Analysis

  • max time kernel
    6s
  • max time network
    138s
  • platform
    android_x86
  • resource
    android-x86-arm-20240514-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
  • submitted
    18/05/2024, 18:50

General

  • Target

    news.apk

  • Size

    5.2MB

  • MD5

    80133a5470044f3c4889455ccbe6aea5

  • SHA1

    eef4ab6ab93e70e2efae0cad47f145adcdb4056d

  • SHA256

    fe6176dce68ed7612137ab07c24aa1afc2f12b2eee6a1f30ffc29e28462a0623

  • SHA512

    21ac64015992cff8a9ef5e23ccf4b7fdea2e019b1ecf2d23b622682bbb945b219f8632073e2055469b5197d01b4bae202124e1dfe5530f4a5e95fc7f12adeb52

  • SSDEEP

    98304:TFUmjo5okFlMHfqPqDP6OB+cdqsCw6RHwh60/vmpd0HUxDcZAG44:+lCSPqDPjsXw6RHwjv4xwZdB

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 2 IoCs
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
  • Checks if the internet connection is available 1 TTPs 1 IoCs
  • Requests cell location 1 TTPs 1 IoCs

    Uses Android APIs to to get current cell information.

  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

Processes

  • com.qihoo360.mobilesafe.news
    1⤵
    • Checks if the Android device is rooted.
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Queries information about the current nearby Wi-Fi networks
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Requests cell location
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4275
    • getprop ro.build.version.emui
      2⤵
        PID:4357

    Network

          MITRE ATT&CK Mobile v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • /data/data/com.qihoo360.mobilesafe.news/databases/bytedance_downloader.db

            Filesize

            4KB

            MD5

            f2b4b0190b9f384ca885f0c8c9b14700

            SHA1

            934ff2646757b5b6e7f20f6a0aa76c7f995d9361

            SHA256

            0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

            SHA512

            ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

          • /data/data/com.qihoo360.mobilesafe.news/databases/bytedance_downloader.db-journal

            Filesize

            512B

            MD5

            6610c101fc96cba8df1313d8d5a215d9

            SHA1

            657b901b679f1be4a47bd82467f7b060bee35beb

            SHA256

            8e21b8aacc7c5cc525dc397214afafa95ede5ca6ead74ec8188d9cc300097a70

            SHA512

            5882b0cec427609800f9cbe3587ec70b22f0c8f38ae13b4c9ccd3da2205aa360205908380131f4ddb01e3db067ad0f5fc0a3462ac2ee874512f2e66b4fc3718e

          • /data/data/com.qihoo360.mobilesafe.news/databases/bytedance_downloader.db-shm

            Filesize

            28KB

            MD5

            cf845a781c107ec1346e849c9dd1b7e8

            SHA1

            b44ccc7f7d519352422e59ee8b0bdbac881768a7

            SHA256

            18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

            SHA512

            4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

          • /data/data/com.qihoo360.mobilesafe.news/databases/bytedance_downloader.db-wal

            Filesize

            32KB

            MD5

            4cf72fd1087a1db1d6fa4257cf2221e1

            SHA1

            0f1093ebed720e1d0701a5a2d068dcefc3cc7bc1

            SHA256

            6d07138c64a4cf9452190716a8af8c1b5645a95c5f16f19299c81295baab955c

            SHA512

            72940dc284ab1c9ad8e16f201c2d631dd800440abe5b357817497b49b328a66f9df440724bd637c5fe1ae1f0ea0c6caa2b555e5ac5c53e44f599dcfee21ba016

          • /data/data/com.qihoo360.mobilesafe.news/files/torch/core/finalcore.jar

            Filesize

            119KB

            MD5

            688f586243bed0d1621b4a0bfb030664

            SHA1

            fa019a8988220b23398355a59ba205962d7fb5b7

            SHA256

            180ef79eae604bb46a1bef906a5da9cbc182f77840fdc7fec254a7a4b8e18c66

            SHA512

            05a17249cadf3b5df59fd328cd419a6e2607dddca5c22e1be1629e672ab28b0a4111ae291442d77b96806efc726a73af5d81145218dc8283bdefb67aaac26a5c

          • /storage/emulated/0/Android/data/com.snssdk.api/cache/clientudid.dat

            Filesize

            36B

            MD5

            f4061881df4a152235fadb2b6d86138e

            SHA1

            f121c707f774caadf519d0ee8e70cabe4d235d33

            SHA256

            2454e42a39dd14e4fd0a3720139f8fbc4b2c51a2e385638f3c9b66cb06039ee1

            SHA512

            b898ce2bba82685358428c9240cc75f24ab000c4771bbbef1d19beb799ba351c466807800aa93ac741f4101c588a915bc9574f8cd94b5dda750f69a5469073a6