Overview

overview

6

Static

static

6

bc8d8018b6...36.apk

android-9-x86

6

bc8d8018b6...36.apk

android-11-x64

6

gdtadv2.apk

android-9-x86

gdtadv2.apk

android-10-x64

gdtadv2.apk

android-11-x64

Analysis

  • max time kernel
    2953304s
  • max time network
    159s
  • platform
    android_x86
  • resource
    android-x86-arm-20231215-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
  • submitted
    24/12/2023, 02:29

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    bc8d8018b6af9e1e5f4b0aa03ee51f37b4513942ca9923c8bd98ea56ceb37736.apk

  • Size

    16.7MB

  • MD5

    bb18ca0dc38345e57cee9969bc28ef59

  • SHA1

    ff924a92ba76c81f88ffb6129c6e8608338370dc

  • SHA256

    bc8d8018b6af9e1e5f4b0aa03ee51f37b4513942ca9923c8bd98ea56ceb37736

  • SHA512

    ba5f7a2e983362d99b2f14f27474cea3161733ff7187aba04de0ce82595b8ed4fdb9108058adad77be9f6d6914bf9e7cb85871731c428245c480d836e8bb8264

  • SSDEEP

    393216:Q28REWQQ4A4qT2nMGxIdAODCSEzQlHpBs+lv+k:Q2XgbyFOdVCjMlJK+lv+k

Score
6/10

Malware Config

Signatures

  • Reads information about phone network operator.
  • Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes

  • com.kingsoft
    1⤵
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4260
  • com.kingsoft:pushservice
    1⤵
      PID:4390
    • com.kingsoft:sync
      1⤵
        PID:4469

      Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • /data/data/com.kingsoft/databases/AdBackground.db-journal
              Filesize

              512B

              MD5

              3b31fcf2cca6b71dbde58f3f99bb5681

              SHA1

              2778de9e4d6d2afad620f0e9e6bc5b9e2ad62a41

              SHA256

              d2b38a0ad65d42ade9e75f884e6963820b2fb62cd255f0cfcdf2f774c19ed32b

              SHA512

              bf5db0c7d911a1494c4039cd6b0fb82ade1fb01cb5206d19ecf360f70319ba8e8f90954525fd269e6bca2b494b21906b3c32171f46bab75efec7adc15c66f104

              Download Submit

            • /data/data/com.kingsoft/databases/AdBackground.db-wal
              Filesize

              32KB

              MD5

              0961f130c9f57ec285529a75809adec3

              SHA1

              79e36f9d40e1dbd55fa2f686cdca71080d251f63

              SHA256

              fd5a4884b6901a35a0967913dd610855ad5883dcd273ff16c1fd2b147e40ac34

              SHA512

              c8f52f203dc8f6c3aae44eacda79e3c53dac8a7cd5e942bf00df2faff9749dcd3103f070eb0f336c5f621d3902d776ff80e72f22ddf8a34f0a3bd3d8c2c7f381

              Download Submit

            • /data/data/com.kingsoft/databases/BaseBackground.db
              Filesize

              20KB

              MD5

              8c3cd06a7a2ba7830db97e945d533d7e

              SHA1

              7108484637b6ce728f620c5d3dedce725914ecb2

              SHA256

              2ef1ea31a96e987c1643d53d3a31feed1e97557ba245161b7f7f54837d8aa980

              SHA512

              e72439edae679ad799741c8e159504994810df456d0b01e348344a963c5d44e0ea84d31c6c046e23e3870600c0f0e2625726afb69af1e0bed3c13c845680a540

              Download Submit

            • /data/data/com.kingsoft/databases/BaseBackground.db-journal
              Filesize

              512B

              MD5

              f30b04c4cf11abfb0eca63778a438d22

              SHA1

              3345a334960fd342a583f1fe0044a594adc4147a

              SHA256

              0d6ccb1820e8aee3626d7d3c1bfcaf82433d4026d18918c788a2a4f3aebc226a

              SHA512

              b974234cf80be41aaecb239276a6437ab021ce67c1efd76666766c944ece04a5d620433264658149ee958082c3b9fe3bef966b20180a7a443cc83bc6dcd0249c

              Download Submit

            • /data/data/com.kingsoft/databases/BaseBackground.db-wal
              Filesize

              32KB

              MD5

              5b62590cc1b932318ddcde611f2ee5fc

              SHA1

              5ef8bd17976a5eb95a83e046a3ff30e68f056b93

              SHA256

              b3a8f28acc4ac6c95f37976d0511efd908ca10cae67128a554f4a25c587e816c

              SHA512

              6d24a34787fac4b6e19f243218ea3273d60ad716b0344d85ea08ad21dcee7f46b07f2f1ed46a87be18b769a0e02532745c0b06b35bd49433b23541d755ac9369

              Download Submit

            • /data/data/com.kingsoft/databases/KSOStat.db-journal
              Filesize

              512B

              MD5

              cbc503a4435ad6ab634331bda5f488b8

              SHA1

              eaa032e69c79fd195ff0cd1e387147f2356e510f

              SHA256

              cdeab6436caf732e3b0054016271e556c48878857db64feee4f6e76b3d96146d

              SHA512

              4927fc72e2607a4e85445ef764f471ccc4528bced621cc6038b09b2f627654e2dc0576ff6635f641b98748025f2ffff03da604706933f362c2206835af804e58

              Download Submit

            • /data/data/com.kingsoft/databases/KSOStat.db-wal
              Filesize

              80KB

              MD5

              8285ae25c61971307f0b739d488a09bd

              SHA1

              9131b161f84568fe24ccd769ab0e8ebde5156cf6

              SHA256

              30af673d52914e28277e5045d9bdf8b0ea7bad21c9442e15a0ea70ef0ac54b3f

              SHA512

              a72146695648c0257502ac789ec1f7413ab8d44e75987555f8c17c9c127eb69bf2bb0c19b8fe1df69bd1b515b69f205f2c1895f0ca0da102b20b4bf591233cb6

              Download Submit

            • /data/data/com.kingsoft/databases/mistat.db-journal
              Filesize

              512B

              MD5

              2ba7ea74fb822c915ebcf3323c357eba

              SHA1

              4ece5b9ee586583c6bbab5c230679a01e5c3a3d5

              SHA256

              2e72e609f3ecdda962ed6f0ed98ae5c0e6982c6f507433e5d29d8013d4803106

              SHA512

              d33fbb67ffc2859b97fb8b5c398ff43b6f9240340d693799c1932566e36ad34d69d362d345d567dc437a35cdefc7b10170473bad7c3e05435aef1f97cb8cc354

              Download Submit

            • /data/data/com.kingsoft/databases/mistat.db-wal
              Filesize

              16KB

              MD5

              52232afd0f29e7ded73f965153f3bfcc

              SHA1

              5d051f094a725517374b8ca252d15d56b5fba01f

              SHA256

              c3c6fe5b7ffa34dcd5bfe93e30812b2f46f5d16395ec5f8161e130c079c74549

              SHA512

              66c68b56a1d0377692364f92b448a0fc26525f5d2315c78333629e3e10cc4a7023b1b70d042a3434ed50f675fe3d351ca9b53a29ba65c15fc0c32cefff342980

              Download Submit

            • /data/data/com.kingsoft/databases/powerword.db
              Filesize

              4KB

              MD5

              f2b4b0190b9f384ca885f0c8c9b14700

              SHA1

              934ff2646757b5b6e7f20f6a0aa76c7f995d9361

              SHA256

              0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

              SHA512

              ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

              Download Submit

            • /data/data/com.kingsoft/databases/powerword.db-journal
              Filesize

              512B

              MD5

              683a166d78b46e38ae2bdb8ea542a215

              SHA1

              764194f9b5988e30dbccac581f71c990cfc7462f

              SHA256

              7cc1d7b0f017a5be887bfa642a93535998d40466cdb18cd8e56c1ba78d686e30

              SHA512

              408edbd27126bd1a19ff4554229c1850abced1fe25d8b898200e05a8307b9ad4a293c0d0870f496b2ec54e69feb82c203dcaf3402d9d0ed244f4bede76dce087

              Download Submit

            • /data/data/com.kingsoft/databases/powerword.db-shm
              Filesize

              28KB

              MD5

              cf845a781c107ec1346e849c9dd1b7e8

              SHA1

              b44ccc7f7d519352422e59ee8b0bdbac881768a7

              SHA256

              18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

              SHA512

              4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

              Download Submit

            • /data/data/com.kingsoft/databases/powerword.db-wal
              Filesize

              16KB

              MD5

              6adc780f2d0c4797dca11490d6665d21

              SHA1

              4024d9242959502ca62615c65c6efb607c568e5f

              SHA256

              70cea05cb3ad2064f0a8fe59cb4bc07f12bb58a2a2c9b9d9a895ce23a5abafe8

              SHA512

              f50110685185d2e56bead4fbc0dd9aff641283e9f915955a758f18858a743510d5e17495d758b318c5b9ae6d30746ba53a93a36fc6a8c051b7d2dd71cd3890d9

              Download Submit

            • /data/data/com.kingsoft/files/com.kingsoft:pushservice
              Filesize

              1KB

              MD5

              d80ed861f33c3e489312f7521ebff2ae

              SHA1

              2005b20ebcbd10b196aea5a8ed1767a85e731c10

              SHA256

              97374468d1d08cc7290f0640d4d8c6d5e8587c6e4265207a8aa852e9030b507c

              SHA512

              014dc1d2c807eb6c432755685163f58930bfeea805db6e25ec2e19e18ee0d4f933847edefaa0764ab60d05e5ec9fcd2e89b80750c17d930d5040f63f01c57a73

              Download Submit

            • /data/data/com.kingsoft/files/com.kingsoft:pushservice
              Filesize

              4KB

              MD5

              8e07d547d44f4405cc1d0b30ae5be540

              SHA1

              72c6c08a0235841c7a40c6f57cfd86aefef3b7fa

              SHA256

              2afebff753aa0715a095fec1312e52079d9c8e5711463e31e782dbda9e3c1fe0

              SHA512

              57534c74a5c1c58b2ddd59e4e14411af858c7a1c06c6df679272006c4cbed9077464c4aad97c7e02db2f0230ea2991c881b6adc6381f1430bb68ab2c65a9c11e

              Download Submit

            • /data/data/com.kingsoft/files/dmdata.xml
              Filesize

              32KB

              MD5

              f4e49bf6a3d58db081d7ab3ee5d7a736

              SHA1

              bb05e4736ac87c5577ca535d95eb026e48a90ff3

              SHA256

              545e314b5279cc29b97ca0bdb2bdf4fd8b848384866e627b274e1ac84ac62353

              SHA512

              f8ebec5ef8466a7d73bf2f72eab345e40e5e34b0b3f5d311c0d0b9f9e17b438b6c642ed7faa1c67d707e4d3cd64290974aeb953d88ba81a1b367a0a347548832

              Download Submit

            • /data/data/com.kingsoft/files/dmdata.xml
              Filesize

              11KB

              MD5

              6a82add8701e7b99cf47f782e505899c

              SHA1

              9e439ef6932ae80ae7dc99b5cb66498ff2baed38

              SHA256

              c9fb8359409065f6a4459d6c3b7b316f5d2b4fd768a3a3765b81a27723028388

              SHA512

              99ee7bc3d255099cf5bd1505aeb606c168bc3913ba205311a51a9bc753a36f4114723b03b59ab1a3eb3223ef0e5332932f1ff01d10efe7145039557ebd1cf21f

              Download Submit

            • /storage/emulated/0/.DataStorage/ContextData.xml
              Filesize

              111B

              MD5

              0be3269acbb19a208c1a23636671ad0c

              SHA1

              72f9eca81d708ae260f281779b83247fcfb088c9

              SHA256

              f9765c3c4278cbec1c70371b1483b464a4b15a527d353eea920f34eb969609ca

              SHA512

              edfe6b05a38420c5dd6669a893fe6cb5317b543245ee62860abf3a43aaa47fd59db6214f2f9db0089bae19bfb556421040dc611062f88f15ece95fb45b2e6d70

              Download Submit

            • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
              Filesize

              167B

              MD5

              0a187fd449da4c194454f1c09bfd2e1a

              SHA1

              2a31f338e71a5c709d920b0446ed79d5c5fedc43

              SHA256

              bb61d3ebd1984d49ad2e579214189b2896aef1adc122f07a59fe82eab52e92d0

              SHA512

              42c8a1180b99061b3242e354b0be11358917e5cf2c8ac7b94e43b082f37db042364e688d7b6ba7a14c84e09f03134cda85b85b035e6c32988490b5830e15157e

              Download Submit

            • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
              Filesize

              65B

              MD5

              9781ca003f10f8d0c9c1945b63fdca7f

              SHA1

              4156cf5dc8d71dbab734d25e5e1598b37a5456f4

              SHA256

              3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

              SHA512

              25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

              Download Submit

            • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
              Filesize

              111B

              MD5

              3bfa9eb07c9296352568f65313a0ed04

              SHA1

              e39e90c0b97cbe8ca5e372ec676657d4c6b314d3

              SHA256

              5c4e4973bc331cc76ec9564d7a796a8e4e5fbaf697b5a8ded0268fc2a3a2bd77

              SHA512

              91688c4e65a2e98f438877566754c6883fd80e102ce6b04dc1dfbc52995707aca1a96182583828dd6aeb740e9287c914a589c43bbf654be69c6c45c4dd4d1e47

              Download Submit

            • /storage/emulated/0/Android/data/com.kingsoft/cache/textdata/journal.tmp
              Filesize

              33B

              MD5

              afbe439b5ae426fdb31906e8753bf9f5

              SHA1

              85be30c30200d09af46860482f04d9de282a8640

              SHA256

              eda016d3236e1a9b531c5e29c8545a7b1293dfacfc00c7a0fa8f9790f16468e7

              SHA512

              6df2b8980ce868f2f51ceb4ce15124ca0f0bfd5a7937230f8b6e8c5a3e2714d12e3965239730c046e32d6e20d7c4390a89ffaccc6095f58fd30c05db57ce10e5

              Download Submit

            • /storage/emulated/0/powerword/cache/textdata/journal.tmp
              Filesize

              4KB

              MD5

              29a4861d163edbee3f1a3daad6b4ad1b

              SHA1

              73bb84feedfde4be576da6e24993cf9c55dd0803

              SHA256

              0c1e6f864a5d3f95627fe6d70721be43d5195184bb74dd6ddcf4b958a964ea57

              SHA512

              57098ad43601cf2301814ec74cc91b31125c2cc5543d8372105c84036639c5cc242401793d261116304d9a5c56d2de1374059384a20ea1fdeb3072fdd716719a

              Download Submit

            • /storage/emulated/0/powerword/statistictime
              Filesize

              173B

              MD5

              063744d430f1db186cae305f2e89272b

              SHA1

              4dabd6e908dc1aace039918f026f8acb398a3490

              SHA256

              18ce1ea45f6ab4bf5a215ebc2d55e4a5c02554678addd9fe9ec21599e4a710db

              SHA512

              e709862b476068b62d6c5734f94e076dbcd9c8124c955fe2493549bcc58d9f531bd25f6ed659298d65de66e35f3af4bf307bdb5306e0c3c29d860dbac79c9306

              Download Submit

            • /storage/emulated/0/powerword/statistictime
              Filesize

              323B

              MD5

              e03b061c2cd65bbbaebdb79f9196e8ee

              SHA1

              b6aa81733fe56a454e6f7631fa77a50b2047863a

              SHA256

              1cc0a6349964cf755bc826f855ff9976332d0feb0d42e160dbb0dbe345854ac6

              SHA512

              f5f76a5c382d1820287cdd403fddfeb22a52e1331fdfa5e8158dc2464e81d2268463058f2e2b4a3923295ddc9eeaea0f61724bf88978851e390a4f4026be4bca

              Download Submit