da3d07bd684ebbfdb7f0ace0f0da77c1145438d8ee5340d23b0e953c1e7a1a32

Analysis

max time kernel
4195255s
max time network
164s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
11/01/2024, 19:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5469f34833a60f33c0d3c12f112f99fb.apk
Size

6.8MB
MD5

5469f34833a60f33c0d3c12f112f99fb
SHA1

79b21c7f50080f0b6f056cb42d96fb4a8ffe802e
SHA256

da3d07bd684ebbfdb7f0ace0f0da77c1145438d8ee5340d23b0e953c1e7a1a32
SHA512

2edce85a2b08eb12791cd8364fad0f5160b4ab834784c5521a4190250a60b12f186e39f87e16fd3f3badbb7c1808c835cd41d3d71d1962c624042645e902aa18
SSDEEP

98304:Gr761NF7mPgOA0bzmrxQuB7MmNnt1d/AYs/I09XfbCFXruTcECHD+/OxN566D6bO:GrsOtM2uxMGwJCFFZ+/jqguPj

Score

7^/10

Malware Config

Signatures

Checks known Qemu files. 3 IoCs

Checks for known Qemu files that exist on Android virtual device images.

ioc	Process
/system/lib/libc_malloc_debug_qemu.so	com.qihoo.daemon
/sys/qemu_trace	com.qihoo.daemon
/system/bin/qemu-props	com.qihoo.daemon

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.qihoo.daemon

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data) 3 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.qihoo.appstore:critical
Framework API call	javax.crypto.Cipher.doFinal	com.qihoo.appstore
Framework API call	javax.crypto.Cipher.doFinal	com.qihoo.daemon

com.qihoo.appstore
1⤵
- Uses Crypto APIs (Might try to encrypt user data)
PID:4485
- /system/bin/ping -i 0.5 -s 56 -w 10 -c 10 221.130.199.88
  2⤵
  PID:4966
- /system/bin/ping -i 0.5 -s 56 -w 10 -c 10 182.118.31.142
  2⤵
  PID:5037
- /system/bin/ping -i 0.5 -s 56 -w 10 -c 10 106.120.160.207
  2⤵
  PID:5103
- /system/bin/ping -i 0.5 -s 56 -w 10 -c 10 111.13.66.125
  2⤵
  PID:5128
- /system/bin/ping -i 0.5 -s 56 -w 10 -c 10 182.118.31.51
  2⤵
  PID:5159
- /system/bin/ping -i 0.5 -s 56 -w 10 -c 10 125.88.193.217
  2⤵
  PID:5186

com.qihoo.daemon
1⤵
- Checks known Qemu files.
- Acquires the wake lock
- Uses Crypto APIs (Might try to encrypt user data)
PID:4516
- /system/bin/sh
  2⤵
  PID:4688
- /system/bin/sh /system/bin/pm list packages
  2⤵
  PID:4743
- - cmd package list packages
    3⤵
    PID:4778
- cat /proc/version
  2⤵
  PID:4811
- ps
  2⤵
  PID:4887

com.qihoo.appstore:critical
1⤵
- Uses Crypto APIs (Might try to encrypt user data)
PID:4708

app_process32 / com.qihoo.appstore.rootcommand.persistent.CoreDaemon --nice-name=com.qihoo.appstore_CoreDaemon --daemon
1⤵
PID:4751

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.qihoo.appstore/databases/_ire-journal

Filesize
512B

MD5
3f811887f9ff182ca8445ae4ad21ca46

SHA1
18b883933cee448f07c5a81fda0f320148099f0c

SHA256
a60a4be811d9cdd729e821dc27cefcbb2ae278f14d03a073d1fc34e545b21c65

SHA512
b0a537f72936a103042e50c8dc864435e60c04f135b72fa92c565e633071fb1f20a32236151dda4d8074e6d920c08c872c217cdbf61458a43794bdb99c3236d1

Download Submit
/data/data/com.qihoo.appstore/databases/_ire-wal

Filesize
20KB

MD5
6542f832c801ed1d5ae15b224618c204

SHA1
2ef6def8b449f4fd5fc9fa1a769c83ab5bd590a2

SHA256
91ad31cd8acd92a97700027577a0e2e96b84f9ce136d6720c243361579c8632e

SHA512
fb52ec16dffe9519fad84c3191f931d369acc34ed846efb503d26913b8d640d3975ddc8a8bde8f4964aa571d3dc0eb8d6c887292e22e985541ebe746a823effa

Download Submit
/data/data/com.qihoo.appstore/databases/download5.db-journal

Filesize
512B

MD5
35a771ec3feaf168630d3c39203cd5c3

SHA1
50288fc43231fcb3fcd5494d1237d0ebf346edb6

SHA256
772820ac3dc1438cb12210801eeabbff406112f4454ac81209cdeaf2f333fd47

SHA512
a1fd52cfbe257b5fb7317fcf9f6b9fe4540e1dd8a89100c3634051bf9bec8e3fb3d44ed0c0301e9bd202e73b01d043ddc019e7c968bc2a7cc70b59873a9a0a16

Download Submit
/data/data/com.qihoo.appstore/databases/download5.db-wal

Filesize
16KB

MD5
de74dc2001997bea19e49ad10ef4c7b1

SHA1
b049f85b0ef0b66c719278a0cee96125cf0967a7

SHA256
3eb1474eb71218e1e8e001f995288d677885726fc58bfcbeea0d6aefadb4ba4c

SHA512
ce37762ae4ba330def8aa7180a667a2d4bf4607f6ef02426d8c54c816255278b41ca8ef0e98fb4041e78be879e7b47c6a15b0f2351ce53fc8820a67919a40b1e

Download Submit
/data/data/com.qihoo.appstore/databases/filelist.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.qihoo.appstore/databases/filelist.db-journal

Filesize
512B

MD5
a00d36009e18b3080ace1ee43534f7af

SHA1
b6ff5b7e526237a45fe986221687180dc6ce5a5c

SHA256
fc02a628115d6cbdda4cc44004e92b799017d0f4244138c6a2dd47b944849902

SHA512
985bfeecfb3aa0ad83fdf41efb9b2fa777df501a4af15ed8d965a3697a8623426e68cf2b887efafde919971cb76ee344e18c92c25237e3e117a56d6989cd4848

Download Submit
/data/data/com.qihoo.appstore/databases/filelist.db-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.qihoo.appstore/databases/filelist.db-wal

Filesize
32KB

MD5
c3246738b8ed478e4bc49dec63e237e5

SHA1
32ccd3d71da2cb67703a8a775b0ccc3e8b67b4aa

SHA256
6b908c47eb8093813c65d50ea1874eed7dec942d1780074d767e872c88f7c80a

SHA512
cefe21928cd1459da73c7f0e62c60c6a9937b2cb0e70fb4c84c7d99190327a6e3ba6adbe707a69a0dc13097f6dca2030f6dd46614c27865723ccd6fda79822e0

Download Submit
/data/data/com.qihoo.appstore/databases/ignoreupdate_appinfo.db

Filesize
12KB

MD5
3fe30614d7e0d11db870b4624f6c50e0

SHA1
053ff0fc621ab40f2afeddb3e7b4a73ee41ec533

SHA256
67c532f0324228dd33b445cd399c1426e3a0e0cdc7b9358c66b402c5d40a838d

SHA512
c7c09e97a408e88aacaf8099ad4d1fa604d58113393500a384eb3c2eb7c3c105af41314934b86eca2f088045cbab5a20d768bbb295448dc1ae6cb6c3f59821ae

Download Submit
/data/data/com.qihoo.appstore/databases/ignoreupdate_appinfo.db

Filesize
20KB

MD5
60e4cf217e77c56efd3707b603797c5b

SHA1
816247b4883d3adb30c4db39fda16d2288e27de0

SHA256
8e2b8343f703045fb8596dee1888f65fc66b64d10304a4a49fd4ad1f63bd67ea

SHA512
22a8cd2974663e8caa220177e7bc64aaf35735dc8abc3870a7e47ea86b02d8b06b041000e5505039b3116290aee67e9645ad2d9c26218749f5b5b2e332712af2

Download Submit
/data/data/com.qihoo.appstore/databases/ignoreupdate_appinfo.db-journal

Filesize
512B

MD5
1bfcd62156ab3bb8ee0d756ee1f72d2e

SHA1
51ac255f0785aa6678d125ddfdd1ecf88b0a9f61

SHA256
588d419ca9b2516eea99f122bc8e8450b23ae0f5f41ab3ab63f3ba351a901447

SHA512
f1145ec538e5ca800ffc8ff99199b4efa16394606bbf4d93b42898e1b5da7c10f1a71b4e6fda50c811ce553cf6411bbf38acb630164b3e4dc94c2ae6529a793c

Download Submit
/data/data/com.qihoo.appstore/databases/ignoreupdate_appinfo.db-wal

Filesize
16KB

MD5
c9a44a10c82d2de0f90022a2643a19ad

SHA1
216ccc495bdce36e498a5825536f086e02681b21

SHA256
dedd4f9c5bf86b3595fc52a7c63ca5043e170f54601c91ca7e40a6dc8262a003

SHA512
8eace5d188ded01ac3e7471c8002826dc7635099aac88c0a510b16408928ce299ae050e4325e5c3e0f329c3c8a156ffd8f96a30797ed77dfdd47e4df7388e7f4

Download Submit
/data/data/com.qihoo.appstore/databases/ignoreupdate_appinfo.db-wal

Filesize
16KB

MD5
227edecac0ef57d1c523eded7eb3eba4

SHA1
ba0e56566ee4ad4ab01b898723c0489d3c9cbd51

SHA256
5ad56fb167fc8432179ea045a801aa2ce5c3d65bbd2e5c9ec7151f57ef6436ab

SHA512
b2fd5d0ed6c1a75175a4ab3dee8c7526d88bd78c060857c3c0a262aeb4e6595b0db69b1458c210fabbfd1c60bb83bb99ab5253950093598ad498d871671c66b2

Download Submit
/data/data/com.qihoo.appstore/databases/ignoreupdate_appinfo.db-wal

Filesize
4KB

MD5
754f20efee5fb6c5eddd3df79329ae76

SHA1
502db98e60a75e884e2291f6240437f68006a054

SHA256
421f4f90a234ad600fdd482692f0e39de571f6ed14175af0652119edd56f9e73

SHA512
63c06f1122cf5f2bbae49719921f134d7c2adede1d4ef601fde1af4bf850e44583121e7ad6e4bc476a73aa803261000522b0f00f05d6e32c730771b539a0a853

Download Submit
/data/data/com.qihoo.appstore/databases/new_downloads.db-journal

Filesize
512B

MD5
467aac772a8222eb2a855f324156bf78

SHA1
91fe76e5e4c7fd1f272b95a49b4026fd19e14e22

SHA256
3ccf2667d78ac9470535497805b40ff00479fecd14283fa301aabbade67f494d

SHA512
751e16c54281a26ad43903ebee4b053560998261a5f96e92efe0058739fdfaf07ed1f50aa7f8c16e5d54c59c24438a2a42a5a72d5860b2bf58f6f35b332e4f42

Download Submit
/data/data/com.qihoo.appstore/databases/new_downloads.db-wal

Filesize
16KB

MD5
84acb2eae3a1e726ac2e3373de503e9e

SHA1
dea39e2cd46e7a8a490c4e2336d5c8f672ae22a4

SHA256
5ef6293ec49e957c6b58d14d3b148734dda5093bff5f1c93962c2c6020ee7bf2

SHA512
23c9886370c211e049e2d82603f11fc0d2993f2f8ba5a5bf2c3fac91d89c026ca63720fe4bb1ace3f40e23bb47070f384a9763910e4c733342fc52fdfdf7ccbb

Download Submit
/data/data/com.qihoo.appstore/files/360/sdk/persistence/Y29tLnFpaG9vLmFwcHN0b3Jl

Filesize
1B

MD5
c81e728d9d4c2f636f067f89cc14862c

SHA1
da4b9237bacccdf19c0760cab7aec4a8359010b0

SHA256
d4735e3a265e16eee03f59718b9b5d03019c07d8b6c51f90da3a666eec13ab35

SHA512
40b244112641dd78dd4f93b6c9190dd46e0099194d5a44257b7efad6ef9ff4683da1eda0244448cb343aa688f5d3efd7314dafe580ac0bcbf115aeca9e8dc114

Download Submit
/data/data/com.qihoo.appstore/files/360/sdk/persistence/backup/Y29tLnFpaG9vLmFwcHN0b3Jl

Filesize
77KB

MD5
12433e760558bdb3600d476c3f9d35ca

SHA1
d396bb051c15335b68231c0bfb8f372070277604

SHA256
ecde3c52de57839a672c71f30badc1385512a7e97c53a3710d1336b6941d8b62

SHA512
8026bec351fb657762e54e9f8c66a2ba499b9275704fbeaa8d92dceac828db2c782e02a08d49cd175dbdcbf9204038d11c9d65810d3bc7b3cca7783f265da90f

Download Submit
/data/data/com.qihoo.appstore/files/360/sdk/persistence/data/Y29tLnFpaG9vLmFwcHN0b3Jl

Filesize
4KB

MD5
5b4e65d88ad2022db51f07da71ea389c

SHA1
1124e107b954c82c834d6bca6c0aba6166dd79d9

SHA256
c270daef760fca883ac3d02c64065c18483b36d24b2b7e6af47dfb907a4a2abf

SHA512
20f1478acde0dc746fc13c37febbc5a2f5f22e16a0b178c6e4d7cc6bd89cb851c46fdacd07d67b4121097666f4e1604ed438d42d588e8d4c008d102ac4cb903e

Download Submit
/data/data/com.qihoo.appstore/files/360/sdk/persistence/data/Y29tLnFpaG9vLmFwcHN0b3Jl

Filesize
540B

MD5
52d10359b4e2de69cff5d7f79cf0510e

SHA1
4b658d9d2d9159e53ed5d801fa7d92344e9ee390

SHA256
ab8c3240ea78f8e0ef03576c8b46e986819f426a060ea1c7af38f9c7fe1d25a9

SHA512
d265895d4b09fc48db6a6692ed004c68a86e422cea0dd1990c948d1e1f8434d68ae1817db4151103e410b78c18714827f34db653fec627d86e820e85941a64fb

Download Submit
/data/data/com.qihoo.appstore/files/360/sdk/persistence/data/Y29tLnFpaG9vLmFwcHN0b3Jl

Filesize
628B

MD5
ea5472042c53af5cf63e9f85c3880594

SHA1
dfdec1b65f6880872666cd57a8e4c148bf0bf920

SHA256
c784e4dc9d41c1838f098f95efb69a4eeff405d112a710ac04d88bf3c1228bfb

SHA512
482848d65c0b6a93f5860ae7185c8d18cd83d84e4845eb29ea8e8ed81ba4f53eb0ec13c3689315ce7ae9053c498ca70e2bb4f98e0ac7b4dd8624e1ff1b0b0eb1

Download Submit
/data/data/com.qihoo.appstore/files/360/sdk/persistence/data/Y29tLnFpaG9vLmFwcHN0b3Jl

Filesize
77KB

MD5
25ed9632c651dcbce90dd07f0a324be4

SHA1
66cf27f74ab421881c74d496935852c625648077

SHA256
ea6e7ab5745a9be14e1e5fb95f3db7330786dc13f5a36766c43e9400bd75474a

SHA512
65fca1fa4e8e0ab401bcd3fe096062d94290fbf102899b4a634d4e2a987d084ec768a94cf56a6ad1ee34c6131e5d75782540d5671a47190963e19186f92c0d03

Download Submit
/data/data/com.qihoo.appstore/files/360/sdk/persistence/data/Y29tLnFpaG9vLmFwcHN0b3Jl

Filesize
32KB

MD5
27404d53f253920bcdd0a95170286061

SHA1
c345cb3450a4b8ee856841784c513e026bbb62d5

SHA256
861cc633a7f5c717912013cdcc5ee0900aa4ed58f66f030f7e654fb52badaa02

SHA512
911e4669df906df151c16671553a50caa6a869e6c8e47b727632e4cf7393d134819ee3f384af953921355a320daa765df4b6fa9e1c1bf9f4ddaff28234322d17

Download Submit
/data/data/com.qihoo.appstore/files/360/sdk/persistence/report/Y29tLnFpaG9vLmFwcHN0b3Jl

Filesize
648B

MD5
28275d8cc5e8f2d957e5a467d8f973f0

SHA1
2d6824d317e53da1c86a0e7b29e06c2b55820177

SHA256
77d6d44ecaaa3b1e0b482ce30c2e10c5f759905b14b3819d1d6822f9098c3a09

SHA512
5a16927f51c2dbb747eda7c8eeecc954f348259af84336313e58e4b18ebe7f2c8ca0bc35bb4193029522d63e8915d8331434bc134aa4469442b43748dc4e2b32

Download Submit
/data/data/com.qihoo.appstore/files/sllak/opt/4485/finalcore.jar

Filesize
77KB

MD5
c14c8a2f5d3a7c47eb2ca8c1b6e69adb

SHA1
4e57b3c0f34427aba8a5be40c2e9b627172a89c8

SHA256
7d7ada76ea057847b5c47ed0f16a6d0e52cdbebbbdb08c1a9519acf70a1a4107

SHA512
2be420b849c0fa84d3c594ab6bc85255eb54915e05aac5fd3d711e8dc93f484c5a2add2c662a858d4c2ce316a716c9e930122e9cb1047be7482c495242d766e4

Download Submit