3e68a5748ac169094a51a4be302ca710490a7bf4c11eecdda815da1743a10ab5

Analysis

max time kernel
2665454s
max time network
153s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
23-12-2023 15:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3e68a5748ac169094a51a4be302ca710490a7bf4c11eecdda815da1743a10ab5.apk
Size

6.8MB
MD5

543d640917e95fd55fd633aef4dab2b9
SHA1

78c1b7e49f1e91b4d42d0f9ac14cde0ad0218db7
SHA256

3e68a5748ac169094a51a4be302ca710490a7bf4c11eecdda815da1743a10ab5
SHA512

1f86ba1edee0025e4a800613311ad3b8bcf04cba4315eb10059e2a9bafe4527bb5ba16690cf331cab8b73a1f80c8ff99f593e557d9df48fd60db33ebaedaaa46
SSDEEP

98304:Gr761NF7mPgOA0bzmrxQuB7MmNnt1d/AYs/I09XfbCFXruTcECHD+/OxN566D6bJ:GrsOtM2uxMGwJCFFZ+/jqguPw

Score

7^/10

Malware Config

Signatures

Checks known Qemu files. 3 IoCs

Checks for known Qemu files that exist on Android virtual device images.

ioc	Process
/system/lib/libc_malloc_debug_qemu.so	com.qihoo.daemon
/sys/qemu_trace	com.qihoo.daemon
/system/bin/qemu-props	com.qihoo.daemon

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.qihoo.daemon

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data) 2 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.qihoo.appstore
Framework API call	javax.crypto.Cipher.doFinal	com.qihoo.daemon

com.qihoo.appstore
1⤵
- Uses Crypto APIs (Might try to encrypt user data)
PID:4502

com.qihoo.daemon
1⤵
- Checks known Qemu files.
- Acquires the wake lock
- Uses Crypto APIs (Might try to encrypt user data)
PID:4532
- /system/bin/sh
  2⤵
  PID:4646
- /system/bin/sh /system/bin/pm list packages
  2⤵
  PID:4714
- - cmd package list packages
    3⤵
    PID:4740
- cat /proc/version
  2⤵
  PID:4803

com.qihoo.appstore:critical
1⤵
PID:4666

app_process32 / com.qihoo.appstore.rootcommand.persistent.CoreDaemon --nice-name=com.qihoo.appstore_CoreDaemon --daemon
1⤵
PID:4699

com.qihoo.appstore
1⤵
PID:4775

com.qihoo.appstore
1⤵
PID:4993

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.qihoo.appstore/databases/filelist.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.qihoo.appstore/databases/filelist.db-journal

Filesize
512B

MD5
962034cc125ee429a9381cb80ae0812f

SHA1
baf3542acc35054f4709887a60fa2d961da7d6ba

SHA256
165d44a6327274f735a84370fe4b1cd4a04639c98427e87ea8ef10bf801e52d9

SHA512
32660d02a9fb42e324d695e9b835a9a53580587211358dd98c841b881db937eaf82526b87f9e4fdc960c5d1b633f620c8265ec04e02f41c08ec876338c4dd1df

Download Submit
/data/data/com.qihoo.appstore/databases/filelist.db-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.qihoo.appstore/databases/filelist.db-wal

Filesize
16KB

MD5
82c3d142c30971e9632b9e54bdbed4fe

SHA1
1a4eb4d7037f2c7ebcbc6315301637fbe4d578c3

SHA256
64f9949a61ca39243d619cf418101c3a10359790b4fe7ba5d5291ca2462f702b

SHA512
623b23d77425183a78e38044a3d3f27d58e7e56fa5579535aeeb35a757eef4e88a83d8a9026f028c358c4a3f405b1ba71c423b0402c84607816fa240ee866979

Download Submit
/data/data/com.qihoo.appstore/files/360/sdk/persistence/Y29tLnFpaG9vLmFwcHN0b3Jl

Filesize
1B

MD5
c81e728d9d4c2f636f067f89cc14862c

SHA1
da4b9237bacccdf19c0760cab7aec4a8359010b0

SHA256
d4735e3a265e16eee03f59718b9b5d03019c07d8b6c51f90da3a666eec13ab35

SHA512
40b244112641dd78dd4f93b6c9190dd46e0099194d5a44257b7efad6ef9ff4683da1eda0244448cb343aa688f5d3efd7314dafe580ac0bcbf115aeca9e8dc114

Download Submit
/data/data/com.qihoo.appstore/files/360/sdk/persistence/backup/Y29tLnFpaG9vLmFwcHN0b3Jl

Filesize
624B

MD5
ea329e89acd1ae922840f747a9d45137

SHA1
87c1e677839a14db4336131d87d4cba47471d1c1

SHA256
9f6f6a117cfda54dd812cfbf2a958cbc1247ce499448403118b3024dd9c4ea21

SHA512
5ea3c6be339f2cc1ffb73e73bf522d821b9e7bc9620764daf5560d13a57c91d89c878a5a0d9902aa40f4d1217bc3c83d4244acc7e55346422b7166334d2c921d

Download Submit
/data/data/com.qihoo.appstore/files/360/sdk/persistence/data/Y29tLnFpaG9vLmFwcHN0b3Jl

Filesize
4KB

MD5
3f61dfb2044bc1fe8cd3ea5e0ae1a642

SHA1
9a7d4ee92110a067400f72393cdbcdd2346af072

SHA256
7a5dfb236151d7e84777938aec5aa2d490e1a8d708de2ceb1ab50281d5570951

SHA512
a334be4ad239044c574046ecd908b3147d3a54ae345d8420b7005e0b0ededba8e892f25a96b5af5c1ce1649f9d74792fe7a23c766deb6875b13ddda02693719f

Download Submit
/data/data/com.qihoo.appstore/files/360/sdk/persistence/data/Y29tLnFpaG9vLmFwcHN0b3Jl

Filesize
540B

MD5
4a7fa0993f76927c606f258b86257d75

SHA1
b2f74bbfd946a0e6615a2ab7e2e0dc351f35507a

SHA256
0ea1dfdb88774ef2e90c2846ba24ca53776f4c8f4436332f04df0cb1310d2b8f

SHA512
78f48ba51ba6190232dfc0a51d0cebb906b26e402727cb936a9d604cbb7dd4481f298d8e521ceaee89ffd1135eae738d31bda9d23447ae4562e46841683a7682

Download Submit
/data/data/com.qihoo.appstore/files/360/sdk/persistence/data/Y29tLnFpaG9vLmFwcHN0b3Jl

Filesize
632B

MD5
dd0356ce3641cb643d38ab68ac04fa72

SHA1
b80ce448a0ba010a440d0933c916ec4dba171f4c

SHA256
fdf23b6927edc19f382244b3092ed0a9e4eb3ac38323a44fedc5ea3c3948270f

SHA512
6454966323f6df81f5bd5922e355d587743f6990b9c44a0da5aa933cc9f6fde407bdcd41dff3fc690b2f42f87d103c271cb3be46bdd133b7daabb62718a1b4b3

Download Submit
/data/data/com.qihoo.appstore/files/360/sdk/persistence/data/Y29tLnFpaG9vLmFwcHN0b3Jl

Filesize
77KB

MD5
3785d816746f8724bb44347d10cb419d

SHA1
2a0bdbb038506afcc0ec3c7e3a1b9841a80f9219

SHA256
e18ddcb2d460663ccbb3ee14112198f0bf06322759506d977537b37a310dd582

SHA512
b5f1020c5d10c6b33d1ef7dc1e0e3df273e3696ee65874d52479c54ab0748f06990ef8cbbcf818b1a474c06551f1ef68ffc582bfefd407edfd975f815089c779

Download Submit
/data/data/com.qihoo.appstore/files/360/sdk/persistence/report/Y29tLnFpaG9vLmFwcHN0b3Jl

Filesize
28KB

MD5
58bc5af264e01c70b55b1a42b0083122

SHA1
f546f8ac631d28719b3954afc2ab054623a01979

SHA256
df7f18d42c8db79064221b2d86db0841b8d9ec9bdbcf96c1839c19336444a7d0

SHA512
3eec07bd7f4df449cc936943b7479af06d740608e24540fc6dd4faa5dacf9bf22eaf655e41535f793ec3d15df26bac797f541946117f86e5d94405552fdd6658

Download Submit
/data/data/com.qihoo.appstore/files/sllak/opt/4502/finalcore.jar

Filesize
70KB

MD5
6b2fdea49ff00fd9b5c803ec104e2e99

SHA1
0b37d80224c671f773776183006b860dbb8ea21c

SHA256
6ba18f2adc90d13c28128d67bd1f92b028dcc7435f8a4442effb8da3df3f2205

SHA512
4008372c09eb4acf7d4a8561ee57416c78a655effda42ee4138eef476e817158883097242b69051397f7d2ab1dcf09fd6652930f95d0f97e2e4286e5af83ce08

Download Submit
/data/data/com.qihoo.appstore/files/sllak/opt/4502/finalcore.jar.tmp

Filesize
11KB

MD5
3f655998275012b0af7d5eab100b0efb

SHA1
4761198f2686155dba8f66c6122f03bf04db1625

SHA256
36a33af3cfe9342ad9b964ae3f561d271b7ef8dc569296fef05e6aef5de99047

SHA512
185369d92361382e88082df8b821b0d86ea26da0ebf23d4c37109b4f6d9046dcce6af8682d6f5eb44519e7728f6643e99c56c9809dcc56f27b9c305c9806424d

Download Submit