2aa02046ad60d3d27b2e757da0c040e79fed56c20ba453623c4cda42b067fa24

Analysis

max time kernel
2836130s
max time network
152s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
23/12/2023, 14:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2aa02046ad60d3d27b2e757da0c040e79fed56c20ba453623c4cda42b067fa24.apk
Size

13.2MB
MD5

668d84a35e3b37ffcfb6883efca66e69
SHA1

27c2aed4be2952225c0d442247ee986774728b82
SHA256

2aa02046ad60d3d27b2e757da0c040e79fed56c20ba453623c4cda42b067fa24
SHA512

c3388ba84f0abfd99769e15b6f9a0c105f34163851f6a4749ba499d18a868d1f6c08edc3c819756ffcc27702ca01c4157d639b1b1d352d506512e21683127a79
SSDEEP

196608:f2C1OUXucn7Hyy+N/qFm4sdf7L8h495+8CFOxDSzY71OPdnBT1X5uUIUQD2d7alv:LhHyy5Ydf7R+8CYMU1OfFl5aJT

Score

7^/10

Malware Config

Signatures

Loads dropped Dex/Jar 10 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/data/net.qihoo.launcher.widget.clockweather/.jiagu/classes.dex	4258	net.qihoo.launcher.widget.clockweather
/data/data/net.qihoo.launcher.widget.clockweather/.jiagu/tmp.dex	4258	net.qihoo.launcher.widget.clockweather
/data/data/net.qihoo.launcher.widget.clockweather/.jiagu/tmp.dex	4287	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/net.qihoo.launcher.widget.clockweather/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/net.qihoo.launcher.widget.clockweather/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
/data/data/net.qihoo.launcher.widget.clockweather/.jiagu/tmp.dex	4258	net.qihoo.launcher.widget.clockweather
/data/data/net.qihoo.launcher.widget.clockweather/.jiagu/classes.dex	4317	net.qihoo.launcher.widget.clockweather.WeatherService
/data/data/net.qihoo.launcher.widget.clockweather/.jiagu/tmp.dex	4317	net.qihoo.launcher.widget.clockweather.WeatherService
/data/data/net.qihoo.launcher.widget.clockweather/.jiagu/tmp.dex	4317	net.qihoo.launcher.widget.clockweather.WeatherService
/data/data/net.qihoo.launcher.widget.clockweather/.jiagu/classes.dex	4441	net.qihoo.launcher.widget.clockweather:sphelper
/data/data/net.qihoo.launcher.widget.clockweather/.jiagu/tmp.dex	4441	net.qihoo.launcher.widget.clockweather:sphelper
/data/data/net.qihoo.launcher.widget.clockweather/.jiagu/tmp.dex	4441	net.qihoo.launcher.widget.clockweather:sphelper

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	net.qihoo.launcher.widget.clockweather.WeatherService

net.qihoo.launcher.widget.clockweather
1⤵
- Loads dropped Dex/Jar
PID:4258
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/net.qihoo.launcher.widget.clockweather/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/net.qihoo.launcher.widget.clockweather/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4287

net.qihoo.launcher.widget.clockweather.WeatherService
1⤵
- Loads dropped Dex/Jar
- Acquires the wake lock
PID:4317

net.qihoo.launcher.widget.clockweather:sphelper
1⤵
- Loads dropped Dex/Jar
PID:4441

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/net.qihoo.launcher.widget.clockweather/.jiagu/classes.dex

Filesize
4.2MB

MD5
2798dd5a07320b7fd72710a3278fe6c0

SHA1
27b4cf9ed38869a87d198bc09b5bfd0bcb860412

SHA256
6f0f734f5e944fbd2ba2cef895797f5326d8b76358123a9ea416eda932f65d43

SHA512
6fa2231de3433d3937129e7869a23536fb23e50ae2a136249000666a76d6eac8e39770b181e1da018ba302c10e975a8bdf1f56184e880de3c6e270c3267180d4

Download Submit
/data/data/net.qihoo.launcher.widget.clockweather/.jiagu/libjiagu.so

Filesize
475KB

MD5
5aea02f4e4c77fbf2e7a27f7ca9cc06b

SHA1
522db1748608e9173547b29b7aa82ddc3542c534

SHA256
5a1c513b347e2a929769e2be67552c1d591704f08f7b5590282b66cc2c7d7bd2

SHA512
5c979a11f5e896829db906f533756efc1cf3c5a7e35ecc9e376a0aae818f2dada013441649feac2e188bd51affbbf35156e32fdc6552e185bddbc547f3850316

Download Submit
/data/data/net.qihoo.launcher.widget.clockweather/.jiagu/tmp.dex

Filesize
284B

MD5
f1771b68f5f9b168b79ff59ae2daabe4

SHA1
0df6a835559f5c99670214a12700e7d8c28e5a42

SHA256
9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

SHA512
dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

Download Submit
/data/data/net.qihoo.launcher.widget.clockweather/databases/alarms.db-wal

Filesize
28KB

MD5
2c7b12cd3301d01fcc4370a073a6f14e

SHA1
338a9a3327ec15fffa9f174ffcb2725f28e47884

SHA256
c30f87e8da5e183cb64996219b7077bf57f0c9390318276d5c4bd4283cdc4e57

SHA512
c1a2808f84a91b1331cfec82b427dc296291874dbfcc7b729bd8721bc8b9cb17233ddb9bedbba597d42101cd38758bae4243dca5f8a6fb323462fd62fa2c8d28

Download Submit
/data/data/net.qihoo.launcher.widget.clockweather/databases/qihooweather.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/net.qihoo.launcher.widget.clockweather/databases/qihooweather.db-journal

Filesize
512B

MD5
f9e24ad489fad4365d3add70bc96ff34

SHA1
74074fbf177b148a932a8a0764886025b2e9530b

SHA256
f7a65d4bc6d20cc5a67790b52a153ab91a28bdfa8c4340630b506c950b788136

SHA512
b0c78e2d9dabab4b84c1ee87bce48927963b11af49909e2f4eb070ece1abd3d62f53d0981579fd7f48a402d95b6395dd456aeb01c8979c47f3cb914922ad539d

Download Submit
/data/data/net.qihoo.launcher.widget.clockweather/databases/qihooweather.db-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/net.qihoo.launcher.widget.clockweather/databases/qihooweather.db-wal

Filesize
16KB

MD5
518bbd291690823f5ce48b79c38692c8

SHA1
0d3bf4c38c316fc82031a75a3991709bd16a8dae

SHA256
22f9f071262782211d66da0c9379dbac5d391c18aca28143e1e311e5494256e4

SHA512
eaedb1c6e28afec54b3144998b2007de46578e04659c6837ef9c1167a81bad3937585d53e7d93283449b2da2f7e0c8db674aee567f0e4424211c8dc927f94f11

Download Submit
/data/data/net.qihoo.launcher.widget.clockweather/files/.jglogs/.jg.ac

Filesize
32B

MD5
3bea82ef8392f517867d2c633c10ae1c

SHA1
29cf9bd6d2649bcacc804dba6e231be6f8f03a62

SHA256
54e8b55a9082ebb54bc644b54c1efb66f9453e76c71a88bcf7a99e21d109fbf6

SHA512
5fb2c7fef95aeb8a6910ab681f86c71aeb974aff2ec87240186a9610dec074dd8f3ca5b3118d775564ebc89e601d14e0f3c70bb98ac7f12549e55f8e3a4adcd5

Download Submit
/data/data/net.qihoo.launcher.widget.clockweather/files/.jglogs/.jg.ic

Filesize
32B

MD5
356fd27fc93822104cdce0743d7ab71a

SHA1
218c0fa3f181246b9f225527b7b8c08ec4addc0f

SHA256
be2e7b401372cd8d61a8c2fec99cfaa5539ca58063dbcf857399b6832ea55cc0

SHA512
3dd7e24839f19efd65eef2ab56b3781109005b31517e796c25c00d8e81f3627663a7ef5fd9f3ec739f0c65c8d00c286676ec1fdff4a658a7a2cf1944c30dd5f5

Download Submit
/data/data/net.qihoo.launcher.widget.clockweather/files/.jglogs/.jg.rd

Filesize
73B

MD5
16cb14056744678445d2c684ea981e8c

SHA1
69788c88e01855803f13580622c2a0cc421042ff

SHA256
8139d199c87578cf669627f23ef2078093a2c5d4b492c0f56b7d2fe741259d59

SHA512
229a818e324c40a94760e9473077b0e93c3552fce2b3fc7daadff4ea5a938ed6a3d685623add96c0522cdf222c3bb762dea0a25cef5789ddf3efcc166355de02

Download Submit
/data/data/net.qihoo.launcher.widget.clockweather/files/.jglogs/.jg.ri

Filesize
307B

MD5
bad18874078d8d3c799aff1816f44f03

SHA1
544c9c306d3b2e2ade257b389a89be7ec66f7463

SHA256
c31904f721510d0d0b38b0fea88f946ad59140bcad9129bcffab6d1cb5cbcec9

SHA512
68ac3dd6c5a345848f2119e1fece3988b954678f3164c05822fcbea1ac2d3ce1825e9ed9915319410fdc4e0dcc354fcaf27f4f4d422766e5d6b8790fc3ca5865

Download Submit
/data/data/net.qihoo.launcher.widget.clockweather/files/.jglogs/.jg.ri

Filesize
314B

MD5
7762c6bd8e4a004e0c1a96e953e6a7b9

SHA1
00141241528c6d8457dab542f019255f40c1fb79

SHA256
4a349bfc818d420f0dd57dd4114521efec031253e358de24dbb38873646f7e19

SHA512
61bef634de10829a6b7a40a4f01abaaa73e6b0eb0c8be1d5eea184eb0938ca0b10de31f1352d0bb9793c6c61c66d19e5298a93e8c77c29c29ee900aeb2ce1810

Download Submit
/data/data/net.qihoo.launcher.widget.clockweather/files/.jglogs/.jg.store.report_pid

Filesize
32B

MD5
9f7c42d20a0958726a98ce3db65e66af

SHA1
5a5382e9983a1236848f7f27c20fdc09e98b054d

SHA256
ffc17fd7aa78815e688b48fc1659b2296c449399d37b127e90cd1e959a0d7162

SHA512
69cf9b18fa43a6541533f557d2fa757af7c108d05ae5bc8e59acc23254bb91afa8536eea810bdbaf659748000303f2461d26ac658df74fcfc275c1147d2ef3a5

Download Submit
/data/data/net.qihoo.launcher.widget.clockweather/files/.jiagu.lock

Filesize
27B

MD5
27225e87eb4a75089ba9558372addb24

SHA1
7a69697cb4c206a6d52609d9c55a2a9906e8e449

SHA256
4084161ccef82788369f103580c3e8c2191501c0c2df3acfd28a5442d8e9abac

SHA512
af04f2b40e3c9ebfd6e892cc7cec35303a59cbba43a81140364311be7b9f688e6cd43a8cb1a647a941937e107df4d90a3a4fe0eda1b0b5afb58b5ae8ea20df15

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads