b28aae005ef04428d3da48e0eab7fc9c003c195181a9a85c7f37cecc424865c1

Analysis

max time kernel
2938861s
max time network
130s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
24/12/2023, 01:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b28aae005ef04428d3da48e0eab7fc9c003c195181a9a85c7f37cecc424865c1.apk
Size

26.2MB
MD5

13a59ced1367d14daf2cb8e01d6385ca
SHA1

23ac2871de9277c784cd0d20d373460770bbeba0
SHA256

b28aae005ef04428d3da48e0eab7fc9c003c195181a9a85c7f37cecc424865c1
SHA512

b07f63c0fb60f4f4a22f1c72d1299e0888f0f267ee64e53c2010b27bf4c3ed40107ec4b85a529f3ff40b7fd3cdbcf29e4ad32b967ce07fea145a33991b36b4cf
SSDEEP

786432:GUoOJP0eY2EXK5kHkHH3zZGeFRq2RiK/kxrW:GUFJceYdHcHDYeFw20KSrW

Score

8^/10

Malware Config

Signatures

Requests cell location 1 IoCs

Uses Android APIs to to get current cell location.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.qihoo.daemon

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data) 4 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.qihoo.daemon
Framework API call	javax.crypto.Cipher.doFinal	com.qihoo.appstore
Framework API call	javax.crypto.Cipher.doFinal	com.qihoo.appstore:assist
Framework API call	javax.crypto.Cipher.doFinal	com.qihoo.appstore:assist1

com.qihoo.appstore
1⤵
- Uses Crypto APIs (Might try to encrypt user data)
PID:4270

com.qihoo.daemon
1⤵
- Requests cell location
- Uses Crypto APIs (Might try to encrypt user data)
PID:4298

com.qihoo.appstore:assist1
1⤵
- Uses Crypto APIs (Might try to encrypt user data)
PID:4444

com.qihoo.appstore:assist
1⤵
- Uses Crypto APIs (Might try to encrypt user data)
PID:4427

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.qihoo.appstore/app_Inner/alive_flags_memory_file

Filesize
512B

MD5
bf619eac0cdf3f68d496ea9344137e8b

SHA1
5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5

SHA256
076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560

SHA512
df40d4a774e0b453a5b87c00d6f0ef5d753143454e88ee5f7b607134598294c7905ccbcf94bbc46e474db6eb44e56a6dbb6d9a1be9d4fb5d1b5f2d0c6ed34bfe

Download Submit
/data/data/com.qihoo.appstore/files/LDSDK/ld_cache_file_temp

Filesize
64B

MD5
402b392649a9e71adb1b1e82a092fdc4

SHA1
35ce84fb3e8563cff4efc0c620d723636d439ffe

SHA256
476e62ed827c457cafacb6d81f96dbc0de025f4c1f0934ed9d705a3352d7e34d

SHA512
90c6dc7e0bacbdb517606d4752e1004f996491e8d6a3ca52d0b8c68d7b053825ae4f4aeed174ab97e1ddfb2444b8ba5a3ecff9cf6aa6cca87d38d24e6ef04b80

Download Submit
/data/data/com.qihoo.appstore/files/LDSDK/ld_cache_file_temp

Filesize
96B

MD5
b4cb6b7272f1e0d0b056c01ab43e1ee9

SHA1
de6d2d7547deb6359a093dd8a2780e9799f4f413

SHA256
82937d42aff8dbfec2ee175717e500108310acd9343d38d1fc456b216a81658c

SHA512
3a7cbfa752c1a9f15b7444783ac9cfd6f1bcdc2b265084facf7b0d1d9d6d3857fb6765daa23a096e78351ae27ce49f28b937975cfe785b51ff3df603ed5528aa

Download Submit
/data/data/com.qihoo.appstore/files/mmkv/gxb.conf

Filesize
4KB

MD5
620f0b67a91f7f74151bc5be745b7110

SHA1
1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d

SHA256
ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7

SHA512
2d23913d3759ef01704a86b4bee3ac8a29002313ecc98a7424425a78170f219577822fd77e4ae96313547696ad7d5949b58e12d5063ef2ee063b595740a3a12d

Download Submit
/storage/emulated/0/360/sdk/persistence/data/Y29tLnFpaG9vLmFwcHN0b3Jl

Filesize
628B

MD5
189ad16a669892e582af0b50a76bcde0

SHA1
a0f0facdfe41cf26f6b58738824ba511832f407f

SHA256
9e54688117479f07af6e304e588361de6b8ff5b0e12f0300e8576c2920db2297

SHA512
c320b6eb22350d2c53afc8da0494ec26846055c2dda6202ef7d00f1a555194878b549a1a7c9732f3952d31d73e3b8e1b8ee6fa61f942b2853ad1e6ecf2502290

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads