35e8c1d9e6aa566295c00b614f387d3193160f2b31e4820157e06f5636c55dea

Analysis

max time kernel
2864433s
max time network
160s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
23/12/2023, 14:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

35e8c1d9e6aa566295c00b614f387d3193160f2b31e4820157e06f5636c55dea.apk
Size

6.8MB
MD5

cd68544912731abbdc3f007f0b1c6e2b
SHA1

fcafce73380cd48d642082e35ab194ac96dc60ed
SHA256

35e8c1d9e6aa566295c00b614f387d3193160f2b31e4820157e06f5636c55dea
SHA512

34df8d20cb7c974219b34aa605a465c9a747eb970e5216a8a2d18a76c344d0b812afd49e700555e4692089e29e5cf9b1c791471284dee8b534349d0b29f41462
SSDEEP

98304:Gr761NF7mPgOA0bzmrxQuB7MmNnt1d/AYs/I09XfbCFXruTcECHD+/OxN566D6bA:GrsOtM2uxMGwJCFFZ+/jqguP9

Score

8^/10

Malware Config

Signatures

Requests cell location 2 IoCs

Uses Android APIs to to get current cell location.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.qihoo.appstore
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	com.qihoo.appstore

Checks known Qemu files. 6 IoCs

Checks for known Qemu files that exist on Android virtual device images.

ioc	Process
/system/bin/qemu-props	com.qihoo.daemon
/system/lib/libc_malloc_debug_qemu.so	com.qihoo.appstore
/sys/qemu_trace	com.qihoo.appstore
/system/bin/qemu-props	com.qihoo.appstore
/system/lib/libc_malloc_debug_qemu.so	com.qihoo.daemon
/sys/qemu_trace	com.qihoo.daemon

Loads dropped Dex/Jar 1 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.qihoo.appstore/files/sllak/opt/4250/finalcore.jar	4250	com.qihoo.appstore

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.qihoo.daemon

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data) 2 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.qihoo.appstore
Framework API call	javax.crypto.Cipher.doFinal	com.qihoo.daemon

com.qihoo.appstore
1⤵
- Requests cell location
- Checks known Qemu files.
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4250
- /system/bin/sh /system/bin/pm list packages
  2⤵
  PID:4693
- - cmd package list packages
    3⤵
    PID:4710
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
  2⤵
  PID:5308

com.qihoo.daemon
1⤵
- Checks known Qemu files.
- Acquires the wake lock
- Uses Crypto APIs (Might try to encrypt user data)
PID:4281
- /system/bin/sh
  2⤵
  PID:4467

com.qihoo.appstore:critical
1⤵
PID:4483

app_process32 / com.qihoo.appstore.rootcommand.persistent.CoreDaemon --nice-name=com.qihoo.appstore_CoreDaemon --daemon
1⤵
PID:4522

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.qihoo.appstore/databases/360appstoreInstallHistory.db

Filesize
28KB

MD5
2304dd698be3705c85ca097304ce7de2

SHA1
325882522ae26bc42927f6e46c489b93799aaab1

SHA256
740e5bd0953670bcc14c80bc032c828420f9460dd3ae0f165774c5ec71584e3a

SHA512
eaab8bda28fd30544fb9d413695cbfe42d3f2f184a77e6c73ec5fbad3621127a01b27f1a5675439a5314d2640ebbdf118f58bc90ae864a2923055ef9f10a31bf

Download Submit
/data/data/com.qihoo.appstore/databases/360appstoreInstallHistory.db

Filesize
28KB

MD5
04183d28d08d24a5b03704e8a44f1e0e

SHA1
3710a7d4f4a50e9a8a14d1cd312291d99fadf7ff

SHA256
cbcd94a175e1689d50dc1d42f20d9238dc71ff218539f8eab55da964e5190695

SHA512
817f91475b63f1e8feb1a11cf55f0409b6728bfe8db1b6fc6db63a7dbb091a144c607b2f339993d79b0a7ab338d02c9612af63296624a1ba1f6de03b96fc245d

Download Submit
/data/data/com.qihoo.appstore/databases/360appstoreInstallHistory.db-journal

Filesize
512B

MD5
5daef499eaa38f6a693c349a3e1d488d

SHA1
21b9edf3201ac49c9a08f090f5f1c99185514fb6

SHA256
b53d50f29dfc87c92351ccf212476a9689cc5fd0ca8b6c0eed0228d3a5d65e5a

SHA512
91f86c797cb0414a6e64af9c7c5618c110511efcb326b69dba5a1b832cb71ed45bc0c4a84ae714f736bae0773e97597df78aae6f576b7f112f0623d1f5d39fb1

Download Submit
/data/data/com.qihoo.appstore/databases/360appstoreInstallHistory.db-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.qihoo.appstore/databases/360appstoreInstallHistory.db-wal

Filesize
40KB

MD5
fd59b2d93f9627e14baf1cc28da9369f

SHA1
b81a6fe9a06daeaba154624a08160e46b1fdadd9

SHA256
efd90f277fe9ea20f34569fa471b5d5fdc62ca39c9e4af16b209ae90eca4647e

SHA512
6801f2d728ffc3a8cf75c998b8ae381d0d0b5fc0843ff38003de3407f3c3c13c1e2ee61e2a3d46cf45227b633b0eb1705223d9cade5c7c24413d1f14e0ff7cd8

Download Submit
/data/data/com.qihoo.appstore/databases/360appstoreInstallHistory.db-wal

Filesize
8KB

MD5
3ddf76b10a06720b06e8897e1e163c5a

SHA1
ebab0cfac3c8e75389851f306629c0501b2fe91c

SHA256
f918dbc7a8faca57a03a9b107ed80958e743720a0a595e3b982e08754cc7abd1

SHA512
a639f0426a23fa03120507d7600724a0a280ff2f11301a220bf7dff26df3d2fb5d68242f438a1a9233a093032f61fa78473c127b6286d4a77acdf6508c663b2b

Download Submit
/data/data/com.qihoo.appstore/databases/_ire-wal

Filesize
20KB

MD5
ae3c69ea517df3e6113aad1d551f60a6

SHA1
ffab5f98dc1965caf3881ce7bf1d8e51ef81e3a1

SHA256
95b9f3ebfe5c6b2551eceb9a2aac0821c0c2143d62ebce2fdd39b33565cc1a57

SHA512
ff498d752dd3453c458bb68767d756e12fa45d8b82863d73060ed9a3570a219b215eb4019c472561a2029f7228520b4c1491177484844b544c255cab24698302

Download Submit
/data/data/com.qihoo.appstore/databases/account.db-journal

Filesize
512B

MD5
f6ce52d58eb67212920c867fb6368986

SHA1
09a95d795f40fe82afcb0e035d7a8e89813109ce

SHA256
fbcf6bf074223c9fed3410092ee6ab5eb84b7e17a2df1920a1d3e70091d2e855

SHA512
d1d1e7aa44abe173513e96c8c1329bea2b4fcc55209ba57b1eb5d094f237947f9e955d0d910c6fd514924fe9da023d062cce87216db641c2c2e22fd2729f5075

Download Submit
/data/data/com.qihoo.appstore/databases/account.db-wal

Filesize
40KB

MD5
fde6489999bc4ef03706bc4065a4e234

SHA1
bd0d280e00f5879ecaf5c1c34e67419730767857

SHA256
1b8d6d8a758ff8d9f9c12223e64111a0e25f8be04064950c155a73505c107f5f

SHA512
1a82874227a8567d302274203a16121376c105fe195a033d806e56fb1fc912f2e9b9dad31d66154e86bbae728216b8c7445ea3fd4685a360d27edb4e36f0e0e8

Download Submit
/data/data/com.qihoo.appstore/databases/download5.db-journal

Filesize
512B

MD5
b11862851ca3088081ebd410071ca44c

SHA1
f6dc62792d94bb1e233bbce13e799a8f4e59b115

SHA256
5073912acf05dccd561d50495097b4cf3d62e39a790287dbcbab0045bacc6d3c

SHA512
12db40ca2fa8387209f812254f3a404f4da53a3af73bbeeb9174f100cb2906c678c7a554969f0ded623a5a42e732d6f49e26a97b5820730d4e83c5fe5cbc2346

Download Submit
/data/data/com.qihoo.appstore/databases/download5.db-wal

Filesize
16KB

MD5
e4a8d5f1ee0a462832a775bb4a8a3ebe

SHA1
62032997af296f54e1611d20a4eadb08fd0cc68c

SHA256
20b5f34893e5c7eb752e42823bc95ccf25423a5004903123f324df07a946a1ef

SHA512
da00637e8f3456055ea39784e496fbf8440128b68c45828bcd2eb4f7586d890141bf474d472db6d65ac26d47d957bd16937050a8037d8d8bd81771571bcfd50e

Download Submit
/data/data/com.qihoo.appstore/databases/filelist.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.qihoo.appstore/databases/filelist.db-journal

Filesize
512B

MD5
4a05b2ce426908cf99cb470a94b1cf61

SHA1
23c57fe174ff4f3b30371223bf1c3860e1ffe28a

SHA256
edb513df0d0b5601b2155e8da3fbe9119ad5f023312b3be06be35712e553f58e

SHA512
14131d7ced8241eb6c55305a733de7011714c899aeb9c131dcd1b9f0556b85aca67f0d232e097800171e0bae240c81ae33606bf667d4761cbbaa526ac4485b6a

Download Submit
/data/data/com.qihoo.appstore/databases/ignoreupdate_appinfo.db

Filesize
20KB

MD5
60e4cf217e77c56efd3707b603797c5b

SHA1
816247b4883d3adb30c4db39fda16d2288e27de0

SHA256
8e2b8343f703045fb8596dee1888f65fc66b64d10304a4a49fd4ad1f63bd67ea

SHA512
22a8cd2974663e8caa220177e7bc64aaf35735dc8abc3870a7e47ea86b02d8b06b041000e5505039b3116290aee67e9645ad2d9c26218749f5b5b2e332712af2

Download Submit
/data/data/com.qihoo.appstore/databases/ignoreupdate_appinfo.db-wal

Filesize
20KB

MD5
a995345336ed0475f78cd72413f475a7

SHA1
0a7d954f5b14d119489bab96843257eb9beb115f

SHA256
9687a0023118c7c89ce5f111e29d17883391f89b38332521a335907f58527e87

SHA512
16b331bee47e345d22e6efe53494226f26769d656a00326193c15dc5160364df670dd3be3693544ec09b036ea5224bfbee3679c04da123b11163903575dfccec

Download Submit
/data/data/com.qihoo.appstore/databases/ignoreupdate_appinfo.db-wal

Filesize
4KB

MD5
189e81c02c7a1e750d263f22e879f2aa

SHA1
1a31643203fc3ed3b3d0c02391307715776ba365

SHA256
fdc3ced89b2e736b0ec4619c10315defe24e10c3d2c77ba186bace40ac13bb80

SHA512
59e4f035b90f39b768a3b017ac1434a6982e2315da12204cb259df72ee2ee7f8c5a1cc4c3381213fa659262e2d1269e61a3e3d25bfae5722cd7d2d4118360809

Download Submit
/data/data/com.qihoo.appstore/databases/new_downloads.db

Filesize
12KB

MD5
3fe30614d7e0d11db870b4624f6c50e0

SHA1
053ff0fc621ab40f2afeddb3e7b4a73ee41ec533

SHA256
67c532f0324228dd33b445cd399c1426e3a0e0cdc7b9358c66b402c5d40a838d

SHA512
c7c09e97a408e88aacaf8099ad4d1fa604d58113393500a384eb3c2eb7c3c105af41314934b86eca2f088045cbab5a20d768bbb295448dc1ae6cb6c3f59821ae

Download Submit
/data/data/com.qihoo.appstore/databases/new_downloads.db-journal

Filesize
512B

MD5
46887e5388305e77bd0d4e1fc82fe8a7

SHA1
96693f202c134a8589887c905d6883bce675a411

SHA256
d82952cc11b364b6f61fc68160946ceccd5f8ddda1b71a8cd85786fad0af44f8

SHA512
d1784c5421dea04322b2e1e7eb8198bac5b490314c950c7be47fb3ece42fab99ac6c71b655b4774adc68843a8d8b7b5b487c664db42558d69cb3941792942fc6

Download Submit
/data/data/com.qihoo.appstore/databases/new_downloads.db-wal

Filesize
16KB

MD5
698abc64d9a4269e01ed2e6bbef04140

SHA1
652a582b60411ae0d70051f9941151bfc213b205

SHA256
1bb7afe8f84fbe2e25b0bc3ce876f6a85f3565fb66ae52139c16d3060246ee2a

SHA512
f2660899652bc332092ff0d8d4c9c069a1d9e8fda771d5e456194838934f1c293c033cf0597ed45de859c2afbe1870ca9490bd6f4a6c218fb6ef2aa94d35c835

Download Submit
/data/data/com.qihoo.appstore/databases/update_history.db-journal

Filesize
512B

MD5
5f4f9d3b86ba0f90cf70540b1c0b6a53

SHA1
6e3be8a5cd261db3a72c020da52b0b084ab4c78c

SHA256
0cececacea0d2359f3570e46b667b48b3bf9621c5e4287ec41cc4f4bceacb736

SHA512
95adb025bd51fbab3fc05404b0586ba94643b6751ebc4355fec037d4cb2bedd793c1a5cea9b63229fdaf8d01a9b6e2c0ea25857b24d564939f94003393cb0afc

Download Submit
/data/data/com.qihoo.appstore/files/360/sdk/persistence/backup/Y29tLnFpaG9vLmFwcHN0b3Jl

Filesize
77KB

MD5
63746ae87faf0ae36f17296dcbeb41d0

SHA1
233159677cc436874d9a5c00ba2a67f1bce5c211

SHA256
8a26b1dd476d3e93dd508065968f26fcd2c07a17c91eb51f7089a2c2937d9e03

SHA512
1b7c25e7a42adeaa39062aea8c2fdf9eaffc9537a8fc4c8a98dbdf7a089ba10f7288b6800ba3f810c58758ac2fba507783819584211dac2cbbd2a4c3623095f2

Download Submit
/data/data/com.qihoo.appstore/files/360/sdk/persistence/data/Y29tLnFpaG9vLmFwcHN0b3Jl

Filesize
516B

MD5
5e0ed985572ffe00dbbfb45718733afc

SHA1
8fe3548e94b3cba844929c739e189dd1a4bf1f2f

SHA256
17b52878b8782aee1dfbb39373d43a7fcaecabb4f86e862324a01a8a4704dcda

SHA512
a0729af944e438226cdaf31ce43bd0cfc1f89c37472e5489d7984c1195e314fb5ace50b16836c49b1d25a54604713969ca81d95b95cffb510797ac992839be15

Download Submit
/data/data/com.qihoo.appstore/files/360/sdk/persistence/data/Y29tLnFpaG9vLmFwcHN0b3Jl

Filesize
544B

MD5
8996d92841d9917b92627609b4c29611

SHA1
4576ebbd8292649f1c80c27983fd3ef30aee6c18

SHA256
9f2129acf3e95f006e4157778eb166ccbfda9e1ca5c91646aae7252951022695

SHA512
453a87caac6a72f500e9f9aa5281b827b48e4181dd073e6e4987516ca0013c1fbbe2a1b2ebdfaea676278e35f10d66f759c4741843bb9be126286698e3513c8d

Download Submit
/data/data/com.qihoo.appstore/files/360/sdk/persistence/data/Y29tLnFpaG9vLmFwcHN0b3Jl

Filesize
1013B

MD5
c8850a8a3749d794873c4744a988061e

SHA1
e067e42ccd7e79a89ba62e48edbecd49d523d96e

SHA256
9cc7dfe09aaa09a341391cc7a88e1712d80bb2851267df76d93c1ec1e4a26d83

SHA512
c67fbf7b20c5442ae2b89f8e98fd1270ce4449f78b913285a930631da63fe7bfc8ce286dec6a7afe02f0f3dde0ba150c6b243af2543f9ce56b59b8fdac793a0b

Download Submit
/data/data/com.qihoo.appstore/files/360/sdk/persistence/data/Y29tLnFpaG9vLmFwcHN0b3Jl

Filesize
1KB

MD5
5dbe896dfac713dd75ad343f4b3a27c9

SHA1
2ec5f9aff6b62bc4b02b14a1488ff177afba83fa

SHA256
c16c6076862f58684005d59b7420385b0f20e344998e4332a64093bcda5e80d8

SHA512
0178aa53a8f98f7120f5687d49475e20fae36d8adc7f32d06e2ad3d07f6a182ebcafebde7b3133b0ab5c6b08d2a38945dcfc9fef262298a22aba6292eff31edb

Download Submit
/data/data/com.qihoo.appstore/files/360/sdk/persistence/data/Y29tLnFpaG9vLmFwcHN0b3Jl

Filesize
1KB

MD5
527c7acdaeea66c3ea2cd6ea66f2df5c

SHA1
826d4e9afd89e82678f28bd29da860a221230eca

SHA256
65c12740619368cd90f64e22c0a581ca746ca9f533bce695d739b1656198b004

SHA512
13c38377a58401f7b388b955b6f89664a3903d7d26c74d863b8a503e4d3e654bbe35966d26a4ba340ddc704b45ef12d5c7461e3416acf5d9e52ddf91cdea3041

Download Submit
/data/data/com.qihoo.appstore/files/360/sdk/persistence/data/Y29tLnFpaG9vLmFwcHN0b3Jl

Filesize
1KB

MD5
4c63af5181bb8bc940376580841132d6

SHA1
00c4ac9500f516105973dbc7fb6a10933cfd7c32

SHA256
f8b337d673c8853a2239328946692abca82ba5cdca5063223df1cbd419e1d89c

SHA512
87348248b82cda8281a418ef13a4feb1d79332d0440e65f49e8bcf25ff860516e700d56596d27a4879ec7c6950b3dd00d6886b72cfeff8d5f9b0c2a1b3cb3960

Download Submit
/data/data/com.qihoo.appstore/files/sllak/logcache/log1703671346868

Filesize
2KB

MD5
81b6c7db787ea156b95dd7c3840ecc2d

SHA1
1bc0f4c43df7fd8c6f264b596644bede5e683c6a

SHA256
3bb8340f58a72ee2bcab415984ee08d2e8a4a164db2d4172885f71ac13e3eb2d

SHA512
6464621c9965cca49d491d84f6fd02ec374673028af0018210d02671959ce2784e17bf1a9c839d99db981dc7b9d4905042f0a88d78e05094c2ef2c55f2380dd1

Download Submit
/data/data/com.qihoo.appstore/files/sllak/logcache/log1703671347081

Filesize
596B

MD5
f627d1bb4eb2eb99ae977013d3b225ba

SHA1
03dcd4a072e0f6c933b99b2fb87111dee9856a2c

SHA256
f33a5e33f778fe5cfa35d1782a5ad13e0d7bca88c7f26ec0a036d4d12be94de4

SHA512
6e73395e55fc903c60e0be72a76960d41a862252c57fe780debebccf77c4ed602177d13c15c51ef6914f4287bb59be64ed714da43c4fe5d105fce7f1939d7b13

Download Submit
/data/data/com.qihoo.appstore/files/sllak/opt/4250/finalcore.jar

Filesize
77KB

MD5
c14c8a2f5d3a7c47eb2ca8c1b6e69adb

SHA1
4e57b3c0f34427aba8a5be40c2e9b627172a89c8

SHA256
7d7ada76ea057847b5c47ed0f16a6d0e52cdbebbbdb08c1a9519acf70a1a4107

SHA512
2be420b849c0fa84d3c594ab6bc85255eb54915e05aac5fd3d711e8dc93f484c5a2add2c662a858d4c2ce316a716c9e930122e9cb1047be7482c495242d766e4

Download Submit
/data/data/com.qihoo.appstore/files/sllak/opt/4250/finalcore.jar.tmp

Filesize
27KB

MD5
21a79a7fd77e6cc3775fbf2dd9b227fd

SHA1
86b80ed86755ff18bc9c2b8be637aeed74cd9249

SHA256
2e4f12aaa588312ede5faee76f1c9f4697377bced26ee28ff944673e0bff40da

SHA512
22b04f4cd1c001071d478cc2c1ca717d638c8f479262c4059a035ffa4302df14983f6772c2d47dd73b03d824ea311f40bf2729e2b4c2bfaa4e04522586f10d63

Download Submit
/data/data/com.qihoo.appstore/files/sllak/opt/4250/oat/finalcore.jar.cur.prof

Filesize
548B

MD5
d55f18fb12e5de44bed31ca0a140c1da

SHA1
501ad2fe53e9560ab45678dd35cab1bd0d874c24

SHA256
39b07854191192959aad1468c5a154cf8b8e7c8e7118f35352d8dee9dfeee1bf

SHA512
8209a8c32dd140551b34e9e368906f3af289d902ec44ee3e609927dc7863b8f2d7a49b3dd08f4ca68340443e70efff925e4230cd9b8d93eff042ef10ac9814d7

Download Submit
/data/data/com.qihoo.appstore/localApkInfo.json

Filesize
57KB

MD5
f9c3debbc36c060e1f5c42a0141e8bd5

SHA1
c5e360f5e6ccb7ad8a5d81bf14b830fbc86c03c8

SHA256
388bd54f5866c8cfe892a5230644ca789d56b06384b5d37e274a722cf4b8f079

SHA512
9ef30414cf21adec922da7885baceba886880916211b5f2de8d1610ca05e9ba9a294e518ea91260e14e22f3f6a3a0fc93251ac3e4338803c88303ca203d86284

Download Submit
/data/user/0/com.qihoo.appstore/files/sllak/opt/4250/finalcore.jar

Filesize
176KB

MD5
b667ca71e42bbeb899566c8834ed085e

SHA1
053a3f889e326efdfa0d3ae7e5b2655f0b7376d2

SHA256
536678202267f95d80480f15065e784d7ec609922a0963d935e9c5a4b0f62bef

SHA512
52255d3d7066d01bd47a9da788f86c707af14e7666a918737fa5ffb4bb003e97b28dd84a7cead3439ee39e10b568c97e80174a80bf776c7dd58335b06656f8f2

Download Submit
/storage/emulated/0/.sfp/.sfp

Filesize
83B

MD5
1c21361b3305c75a690b6b372793105f

SHA1
7e4e6611d49a164f37b3c39179ec8d7c9bb752db

SHA256
a9c426df3007b2a8196b607bfdbe8b4d2865a83f5164435a53266823d6582557

SHA512
9d44bd2cc541d30a49a63d05fabef09dc02b72402a7f34b0aab5268507ea7706892a8fc6b8017906a07b50f4f02bc84b7b386ded134f4b057a915189ee4a20a1

Download Submit