8984a8c1909405a0bee9cbd88c8312c793f37d03b8c7bdb858d8907d6856a202

Analysis

max time kernel
2755999s
max time network
158s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
23/12/2023, 20:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8984a8c1909405a0bee9cbd88c8312c793f37d03b8c7bdb858d8907d6856a202.apk
Size

6.8MB
MD5

5dc57f93391b16b5d3a47ce9411b8c61
SHA1

ddac65bf5fc2fb3dfc0b5b31b77bdc7457686f8c
SHA256

8984a8c1909405a0bee9cbd88c8312c793f37d03b8c7bdb858d8907d6856a202
SHA512

c67cbd4fe634bc1cb950976d9145487b6fbc6dbe46ce5ea1c078fbbb1ae3c864d42dacdc5fe28d275908c769098dd9ad8a4731bacbf2c21d4b55249527a6d5d9
SSDEEP

98304:Gr761NF7mPgOA0bzmrxQuB7MmNnt1d/AYs/I09XfbCFXruTcECHD+/OxN566D6bv:GrsOtM2uxMGwJCFFZ+/jqguP6

Score

7^/10

Malware Config

Signatures

Checks known Qemu files. 3 IoCs

Checks for known Qemu files that exist on Android virtual device images.

ioc	Process
/system/lib/libc_malloc_debug_qemu.so	com.qihoo.daemon
/sys/qemu_trace	com.qihoo.daemon
/system/bin/qemu-props	com.qihoo.daemon

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.qihoo.daemon

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data) 2 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.qihoo.appstore
Framework API call	javax.crypto.Cipher.doFinal	com.qihoo.daemon

com.qihoo.appstore
1⤵
- Uses Crypto APIs (Might try to encrypt user data)
PID:4264
- /system/bin/ping -i 0.5 -s 56 -w 10 -c 10 221.130.199.88
  2⤵
  PID:4676
- /system/bin/ping -i 0.5 -s 56 -w 10 -c 10 221.130.199.88
  2⤵
  PID:4787
- /system/bin/ping -i 0.5 -s 56 -w 10 -c 10 221.130.199.88
  2⤵
  PID:4825
- /system/bin/ping -i 0.5 -s 56 -w 10 -c 10 221.130.199.88
  2⤵
  PID:4859

com.qihoo.daemon
1⤵
- Checks known Qemu files.
- Acquires the wake lock
- Uses Crypto APIs (Might try to encrypt user data)
PID:4295
- /system/bin/sh
  2⤵
  PID:4421
- /system/bin/sh /system/bin/pm list packages
  2⤵
  PID:4476
- - cmd package list packages
    3⤵
    PID:4511
- cat /proc/version
  2⤵
  PID:4557
- ps
  2⤵
  PID:4599

com.qihoo.appstore:critical
1⤵
PID:4439

app_process32 / com.qihoo.appstore.rootcommand.persistent.CoreDaemon --nice-name=com.qihoo.appstore_CoreDaemon --daemon
1⤵
PID:4494

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.qihoo.appstore/databases/_ire-journal

Filesize
512B

MD5
2a7606562f344332adeae7be3a4e9e0d

SHA1
6772ff2b558b630f04b82614f423a7fa0671f042

SHA256
fdd983c59797593411244c2e6b2c7b2585bbafb88dd1005dbc14d87d528b2b91

SHA512
217992e6a6ddf65c76c40c68c30ac52ba096a9900e755ae693c77ec7c544c060d4a078226c5b80fa18f92496773af5fd29ebba6a5e019d4fa714b04146b6af5f

Download Submit
/data/data/com.qihoo.appstore/databases/_ire-wal

Filesize
20KB

MD5
e3b2ab7531a6344154b898b7ad0f56d3

SHA1
5df8cb14f396c3bfc43aba7e7a7fb8a76cecde67

SHA256
f396680618941d6937303e6bc5ae4af54a3ebcd76b1019060fb3b0af6cc1e160

SHA512
fb3784f20412f292633de6b13d9194e6f0bb069f6af6f42fba0d35d5169c31b4dd1132df49473b421d973888c7c20f1720d62eb361a4765a23e3087af51a3c66

Download Submit
/data/data/com.qihoo.appstore/databases/download5.db-journal

Filesize
512B

MD5
3c725d10eb25ee9aa0cd62e641383666

SHA1
2db1b90a8fa6036f05ca407919f7a4b2f1cec2f3

SHA256
47bb83e0a268e9320bd66977d46b87cf126effe855c4e516213f67066b467005

SHA512
bea6226875f2f7923364748d9d364e5adff9a6ffab8ef7c32e2c28f243f97bb46fe1101637b8942bd4ac5a6763c5c3ca7ea5e7f07824c532b3ceefe89c30f4c4

Download Submit
/data/data/com.qihoo.appstore/databases/download5.db-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.qihoo.appstore/databases/download5.db-wal

Filesize
32KB

MD5
1876f0ffc9cd72f7ea09fe898ab00ad0

SHA1
9b2d78f802f78643e63bc0c7f8884038b3cbc326

SHA256
8c52e1a812f67499a52ea818354bb407b8d6302d234b09228c0d6a146077a006

SHA512
aa75063bc199f2660196a0ffb8e1113b67faf11fe0ee88523d32cde2c13bc4ccd45f630bfef83cab029927bf9fc27a17b9fddd7e391ebed6efcae3bb9befa262

Download Submit
/data/data/com.qihoo.appstore/databases/filelist.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.qihoo.appstore/databases/filelist.db-journal

Filesize
512B

MD5
04e9722a281ed28f202f5260b9e151c0

SHA1
5ad5e6d1d91f24c15b2fd143fd4b856a4ae97750

SHA256
c94973ad0033106ff27ccf07a539e4f649e27dd3cd8b6150e63bb9241575fd22

SHA512
b767f7ef2b2c18a486b9ee03448ed972fad6e56327f5cca8c7fb225f9a2bb9a993372a75d6e8d1752c7d974e429b35f3dc2ed91d64b5a6f0082d6dee8c8a5deb

Download Submit
/data/data/com.qihoo.appstore/databases/new_downloads.db

Filesize
12KB

MD5
3fe30614d7e0d11db870b4624f6c50e0

SHA1
053ff0fc621ab40f2afeddb3e7b4a73ee41ec533

SHA256
67c532f0324228dd33b445cd399c1426e3a0e0cdc7b9358c66b402c5d40a838d

SHA512
c7c09e97a408e88aacaf8099ad4d1fa604d58113393500a384eb3c2eb7c3c105af41314934b86eca2f088045cbab5a20d768bbb295448dc1ae6cb6c3f59821ae

Download Submit
/data/data/com.qihoo.appstore/databases/new_downloads.db-journal

Filesize
512B

MD5
efb0127caf33eba8a4fa123a57936577

SHA1
9b50224871bcd1c1dce75e51fb347412084ed350

SHA256
9b3a79c5aab54bc68d9bd356c6f2f6849c3d4360ee55fe16bf9af944dac5df47

SHA512
f28180756706b754d87934f1a24556b0ca3895c1d800361a80929ac319af5beee9b093550e9fdd0957c331eaf62abec8487858bca8c1bc6f5015e15961dba131

Download Submit
/data/data/com.qihoo.appstore/databases/new_downloads.db-wal

Filesize
16KB

MD5
7ea039eaf2f7ea198a870836345dc00b

SHA1
2e37e6e50bb37bbd7ba842c746d778e9f0f50f6c

SHA256
de9a14772b3346213abea000402e4318ec86ca714ea1e5a40b94ff968da967b8

SHA512
f156e5e6821b55252328dfd29ad9b023d6e77d30e6c50e7fa12af1f36d3617ed1ab03afee57e22c7781c6fafe7926812d9023d50035cb72561280da2095ad388

Download Submit
/data/data/com.qihoo.appstore/files/360/sdk/persistence/data/Y29tLnFpaG9vLmFwcHN0b3Jl

Filesize
496B

MD5
531b31ab7c2811f078f99671c58b0d44

SHA1
e2a5bff5b331fabeb55a6ec7b3d76e22d3548106

SHA256
78a2e8e2044521b380f85d9745b41f356ac5b54ce570eaa0cb7e62b6f5cbf7d7

SHA512
243098712c2089f50b48e40ef1f7cec2b41b1411bd3d075c6e9c8fd91266caa221522f2d52e295ba8369de5600521da0738af743f59ea3990db4ca3869018be1

Download Submit
/data/data/com.qihoo.appstore/files/360/sdk/persistence/data/Y29tLnFpaG9vLmFwcHN0b3Jl

Filesize
77KB

MD5
07f5a90fc7a8045bd144afb7f0c0f329

SHA1
7cb6999ca639d00fe86995f7e0262eeaba7550d3

SHA256
dac4ee258c03267aa6d19a6bc758e9762bc963551045f9d464a1bb1f6d40c12a

SHA512
0a37f1bf192799d68cac1b3682ed54c299469071465d8b81af5f9766ef52ce7d64e50ea149748490b1e25f9fea6c75d39fa85464d5c285105404f25c880d309a

Download Submit
/data/data/com.qihoo.appstore/files/360/sdk/persistence/data/Y29tLnFpaG9vLmFwcHN0b3Jl

Filesize
4KB

MD5
da88dd9e33756c5fbdd033ad3b0c829a

SHA1
c7d5f762881baee52476a629637ad293112c25c1

SHA256
90f68928618c6fc85343466557ea5214026be58afadba2a0465514a161d4d2d0

SHA512
44737cdf023a10f43a3a7243e43b51d21811b4a398f941fb019dd8d1894843ee3e0b097c89d45e2feb5d924085f6c80df68e3f50dd238ae10180b7cce472fc3f

Download Submit
/data/data/com.qihoo.appstore/files/360/sdk/persistence/data/Y29tLnFpaG9vLmFwcHN0b3Jl

Filesize
624B

MD5
8c211f02eb9a2c30727784e5722d8f96

SHA1
9d6436f45e461a8b5e8a1b39424f0abeac413edc

SHA256
e4aa858673996c06f7f6f434cdee47fc1fe9834ed69d0b46d94ca001e8eebef5

SHA512
eb3e706cf46b190dda31c278b23bb34c8278a4a18a2ae340943ec2a00ae704b7e33140ee46bbe9f72c205d7f91a75d6149610c7ffd2cd05d52d6adacc77edd31

Download Submit
/data/data/com.qihoo.appstore/files/360/sdk/persistence/report/Y29tLnFpaG9vLmFwcHN0b3Jl

Filesize
77KB

MD5
4689504b55ede96c3100bbfc81300c82

SHA1
9cee1ccb07d9cdcc249d4ac7f62a8e856d7b7d5f

SHA256
9b11041081e9a4b0f74787f0114011a6ae85d57c12d27ebe13f1b775563ee0ed

SHA512
385e0e5f2aa0d18c7ba0fabbcfcc7bc2d0bf754d31a3abdac72681681dd63b026a21494bbd469fa61a077109bbb040448ad61c7597c1f6cca662af5652edce07

Download Submit
/data/data/com.qihoo.appstore/files/sllak/opt/4264/finalcore.jar

Filesize
77KB

MD5
c14c8a2f5d3a7c47eb2ca8c1b6e69adb

SHA1
4e57b3c0f34427aba8a5be40c2e9b627172a89c8

SHA256
7d7ada76ea057847b5c47ed0f16a6d0e52cdbebbbdb08c1a9519acf70a1a4107

SHA512
2be420b849c0fa84d3c594ab6bc85255eb54915e05aac5fd3d711e8dc93f484c5a2add2c662a858d4c2ce316a716c9e930122e9cb1047be7482c495242d766e4

Download Submit
/data/data/com.qihoo.appstore/files/sllak/opt/4264/finalcore.jar.tmp

Filesize
66KB

MD5
079682adc165cc912bce519d7f228e6e

SHA1
1069e3ab10b56f953172c1617e66c57696a939db

SHA256
19615508ebe4ad2ddd5b4bc2b75b53859a4f4f4ef7788df6ad205af533744d99

SHA512
7a98d0e8f309aab28870b2500b11a68fb1de2c7236a3d9e301761a7d3c23ddf71e1f9bf02537da436e0a5adfd4d12024e61515f22cbd341bc85f56144e27e1a1

Download Submit