5c7856e16b910c82d7d4acbec416e7ed

SHA1
df4f68e4f788726fa3d94a4452edcb76ae61636d

SHA256
0090618702c99a120d64318c967308f23809a08c3aca5f4af25525b5048c9db3

SHA512
7035c1d991a3d8e2eeb7f3384a74a8537b51f54dcceab8ed35f83b54217d9556a6c8743a6861e8a2db7bcebef69ecb9feff8283dce63253f37e0e8aa1a9f4981

Download Submit
/data/data/com.video.newqu/databases/bugly_db_-wal

Filesize
16KB

MD5
4ab9a6ebdffbf6cab3b45aef232066ab

SHA1
04245fe330c75d376f57d14ebaafa6e424dace91

SHA256
2c449547b45b35dae296f545cba30bdc3fc49cb7612aa9a531f1584d9900deb9

SHA512
50c79dd5b21486fa8f31a3dc7b84a15550aa9df403ddfe49681d38c7d8d4cf008ada0b9dbf46c44f60dcea2b917058818e33de437b0b2cd0ea7cdd01e70bc78c

Download Submit
/data/data/com.video.newqu/databases/cc/cc.db-journal

Filesize
512B

MD5
3088a1540b6a961431ebfd9fd7688031

SHA1
273ded3a1d665a92554db786c568bcc9de2acbfe

SHA256
4812791b3a55184ebf0d9e72c473fd3fe2144e2531828fa9a9e070deb526ed27

SHA512
6364e296561d53c91d7b84222f26533895bcd39e4408580214cef9c6beac06eebd85c3ad93c53c49b0f602d0a3228f252655c42750143796a5ca0279881dda84

Download Submit
/data/data/com.video.newqu/databases/cc/cc.db-wal

Filesize
48KB

MD5
0527f3ded0b1d9974a5188457abb6285

SHA1
451bfaead50c7235d2fdf7e7faa995252f253d76

SHA256
e467aa6a3ccde411fa11f2640edea8773ba5955edfdb305e2f8cc72b69b3d864

SHA512
97736558e3d418c83bbe49b11956f53fc4f5fca37a251c9f3eabf7740e501cd93fa16234ff481d5a0deb93e53b098d71ffe9ded7dd28cea40a2b1c3d161cd42b

Download Submit
/data/data/com.video.newqu/databases/cc/cc.db-wal

Filesize
8KB

MD5
5b807cb61abd1922748c384c861d4a02

SHA1
ac514c79c3057d9376cc11f9194364b2ae04e2a8

SHA256
6a9c3e1b6f99d553f23bf21a15ec6597df797b11204faca4d7d2fdc15fce4cd9

SHA512
c0047b2394bf06f837e99ff390d11a6ab49f3d2b9b4e5735741dd842a86743a62be64dd667cbb8a191f45a4efa3536584e91e73e3765cb7d7a084f1bf0d9df73

Download Submit
/data/data/com.video.newqu/databases/xinqu_data.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.video.newqu/databases/xinqu_data.db-journal

Filesize
512B

MD5
efed2c7eac535a008316071b6d03509b

SHA1
be17010acb4a6359fe58e28fded616b36196e2e8

SHA256
4808321df4a03a5cd8e19777b370dbe0e3becb22c0e25398a68ed334ceed4777

SHA512
d014edd4ad7e19afbced1791da02dae913adfb0b8f7bd57a35d3d05e3f6783a6ac49fd2823414aa513aa4558acfc4408f94f057f20299d5950d5e0aa52fe38d2

Download Submit
/data/data/com.video.newqu/databases/xinqu_data.db-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.video.newqu/databases/xinqu_data.db-wal

Filesize
56KB

MD5
adbb6366a0a11f59ba01efcb0cda15df

SHA1
5eb8c52e39e8abb454a9151ff6f431308e0555ac

SHA256
cbc53afba3eb904e96454a41ba6b99066a89552e0deeb2df7b12e7c80861c5b0

SHA512
1994e177a7f22f6032f7b5e35b08850ff7efd8eb3e22130051c7f82d3be5b4fd2b36a6f04d79358566ce3695f9ecc36552a34f347dcb09b8fc33afe8cd4dd9c9

Download Submit
/data/data/com.video.newqu/files/.um/um_cache_1703215734819.env

Filesize
1KB

MD5
03da80514efb5e5937c1ae4c2163895b

SHA1
2cbf13702f3449cb96c2d20e136acc244bea7b96

SHA256
347d4140b752322984bd08cebe8529b5230971f427f98b97c41adf9947685151

SHA512
9cb06c53315b17e1abacf83bb1711a4a8c819bc194f9938f5caa0b43b989af7f75c1b2263160135a2ac877f99bd996a14f823429422457e2cccd7a99be33a4e0

Download Submit
/data/data/com.video.newqu/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
19ca6a69a9d2976ae483b51de3bebe75

SHA1
fd86aacd70ff4b20dc3b234f4912ee7390d01db5

SHA256
c97c3fa8434415578a5774907f12d89a5e9a1be8eddddee4361128cf64fa9d8d

SHA512
19990ad1a5feb59f3bdf37d7feee1d4e43f20226b7ce59bb67598a531a6278d0ad145b1b7e428a0e5e10f676107f72d84364667e959e00b6c307f746e619c5ef

Download Submit
/data/data/com.video.newqu/files/exid.dat

Filesize
61B

MD5
985d92c46fe4d792f296c38029bb02b2

SHA1
bae1329c174ff4a796572198aa86c8f032b6030c

SHA256
5d23553bdd8c785a156f89e208276dacb8dea58668a54c6d205491f369171458

SHA512
9a12fb75a777042de3c26a7e08e502112dcbdb74fdfcda0cda0218c074360930e938a4c0dd8c4b21e733756038ab597c6117491dcb6e7acaf78dd4aa8fafc406

Download Submit
/data/data/com.video.newqu/files/gdt_database/GDTSDK.db

Filesize
24KB

MD5
755d1d1b0599d7be973031b5a9ed3373

SHA1
3b13cffb97005729fc20cd9b9a8547e0fa32632d

SHA256
90bc14445f887f7dbff548bdcc44145362d7fd20cc8ad8568b4d5c9372ee9b46

SHA512
afbd3a1c76a41015b2d4523d1c08dc14a3a75dfea3a5082b5e0552d750a498fd316bc98055b9f0ad2992f28b820ef15254461fb5df4cd6c21573a96f17b24ae2

Download Submit
/data/data/com.video.newqu/files/gdt_database/GDTSDK.db-journal

Filesize
512B

MD5
0996e8c7aa8d8d122b9522454755bd7c

SHA1
c27777531d81791b47a1f90d0721d9651fc28b32

SHA256
4dfecfcfbee144748f3e5d3f146742a82b349dba7ca48977472d37f210d1a106

SHA512
509db7af5cb116c1bbb8211020dbae76d44dc9fd0064f78d8766a42320909c2aaa2e666e6b6d9dea939688a79d4e8bcd4a5b7353826134bca1ba477a66e9cd74

Download Submit
/data/data/com.video.newqu/files/gdt_database/GDTSDK.db-wal

Filesize
36KB

MD5
9a292d6d19fd972a8e863e702a6e7893

SHA1
ad9c700eab806e56dd23ce2f71d204563b13b4cf

SHA256
5b76eba4f67114c819d35a1c8dda6099e1d2af44b4c2d247f61e03aab3139565

SHA512
2e89f61ade2a5976e9776cd3c184e7e9ac661690f6937fba986deffc44881f8f7a61bc65aecc9f0aadb7b4cc24d9ee7817e86b1d30f12c189024a08fc05671e4

Download Submit
/data/data/com.video.newqu/files/jpush_stat_cache.json

Filesize
137B

MD5
78ff0985df3ada460b4d408923c69cd4

SHA1
538b94b49283054e2567da452deeb8745770f4e7

SHA256
7a288796c2ff2ae9c7be75a5e90698b6a161d2d67e19addce75b307c31b5ee70

SHA512
8245ac3467918d136a65db2839f33c9b228b8c04576de15561fc891bbc771cca93d1e20fee2e81a45185bb7ca1b00f4ba0e80a97b35adf8c5af850813b9bf63c

Download Submit
/data/data/com.video.newqu/files/umeng_it.cache

Filesize
498B

MD5
5a21c906a910b923a229d65c91b46bc5

SHA1
31487c6e0595aa860aeeffed22da5572c8924fdf

SHA256
69234713e99a8a92c1c1cfeeb41cb4eb8e134780fea07c3ec526535add81d2bb

SHA512
43b28cf628b40747d4e89e1f62ca133c403e6940cc439e9b1b241f20a358127546cc1a53416cec9b787ed5c2c9202710806e090c42d61d7cd385adaa34d2d984

Download Submit
/data/user/0/com.video.newqu/app_e_qq_com_plugin/gdt_plugin.jar

Filesize
561KB

MD5
0b5784570f9310b17137d6541b329ec1

SHA1
6d5f66ef2c8da7aa69644020011bdda95ee1676b

SHA256
96451b883d3234465a050ae836f23469de5cc555252c82d5970e1bfe10d3b83f

SHA512
e826e7bbc5dc7f362ead69ea39d8846574a1c578110138ee5769a96842880fabd1f4f19f3fcfcc6de0f775956761f3c651b2a970427b7a048a02b5d0deb19f75

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
111B

MD5
c4dbc770c1deb12b246e602c5f460461

SHA1
aa6938354265a42d0cf0af5aef4a287d07af0a55

SHA256
6bbe55cf903cb9e0e7f6c33081857ed20e7ab9b5a4abdd047b3a26d119a65429

SHA512
17aa5f7dc18d8832e56b62edc8c6b747600c31cbe0d505184144420b0d3fba107e6c269f31cbc94592785adf0153086a76e112d2fbd887dbcaa0168d8e38d9cd

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
111B

MD5
76ee3620291ad91aad9ca3ed00deb4b9

SHA1
bf436931d3f46cec749d1337b28f206d70fd7ee9

SHA256
ebba290decf6ed41bdc82232eab924d1a41e96d9755aeedcfe3f1adc37e1e585

SHA512
64027432d279cad9e5066f6b4cf369609418aea06b12874dfc87f15657b539646d0fece90236ec269e09001c8317f18ebf6899dc42c23ef6c0cfb62917e4e2d8

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
381B

MD5
6518a0100c71e5239cec846abbe10b36

SHA1
613ed5f9374d8ea0aa7c20db7bae26225f2f476f

SHA256
6b8580cec9116aeef34e48b5af539693197498fa9f7556089e589736cbe316e7

SHA512
f3393ac847636b4b0cfe9323dc293a11f1d9046118b8218edc0112ea51115ce907565aa30ffd15444984dbbab4edf61698bc47e11e0b978f6b111bccf991bdb2

Download Submit
/storage/emulated/0/Android/data/.mn_410185822

Filesize
82B

MD5
e8be01a3d651b9f955cbb28d7fe2f623

SHA1
04010f8b539c2e98c8d7b7752e9879547aa9dc0f

SHA256
97f36bba6fac1a853fc47a62ed426b46325a58a209d20a7c232641ffba4e44f4

SHA512
19eb61bf037bcc667e6a19773beee13011faffc9a5f8efffebddeb5e27e017bc47f26e143de5e9f471668bdd9eb445fb85afda410b065f0d3ae323169ba4b34f

Download Submit
/storage/emulated/0/Mob/comm/.di

Filesize
57B

MD5
70a42cba408700f9a6c01c7941a8829e

SHA1
eab01cc2c0671538795fb0b1146017dc099d0984

SHA256
499576707ce2623293166979e59c832be5b8636c64ad39aa63ebcf961910c35f

SHA512
8900d4dc8eed0430babbacb72942401bd22ef7fe5430cad90d3ce0c2c53010220d666aa0e2eb1026f3ec81d574c7fa12585b49222a5f15b01637f6ba134fe70c

Download Submit
/storage/emulated/0/data/.push_deviceid

Filesize
32B

MD5
88ea01ab4bee98443cfbfb80f71b99a0

SHA1
975456a1fa2f2bbcaaa1ec165dfb4104f8ce041c

SHA256
24f2f13a07c32328177b081e08fe03f6c6ea22e4b2c53fde5a17e602999dde50

SHA512
fc50051bdf80a76490d1d8e90791a95a9fa676ff222c00787f93d832bf60bc94bbcb19baf7c3019f7a1645bbde9bbe43b0134a4d23cb616f3b680a2a1e4b14b0

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads