a3b87aa2f3ca30db60d1582a441b0d8db26004b6c82647f7d24b6846d4d02ada

Analysis

max time kernel
3175275s
max time network
140s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
30/12/2023, 05:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

business.apk
Size

832KB
MD5

5c3ff9abdf763e495397d8e810c189f4
SHA1

36a1d8dfaa0b5c44b9a866c183020c3057fab037
SHA256

1f08e08397f523d9401a022c852488a96416bacb8897d49c986982140f57749e
SHA512

ce253d8d89b47f5c231b93b940c2a61d4a422b35bd39c8c25a75d1de5e9713f5149c7aedd795480dc65b7969afbc3aa67cd027f5893333d405054c3e4d21c3b3
SSDEEP

24576:jmXupa2A7Crtb8G2BsAnbHY2/9cfCUk9t4:iettbtAnzbVCd

Score

7^/10

evasion

Malware Config

Signatures

Checks known Qemu pipes. 2 IoCs

Checks for known pipes used by the Android emulator to communicate with the host.

ioc	Process
/dev/qemu_pipe	com.qihoo360.mobilesafe.business
/dev/socket/qemud	com.qihoo360.mobilesafe.business

Queries the unique device ID (IMEI, MEID, IMSI)

Requests cell location 1 IoCs

Uses Android APIs to to get current cell information.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	com.qihoo360.mobilesafe.business

Listens for changes in the sensor environment (might be used to detect emulation) 1 IoCs

evasion

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.qihoo360.mobilesafe.business

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.qihoo360.mobilesafe.business

com.qihoo360.mobilesafe.business
1⤵
- Checks known Qemu pipes.
- Requests cell location
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4274
- sh -c pm list packages
  2⤵
  PID:4319
- /system/bin/sh /system/bin/pm list packages
  2⤵
  PID:4319
- - cmd package list packages
    3⤵
    PID:4342
- sh -c cat /proc/version
  2⤵
  PID:4363
- cat /proc/version
  2⤵
  PID:4363
- sh -c /system/xbin/which su
  2⤵
  PID:4390
- sh -c /system/bin/which su
  2⤵
  PID:4410
- /system/bin/which su
  2⤵
  PID:4410
- sh -c getprop ro.build.tags
  2⤵
  PID:4435
- getprop ro.build.tags
  2⤵
  PID:4435
- sh -c getprop ro.build.version.sdk
  2⤵
  PID:4460
- getprop ro.build.version.sdk
  2⤵
  PID:4460
- sh -c getprop ro.build.version.sdk
  2⤵
  PID:4484
- getprop ro.build.version.sdk
  2⤵
  PID:4484
- sh -c getprop ro.hardware
  2⤵
  PID:4513
- getprop ro.hardware
  2⤵
  PID:4513
- sh -c getprop ro.boot.serialno
  2⤵
  PID:4538
- getprop ro.boot.serialno
  2⤵
  PID:4538
- sh -c getprop ro.serialno
  2⤵
  PID:4566
- getprop ro.serialno
  2⤵
  PID:4566
- sh -c getprop service.adb.tcp.port
  2⤵
  PID:4591
- getprop service.adb.tcp.port
  2⤵
  PID:4591
- sh -c pm list packages
  2⤵
  PID:4623
- /system/bin/sh /system/bin/pm list packages
  2⤵
  PID:4623
- - cmd package list packages
    3⤵
    PID:4646
- sh -c cat /proc/version
  2⤵
  PID:4667
- cat /proc/version
  2⤵
  PID:4667
- sh -c /system/xbin/which su
  2⤵
  PID:4691
- sh -c /system/bin/which su
  2⤵
  PID:4709
- /system/bin/which su
  2⤵
  PID:4709
- sh -c getprop ro.build.tags
  2⤵
  PID:4733
- getprop ro.build.tags
  2⤵
  PID:4733
- sh -c getprop ro.build.version.sdk
  2⤵
  PID:4757
- getprop ro.build.version.sdk
  2⤵
  PID:4757
- sh -c getprop ro.build.version.sdk
  2⤵
  PID:4781
- getprop ro.build.version.sdk
  2⤵
  PID:4781
- sh -c getprop ro.hardware
  2⤵
  PID:4806
- getprop ro.hardware
  2⤵
  PID:4806
- sh -c getprop ro.boot.serialno
  2⤵
  PID:4830
- getprop ro.boot.serialno
  2⤵
  PID:4830
- sh -c getprop ro.serialno
  2⤵
  PID:4856
- getprop ro.serialno
  2⤵
  PID:4856
- sh -c getprop service.adb.tcp.port
  2⤵
  PID:4880
- getprop service.adb.tcp.port
  2⤵
  PID:4880

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.qihoo360.mobilesafe.business/.double-open

Filesize
12B

MD5
fc3ff98e8c6a0d3087d515c0473f8677

SHA1
430ce34d020724ed75a196dfc2ad67c77772d169

SHA256
7509e5bda0c762d2bac7f90d758b5b2263fa01ccbc542ab5e3df163be08e6ca9

SHA512
db9b1cd3262dee37756a09b9064973589847caa8e53d31a9d142ea2701b1b28abd97838bb9a27068ba305dc8d04a45a1fcf079de54d607666996b3cc54f6b67c

Download Submit
/data/data/com.qihoo360.mobilesafe.business/files/qhDeviceSDK/dc_anitcheat_file_temp

Filesize
48B

MD5
eb1d256de270189b78beecf6e4f97d29

SHA1
119367f0541ed54e6c92dec44cb56f2b91955647

SHA256
9185d577d0a2bcede4bf38a3e17cff119be28c41ff28f4e86317c5ab30110317

SHA512
77b54d7f4ba52836d04d475433e46568112e61ae0363904119f7b135baa0fbb5ea7b21d267bd3e01fc3e8ab1b045cb02f4d5d0b77360e92a4136e8a0633ea0a2

Download Submit
/data/data/com.qihoo360.mobilesafe.business/files/qhDeviceSDK/dc_anitcheat_file_temp

Filesize
58B

MD5
cb3bd59fe5f7fc6945f2b4c769b34994

SHA1
1c4cedff3f137de992405a76c04cd44de4f12730

SHA256
1fd64ceb21d048c3baaff21acaa02bf280e1486d77073888889f299cf344a4ce

SHA512
73a6377204c913d88c93c73056d05f83004a356a6bb4d690055316c8af207a0bfb828cdbf36e421c12823ddfdba57eccee93d41bd721915d5c6a6320a75f0c37

Download Submit
/data/data/com.qihoo360.mobilesafe.business/files/qhDeviceSDK/dc_anitcheat_file_temp

Filesize
58B

MD5
18ba85150d68a873d6227ebd5ec1bd0b

SHA1
47b93f1c11178628939263cd3aed379902f70635

SHA256
f468d66c3c1e0131a2200c683b65c16f3fbaec8729869cc3c0e3f79807a82a4d

SHA512
9f0f04d53112e224b9027f985d8a8bd70c181ffed55be42c4e1bede54ab6061d34ac029d3068252d2ca8b0258131c94c488ff3ede830063e821bdc4cfbfb6fbb

Download Submit
/data/data/com.qihoo360.mobilesafe.business/files/qhDeviceSDK/dc_anitcheat_file_temp

Filesize
40B

MD5
1d226fa4a55a1b783b01d17faca75a9c

SHA1
1e147f04d3dbf5b37134d081877d527638dc7c92

SHA256
65323a715022ca9bb2284e12e2aad1b03591cd2c1502ac00bb5b070d7bc08add

SHA512
0f9dd7ad8f949d71fe7ac119b7cbe44008a5320f1258ee3c17428e860648a9ff9e6d7e654747fefea1b724879c1c80f77d6e26a53d83ec81a0f87dc308a5661b

Download Submit
/data/data/com.qihoo360.mobilesafe.business/files/qhDeviceSDK/dc_cache_file_temp

Filesize
80B

MD5
b9d9bc4756f69a32d7cf9c6a811e5265

SHA1
3e7942f039c9e45d720f5c93f2c9fb07a82ba423

SHA256
c31d3d23a516c3c6625666a649c0bd73f4258574d8edcc4981cf74c6e58b9332

SHA512
e192bb8f9bee744ee8f19dfdd794d6a0474fd9498e1be51bda790b5423b3c3775043b739814a64783bb6c071a0956b2ebb8de790398169c03444c5da349cbf8a

Download Submit
/data/data/com.qihoo360.mobilesafe.business/files/qhDeviceSDK/dc_cache_file_temp

Filesize
96B

MD5
77eab94d3e09d20fdd1fd64d8e843f35

SHA1
6840f18a6acbdd4ce7a3f9eee7bceb6684b7061d

SHA256
4f8c723bdcd04fc4efc5f62e8d9160ca211a12328b2f8b76c7fab132ee6f9373

SHA512
6df50782910945c02fcbbe7e62fcae90f314586298533b6c6b91d27c23e4732b17db4eac472c0e025e0187aee49451dc129f12efdfaa020fd112df97af7e3d59

Download Submit
/data/data/com.qihoo360.mobilesafe.business/files/qhDeviceSDK/dc_cache_file_temp

Filesize
144B

MD5
5138dddb540d61e823eeb90ded5a318b

SHA1
34a0f029775641669d973a754158c6237d55cd3c

SHA256
f337027aa4563822425e6ddccf6c0e6a5ffc2bfc3598adafa9edebe967c99293

SHA512
6fe57523d0add8bb99fe670ad59047b367956f812bedeb805240f9c838faff79fbca0ffcbf3d580fc70a9988706bb7c15f0e4aca75704c325166b3eacd8feac2

Download Submit
/data/data/com.qihoo360.mobilesafe.business/files/qhDeviceSDK/dc_cache_file_temp

Filesize
240B

MD5
47f4369ce80d090ca47f9c2a2ee04e45

SHA1
f081a62d9b297be9af39b0d8b2681e7904607dda

SHA256
8c0f7983800d96f285586b400bc1f87ae0f09f2a971cbe850b0ecba908db3413

SHA512
8539813eeb33c8e3d6543c2f94d9130ac59f16cf54af2423a97c9f7efcd283ae84958069032542de0e1896485f61ba677fcf0429aa508978a3508f0bbdddffe7

Download Submit
/data/data/com.qihoo360.mobilesafe.business/files/qhDeviceSDK/dc_cache_file_temp

Filesize
48B

MD5
5375f40b53b90ccf818a788d326b87f2

SHA1
020c41cc8c03e7d04fc55f7477e5371f58f8847a

SHA256
aaefd012fe77e02501ce663222664529b0fb751228c84df882f1e397ba0b4ea1

SHA512
7560261db4b5a84d77b18425a926ea882df2f9abeb6ec4083567191ea8d6d09cdbc388333fd0da5a8175cba529f161901520ba0ae2a14a1d811cf9b5c84f3020

Download Submit
/storage/emulated/0/360/.deviceId_temp

Filesize
32B

MD5
037ad0966c30e6eb93bbdee0afb3ff61

SHA1
75a5f4164facd84214b352f1f5ca29603740bd81

SHA256
952fbf0765610e7a833954cb94f0118c776340367d89814d70d82e93c141bbcd

SHA512
351e151dd53104068a41a3dd7bcd9a9f44d2ad111b268a6da6d9043aac2caac155c4ab4c8dca5ea76cd51a13d5dc4f88c65bbf6f1cc0cacc5a15169ffee2c202

Download Submit
/storage/emulated/0/360/.deviceId_temp

Filesize
80B

MD5
ad712f58e7f1d3d2156e1820bad16776

SHA1
bc8c7da7b6be6376fbb636e58107a698a09f254c

SHA256
c1c17bc8cc04442c35b6692c2625db2ae946a5f2ed3bd28cf1dc74cf0b33eb84

SHA512
308bfa4398e1ca0b0b7bd83ba61adb3031cbffa85fb813a493bf058e49083d63eb98972358ec3a9054042070a6448a78dd651cf9ebe2333b3e36500e5ae11760

Download Submit