Overview

overview

6

Static

static

6

bc8d8018b6...36.apk

android-9-x86

6

bc8d8018b6...36.apk

android-11-x64

6

gdtadv2.apk

android-9-x86

gdtadv2.apk

android-10-x64

gdtadv2.apk

android-11-x64

Analysis

  • max time kernel
    2747060s
  • max time network
    172s
  • platform
    android_x64
  • resource
    android-x64-arm64-20231215-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system
  • submitted
    24/12/2023, 02:29

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    bc8d8018b6af9e1e5f4b0aa03ee51f37b4513942ca9923c8bd98ea56ceb37736.apk

  • Size

    16.7MB

  • MD5

    bb18ca0dc38345e57cee9969bc28ef59

  • SHA1

    ff924a92ba76c81f88ffb6129c6e8608338370dc

  • SHA256

    bc8d8018b6af9e1e5f4b0aa03ee51f37b4513942ca9923c8bd98ea56ceb37736

  • SHA512

    ba5f7a2e983362d99b2f14f27474cea3161733ff7187aba04de0ce82595b8ed4fdb9108058adad77be9f6d6914bf9e7cb85871731c428245c480d836e8bb8264

  • SSDEEP

    393216:Q28REWQQ4A4qT2nMGxIdAODCSEzQlHpBs+lv+k:Q2XgbyFOdVCjMlJK+lv+k

Score
6/10

Malware Config

Signatures

  • Reads information about phone network operator.
  • Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes

  • com.kingsoft
    1⤵
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4520
  • com.kingsoft:pushservice
    1⤵
      PID:4682
    • com.kingsoft:sync
      1⤵
        PID:4874

      Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • /data/data/com.kingsoft/files/dmdata.xml
              Filesize

              11KB

              MD5

              6a82add8701e7b99cf47f782e505899c

              SHA1

              9e439ef6932ae80ae7dc99b5cb66498ff2baed38

              SHA256

              c9fb8359409065f6a4459d6c3b7b316f5d2b4fd768a3a3765b81a27723028388

              SHA512

              99ee7bc3d255099cf5bd1505aeb606c168bc3913ba205311a51a9bc753a36f4114723b03b59ab1a3eb3223ef0e5332932f1ff01d10efe7145039557ebd1cf21f

              Download Submit

            • /data/user/0/com.kingsoft/databases/AdBackground.db
              Filesize

              20KB

              MD5

              42567a36454121729777d17ff6defcf5

              SHA1

              92e412adea5fb4e3019a8db24b33a753016cfab5

              SHA256

              9b31d8840f36411ef629c9d8aa30754ffeed57e51cae02adf6b05e215ac88fe0

              SHA512

              56b02de77e5f66a1096531e44d066b00b15ea96a0c94c44782abb87b51827a5b28f4e9606f70373976fbc0b89d677d611d211c97f1349982475d915fbda2052b

              Download Submit

            • /data/user/0/com.kingsoft/databases/AdBackground.db-journal
              Filesize

              512B

              MD5

              04f70f64424277f2054e7694214e5cbb

              SHA1

              96de5c56ff99bbd9adc477572da4e8a5ea5c8e14

              SHA256

              21f037f2c1ab3e07d5d21761584b3029f70351e7a61c18f5be6956e4600fe7c7

              SHA512

              ac5dcba8374c4786c9d8bd4a57f9e4d6a90aa9fddf2c9a61c0d53510531f1a673371242efcc23003242171cdabfefb5201b4cb08849041c1a7a78d68688f3264

              Download Submit

            • /data/user/0/com.kingsoft/databases/AdBackground.db-journal
              Filesize

              8KB

              MD5

              b78e02c09ebde5ae6cdd7564b65c8b75

              SHA1

              37cc439c519beaaae8996f773514ccfa24c57215

              SHA256

              a4d60616291c5a49639c04cd1691626c717d016b4d62e8fea059b502d2dfa7a0

              SHA512

              5065e47ad5429e0c60d915092d63ee5e31f0b422f20c2f6ff5a1bb340fd10c09de8798bcdf40c4f96cadd0d430f11b0b5f0b618a7f3856e72c93a71573730d7f

              Download Submit

            • /data/user/0/com.kingsoft/databases/AdBackground.db-journal
              Filesize

              8KB

              MD5

              63c559272788fd997a59f168d7f86bcc

              SHA1

              ea8930d266afe98b2b7622e4f8cb5a5e3e42324e

              SHA256

              38a62e637a7bb5e2fafed7cde17e8399f2a6337cca72d973d42e5dce0fb0e1e4

              SHA512

              483112e3de4c7b5528a7fe1600e4f41f46968fb8dae62108530821f81fe082b5a81a98effebc456243b3b94260485077182d5b6be899b0ef909d146c2bf788af

              Download Submit

            • /data/user/0/com.kingsoft/databases/AdBackground.db-journal
              Filesize

              4KB

              MD5

              8b851882c9c2ee5c7749679d754679dd

              SHA1

              32fb1f7a9dceea4b06569c47158cbf1ba3126daf

              SHA256

              6555eadd64ae6d65e82220adbe7b4a1137abaaea48c9f5e1fa096bc87077beb4

              SHA512

              75379200ae29e4fc65a4afa7410a76ccc9023299800c5bb3114819748c4502bed3070d49aaf37a747c0d301a1628b89654730a4339613017c5a00c97ee0a1b2c

              Download Submit

            • /data/user/0/com.kingsoft/databases/BaseBackground.db
              Filesize

              12KB

              MD5

              f41f531c07d4141546a531ff9caffdcd

              SHA1

              9dcac5aed06972d0ff6bd4cc1f1cdff85b36d3f5

              SHA256

              bb8dee5b5c3779f175abbd142722eb0022b98d374783aa80145b34614a4de646

              SHA512

              e0c8d1a820cb4c098e45776e8b50ea8c83944ef2e3f005cb0acbfc07688974d370f78100ae022f62564fc4c12acfdc43b710c18ca1c30f4f575bc08b9b12d2d4

              Download Submit

            • /data/user/0/com.kingsoft/databases/BaseBackground.db
              Filesize

              4KB

              MD5

              e799d87ac2e245e97ad17979ace5456c

              SHA1

              e31f8ed66a65d3efbb0110287b191a86f1cbedff

              SHA256

              0ff77a18f2028b859e87ff8d51248a51779b81330b2081da41875f56985e20c4

              SHA512

              41a5e990856ff233401e6d1bee610b24ee3043e7fbe97bb0aef5644408058cc91b8eaeb1182923dbe6c3b0634410ba470a2ff0d067b82af8568c90466283c071

              Download Submit

            • /data/user/0/com.kingsoft/databases/BaseBackground.db-journal
              Filesize

              512B

              MD5

              31906fc0fd6c68829747d12dcf503d1f

              SHA1

              20294543363656abf27546d7b4a426cc47828887

              SHA256

              0e57ff57b176ad3174f7e03fbb9696c3a993f334714adf904b67e01a5b9e1f00

              SHA512

              0346f1b11b107ac9387626aca153d9e3efef9d87824034d39e17ab9878bfd418d7543321d10910f3e3e74b81145e271e6aa52583e952f78bac925f5d922611f2

              Download Submit

            • /data/user/0/com.kingsoft/databases/BaseBackground.db-journal
              Filesize

              8KB

              MD5

              2012304d57c465b5d72103b79138099f

              SHA1

              2e4f06423caec7b9598b2d45c636d1e7c1255ecb

              SHA256

              6f6530ddf04064e392d8eda8b518b69e0523377c7577b431945d94bff8dedc26

              SHA512

              81d9b09fe3ffcb1aed9d7b374a69a8c42fa2b67623057e497fa5e1b354edbebd7b421ef9293de798b2362ee7b0d78a6b9915a700a065ed9133f920b471f6fa31

              Download Submit

            • /data/user/0/com.kingsoft/databases/BaseBackground.db-journal
              Filesize

              8KB

              MD5

              d985dfe925d20bee17b4d55d32746ba8

              SHA1

              1b792a4a6b829c442f25b8b113cd0454ce073c16

              SHA256

              52825ca3038635ee3bb23a9c4abb25d05d7e2b322584b8475158bb6b71231508

              SHA512

              15dd008087bc26635efe75f8e15f69de06d14fe304f0fe2e17bede0ffdcd7ddaf63601df8b67841cbeeffd68181536a45ea6313b3736a303ef91045926d52947

              Download Submit

            • /data/user/0/com.kingsoft/databases/BaseBackground.db-journal
              Filesize

              4KB

              MD5

              f7b6418521b8d347c8d06c2e5e1d18bc

              SHA1

              9e5a004307ba233c2040b07e7e9866828f68e2b8

              SHA256

              ca2b61f39d781476849a08455e4bf4f16220e1e9d8b4326a55ccb5f78f7ced7e

              SHA512

              3760430f67eed126050f61b4993d2eec37117f737e293570b0e29a9093f02594e0019ac31a88fa2001a350f3bdcc4cc16223f2ffebeb2a02c98e8a4e1b37dd99

              Download Submit

            • /data/user/0/com.kingsoft/databases/BaseBackground.db-shm
              Filesize

              32KB

              MD5

              bb7df04e1b0a2570657527a7e108ae23

              SHA1

              5188431849b4613152fd7bdba6a3ff0a4fd6424b

              SHA256

              c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

              SHA512

              768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

              Download Submit

            • /data/user/0/com.kingsoft/databases/KSOStat.db
              Filesize

              36KB

              MD5

              59fec86a4f20c9f6bf9af257e1c5c5bd

              SHA1

              ac4e10911f7a9d2ab851c38f264d680c729c8733

              SHA256

              ac52ed122f039fc7fc355bf567d1cc93fb798cae0820724fe9a1c738c7faf337

              SHA512

              4b04c1a89a81c1baeeb90ca7962d4a68687a7db1ccb2c06919603ef99355c895d6fd6c144ab5f1174dac1d8a225220983a0f51cb2f35f0a8e054ed615c5ff9b9

              Download Submit

            • /data/user/0/com.kingsoft/databases/KSOStat.db-journal
              Filesize

              512B

              MD5

              9407d65b8628a3972aa54d5e5fa5edb0

              SHA1

              12ee95e23c3cdbd6b3ddaea72063fe8f234b3f77

              SHA256

              86c3211fb7ae359593c1008a8cb194809db053112dc83e4b4f0ea1d65646ccff

              SHA512

              fa5606516845797603fdbccd45d207581b93e8d8e41ac491ccb4d9e94806b9f419a62f64f1d3a1fd066519d1ce1d4682cb947f2243f595239964ed9bb8434e6c

              Download Submit

            • /data/user/0/com.kingsoft/databases/KSOStat.db-journal
              Filesize

              8KB

              MD5

              dcc448eadeaa3cc0388e160a3bf84f76

              SHA1

              3d87f8a2bac02981de3814a5a713123e16b276ac

              SHA256

              418074a5750eacbfe5c6db0aae863730f8239d6127e4efb8a30aac236c87406c

              SHA512

              5be3084d52ab3554f72016505b66bb1c3d11c32ac6b369990c7ae4f373979e75f8570441fa6bf24027dcda0444e4c503a43124d5d954231cabaaf7e17195666f

              Download Submit

            • /data/user/0/com.kingsoft/databases/KSOStat.db-journal
              Filesize

              8KB

              MD5

              e3d8a70c2c40f0355c6be4c7ffd8eabe

              SHA1

              299a670c0781eebe360e45aeefdc6912b3066caf

              SHA256

              6db115601b1f5d1e6b5eb4b8141e3efb4f11bd9e04567484a6ac2b3289b80f71

              SHA512

              053217c332a6cdb9b4da93bf1a4e7ac666224c9feede20a8728e9f471b4848a75d155149e26ab87d796fd33200d85abd5ca47e0478bf0f890205a69b58831042

              Download Submit

            • /data/user/0/com.kingsoft/databases/KSOStat.db-journal
              Filesize

              12KB

              MD5

              5d38c4120e06761f02d5861f73371a81

              SHA1

              ebb7235920e5add18579cc67a80dfb1253643227

              SHA256

              0b9866c2ec3666cf7dd90ed813704696f00cdb0af1fc7177aad2732ef00885f8

              SHA512

              e54ced445782e8942b5da82dbd776cff2855e1bd965d07b41669259dbe229d0cf46a6e75bc62c061be6c3981b54a68428963898c4962bae812b8c1cb263af12b

              Download Submit

            • /data/user/0/com.kingsoft/databases/KSOStat.db-journal
              Filesize

              12KB

              MD5

              f2baa6bccd3650e264d5061550134ecf

              SHA1

              1807905085592860f0cfb25b0e0076ca0e0360ce

              SHA256

              efa3295e175619f57493d04670c6b13b9a77bf9e4fb040749532bf0e043e96f3

              SHA512

              cf61da5b131e8aba9b78261d2a93f5a408118022aadea7644bcfa494d08b2d26085eb8e12151919cf0a9f28a961c9091213f457f44719ed4591e2f30a210f099

              Download Submit

            • /data/user/0/com.kingsoft/databases/KSOStat.db-journal
              Filesize

              12KB

              MD5

              607eb17ad4066e5709c5ea9c3fce515c

              SHA1

              060e45d8310c6c0ec773a85bbeb10be68edc5528

              SHA256

              bf0eaecf7af7d1ae92e8cec94f618e013a27914685fa0129f7b3d7a6d8c27d4b

              SHA512

              041f6c888781be161483c2ea9197804aa33ccf0ec79849791e89520818a00cd6632ca25444d01bc3fbc250d38aefa295826de674ac22059c7a6852ad4a98c2e4

              Download Submit

            • /data/user/0/com.kingsoft/databases/mistat.db
              Filesize

              20KB

              MD5

              a1cc69abfc62b18f6672daa99ee951b1

              SHA1

              269056c4eadb5a999550f1c8397bb5aa43b90241

              SHA256

              d67fc13e1ed71b8f91e3d40dc3df2c3f5dd89920778a1b9d74b611696f315d99

              SHA512

              3cfd8a72906c303b1276f3a8285a74f1597f6b77a18d8f1fd6beaca4487a0a48e6566041f59e8b431f6962e5769e899795579afce58ff7b40dd8a6099ec6bd11

              Download Submit

            • /data/user/0/com.kingsoft/databases/mistat.db-journal
              Filesize

              512B

              MD5

              30a24b5a636f63620627596aed9b3463

              SHA1

              36b4573c4cce23849a267534cbc5f55db8e4f5f2

              SHA256

              9b917d577574f24351be04fe4740275d3621e6d2ca7abf6522063766886432dc

              SHA512

              da7c565ba73458def88f70c9c789c6d47540b77f7f4b650df4995181cf40e46b54d10d4574515fefa9c73c53fe3730a33c4e671ca97762e746c2c5156220beca

              Download Submit

            • /data/user/0/com.kingsoft/databases/mistat.db-journal
              Filesize

              8KB

              MD5

              f7ada069f9d887f7b1b1407f894af5fd

              SHA1

              699a241fcf2f443cdb5ad5fcb467c611369a6fbf

              SHA256

              3da7d81d368ab12e04a0a0686d298a86018d567bf41d226014275b4176184a6f

              SHA512

              aa4cec18a76127f6c569e221761147dd22d49a96db05678c06676a3ec378ee1ac02a871e1bc4ed7c98ad497cbd118d8d1af813758fc6b241ffebf403903fc0d6

              Download Submit

            • /data/user/0/com.kingsoft/databases/mistat.db-journal
              Filesize

              8KB

              MD5

              bb239fba714c835c39326ac46f1fa265

              SHA1

              255f82dcbd428faff9585326e5269a4f34e48bc0

              SHA256

              de9c8d9b29e8e0225a387f6fdde06afc003989e8b37a2611f8521839cf4b4b57

              SHA512

              5894404054cfba65563fc1d21f47ed191ec6d4c3c5692e255e8eb84937ba43619cc697460283801acdddc0598c0d76f131a6b9249d188cfcb531734905e9d13e

              Download Submit

            • /data/user/0/com.kingsoft/databases/powerword.db
              Filesize

              12KB

              MD5

              171aedf968e17a2744d2585715606cb9

              SHA1

              bbeddeb3b89fcf809619c35b4a318a80e7d5b029

              SHA256

              d2ab452d9360848f46af866b870b5c6fc98230b09c72b89cb1a4b2778586678e

              SHA512

              78a0f517ee3d21c153dda6dbfec4187ebaee9d520d7b1b63f358bcb125d08aea53f26943907a56fdeba40161d9fc7e4fd63f9ae3154dd2ad887ba0162738285b

              Download Submit

            • /data/user/0/com.kingsoft/databases/powerword.db-journal
              Filesize

              512B

              MD5

              ea2dd90f08207e961f222850c09d9b58

              SHA1

              7f6154c4516643b3e099c2b9380d303dda107215

              SHA256

              2de5262aa09dba3a6c29c9da7a5de75bf69033d62e7a14e1a38c7b3235196f4e

              SHA512

              78788734a00b1bf6e8d184184cfbba8baadc473041840391a81762570c914a2a914c9df7458c8804cf1f818039e0bc5272659a1b71d572bc18dea25b8ad465ca

              Download Submit

            • /data/user/0/com.kingsoft/databases/powerword.db-journal
              Filesize

              8KB

              MD5

              01f8c69c934731e54e4dcb7f278a7a6a

              SHA1

              5d6ca9eb75cb09f02377dd6b1d382f5deab35ba9

              SHA256

              4239fe9bdcc930450eec726c8061a71be0abb766cea41ae54d53dabbcefabbac

              SHA512

              2cc002a3b5875d6ca55ed2520c22c7cb58034e7cd91ce36757740cf283f5bb7b59b12354fe58b77f73b8abd7095094cdee042c93abc9872c2db0c2d960ddea11

              Download Submit

            • /data/user/0/com.kingsoft/files/com.kingsoft:pushservice
              Filesize

              4KB

              MD5

              28a1b432a4029678ea7c884e6ac1070c

              SHA1

              6cdd2554c988efb5798b83e4d8210cc0c9e56f0e

              SHA256

              c60957e1fbf58c4d68b62dff0515660d303e80ac23a7657750a05f06b60ef2b2

              SHA512

              5b30e3b831c9a1b0cf3ceae67d3e74d3085d0d11cbe6cb22443b2f27e9fe4346e33bcaad79ed880334d227f3cfd4003ad506632bd9d803cc2487d61224c48ae8

              Download Submit

            • /data/user/0/com.kingsoft/files/com.kingsoft:pushservice
              Filesize

              4KB

              MD5

              fcefff544891512557f66abd8ba88c4a

              SHA1

              a3f922b3ab7d3f84e1c787d3614dbc5c4e4106af

              SHA256

              91f5587d80ebf02c02778939ecf4d9023ca0e899ab60d6755b17c80cfdf1717f

              SHA512

              92fbac70e6edee8c6ae0931f9de837091f3dd53e688eecbe7dfb37a63e2fe5f8c06cbd3d0ce9d25d6eca34d6a3d0672a97a72f4a0292d25bd75c004f9433e515

              Download Submit

            • /data/user/0/com.kingsoft/files/com.kingsoft:pushservice
              Filesize

              1KB

              MD5

              4122b640b113fbe7158242d2e71bc72f

              SHA1

              63c83d49f681cc93aca00dfd6275efe80e28a8a9

              SHA256

              d5886046e588cf12758fd2165520affb006b8ac0893f6bfba0cc9e89e53222d9

              SHA512

              80d44b1de10356da9db6acd84b95d6d850a2311777c95465506ed4bfb5205540f94d202671e327739bdb814ecbb3bf459d44b4cca82fc5b5ff41dafef48e6c38

              Download Submit

            • /storage/emulated/0/.DataStorage/ContextData.xml
              Filesize

              65B

              MD5

              9781ca003f10f8d0c9c1945b63fdca7f

              SHA1

              4156cf5dc8d71dbab734d25e5e1598b37a5456f4

              SHA256

              3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

              SHA512

              25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

              Download Submit

            • /storage/emulated/0/.DataStorage/ContextData.xml
              Filesize

              111B

              MD5

              63fd01ad69f2755ecac0366d21095dc9

              SHA1

              224ca6796fc56d18efba5be1c4a77afca8f8d510

              SHA256

              f32849454808a4e82c445b64fddc113d0803533205d3f39d9ce2437bd1ee3091

              SHA512

              2df632eeb146757137c4db03893a70013f5069bc4417e09f5f763d283cc759a1a84ade788628552e2cdee12312646bcdc1f9b4b8ecc96313efb239df282fe7f4

              Download Submit

            • /storage/emulated/0/powerword/cache/textdata/journal.tmp
              Filesize

              8KB

              MD5

              d29b840e4a4e8bbb0bb4b03ea07a6ed9

              SHA1

              dc23401b14465741faf08460ce9d5fdeb4b57aee

              SHA256

              dea2daa18d769383531fb3fcfa1a5ed63f74dfb0eab90656ff0fd3d052dc964e

              SHA512

              b5d72163ed6b7b7d8a70135ad682f12275de283b5260b002bdd240e2151d975371ffed26f765fc7d76642ca4b8e2d85893d45b209e37a4909b4edb43a42f7238

              Download Submit