493440904df0809a87cb64465706f1c129c28941cd2fa6e5edbb0da86f62dd62

Analysis

max time kernel
25s
max time network
131s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
23-05-2024 22:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

360sdk_3_1000.apk
Size

1.7MB
MD5

1e9aa09b41624c4ab3dfa530fd1078e9
SHA1

32896aa59fd6f1509f4f46ec4eebb496658f91aa
SHA256

fdd2ac00ca6342d0ad1a684ab5ff6e683b2b56891ae08e6a16578892977e50b7
SHA512

9ec9ffacd3db5ab686eed1f68ea8f466030301cebb510ec3a9f3ffb6dc94277d4afba85a92bf7c3679c3fd6ecedad486fdc07adb152a77ec4ddce9dd943d40f5
SSDEEP

49152:ktqW6lW3LwyQmpkUTtjB0osrxHwD7lKHN:6qW6CLwQp/TT8rx6KHN

Score

7^/10

discovery impact persistence

Malware Config

Signatures

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

com.qihoo.gamecenter.pluginapk.gift

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.qihoo.gamecenter.pluginapk.gift
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.qihoo.gamecenter.pluginapk.gift

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.qihoo.gamecenter.pluginapk.gift
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

Data Encrypted for Impact
T1471

Processes:

com.qihoo.gamecenter.pluginapk.gift

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.qihoo.gamecenter.pluginapk.gift

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.qihoo.gamecenter.pluginapk.gift

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.qihoo.gamecenter.pluginapk.gift

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.qihoo.gamecenter.pluginapk.gift

com.qihoo.gamecenter.pluginapk.gift
1⤵
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:5228

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.qihoo.gamecenter.pluginapk.gift/databases/gameunion.db

Filesize
48KB

MD5
8e45ade268c85e3321e698176f38425e

SHA1
d77d676baf3b6bfe937029e2bc6327e60077a5f7

SHA256
cd0a5358768d8c238a86eed35e83ac8d115e597bf1d108d69b96a0906a85c43a

SHA512
49fb9979d5b543a771cd1a5e470cbba1c737211eb491ee993bd977147a98204e98d754938a4924400dc5793c971c51919ea4d3b8504cdacc43bb62ed71eeaa51

Download Submit
/data/data/com.qihoo.gamecenter.pluginapk.gift/databases/gameunion.db-journal

Filesize
512B

MD5
880db857a7e5ebcb319163111467d800

SHA1
3be3d738b79feb44600717e581a42a465ba95343

SHA256
229f8f8d6cadb0dc9bea6b586bd08f59b0fffa31709ef481ec750aa0ead032c7

SHA512
8e08411e6ef5bb516b0fa995a9e423a3181cba881e6b729b49820d385253b52fc1a45da3f8f75b75be6e759fd633da2d456fad50ab887290601423ba58fcda6a

Download Submit
/data/data/com.qihoo.gamecenter.pluginapk.gift/databases/gameunion.db-journal

Filesize
8KB

MD5
c383cf1f00cd5547f0af98a555bf785b

SHA1
8c40f6a77570c417eaaa2f314af79c8ea28801d7

SHA256
d57bb7e78cedffd0dc5d8fe2bc6802d2de2d5c56e7c8ffc56c15133d60e9eb2b

SHA512
f5b0e25fa264eb6f931135be735fcc7de55dd3b3fb2bf6b80b9038ec6cd7f0ff6d3c76ab608740ec170b45c3ff2791033ea30a974e8d8cad6b066b82600696a3

Download Submit
/data/data/com.qihoo.gamecenter.pluginapk.gift/databases/gameunion.db-journal

Filesize
8KB

MD5
8376a703da500b39e8694909ec9a3b04

SHA1
c683c7eefb2db699158824dbf946d98a81e18107

SHA256
ac4ceb54d7af1028501a3d0b438ffb774ef7e5e1ea34e87d49e77e6802e579ef

SHA512
6c8bed0d89b058be223e7e2d6ee4f1f3678165ee092e1b2e9ae801e05d0ca815e64361153312f002dc033ca44910c804340c554f25941bc2a5ad0b0101a6cfec

Download Submit
/data/data/com.qihoo.gamecenter.pluginapk.gift/databases/gameunion.db-journal

Filesize
8KB

MD5
958b3e881100500c7340683cc0466ff0

SHA1
d233093ecf53e50e47666241823a21325bbfe003

SHA256
a97ee6ab787fffecff5479d6496d01952cd4a390ef9c9f5663b2b745c11368b9

SHA512
37f7f07939f3b720ff6bf465bacdcb23883a9b4b21527dc82a09a990214e6fe33b457ca9d58f210e5122065669f3ab2fe008034a12dfaa1cfb8dd2c5654e1d4f

Download Submit
/storage/emulated/0/Android/data/com.qihoo.gamecenter.pluginapk.gift/cache/uil-images/journal.tmp

Filesize
31B

MD5
8c92de9ce46d41a22f3b20f77404cc1d

SHA1
8671a6dca00edb72be47363a7071be65cf270373

SHA256
68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

SHA512
30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

Download Submit