2ec2f2fae56cf5f412c860a3bd99476d04c0742e0ca6c1c58eeae55fe086e71c

Analysis

max time kernel
2842675s
max time network
160s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
23/12/2023, 14:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2ec2f2fae56cf5f412c860a3bd99476d04c0742e0ca6c1c58eeae55fe086e71c.apk
Size

6.8MB
MD5

a57c9a6ea1bd5580a1fa70e342de50d1
SHA1

e67f60e91e7310f867eea94dfb0fc662da806674
SHA256

2ec2f2fae56cf5f412c860a3bd99476d04c0742e0ca6c1c58eeae55fe086e71c
SHA512

ba341651a039095d842429d05a2533843fcf1cb091ef9cd4e592b10458fe75a2bd0784ec799a73284e2d0eaa4a29ba6110690081543569700970089513e2e266
SSDEEP

98304:Gr761NF7mPgOA0bzmrxQuB7MmNnt1d/AYs/I09XfbCFXruTcECHD+/OxN566D6bw:GrsOtM2uxMGwJCFFZ+/jqguPF

Score

7^/10

Malware Config

Signatures

Checks known Qemu files. 3 IoCs

Checks for known Qemu files that exist on Android virtual device images.

ioc	Process
/system/lib/libc_malloc_debug_qemu.so	com.qihoo.daemon
/sys/qemu_trace	com.qihoo.daemon
/system/bin/qemu-props	com.qihoo.daemon

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.qihoo.daemon

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data) 2 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.qihoo.appstore
Framework API call	javax.crypto.Cipher.doFinal	com.qihoo.daemon

com.qihoo.appstore
1⤵
- Uses Crypto APIs (Might try to encrypt user data)
PID:4213
- /system/bin/ping -i 0.5 -s 56 -w 10 -c 10 221.130.199.88
  2⤵
  PID:4631
- /system/bin/ping -i 0.5 -s 56 -w 10 -c 10 221.130.199.88
  2⤵
  PID:4735
- /system/bin/ping -i 0.5 -s 56 -w 10 -c 10 221.130.199.88
  2⤵
  PID:4778
- /system/bin/ping -i 0.5 -s 56 -w 10 -c 10 221.130.199.88
  2⤵
  PID:4812

com.qihoo.daemon
1⤵
- Checks known Qemu files.
- Acquires the wake lock
- Uses Crypto APIs (Might try to encrypt user data)
PID:4243
- /system/bin/sh
  2⤵
  PID:4374
- cat /proc/version
  2⤵
  PID:4468

com.qihoo.appstore:critical
1⤵
PID:4395

app_process32 / com.qihoo.appstore.rootcommand.persistent.CoreDaemon --nice-name=com.qihoo.appstore_CoreDaemon --daemon
1⤵
PID:4432

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.qihoo.appstore/databases/_ire-journal

Filesize
512B

MD5
08ec5c122c13570303be99b360b99701

SHA1
860c48534224c720d63e27295ab6efaac4bd0697

SHA256
2f5d7dd87b01e9c19a7503d51379f0cfd007d9099e63ee33af52089850e446f5

SHA512
ba0856d71e4beda94eb2ea40bd65edf53c0a3afc05b24650a1cdac529a9c0878dfcd9baaa43d6f7495094f5649b8e896d31c32b5bbf68dc1e9061d69ba84ad09

Download Submit
/data/data/com.qihoo.appstore/databases/_ire-wal

Filesize
20KB

MD5
d5d4eb3d4b3d723c9b1132e075da6077

SHA1
e3e9f17d4b3b41cadbe046683e709d33b74c09e0

SHA256
82084e935b33a35d2770d16dd77fdefe0050c5dba941140fbf52cb870c154c3b

SHA512
ddb3ceb25c74144f031b21adbedf7d607dcdc762647781f0d60422f42636fd716b32b92fc5ff118689925408f8b647e04c67da9d0588a7eafa27a5f166fb77d5

Download Submit
/data/data/com.qihoo.appstore/databases/download5.db-journal

Filesize
512B

MD5
614471c73c79af06c42565c7dbf71086

SHA1
ef23d9e27b6b9d589d9f9e6b98b20c3035e1ec03

SHA256
8bf7b3fd1b53f7bd34c50c15073dad03e27604c96b4ee5951b3ff42144d945a1

SHA512
785bbf903528d0353a5e42d9bd9e9ec703186a5a888a7eac38112e95b33a287fa4d02742b1a8c82ca26ca1076e70bd4b2184031a0201842f3712d743c575d5db

Download Submit
/data/data/com.qihoo.appstore/databases/download5.db-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.qihoo.appstore/databases/download5.db-wal

Filesize
32KB

MD5
fa229d3f83e289386a1967e9120a4e6d

SHA1
8a4653375ee0797ea85eaff50bb2d6e10910661d

SHA256
c6dc8742d0a46944493a7d60888d9aeef83c342ddb20c2990073a56146cc42bd

SHA512
043e168ea6e017da842516f89d1ac803f998d48e4869787d4a98229af971c801694fa07735bbe4583ecd9273801a6389081ce24efed5f6a4767aadeb33cd17e3

Download Submit
/data/data/com.qihoo.appstore/databases/filelist.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.qihoo.appstore/databases/filelist.db-journal

Filesize
512B

MD5
2ca87488b90280e3a04a8f9b7c9f1c0c

SHA1
679069b837a10686826dcabdeae6e19fc7f56497

SHA256
d3e219c896f6317e90e93dff92f3bba748478868629a57b1573b56298345eb1b

SHA512
2b47143852325b2ca5887c4fb95954928ab5a256a8976485f8fbcbfd6720f6c1c89d8b502102d3418c94ac4fd97ab29dfcf38762751b7b28eb7263ec4514b957

Download Submit
/data/data/com.qihoo.appstore/databases/new_downloads.db

Filesize
12KB

MD5
3fe30614d7e0d11db870b4624f6c50e0

SHA1
053ff0fc621ab40f2afeddb3e7b4a73ee41ec533

SHA256
67c532f0324228dd33b445cd399c1426e3a0e0cdc7b9358c66b402c5d40a838d

SHA512
c7c09e97a408e88aacaf8099ad4d1fa604d58113393500a384eb3c2eb7c3c105af41314934b86eca2f088045cbab5a20d768bbb295448dc1ae6cb6c3f59821ae

Download Submit
/data/data/com.qihoo.appstore/databases/new_downloads.db-journal

Filesize
512B

MD5
2a1ee362de081e46f9dbb377ce926a09

SHA1
7361e9292ebaeb68b573a1944dd31e03b07e4504

SHA256
e489f97c55c1537b9877ac7d0ce05180041d16b584d2c1f94557ca8889b2f5d1

SHA512
3d25df01dc5d3e9de1df2785b725688dc8230793935a73f3911c180ab8c8b5b61f0cabd1ebae2380b74958d3a4c8624b5b6878407c5e125b797a6d55c7be34f8

Download Submit
/data/data/com.qihoo.appstore/databases/new_downloads.db-wal

Filesize
16KB

MD5
e3e9f7e6d20d06280a2102aa8cbfb0b3

SHA1
6aa22d34d094e9961441a7b84417a82c9259a2b2

SHA256
e6c07394c2418abefa903a59853e6c559bb6e55540b95a75b865995909427c9e

SHA512
67e5a10e0042920ac499d9805110bb6b5badeb6def3698dbf8633c54e6a04eb45de67ad55a2b77b9e54e51cb1b82c17f4e7670ccb50668429aeec4b3ec876563

Download Submit
/data/data/com.qihoo.appstore/files/360/sdk/persistence/backup/Y29tLnFpaG9vLmFwcHN0b3Jl

Filesize
32KB

MD5
9d57af2383764a22e4fc05634c06a7f9

SHA1
150a054b7a323bb172d59b99f492a44be250a23e

SHA256
805ef1a2b0fe0feb706c0755701fcfc3fffb2e391202f057662a339185f1ed1a

SHA512
e3374ac2ad54ca0d53afd55500c1d10be365b564ae9745068887ba35791c1c1c8a40b16ea10c7978eeeb299f8de7f089d8ee5185dc38f4abe0a3f35769124dc2

Download Submit
/data/data/com.qihoo.appstore/files/360/sdk/persistence/data/Y29tLnFpaG9vLmFwcHN0b3Jl

Filesize
4KB

MD5
36f65291d6fafc5792c74a0b8e3682c6

SHA1
5bafc792ac4eb3fea10e79ee482f6f453efc267a

SHA256
07631c8589b6e702d9174c57a09188a0dfd1d50c386d3ce950a5a4cfbe51d7ed

SHA512
bba9b15e25610b5fe7cdd1ccdf2baf3d632038f0986808d5a1c37a592f69bc817d651e81f4d39934eef4434b9a431c70048bbb551aacbd20e63caff55cf33547

Download Submit
/data/data/com.qihoo.appstore/files/360/sdk/persistence/data/Y29tLnFpaG9vLmFwcHN0b3Jl

Filesize
540B

MD5
865f2c393689a56dbdf7aa4418b278b9

SHA1
dad53d109437e13ede39446b20f7b2bb88c079d0

SHA256
b84b001debc54819b606f0391f4a83fd88d2156e37cafa64d881178d7aa65cd8

SHA512
79389ed5b78bc7b259dddf8ab025fe3788a42182c8e47614e4f73facc8ef7fe75e38d9f6e889b8921e9c5a7aa747ea47d70348d8f3f06a5294e6a49c7a68b2ed

Download Submit
/data/data/com.qihoo.appstore/files/360/sdk/persistence/data/Y29tLnFpaG9vLmFwcHN0b3Jl

Filesize
77KB

MD5
3c57acef2ee1ff92291a01865b744443

SHA1
b4803732d2eb376618cbc28bfb278444d6c53a82

SHA256
45619149f4afd25e2b3b807c95ee48ff0731201170991530718622e967e63238

SHA512
6ea7fc8eb43e88c951508f72c98f6352e8e5ea95048311b0ebaf681843fff2ef7475b175e39fe9763c0f0bef13babe1445c3b74a73f1afb107489512030f2706

Download Submit
/data/data/com.qihoo.appstore/files/360/sdk/persistence/data/Y29tLnFpaG9vLmFwcHN0b3Jl

Filesize
624B

MD5
6cb7328ad850ecf4eac116a79ee95558

SHA1
4682ed75edea083976d25c1520acb2fa04ca50a9

SHA256
fb41324ab9c3f898fe2c0f278a7bd9427a71f083008dce89c999899a8e7eb987

SHA512
594487c473376eae1ff2ee6a7caac8895f18a2a522af769a1c99fa7bd7347477212b5c477626a291e2b16d64378e000957e0e22fb717867f02f48b8f9a1c926c

Download Submit
/data/data/com.qihoo.appstore/files/360/sdk/persistence/data/Y29tLnFpaG9vLmFwcHN0b3Jl

Filesize
77KB

MD5
44393afdd2b6ae9a31ee1c58f56cddd1

SHA1
ec623fd710b6366aeffa586ba1158022b8de79db

SHA256
82c8b3686e2c596d5d21ad1c38bce230c19f9e312d19ce5e8f4baf2047ec7fa5

SHA512
497a25189666511a29796fa418256b719d5a73d749c6c8b8c3e6b8a62edc18e0c291fef91fc8370763bb12aedfa4452816b6fa1fe4c0932a8abe5e62b66713c2

Download Submit
/data/data/com.qihoo.appstore/files/sllak/opt/4213/finalcore.jar

Filesize
47KB

MD5
8ebd64b34bef4a05d0ac39bd0a84780e

SHA1
9f311d29d7d7bbe77320dea32d701adbaa650b5b

SHA256
5f9db39c4c1d52b1168209e76d4eb56020d7f0e2a84a45296755cd984dc24698

SHA512
9c7da6596ac4f8418e655e8a765c3dd24067af276b09c631a653004e6d965d53dc44542960161afd0f8cf704d13a6b572e6d18b2c1e407f8e80348963fcb9bd5

Download Submit