d560854cbacb5fe4544ddd32ece12e67f120a34bc153740e666ec58ea32e6262

Analysis

max time kernel
3015785s
max time network
159s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
24-12-2023 04:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d560854cbacb5fe4544ddd32ece12e67f120a34bc153740e666ec58ea32e6262.apk
Size

28.4MB
MD5

139d4a6427fbfbc0071b7ff4f1557505
SHA1

ed625fda3332d6dc52d78f4e75fab182f695d34f
SHA256

d560854cbacb5fe4544ddd32ece12e67f120a34bc153740e666ec58ea32e6262
SHA512

362730c1ddbdbe1a56d5236f2d1c0671a15fdbb3b48a284323a9bb4317051e17c6ee5fd732510fe31188de93e1d5609d89bb2efcb91c1d79017fe89930ed70ae
SSDEEP

786432:qYbq5jtuXEzf9bkVS/vAh5vohGvPsbCtBbGpmSo:dbq5jCEz1bk8AjAhGUaimB

Score

8^/10

Malware Config

Signatures

Requests cell location 4 IoCs

Uses Android APIs to to get current cell information.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	com.baosteel.qcsh:remote
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.baosteel.qcsh
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.baosteel.qcsh:bdservice_v1
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.baosteel.qcsh:remote

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data) 2 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.baosteel.qcsh
Framework API call	javax.crypto.Cipher.doFinal	com.baosteel.qcsh:bdservice_v1

com.baosteel.qcsh
1⤵
- Requests cell location
- Uses Crypto APIs (Might try to encrypt user data)
PID:4257

com.baosteel.qcsh:bdservice_v1
1⤵
- Requests cell location
- Uses Crypto APIs (Might try to encrypt user data)
PID:4301

com.baosteel.qcsh:remote
1⤵
- Requests cell location
PID:4391

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.baosteel.qcsh/databases/cc/cc.db

Filesize
36KB

MD5
ce6135aa1b1fe4f2c2db2a546d2a5558

SHA1
79b59582154017aadab783dc266fcb158c252940

SHA256
7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c

SHA512
2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

Download Submit
/data/data/com.baosteel.qcsh/databases/cc/cc.db

Filesize
36KB

MD5
5d7ea1a23af19b4340cc8d90f28297d5

SHA1
4cfe95b23a9e98378d69c4290af81b51fbe76aea

SHA256
474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da

SHA512
33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b

Download Submit
/data/data/com.baosteel.qcsh/databases/cc/cc.db-journal

Filesize
512B

MD5
2dd199268b40d9bb152ddca9eae43a22

SHA1
118955fe28eaec698be4edf1509e39b99ae8c45a

SHA256
f6ac29f9e2110e3d9a31d315206d15524e4e40d95b7b8c88e4e5cba187c4a5ea

SHA512
56e321896b3e3b890ba2a9dc5c376b703506c251f5e0587ffd3c68607db7893781c776d3d2d2cf25f4ccc4801e153ebe10063458e72fd3c12051bf2a1677d12a

Download Submit
/data/data/com.baosteel.qcsh/databases/cc/cc.db-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.baosteel.qcsh/databases/cc/cc.db-wal

Filesize
16KB

MD5
aec245d57349f075df7fb1aa1664f13a

SHA1
ed10b4d588ea73bcdcc87a2a3803784b9fc5d211

SHA256
0242900061b1a11391f4c113d5d5a42a49050ae6e057f929681ae4dc2caea351

SHA512
624ed5b1507410c1905abcbb7d9a21f3fb3f606ad644c2f451b23137499e22608afd94bfff582ff0a68c63a4564cd7009df76732662d7b948853e98e67dff034

Download Submit
/data/data/com.baosteel.qcsh/databases/cc/cc.db-wal

Filesize
48KB

MD5
7841391fd81bd75c33eb95bba41dd291

SHA1
5da68dcbcfea3c3f57cd0ce2d1b619b764890a47

SHA256
ea9c3490b287f0da74408fda08750d9d59800c93972acf76090b187f3811cddd

SHA512
350d24af34a00ca398c4db1775630f7aa9f757807398c6cde43dcc21cb5eb4272643869a869f3605a5eaa4d74d925571fad15c6be9538a79f3bb023d3fc53826

Download Submit
/data/data/com.baosteel.qcsh/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
1c2a44b6f22f7a78ca014ff59ad68b23

SHA1
8884ef88801fb2e88c4b5602188d75b8f6b0348d

SHA256
c2ea891efc05fd36b8dd24e6e75c2b3a701008c0fbd0c4ff726a4f7279c23fef

SHA512
0a52b1a5515f6b11b9848ece4077588853512c8abdab9eed0a1109e880470109bdfe680d2503a1ea1d2b250514b6ddb4529410fb6607e8a8bddc314933b7a020

Download Submit
/data/data/com.baosteel.qcsh/files/lldt/firll.dat

Filesize
76B

MD5
7a2b33386f24a90b5551fe0a8a01c197

SHA1
4dce16548298ddd4205a4cd2bdeb0091abd789eb

SHA256
71a29f4e6844a142f50877bd407892ae1885ba6c44e0e6774622898f2641dd8e

SHA512
aa3215654af42aebaef99dde27d79341b9f13edc254ec8a1ff4bb27a9f4fc8ea04e0ee73fd8476a41f2d552cc17e2ad4590b5341f466d37b2028e8b8b74bce31

Download Submit
/data/data/com.baosteel.qcsh/files/mobclick_agent_cached_com.baosteel.qcsh148

Filesize
2KB

MD5
172a338fbaa1507b9f2e677dabf08f53

SHA1
308637debdfc1cb0a184c65d8b4747abc7523811

SHA256
65b821805d4e672d6d43878e66766ffb07530b0e2284ad89bec762031615cb10

SHA512
02edc930c5b5eb9e768167092879bd6a9b60f33cb6bf4a627a4d2d4ad89937d79ce590f13d875bb61dc2a3db9c2c64e2d8947406cc37d62be2eebce69fd7f69a

Download Submit
/data/data/com.baosteel.qcsh/files/ofld/ofl_location.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.baosteel.qcsh/files/ofld/ofl_location.db-journal

Filesize
512B

MD5
31b23ab83530619d2284dcf86bc0a291

SHA1
98cbd4f47700118075f3b21b7a75718b17f7197c

SHA256
943dc017e6d2ae1bda470af97136bab7fc6295e6bff5223e44e90111814c3583

SHA512
b0dc41aea3acc4b66642ad0bf524829b75225b07914a6e4f628a2b86b22c66f879e4367af8d3d4f98dd7d19c378f7a5f6d0c34305bbde572a3c259b73254be7a

Download Submit
/data/data/com.baosteel.qcsh/files/ofld/ofl_location.db-shm

Filesize
28KB

MD5
f0d3290fb5cecacc978090549f4272a6

SHA1
4c811ce2e7bba6a09f5033322cf273ffd3a45a8e

SHA256
e5b31cb60162f5cb76f2474619e6d5680b0f9696ff0087c92888043ae0888d8e

SHA512
42c5cf963d714dc23d76a01e5eb94d7e7fd1ba60c5f6bc421e19b5b57ee207809850600ef0aa7f145fa0e79b05c46259c7c66108612b147995d07ae19aa4d717

Download Submit
/data/data/com.baosteel.qcsh/files/ofld/ofl_location.db-wal

Filesize
48KB

MD5
4be711a90e811d72e879badc224e1791

SHA1
5b47767b6b95ec82feb050dddf8107d04fd923a3

SHA256
4d041fd77c7c8b7130e77aa0e975445d958497e54233165ac9c0d91c2de27169

SHA512
dd86ee17dc58d06c900bf3c85018a3194d736d4425fcd70d03f7127020465b39277446298c1f3b3283af95e7e9e9ebe4af8114112bf1c2c740f02bac6c098d22

Download Submit
/data/data/com.baosteel.qcsh/files/ofld/ofl_statistics.db

Filesize
16KB

MD5
32e9e4a424a316846d4ee0b91d7d0471

SHA1
28bd52dc86346eb21a440cdaa7ef988c36b8bf59

SHA256
a97c19ddbe18914a2edce0dda3dab3b9802a6924a9dc1fd0c32e00a7e120f1b1

SHA512
6d8bdfedbc7671dbfbfec386865f45d927c67e71685c6bde5864e09a9744dc07f1cac52cba54e3418765e0b5e024a4d3b1b3b1577da9322d672db7518b162684

Download Submit
/data/data/com.baosteel.qcsh/files/ofld/ofl_statistics.db-journal

Filesize
512B

MD5
2727b9a1906081c77a33e8eee444967e

SHA1
2ae82d1d58fb5090acf7223973805d45b7fec6d5

SHA256
e5557b2baa10b8620ffd156fd42d960c0f876415bd3260c5359d9ee185a9edc8

SHA512
e6945971e9ffa4d81fc2529e80647680955ac010381b48171499df7f8a7a062eea4399e7715eaaebaf9e3097bd24e3a638b3629a359eecba443c2b21436840f0

Download Submit
/data/data/com.baosteel.qcsh/files/ofld/ofl_statistics.db-wal

Filesize
156KB

MD5
ea3a668ff9b2ffe430d560982fc9a237

SHA1
6f9ba5911af4f8e33db1f42aab83d1c5f76f97f0

SHA256
d9fdd8bd06268157c93887ed5c1f022045952d5e245d1fc02abb1d1db68f98ac

SHA512
a7babf95d8061c4c1df2055a5de6bffbcb36dffa2b35ce9e85b28329a42a85ed450bc1e87ac4fb68884d6b3697f5b760b928380285351bfb6088ec1b20113336

Download Submit
/data/data/com.baosteel.qcsh/files/umeng_it.cache

Filesize
498B

MD5
1e7bdc8f570fd86ba87bd5d84a001c4d

SHA1
d5d49f2a08d39a394dd546052c527a2d22173593

SHA256
469e4c18ff91de5e0a80a8a0f5f833a756667f141f4433549cbe7e6c94429b52

SHA512
996a0713c2710300e88821ada01a1a0347f496024c8d43c6e5f92edcc813bec2cc6457cc578f5cb14b49081ec51c38a855d1e73aafa466f2e18ebce95359c23d

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
111B

MD5
b3d272a5efe765c90935a81362e1c159

SHA1
467eef4be69927526decce3b8e8271bdfcbbd16b

SHA256
53cdac1b35aa71ac1036539bb203f2e4791b9782bd6f35011634b520735cdb63

SHA512
d2779482d27a6189be22a5102b0070dfe2217a37add48614d5ed4e75cbbd4eaf06bb13038486733a3e71390dc072f57f886c5ec36f615a954a42c4a5a0413813

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
222B

MD5
27e992a995ae9405b6c6c1747fa18c91

SHA1
8f1c4ffcab5320cc71b4df65543123a148c57400

SHA256
1eadc8c3a98b347519bc0d185c96e3387bfbcb71d8c81fe5f4b4fff56321f9af

SHA512
b9a1ea8470d4eb1d403f19fb7cef1a4fb25740b36e5b684eef55bfb47ebfc6f9d70499f78cedd469ff56efaf069e80f4e8bcbc5ba6f4c2577a1a7c3d095a17f1

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
111B

MD5
2d517e9fb52b4d9a79626db031453e27

SHA1
6f459bbdf189bae0e5879285e1b4d9026c2842fa

SHA256
1df65b90d5751495a1db4bd742ca2bae7eb3ab33c0974aa836683b2c8caa8f9a

SHA512
a2bc022ad79d4a2246d8d69a9df84438407ebf258909ede7bed22da16b71ec7bee24f3fa1f372fc896752e677d8eddaa0ae29398043e5b4ecc7138a3ce82204c

Download Submit
/storage/emulated/0/Android/data/com.baosteel.qcsh/files/baidu/tempdata/llg.dat

Filesize
24B

MD5
161557b06b4a4d3ce095528dea370eb7

SHA1
8bfe9c4d916fe58d856b5a6ecaf8cd9ea4df2c9f

SHA256
f054ef19481234ee5b2db1d1c681839dab235a857ed3a4bc02efa8f785f478d4

SHA512
96ce8aedbdbb387438efc86aaabd13a6378628bfae203d2bc25ea1cd7daa6ddbd6dd2c81d631fbdc9b653a93011d3c80f0c085580275b683d5e0bce077e6e449

Download Submit
/storage/emulated/0/Android/data/com.baosteel.qcsh/files/baidu/tempdata/llg.dat

Filesize
137B

MD5
8199b75e895e303d5276523669a28612

SHA1
c81379b9b219b7f6b79e69dc034490257f64bad7

SHA256
e344f05d0d84f05977741932c1ff531b2f0cd2d6d93040ffdcb10c1c2547f17a

SHA512
abfe78635e911a63ceb5467bfe4d7401cf592f9823a676928805758961698fa1cd9941a696d9bd33d6c4f18e214ad4c4da21d224886b7053b7953abd9440d887

Download Submit
/storage/emulated/0/Android/data/com.baosteel.qcsh/files/baidu/tempdata/llg.dat

Filesize
1KB

MD5
34d7125107f092b2e561258daa857dec

SHA1
52961c3c1d812598850ae4639ed6a2669ac46c82

SHA256
54348c39101c9f07ed006b98bdaed691f72afd7da225d91323296eeefae5fcf1

SHA512
d86cc9c67a8747ae70b9c970ccc1f4e2bda45161a7bdc377333fb53cdbccbd6c2b3201933b210ac5b9007056c0a12b413408c95b4a8396f80fb8e3a394455303

Download Submit
/storage/emulated/0/Android/data/com.baosteel.qcsh/files/baidu/tempdata/llg.dat

Filesize
2KB

MD5
28eeae39d0ab6e1975097668f973233a

SHA1
4059fa3a6f1a7751a1b6fe0c1dde334d002800ea

SHA256
ceb954a0c4ad5633676bade1126393814e148f4d7e58ac727d30b9d821766a40

SHA512
7970406dd60ded0ade83a5a3b2b8ac208db6b81da25a73a28d7dd237e6f1dd860e2a3991bd8e10443aaa2f7ffa169025c37628f6e623b55b0087d579c7952af1

Download Submit
/storage/emulated/0/baidu/.cuid

Filesize
89B

MD5
cc7daeca80741a422d0676b307c53856

SHA1
690fb3e4f4e19305cf1aa43c640a0b53b29726b9

SHA256
17f75bbf6125e5033bc83abbaaa99fd0091a818dd066941c09c52a0eae2264d7

SHA512
b4d95f5c4eda7aebd44cf9d51e06417ee4c3bfd7de3ac29e28a2c58610019fb5ee9b9b94dbf27baf78023b0fad570c35b320c5dadd4ce641008ffde1a0d3afb4

Download Submit
/storage/emulated/0/baidu/tempdata/lcvif.dat

Filesize
96B

MD5
189d3ce8ff31631fb42a76c6c19691de

SHA1
2e173fb0aef33a614464144d99d747b713079bd3

SHA256
1cdfea9ac47e476f8d9c01fb5c6000b6026bba25045da243652f02c303ab6b6a

SHA512
050655ea959d6eb8f118a00151b62d227da1088edc7807f09994c83bdb344ddba68726b096e4508cd56cbb78b7ec288264a235094858fd170646b4c253f554f3

Download Submit
/storage/emulated/0/baidu/tempdata/ls.db

Filesize
28KB

MD5
0d3e99204c6401ea499fe9e6d9855497

SHA1
09829f00ca458eab7374d5079393a2cd69a2348a

SHA256
63ad014cb50908591939d6a1536f85eece807425af4f4e8a1f9b9eeab13cc5ca

SHA512
8d9a50aa9abd17e508ed3ac35a3033e8f9e550d1088baa951f53e6c4697c5ac026d22b90e36e27341d64baa3f0202bd89ca97583e99feb25f8c26b5776c59c68

Download Submit
/storage/emulated/0/baidu/tempdata/ls.db-journal

Filesize
36KB

MD5
dc4d3cd3f8a4ccfde4e3e0d43a44fc8a

SHA1
95e9963640954a921f1edc8a852df068b733881f

SHA256
4c0dbedbd145765cf997e89b6f5efded71e990b252ee2ce1d419a87557028309

SHA512
c0fe6a723c9f078036136e6ceeb37da0d949b464779aee272b37d3d8f91785ee409de07bd94982691a5f8b5fe96a761983c7376385fcd5354866468bc625e584

Download Submit
/storage/emulated/0/baidu/tempdata/ls.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/storage/emulated/0/baidu/tempdata/ls.db-wal

Filesize
52KB

MD5
c48918a1c2b5596a60d9988fefb2c5a5

SHA1
8da767d0a5a096d862087c6763c44ec84f1f0124

SHA256
726cc55979eb34ae7a635e2210a227407358ce5522482166c5cf33a8c076c294

SHA512
559f5a4e923cab9a1b3c0ad6d354bf3a56c5b83ccd9379a319b376d36e2897b82e4b3c344857e85250328926a8d3b771d8a851eecd08215512fd6830195e8055

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads