53156099b23c867bdb953cd9fcf6587e4e681c6e2070f034e5cf8a3c2a8641c6

Analysis

max time kernel
2594562s
max time network
159s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
23-12-2023 17:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

53156099b23c867bdb953cd9fcf6587e4e681c6e2070f034e5cf8a3c2a8641c6.apk
Size

6.8MB
MD5

1aa8cd6e1d7d8b600823301011c62395
SHA1

9a22a1d32a3ec62e4bddaeed989383284f9121a5
SHA256

53156099b23c867bdb953cd9fcf6587e4e681c6e2070f034e5cf8a3c2a8641c6
SHA512

ff7294b2a82d872017046b3d6747b3c1635425bb4f02af5b2a1a80beec9020b15b0ee781b6f5610dbf59a480abfaa6b6b0c910c45e91b8ad85d613c598a64945
SSDEEP

98304:Gr761NF7mPgOA0bzmrxQuB7MmNnt1d/AYs/I09XfbCFXruTcECHD+/OxN566D6b9:GrsOtM2uxMGwJCFFZ+/jqguPU

Score

7^/10

Malware Config

Signatures

Checks known Qemu files. 3 IoCs

Checks for known Qemu files that exist on Android virtual device images.

ioc	Process
/system/lib/libc_malloc_debug_qemu.so	com.qihoo.daemon
/sys/qemu_trace	com.qihoo.daemon
/system/bin/qemu-props	com.qihoo.daemon

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.qihoo.daemon

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data) 2 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.qihoo.appstore
Framework API call	javax.crypto.Cipher.doFinal	com.qihoo.daemon

com.qihoo.appstore
1⤵
- Uses Crypto APIs (Might try to encrypt user data)
PID:4244
- /system/bin/ping -i 0.5 -s 56 -w 10 -c 10 221.130.199.88
  2⤵
  PID:4340
- /system/bin/ping -i 0.5 -s 56 -w 10 -c 10 221.130.199.88
  2⤵
  PID:4721
- /system/bin/ping -i 0.5 -s 56 -w 10 -c 10 221.130.199.88
  2⤵
  PID:4780
- /system/bin/ping -i 0.5 -s 56 -w 10 -c 10 221.130.199.88
  2⤵
  PID:4810
- /system/bin/ping -i 0.5 -s 56 -w 10 -c 10 221.130.199.88
  2⤵
  PID:4858

com.qihoo.daemon
1⤵
- Checks known Qemu files.
- Acquires the wake lock
- Uses Crypto APIs (Might try to encrypt user data)
PID:4275
- /system/bin/sh
  2⤵
  PID:4405
- cat /proc/version
  2⤵
  PID:4499

com.qihoo.appstore:critical
1⤵
PID:4426

app_process32 / com.qihoo.appstore.rootcommand.persistent.CoreDaemon --nice-name=com.qihoo.appstore_CoreDaemon --daemon
1⤵
PID:4476

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.qihoo.appstore/databases/_ire

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.qihoo.appstore/databases/_ire-journal

Filesize
512B

MD5
54db60a17b57fa2013b0ef6757c8cdd7

SHA1
33e4f3032e4e2e7f382bab2c93be82bffe67006b

SHA256
e24a7774c99a842ff4869aa9271290f05c6650d1e8bc7f0f254d901f41f1408d

SHA512
fa14791f15b4fd9ca2738cc88ab3c956294761eb2aac2b1b11b43d70c626bcc67393a418b2308558f9c54f3e3d8ab83e39802f1d64031dd91ea6a7fc3e33eec8

Download Submit
/data/data/com.qihoo.appstore/databases/_ire-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.qihoo.appstore/databases/_ire-wal

Filesize
20KB

MD5
bf3574a6621f0173936a228d63aea984

SHA1
e1e7e67508c015f9153970b069b9800612d7c157

SHA256
e728d2325f9a7b3c29b33b77a061337461118858c770faba82c5047f8ddb0275

SHA512
080b8b3952fa74ba3bc9eef1f05ee953a9ad7ae686d281360c32355ee095d1ff8f6187fc0d7a581ab002f009870357af5f6ce370b2fad42621929dbcfe60db3e

Download Submit
/data/data/com.qihoo.appstore/databases/filelist.db-journal

Filesize
512B

MD5
62ef7c85dfcf7611255ec2c499dc0075

SHA1
6465b41e6f3881c924f97067d28751fcbe6d6887

SHA256
430bdf0c95934979345698c32433e36c4af76c8a82c4eaa8363617ad0077a6d8

SHA512
05df9547ad485079e3c2e7874276c40c6ca423eea8b16f9a2a5e4713125991408810c91edc84f7801b6f7056294d36bcf2bb55b431a42e233a946fe896ef8079

Download Submit
/data/data/com.qihoo.appstore/files/360/sdk/persistence/data/Y29tLnFpaG9vLmFwcHN0b3Jl

Filesize
4KB

MD5
6ca7a3df078727b4c6808dd27b838da0

SHA1
b9735a8057d7e4651cd7422bc1ed6573710d1ba8

SHA256
33962a23d6ef1670dba0f4111e8d938b6d4f0b0d0330d73e4744d2bd8c162527

SHA512
4a876e8557289671c1026b11ea5582e49a821666e81e0996ce3e3a217ea83c138daf7e34713de37f41bc53b15d8f03bf39b6af76ceb6369143d1e0d528c74e1e

Download Submit
/data/data/com.qihoo.appstore/files/360/sdk/persistence/data/Y29tLnFpaG9vLmFwcHN0b3Jl

Filesize
540B

MD5
262a3a625b755e4a12f0b1e212ace760

SHA1
026b2b949853c1236e226300ca6f9a9fe89fe8de

SHA256
8d6d4265d127b19c275e56a1651e7dfba760aaf946e39d1f8ac4b05fcea04a55

SHA512
b682d3bb8bef57daae5abbbc268e82e9aa0d3a89e583cc48bc3aff01b4fa3dcbec1b8927f977f0bdc32459f7a44b44a6693c0ef452906a25f7bef1579ae018e4

Download Submit
/data/data/com.qihoo.appstore/files/360/sdk/persistence/data/Y29tLnFpaG9vLmFwcHN0b3Jl

Filesize
632B

MD5
c3956e208487744d0ec81c4f06b9081d

SHA1
786254ae50281f3f13f8993caabf738f6cc9deec

SHA256
9863af0573038f8b5f595885645aeba2247e786df4d19bc195dcc09b4a3c1197

SHA512
d27a77f465889879543f11f8e3b44cbd401a295eade4c72fa284f443c808eeaf72949f605e39bd751a1a6e1f0d6114d30f8f7b16f1e09764b8c3c132a35590a7

Download Submit
/data/data/com.qihoo.appstore/files/360/sdk/persistence/data/Y29tLnFpaG9vLmFwcHN0b3Jl

Filesize
77KB

MD5
b25133e946830a96405f6ab10b243626

SHA1
1115b4b16407c97bad338424b124536a3e2ec4de

SHA256
66117d982560cd49c6a5ec390f1782cf7086db5997ffb1753ec4f280b1e8b41e

SHA512
ba99f115a61aa46b247f97fa95486201529602f133abd9bbb593c83ec007dded521b6ff1659d9b92ddde054ec292bd1cdba6e5cc79b42c365823ce3a71e2a155

Download Submit
/data/data/com.qihoo.appstore/files/360/sdk/persistence/data/Y29tLnFpaG9vLmFwcHN0b3Jl

Filesize
32KB

MD5
7a7c62ead06d4c8f9ca27a24c94fc164

SHA1
892bde9d7d308658b6065fe84ff0cc4e82776b10

SHA256
a7433144d9a4a6c497f261b0b75fcd5a8a02b3b3a1b98b470127546ae973f81b

SHA512
df5938c94db4eb2766666bebbb0568908300a59c961a5dc165349b75c1762990f7102d19b810c12a5458121da4d3abe2d91ed549017f1e3887a751cbf7d4920a

Download Submit
/data/data/com.qihoo.appstore/files/360/sdk/persistence/report/Y29tLnFpaG9vLmFwcHN0b3Jl

Filesize
624B

MD5
fa6f6b4ee9c790d90d40d4d044da9210

SHA1
c0710b8eb0387a65a97c99ff60992eefd66d2aba

SHA256
c5e2e3d98ff24c96fbf2b3abbc7aff1399f480ec98bacb615b68f3b735fd4d5d

SHA512
a2a3e9d003ac684e408a9423685345a95f2f2df6ec8387c636a7ede13016a07375158e0759c9080db4919cab86ddd97ebc653a364e1c10a5de3954ba6f41c588

Download Submit
/data/data/com.qihoo.appstore/files/sllak/opt/4244/finalcore.jar

Filesize
43KB

MD5
1dec1d63561c9cce99b7194ccb9fda8f

SHA1
205bd2176227fe640f8450f89b6333a3ec6087cc

SHA256
44e1b47c922ce00532bc74cf1c1f1a5b652576ee64fd4a01247a30c442cdcddd

SHA512
a2811779ae122c67dfa8d5425cf9dc8800287071f349a417c8ce73be4fdc630fbf8126ffe6801d52f3c96989fa92baf8e32ebefc8010fb147449525b2a0e1ee2

Download Submit