89f1435a5bb09c694ff4279cfe326b78559b7624c0814f02f75c049e73f99c77

Analysis

max time kernel
2757390s
max time network
159s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
23/12/2023, 20:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

89f1435a5bb09c694ff4279cfe326b78559b7624c0814f02f75c049e73f99c77.apk
Size

6.8MB
MD5

7dec116656c6088013dd8c1751887585
SHA1

87626c9a2fa1ccc4e7aa810514572ba05d3f0d13
SHA256

89f1435a5bb09c694ff4279cfe326b78559b7624c0814f02f75c049e73f99c77
SHA512

9b4fe4f739a18272e55a9fbf4a2bd0642f738621fa27ced0797f0722bfdd84550ebddb2575a9e91b29c6689ca4fe036ea60dc8a34c8678c19a95a6df8e060a78
SSDEEP

98304:Gr761NF7mPgOA0bzmrxQuB7MmNnt1d/AYs/I09XfbCFXruTcECHD+/OxN566D6b8:GrsOtM2uxMGwJCFFZ+/jqguPF

Score

7^/10

Malware Config

Signatures

Checks known Qemu files. 3 IoCs

Checks for known Qemu files that exist on Android virtual device images.

ioc	Process
/system/lib/libc_malloc_debug_qemu.so	com.qihoo.daemon
/sys/qemu_trace	com.qihoo.daemon
/system/bin/qemu-props	com.qihoo.daemon

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.qihoo.daemon

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data) 2 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.qihoo.appstore
Framework API call	javax.crypto.Cipher.doFinal	com.qihoo.daemon

com.qihoo.appstore
1⤵
- Uses Crypto APIs (Might try to encrypt user data)
PID:4269
- /system/bin/sh /system/bin/pm list packages
  2⤵
  PID:4331
- - cmd package list packages
    3⤵
    PID:4358

com.qihoo.daemon
1⤵
- Checks known Qemu files.
- Acquires the wake lock
- Uses Crypto APIs (Might try to encrypt user data)
PID:4299
- /system/bin/sh
  2⤵
  PID:4447
- cat /proc/version
  2⤵
  PID:4544

com.qihoo.appstore:critical
1⤵
PID:4468

app_process32 / com.qihoo.appstore.rootcommand.persistent.CoreDaemon --nice-name=com.qihoo.appstore_CoreDaemon --daemon
1⤵
PID:4519

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.qihoo.appstore/databases/_ire-journal

Filesize
512B

MD5
ddbf4dde70a575c5d2dbf7185acf7380

SHA1
51394e15e2bc3c335c90b84411a40473c8431158

SHA256
81025eb4f0dc1fefdfc0ae84d8b2c00e669dcaea90c554d56baa4a457aca706e

SHA512
267a5eef6871e5c7d5e11839f22d1fb0adb22d2dfc0b5d3f10945e566011594cc4fc5220d2439ed9cae8341dd2587d9773c0124b63c497ff8404e3c169ce8306

Download Submit
/data/data/com.qihoo.appstore/databases/_ire-wal

Filesize
20KB

MD5
a29e468d5df29e7424a513770ff06280

SHA1
67f48abc70a48bdfd82175b832f5644c57e2348d

SHA256
c89d723d8d6d15f45ca688e6f929707734b9928d109587ebf0127d4cb3d3afb3

SHA512
4f5df0e27f7767825107f9545700526c2eee436d57c9d6b55e60156eddf88aba116abbc2fe7abc6bfb56236c2b8cf5d2c132e1edbff4ce35dd1a7e9ac1933e59

Download Submit
/data/data/com.qihoo.appstore/databases/download5.db-journal

Filesize
512B

MD5
a6323c343a5a289fba1d965da6df5be2

SHA1
57d9ff8fc56496d7463457732b98261e3e8375d8

SHA256
2e4be54d391bbce9847e7296c492f9436feaab96679f6a6691f0882fb4437975

SHA512
c1f6460673630d25f4ac2ba768914d0fefe75af26764d743012a0133195a90dc9b7190f0e5086ceb9df09fc9953efca7def616da6f6c53f6f1070676ed424c2c

Download Submit
/data/data/com.qihoo.appstore/databases/download5.db-wal

Filesize
16KB

MD5
b2296ea7a322bf4cde7139609c90187d

SHA1
4576a12407d0c8463c553ae47df04e41f27943a7

SHA256
da80de72c989fde62b716605bbf7de3e998363a67493d7a0f966be49446fc95f

SHA512
0e8224583b59cbdc5ecc91dfc2aae73e9f73a0d4ceec2c854ad514ee017c1a95bc366d1651c0342327ccaf3e5d788c77945b6b3ab553dfe5de69199b0231364a

Download Submit
/data/data/com.qihoo.appstore/databases/filelist.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.qihoo.appstore/databases/filelist.db-journal

Filesize
512B

MD5
89e6abde29c0019f8e91bb61b032bb17

SHA1
47cbfdf2ccc2d4faaae6df3a3b659788f3dfdeac

SHA256
442c4410323d2e0faeb802396f3fb114df376a20a051b73becefc9c91d227974

SHA512
bb5650ad91a84edaa0e5079d018498c78599d15846127650592785a87e8cee1943fab815daa971f2a0dbd1909557898a5d933c70860b097157345359c0c14d18

Download Submit
/data/data/com.qihoo.appstore/databases/filelist.db-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.qihoo.appstore/databases/filelist.db-wal

Filesize
16KB

MD5
b24407bf95d4b52fb2edfcc5c86f41e1

SHA1
bf72c5d6861ceeb693754e84a12bc34ee4ea3503

SHA256
ec8b2e1993e2b60409d3e114c4076409312c46288deb08ca3a0efa77717abd17

SHA512
28ebcbbf2a5282f146050c48668229a73031e7aea50a834a5e1fc3036dd346cb12e75632c92fee3a142e1750b6baf34ef8ce72d64c65167c327fb493bb46f476

Download Submit
/data/data/com.qihoo.appstore/databases/ignoreupdate_appinfo.db

Filesize
20KB

MD5
60e4cf217e77c56efd3707b603797c5b

SHA1
816247b4883d3adb30c4db39fda16d2288e27de0

SHA256
8e2b8343f703045fb8596dee1888f65fc66b64d10304a4a49fd4ad1f63bd67ea

SHA512
22a8cd2974663e8caa220177e7bc64aaf35735dc8abc3870a7e47ea86b02d8b06b041000e5505039b3116290aee67e9645ad2d9c26218749f5b5b2e332712af2

Download Submit
/data/data/com.qihoo.appstore/databases/ignoreupdate_appinfo.db-journal

Filesize
512B

MD5
5856dacc8494ae4afa380bee75945f71

SHA1
38eda9f901195d9daa168257e5045799fd2bdd39

SHA256
7d8bbfdcfe04c77f3bee8f5116a8fcd4b54f1a757a81a48c875fb0a53ffb1ca3

SHA512
a24c38d9ca9e6e0827d4cf0fba7273d08a36734d3c5925b685d1ab2d82eb08f666d2eb776cd102d50d1aa85e87968bb9df37e4d40f883cd7819f0b4144ae2fe1

Download Submit
/data/data/com.qihoo.appstore/databases/ignoreupdate_appinfo.db-wal

Filesize
16KB

MD5
b93f567401a5903ef38ead29ba75c43f

SHA1
ec44df5605a4f253dbffd65fcf3ac0c069e3981e

SHA256
039bfd929a2d9da624960ed4d5843684282dc2fb727714d52450a5d33edac56f

SHA512
75146b85ce416bd5836c2fb84db54a5e3005bd92028fe6016fd8ccc6bb82e63993178682e434d9a70abc6da32904c344a6620373164d18ede0785a621fa8296a

Download Submit
/data/data/com.qihoo.appstore/databases/ignoreupdate_appinfo.db-wal

Filesize
20KB

MD5
0f679d170750c918d77672d1479acee8

SHA1
8c334bd87cd27f46dbd4399f60ffa6d81219f74e

SHA256
ecd4c97765911c0ef2a42b7b78ec53b03c6d88c26f75e40401a8b75ada479c69

SHA512
be705c3b89c9c8ef2d79298d01747c172c2675a1ff359dbd47daad35ee5b8fcaeada5d64e4671d61cc92c58d3c1703df18b38027f8c8a910316e311a0f45530d

Download Submit
/data/data/com.qihoo.appstore/databases/ignoreupdate_appinfo.db-wal

Filesize
4KB

MD5
f54941f2b5797eb7d0cce7a38056e590

SHA1
b82b6d9b3562f4af5e445bddc9240048ef499aa8

SHA256
1a951548fba41791796617772b4fdbf5df623a637cbbd3f915abbbb53b01f0ae

SHA512
8004f0a7263dfabf1a80ffe5492fe322ff9f62fe92cdb2932477941d11601f63fda866a4a5d850abb345505c7c57b2477f6774f15f00b4f2be7e668dac2d6f93

Download Submit
/data/data/com.qihoo.appstore/databases/new_downloads.db

Filesize
12KB

MD5
3fe30614d7e0d11db870b4624f6c50e0

SHA1
053ff0fc621ab40f2afeddb3e7b4a73ee41ec533

SHA256
67c532f0324228dd33b445cd399c1426e3a0e0cdc7b9358c66b402c5d40a838d

SHA512
c7c09e97a408e88aacaf8099ad4d1fa604d58113393500a384eb3c2eb7c3c105af41314934b86eca2f088045cbab5a20d768bbb295448dc1ae6cb6c3f59821ae

Download Submit
/data/data/com.qihoo.appstore/databases/new_downloads.db-journal

Filesize
512B

MD5
043789cd548fc7f367d1dd430d18e231

SHA1
2b91197b93729556754a03fc951fedafa2d5c775

SHA256
9032166ec25236b9ccf70b17ae0158626760e24c9c1790ee02307bca0883eb46

SHA512
5f057955250d5e35ac170388bdea2e5e5fbfd4644063a253ff8906d4d3bac91468ff00e51f29c224e4e4f225499d3b2a625e7eb0bd9541cd8344a22c5a62f81d

Download Submit
/data/data/com.qihoo.appstore/databases/new_downloads.db-wal

Filesize
16KB

MD5
036acdd7e511aacd423059376ba4ef28

SHA1
87813059b607a53c2a91ece6fffc343d291cce2b

SHA256
7e414e284a6f05d26205d48a971263fe0f60e27e79e175360d2380d06d9aec75

SHA512
2330d13280f1e2081e562c4580ba02201a0274dbebff9d86a301393a3189b7ed4d0efcca476c04bfe12e57b9d37d00987f141e016ca9dc6516af5203f21acdb4

Download Submit
/data/data/com.qihoo.appstore/files/360/sdk/persistence/backup/Y29tLnFpaG9vLmFwcHN0b3Jl

Filesize
624B

MD5
d1028db91214f744ba905b1c016c8e54

SHA1
ea72878b8fb597f262eebdc186c79e850c4bf76a

SHA256
fdbaec3814dd254c97aa236f50247a1e8dabbd1d45fed0576cee2cd7845199b9

SHA512
88dba4761d3ca5242a56be6be4741bd2e121352ab0eddc7990f7bbb9a8e659a59a9cf43ea35a9e437172c7bc1bf4b61e7aec59a5107c5db5128fff025ee9b8c6

Download Submit
/data/data/com.qihoo.appstore/files/360/sdk/persistence/data/Y29tLnFpaG9vLmFwcHN0b3Jl

Filesize
4KB

MD5
aa98f8b54d71b7323fde174c74b94073

SHA1
1b75e053e32922c2969b4f296582e536a6635726

SHA256
44a61d486695b6dd61047015873fc1c57cc8c799f357815a3914b6b24595ddf1

SHA512
34d7f52dd484ccc2fb7934ee3d2ffe644a25873ea55fcf36977f424e5f67e5853a862f21999805479dc6278f2993bafb4d5084d047626125563ac466f47b9c4b

Download Submit
/data/data/com.qihoo.appstore/files/360/sdk/persistence/data/Y29tLnFpaG9vLmFwcHN0b3Jl

Filesize
536B

MD5
f5882e951c3a6a575e6a6559f332f85b

SHA1
ddc34c3184be5705c1e82c952a18002e49ce0c10

SHA256
5e48404bccde2edbc91d8dde3d0590ab96149cd64677a63567675436a2fe3f2c

SHA512
ac419d786f9a16f1a64f3f82f8ddd9d59cf6eafcf26227d4792e98dff139d772b3741157562306caaf79a899ec27cc690ee4cab601db983f72f3ba0e7f9683d8

Download Submit
/data/data/com.qihoo.appstore/files/360/sdk/persistence/data/Y29tLnFpaG9vLmFwcHN0b3Jl

Filesize
632B

MD5
0dbf0f3e06f7791fcba1e488fc25c371

SHA1
e0bae0c3c9bc1421fabfc1161151d2340279297d

SHA256
1c0ab97f74875ca98b9d4a1bae64bf7f49221f0198d099fc23e2875bb5c116c9

SHA512
6d75fee02522f3aececd80d92cd1b750b66261eb38411102fd30428682c02a78b97b0fc5d8e8adcfe58158170d6cc287eb8e9439e3cee30eb7db89436b9b45a3

Download Submit
/data/data/com.qihoo.appstore/files/360/sdk/persistence/data/Y29tLnFpaG9vLmFwcHN0b3Jl

Filesize
77KB

MD5
9cec9e7492ebfeb1acadb4c9e4871558

SHA1
9651ab0e872379fcbb7717eb05319833e3c1adb9

SHA256
e891504544663328b77973c1be1321588644137ca22d07ab909d2670b6a7cac2

SHA512
ae2600c6b17ad25928e2dd08e0dedc5b7a3b4baa550ac044594530663ff462955a795a64f12b32a2bb8c0056bdc24475f52cc05f4139a7dd0678a41cdbc79e30

Download Submit
/data/data/com.qihoo.appstore/files/360/sdk/persistence/data/Y29tLnFpaG9vLmFwcHN0b3Jl

Filesize
77KB

MD5
4337b0a81cdf6dfce3ff77d24acb960d

SHA1
47d4fabcc63a4653d3e96b749966e5f42526563b

SHA256
4161e194ebe97629e4bb11a9e8c5044a375c9649015b6f80417c35dd4e100e00

SHA512
bced405bf5c9cc1ac81e7f79541e1fe75f3602c0a53ff1d15d3e5856997855e35c3e36a00bc9a5ae85638f80da4ebdf0ba450034f28a243ed37b644bf41db7e7

Download Submit
/data/data/com.qihoo.appstore/files/360/sdk/persistence/report/Y29tLnFpaG9vLmFwcHN0b3Jl

Filesize
32KB

MD5
12d7e840fa198fb3525cabc814fa7723

SHA1
9eebbb3fa80c094f6bb05d6affcb5cbc3dffe280

SHA256
83d8080d8958a7c0ef8ea4992ae8cb5c9976408aadafbb831c5fc575b84920dc

SHA512
54f287f477802d530b5caaa8d44b211bf175834f4c2dbaa08ebb9698c4538bb0e4b9d82f5ece1374624392746e719fadbdabf7da0a37676b53dd5681e09756ae

Download Submit
/data/data/com.qihoo.appstore/files/sllak/opt/4269/finalcore.jar

Filesize
77KB

MD5
c14c8a2f5d3a7c47eb2ca8c1b6e69adb

SHA1
4e57b3c0f34427aba8a5be40c2e9b627172a89c8

SHA256
7d7ada76ea057847b5c47ed0f16a6d0e52cdbebbbdb08c1a9519acf70a1a4107

SHA512
2be420b849c0fa84d3c594ab6bc85255eb54915e05aac5fd3d711e8dc93f484c5a2add2c662a858d4c2ce316a716c9e930122e9cb1047be7482c495242d766e4

Download Submit