Malware Analysis Report

2024-11-16 10:46

Sample ID 240603-h9551aga5w
Target 90f35d22a64f5e5cc7fc917d19907e92_JaffaCakes118
SHA256 7e3c3a1f748120ce85e1df711e29965f289e2cf04048d0eab94bab1dcf058ce0
Tags
banker collection discovery evasion execution impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

7e3c3a1f748120ce85e1df711e29965f289e2cf04048d0eab94bab1dcf058ce0

Threat Level: Likely malicious

The file 90f35d22a64f5e5cc7fc917d19907e92_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

banker collection discovery evasion execution impact persistence

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Requests cell location

Checks if the Android device is rooted.

Queries information about the current Wi-Fi connection

Loads dropped Dex/Jar

Queries information about running processes on the device

Checks memory information

Queries information about the current nearby Wi-Fi networks

Checks CPU information

Checks known Qemu files.

Registers a broadcast receiver at runtime (usually for listening for system events)

Makes use of the framework's foreground persistence service

Requests dangerous framework permissions

Checks if the internet connection is available

Schedules tasks to execute at a specified time

Reads information about phone network operator.

Declares services with permission to bind to the system

Acquires the wake lock

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 07:27

Signatures

Declares services with permission to bind to the system

Description Indicator Process Target
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A
Required by VPN services to bind with the system. Allows apps to provision VPN services. android.permission.BIND_VPN_SERVICE N/A N/A
Required by input method services to bind with the system. Allows apps to provide custom input methods (keyboards). android.permission.BIND_INPUT_METHOD N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to write and read the user's call log data. android.permission.WRITE_CALL_LOG N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to write the user's contacts data. android.permission.WRITE_CONTACTS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an application to collect component usage statistics. android.permission.PACKAGE_USAGE_STATS N/A N/A
Allows an application to read the user's calendar data. android.permission.READ_CALENDAR N/A N/A
Allows an application to write the user's calendar data. android.permission.WRITE_CALENDAR N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-06-03 07:27

Reported

2024-06-03 07:27

Platform

android-x64-arm64-20240514-en

Max time network

9s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-06-03 07:27

Reported

2024-06-03 07:30

Platform

android-x64-20240514-en

Max time network

134s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 142.250.178.10:443 tcp
N/A 224.0.0.251:5353 udp
GB 142.250.180.10:443 tcp
GB 142.250.180.10:443 tcp
GB 142.250.178.10:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
GB 172.217.169.14:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.212.232:443 ssl.google-analytics.com tcp
GB 142.250.200.46:443 tcp
GB 172.217.16.226:443 tcp
GB 216.58.204.68:443 tcp
GB 216.58.204.68:443 tcp

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2024-06-03 07:27

Reported

2024-06-03 07:27

Platform

android-x86-arm-20240514-en

Max time network

7s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 216.58.213.3:443 tcp
GB 142.250.200.42:443 tcp
GB 142.250.200.14:443 tcp
GB 142.250.200.42:443 tcp
N/A 224.0.0.251:5353 udp
GB 142.250.200.10:443 tcp

Files

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2024-06-03 07:27

Reported

2024-06-03 07:27

Platform

android-x64-arm64-20240514-en

Max time network

10s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 07:27

Reported

2024-06-03 07:30

Platform

android-x86-arm-20240514-en

Max time kernel

155s

Max time network

188s

Command Line

com.qihoo.appstore

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /sbin/su N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Requests cell location

collection discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A
File opened for read /proc/cpuinfo N/A N/A

Checks known Qemu files.

evasion
Description Indicator Process Target
N/A /sys/qemu_trace N/A N/A
N/A /system/bin/qemu-props N/A N/A
N/A /system/lib/libc_malloc_debug_qemu.so N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.qihoo.appstore/files/sllak/opt/4292/finalcore.jar N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.qihoo.appstore

com.qihoo.daemon

/system/bin/sh

com.qihoo.appstore:critical

app_process32 / com.qihoo.appstore.rootcommand.persistent.CoreDaemon --nice-name=com.qihoo.appstore_CoreDaemon --daemon

cat /proc/version

ps

/system/bin/ping -i 0.5 -s 56 -w 10 -c 10 221.130.199.88

/system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq

/system/bin/ping -i 0.5 -s 56 -w 10 -c 10 221.130.199.88

/system/bin/ping -i 0.5 -s 56 -w 10 -c 10 221.130.199.88

/system/bin/ping -i 0.5 -s 56 -w 10 -c 10 221.130.199.88

/system/bin/ping -i 0.5 -s 56 -w 10 -c 10 221.130.199.88

Network

Country Destination Domain Proto
GB 142.250.187.195:443 tcp
N/A 224.0.0.251:5353 udp
GB 142.250.178.3:443 tcp
US 1.1.1.1:53 show-m.mediav.com udp
US 1.1.1.1:53 sdk.look.360.cn udp
US 1.1.1.1:53 g.sdk.look.360.cn udp
CN 180.163.247.134:443 show-m.mediav.com tcp
HK 101.198.192.67:80 g.sdk.look.360.cn tcp
US 1.1.1.1:53 openbox.mobilem.360.cn udp
CN 180.163.251.81:80 openbox.mobilem.360.cn tcp
HK 101.198.192.67:80 g.sdk.look.360.cn tcp
HK 101.198.192.67:80 g.sdk.look.360.cn tcp
HK 101.198.192.67:80 g.sdk.look.360.cn tcp
US 1.1.1.1:53 m.irs01.com udp
US 1.1.1.1:53 p.s.360.cn udp
CN 180.163.251.221:80 p.s.360.cn tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.200.4:80 www.google.com tcp
US 1.1.1.1:53 sdk.mediav.com udp
CN 180.163.247.134:443 sdk.mediav.com tcp
CN 180.163.247.134:443 sdk.mediav.com tcp
US 1.1.1.1:53 update.api.sj.360.cn udp
CN 180.163.251.81:80 update.api.sj.360.cn tcp
US 1.1.1.1:53 api.kuaidi.360.cn udp
US 1.1.1.1:53 s.360.cn udp
CN 171.8.167.90:80 s.360.cn tcp
CN 101.198.1.205:80 api.kuaidi.360.cn tcp
CN 180.163.251.81:80 update.api.sj.360.cn tcp
US 1.1.1.1:53 sdk.s.360.cn udp
CN 180.163.251.221:80 p.s.360.cn tcp
HK 101.198.192.8:80 sdk.s.360.cn tcp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
CN 180.163.251.221:80 p.s.360.cn tcp
CN 171.8.167.68:80 p.s.360.cn tcp
CN 125.88.193.234:80 tcp
CN 180.163.251.81:80 update.api.sj.360.cn tcp
CN 218.30.118.222:80 tcp
CN 171.8.167.68:80 p.s.360.cn tcp
CN 171.8.167.69:80 p.s.360.cn tcp
CN 180.163.247.134:443 sdk.mediav.com tcp
CN 180.163.247.134:443 sdk.mediav.com tcp
CN 171.8.167.69:80 p.s.360.cn tcp
US 1.1.1.1:53 track.mediav.com udp
CN 180.163.247.134:443 track.mediav.com tcp
CN 106.63.24.127:80 p.s.360.cn tcp
CN 221.130.199.88:7 tcp
CN 180.163.251.81:80 update.api.sj.360.cn tcp
CN 180.163.251.81:80 update.api.sj.360.cn tcp
CN 101.198.1.205:80 api.kuaidi.360.cn tcp
CN 125.88.193.234:80 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 106.63.24.127:80 p.s.360.cn tcp
CN 221.130.199.88:7 tcp
CN 180.163.247.134:443 track.mediav.com tcp
CN 180.163.247.134:443 track.mediav.com tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 125.88.193.234:80 tcp
CN 171.8.167.68:80 p.s.360.cn tcp
CN 221.130.199.88:80 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 180.163.247.134:443 track.mediav.com tcp
CN 221.130.199.88:80 tcp
CN 101.198.1.205:80 api.kuaidi.360.cn tcp
CN 123.125.82.206:80 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
US 1.1.1.1:53 track.mediav.com udp
CN 221.130.199.88:7 tcp
CN 180.163.247.134:443 track.mediav.com tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:80 tcp
CN 101.198.1.205:80 api.kuaidi.360.cn tcp
CN 171.8.167.69:80 p.s.360.cn tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
US 1.1.1.1:53 md.openapi.360.cn udp
US 104.192.110.235:80 md.openapi.360.cn tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:80 tcp
CN 221.130.199.88:7 tcp
CN 171.13.14.66:80 s.360.cn tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 106.63.24.127:80 p.s.360.cn tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:80 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp

Files

/data/data/com.qihoo.appstore/databases/download5.db-journal

MD5 b741fb7d47c1a414b79da707959a936f
SHA1 67c15e15216902a60f5d991156975a2e4541e664
SHA256 9d21fa7bf4749cf44b98c869567c758f9d68cfc3dbdeb57f0636745f53b320cd
SHA512 a71e32eadc42eab1be387e9b1f5510d1ce8ae39f155b71c6157d97096d1141a787ea0ecf00ad3739f94d38906d3a80bfff3a310de91e1495108336ef4aa8760a

/data/data/com.qihoo.appstore/databases/filelist.db-journal

MD5 291dfb7302b15fb2387ad4ab27bcbf56
SHA1 7965f450758cd1d9e185689515529f319f865128
SHA256 30df1ac09cd8e168761680a8b5f60a69a6467691e6c020ef7a4e93ff9d5fd619
SHA512 75b727e1ad0386e024de838acba9315c57b79a14619c0c40ab86b42cd50d8365d14d10d794a2911eeb7a43bf60686541353e48e80c29d8c4b298304f1825fc0d

/data/data/com.qihoo.appstore/databases/download5.db

MD5 c7aa2c5145d843907aed9145eabbaf5b
SHA1 ff34f47c8d32b5f9192263226413790051ce22c0
SHA256 b39b27d048a348241f60fdd49b962016fd875251034d66622fd5dae753859bd6
SHA512 323b0427604b9ce689647018512e6cc1bc4dfb777e2fc2dbcbb131ab330d2d7eee42d79570e04ddb6daaa36481d7726954de31c09aea961511a67e58e4ec5b0b

/data/data/com.qihoo.appstore/files/sllak/opt/4292/finalcore.jar

MD5 4227c89f327f3ee78fefd7a69bfcfc68
SHA1 6bf60ea6b9c92cd007e6439d6f4533ee287d6632
SHA256 fcca16c00bcc9071ec97c2b735e549509d1e432664de13f81109a9b58dfbe2e4
SHA512 d1a8086284d324ac2c02bb05c6758a799f0eee6a503b703a1473b098901791e554301996319114aa0d3dfb9bb382810410eaaa52acb5e7edfc117f11d3bcd967

/data/data/com.qihoo.appstore/files/sllak/opt/4292/finalcore.jar.tmp

MD5 c14c8a2f5d3a7c47eb2ca8c1b6e69adb
SHA1 4e57b3c0f34427aba8a5be40c2e9b627172a89c8
SHA256 7d7ada76ea057847b5c47ed0f16a6d0e52cdbebbbdb08c1a9519acf70a1a4107
SHA512 2be420b849c0fa84d3c594ab6bc85255eb54915e05aac5fd3d711e8dc93f484c5a2add2c662a858d4c2ce316a716c9e930122e9cb1047be7482c495242d766e4

/data/data/com.qihoo.appstore/databases/filelist.db

MD5 46277aa46f0abf6a947e0694dbfc7da4
SHA1 078fc6b029d131a1584fddf453677697584b3341
SHA256 929bb59552dd388fd3ae27247bd509b3b81e0cbd54e91194d526e430c8427a11
SHA512 8e5a591c0e331d0c17cc512952177c03fd3f227e56b95f4472322c60e39d622db9ff02aab15b6a5cc7130f0fc684f843dcd3d391108d564b13cd9c7bc789798e

/data/data/com.qihoo.appstore/databases/download5.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.qihoo.appstore/databases/download5.db-wal

MD5 712930122f9c19bbb7ce2125a5ebf966
SHA1 c13eb5f0cb56dfd230f233020350c46ef522f62d
SHA256 1694c5fea46c6fe5ae7467893e29ca70832a613e9387cb30b4b3c5fcf9439e62
SHA512 909b11acc374dfcc299a8f4c762ac9bea7008c078eced7c5fd392a93a71fb1aca915e0ec01ea8c58bd722bf70e7ee209e55a9ce6795cded9a576c14722ce36cb

/data/data/com.qihoo.appstore/databases/filelist.db-wal

MD5 a96e31b154fd3ebaa7d40f5009d5cf99
SHA1 86c463c7dd48bce1a925f3c3355f4186f56e9323
SHA256 504a3270e54265a1506be8ea80db0290dabffb426b0cf14ced03bb29029328bb
SHA512 8025362a071304443eb269b55b2e31400710382ae376d07bb9cf2bbde0336860721f92ea1fa22c32325b4bf16a9f0973bd82a763ade496724a4026d86279e6f6

/data/user/0/com.qihoo.appstore/files/sllak/opt/4292/finalcore.jar

MD5 b667ca71e42bbeb899566c8834ed085e
SHA1 053a3f889e326efdfa0d3ae7e5b2655f0b7376d2
SHA256 536678202267f95d80480f15065e784d7ec609922a0963d935e9c5a4b0f62bef
SHA512 52255d3d7066d01bd47a9da788f86c707af14e7666a918737fa5ffb4bb003e97b28dd84a7cead3439ee39e10b568c97e80174a80bf776c7dd58335b06656f8f2

/data/data/com.qihoo.appstore/databases/new_downloads.db-journal

MD5 fe3e53969026bf363b953a05e0bf2e2e
SHA1 de01fc6c671a9976a19217d957966e4347a7717f
SHA256 dc4b7639cbf6916f911b695c3931aab7bd86bba83f035dd0c1ee88dd7eb58208
SHA512 90011f1a8b4017a80faa1a43a05eec5ce2b75764177208ea6dc19af672e200915d18c2e969ee0502189695c7d996c00246257c18a131fd8fb74f1680ae98fbd1

/data/data/com.qihoo.appstore/databases/new_downloads.db

MD5 3fe30614d7e0d11db870b4624f6c50e0
SHA1 053ff0fc621ab40f2afeddb3e7b4a73ee41ec533
SHA256 67c532f0324228dd33b445cd399c1426e3a0e0cdc7b9358c66b402c5d40a838d
SHA512 c7c09e97a408e88aacaf8099ad4d1fa604d58113393500a384eb3c2eb7c3c105af41314934b86eca2f088045cbab5a20d768bbb295448dc1ae6cb6c3f59821ae

/data/data/com.qihoo.appstore/databases/new_downloads.db-wal

MD5 76fbd35b20b1ac7e67afd5ad10c8452a
SHA1 b3c839bbb9fc4804e7be9809aaad85a4b3ca633b
SHA256 c29e3bf8759ba90062c9e50f2a12a9f422dce2f112f9166c8d924d1a72cbf23c
SHA512 7f7ad0992eb461d03fc529f97787e0489a8544210dc3fad2d0a75851275847edb509e4362c4192e213ae17f3503d03c94fca27b2a785f467fab8114b2b862038

/storage/emulated/0/.sfp/.sfp

MD5 0424b0ad94b45b39faf7c9228fd86291
SHA1 dc7de9cc8a03d1f051eddc64555ba8ed9b845f04
SHA256 2ce97a2d4970e0482eb2fca808eaa0f6cc5a3b5917c5152c1580978cb8ee265a
SHA512 13fc97f86fab384b8657dd6ae16c300e374d6b9a2fd6fd2d9a29a01b4a3d34921b9a59bac69063e3f2d9d7358eda734dc64ea3a8482271ebe2536729ca4e010e

/data/data/com.qihoo.appstore/databases/_ire-journal

MD5 28ccc5e890a85bbba3f328b750a58297
SHA1 057f64decf750e9c39c6fcee72493130ea02281d
SHA256 f7e61ccd7231a0c80c96faaadd1e88cf9f57ab74142c2596eea6da71b16fb691
SHA512 69a81cc63ac78e0e43534e3500dd14d662597fadb01a73c4a71e1b513fbcc5ff5b3df769f7cfd5aec24ba23620b35860331adae2ff77abcb342b01b405026893

/data/data/com.qihoo.appstore/databases/_ire

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.qihoo.appstore/databases/_ire-wal

MD5 12a79981d7b35d85cc55cf80d1adc1d5
SHA1 23b5a2e919888fd19fd0c59e7d0a289f9c15e299
SHA256 e57778fa5b346a9fb9db49eeddc018ea60d8af872b57e77e407b03bad8a96a08
SHA512 5f85b204933cbf71e002e9858c2066b63a0d24e079257877eec47fae772a1276d062bd7db08d88882bf5805711dbdae9fcd82c75b4f1de3972d21b06c0d13204

/data/data/com.qihoo.appstore/files/360/sdk/persistence/data/Y29tLnFpaG9vLmFwcHN0b3Jl

MD5 039e6afdfbca418e922bb77567fe5548
SHA1 2f50fe0d6fa47237b2ec5597be353e2ad32e4779
SHA256 9144ec4db8306f090bf8ef983d13fac815c9e255ecbd1f84d84a0bacb674912a
SHA512 8ef17dc56d1eb0da024ce8b56524c524349e715f917fade9fd1b3c1986350b869813602a5691b8d1f678404a98de72ede99700b708bd2066bafeaba2be5bde59

/data/data/com.qihoo.appstore/files/360/sdk/persistence/data/Y29tLnFpaG9vLmFwcHN0b3Jl

MD5 c2f8e4076bc50c932b3cfaa325252603
SHA1 bcaa9a4c65558ac63240b59939a7d53bd267a592
SHA256 1c31293a497b26178572eb29d8aa7f9c513cd610678e93c1548c133851ebacfa
SHA512 d1f4b5f708cdab915c834283af2e5af6baea7bcffdaafe6dd60426b51e38768995ffed46414670be77c183f678a86a4cc0e8fcba884fae8b3412312b97e6bf9c

/data/data/com.qihoo.appstore/files/360/sdk/persistence/report/Y29tLnFpaG9vLmFwcHN0b3Jl

MD5 9a12a6e38a640f28f7e982e63ebeea24
SHA1 5488b8a2dd1f3d16876bb34c0bc2f2d2da07067a
SHA256 84fa67df2793bf654fda601a0034e78fbdb564c863fa8ec1e07a805ec69fbf66
SHA512 daae0169fbdaffe55cc6a46e04ec7f3e0aad534b347c9f00963286b8987a29af88a9104561175633edd7030de1c9681106d208213f92fadf25fc9b87d2e7acd7

/data/data/com.qihoo.appstore/files/360/sdk/persistence/data/Y29tLnFpaG9vLmFwcHN0b3Jl

MD5 605c525f9a416d87a4f42b3f12c2cf5e
SHA1 1c1c1852f452c6f41275ee2930ce0a5713d9daf8
SHA256 be33b4044955561e5c3774dbf6adfa3040e6f37c5065d1fd9d2c57225b2bc55f
SHA512 4b663ee9c685c59f03f41697a3a0cf712ca70c4873f0fd007e97499aaa483d7135d7433f3cb7a434931c5fca8ffecec927d1e8c7e111775f22ed90004a9893d5

/data/data/com.qihoo.appstore/files/360/sdk/persistence/data/Y29tLnFpaG9vLmFwcHN0b3Jl

MD5 dbedac4ced3fd0d8b2f5d89b230daf33
SHA1 5aad1f7ff0ce9ef650344cf9a89635d39792daec
SHA256 1e2bc0af7b5610878a78d0ca7027cd7273f337f5ce8eeee5af99cc541477f1dd
SHA512 ef5d54eb94abb9d51a52f60a441a502e85abc51cc5f1bf8d94814da02e19136a2112f72ad6bccae60e23afcc7e42f59902ced97ad7c5af17c3325881ba9f341b

/data/data/com.qihoo.appstore/files/sllak/opt/4292/oat/finalcore.jar.cur.prof

MD5 e4ba2658c8047570b8507bfff38deb38
SHA1 685020dd79c548af8c9be057c1f247986ade24ee
SHA256 cca74ccc54d06daaf97fee6132f2f07e517084d70ce3dc03e55649168ff83750
SHA512 fe072e901cfe3e6c364c26eae429ee8eea681990075cde662a71d27f3f2198b5f185b0aed287b56c185bad37da9d2da003ace7e9c3d24cbeef26136ebf7ca5a1

/data/data/com.qihoo.appstore/files/sllak/logcache/log1717399657510

MD5 1a4b50c2762717eaaab569c513bac897
SHA1 a07430b83910be7c49563062ea2dea8a90bea666
SHA256 d62981256ab5c14255cbe2bca4bb91d58baf0c82e2ecb610fdd338c5f317e1ae
SHA512 153535e0d1191099bcd5e659477a66c61d4eab208278b0704260001288bf735a47be5b840b66ae00e8e4ed9c21d2399527c993c647dec6075bdca4e325e622c6

/data/data/com.qihoo.appstore/files/sllak/logcache/log1717399657459

MD5 d2ebe614095242ec9a8ba9b5b727250a
SHA1 2dd6a30aa544bd1f3c36611e0b6dc16153dfe68f
SHA256 dc627229bc410fec84023acc290e9e9dce797d1ecf0a7d2289dec7728b44c6fd
SHA512 315ecc7e57b23d163d4950f0b5ec8ba42dc9eda5d34b33baf26f8afa716d7a70feeb6d6de4444a6e6a7a609814ebf9ced6c4290a4f2d91af6b27d926b24a70ff

/data/data/com.qihoo.appstore/files/360/sdk/persistence/data/Y29tLnFpaG9vLmFwcHN0b3Jl

MD5 fd049b5d3a825422fd924a599edce75e
SHA1 893635a382d207a6a33d9c2f17d4e9557134de0f
SHA256 2711070253f136f5b55cd23ee8652c2dcd55ca670f909cb4af5d4526ab59df85
SHA512 c0ed6c978639946bcd7dfb0e76ba1e891718e20ec18ce3fd2a59199a77b9647983b52cd4ac3ed903601db68dd7422d529ee3f6d0ad1c49048217a9a2315fc345

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 07:27

Reported

2024-06-03 07:30

Platform

android-x64-arm64-20240514-en

Max time kernel

154s

Max time network

189s

Command Line

com.qihoo.appstore

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/bin/su N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Requests cell location

collection discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A
File opened for read /proc/cpuinfo N/A N/A

Checks known Qemu files.

evasion
Description Indicator Process Target
N/A /sys/qemu_trace N/A N/A
N/A /system/bin/qemu-props N/A N/A
N/A /system/lib/libc_malloc_debug_qemu.so N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.qihoo.appstore/files/sllak/opt/4626/finalcore.jar N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.qihoo.appstore

com.qihoo.daemon

com.qihoo.appstore:critical

Network

Country Destination Domain Proto
GB 142.250.180.14:443 tcp
GB 142.250.180.14:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.201.104:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 sdk.look.360.cn udp
US 1.1.1.1:53 show-m.mediav.com udp
US 1.1.1.1:53 g.sdk.look.360.cn udp
US 1.1.1.1:53 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
HK 101.198.192.67:80 g.sdk.look.360.cn tcp
CN 180.163.247.134:443 show-m.mediav.com tcp
HK 101.198.192.67:80 g.sdk.look.360.cn tcp
HK 101.198.192.67:80 g.sdk.look.360.cn tcp
HK 101.198.192.67:80 g.sdk.look.360.cn tcp
US 1.1.1.1:53 openbox.mobilem.360.cn udp
CN 180.163.251.81:80 openbox.mobilem.360.cn tcp
US 1.1.1.1:53 m.irs01.com udp
US 1.1.1.1:53 p.s.360.cn udp
CN 180.163.251.221:80 p.s.360.cn tcp
US 1.1.1.1:53 sdk.mediav.com udp
GB 142.250.180.4:80 www.google.com tcp
CN 180.163.247.134:443 sdk.mediav.com tcp
CN 180.163.247.134:443 sdk.mediav.com tcp
US 1.1.1.1:53 update.api.sj.360.cn udp
CN 180.163.251.81:80 update.api.sj.360.cn tcp
US 1.1.1.1:53 s.360.cn udp
CN 180.163.251.230:80 s.360.cn tcp
US 1.1.1.1:53 api.kuaidi.360.cn udp
CN 180.163.251.221:80 p.s.360.cn tcp
CN 101.198.1.205:80 api.kuaidi.360.cn tcp
CN 180.163.251.81:80 update.api.sj.360.cn tcp
US 1.1.1.1:53 sdk.s.360.cn udp
US 104.192.110.245:80 sdk.s.360.cn tcp
CN 180.163.251.81:80 update.api.sj.360.cn tcp
CN 180.163.251.221:80 p.s.360.cn tcp
CN 180.163.251.224:80 p.s.360.cn tcp
CN 125.88.193.234:80 tcp
CN 180.163.251.81:80 update.api.sj.360.cn tcp
CN 218.30.118.222:80 tcp
CN 180.163.251.224:80 p.s.360.cn tcp
CN 106.63.24.127:80 p.s.360.cn tcp
CN 180.163.247.134:443 sdk.mediav.com tcp
CN 180.163.247.134:443 sdk.mediav.com tcp
CN 218.30.118.222:80 tcp
US 1.1.1.1:53 track.mediav.com udp
CN 180.163.247.134:443 track.mediav.com tcp
CN 106.63.24.127:80 p.s.360.cn tcp
CN 180.163.249.138:80 p.s.360.cn tcp
CN 180.163.251.81:80 update.api.sj.360.cn tcp
CN 221.130.199.88:7 tcp
CN 180.163.251.81:80 update.api.sj.360.cn tcp
CN 101.198.1.205:80 api.kuaidi.360.cn tcp
CN 125.88.193.234:80 tcp
CN 221.130.199.88:7 tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 180.163.249.138:80 p.s.360.cn tcp
CN 221.130.199.88:7 tcp
CN 180.163.247.134:443 track.mediav.com tcp
CN 180.163.247.134:443 track.mediav.com tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 218.30.118.222:80 tcp
CN 180.163.251.224:80 p.s.360.cn tcp
CN 221.130.199.88:80 tcp
CN 221.130.199.88:7 tcp
CN 180.163.247.134:443 track.mediav.com tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:80 tcp
CN 101.198.1.205:80 api.kuaidi.360.cn tcp
CN 123.125.82.206:80 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
GB 142.250.180.4:443 www.google.com tcp
CN 221.130.199.88:7 tcp
CN 180.163.247.134:443 track.mediav.com tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
GB 142.250.200.2:443 tcp
GB 142.250.187.206:443 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:80 tcp
CN 106.63.24.127:80 p.s.360.cn tcp
CN 101.198.1.205:80 api.kuaidi.360.cn tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
US 1.1.1.1:53 md.openapi.360.cn udp
US 104.192.110.235:80 md.openapi.360.cn tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:80 tcp
GB 142.250.180.4:443 www.google.com tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 101.198.2.147:80 s.360.cn tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 180.163.249.138:80 p.s.360.cn tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:80 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp

Files

/data/user/0/com.qihoo.appstore/files/sllak/opt/4626/finalcore.jar

MD5 64df5a2d627ae8719ad3faa18f012a14
SHA1 fd552a51e4574e97c2bd45e9829a5bee60c4644a
SHA256 7c93646af68910111ff1044d85c4eeb5f85d0b0ed875c090b5e8b43df445eb4a
SHA512 4150badbc5ef0056cba6cea03c13f86e8b6a67e03d7c08b79651ae76f02d4d1b7b292f080d165af1eed252666e7a6ad9ddf96b7e90b5a2955e0143a82b693552

/data/user/0/com.qihoo.appstore/files/sllak/opt/4626/finalcore.jar.tmp

MD5 c14c8a2f5d3a7c47eb2ca8c1b6e69adb
SHA1 4e57b3c0f34427aba8a5be40c2e9b627172a89c8
SHA256 7d7ada76ea057847b5c47ed0f16a6d0e52cdbebbbdb08c1a9519acf70a1a4107
SHA512 2be420b849c0fa84d3c594ab6bc85255eb54915e05aac5fd3d711e8dc93f484c5a2add2c662a858d4c2ce316a716c9e930122e9cb1047be7482c495242d766e4

/data/user/0/com.qihoo.appstore/files/sllak/opt/4626/finalcore.jar

MD5 b667ca71e42bbeb899566c8834ed085e
SHA1 053a3f889e326efdfa0d3ae7e5b2655f0b7376d2
SHA256 536678202267f95d80480f15065e784d7ec609922a0963d935e9c5a4b0f62bef
SHA512 52255d3d7066d01bd47a9da788f86c707af14e7666a918737fa5ffb4bb003e97b28dd84a7cead3439ee39e10b568c97e80174a80bf776c7dd58335b06656f8f2

/data/user/0/com.qihoo.appstore/databases/filelist.db-journal

MD5 1a1101f5059ddc134eeb6a1419d1b85e
SHA1 fb0e09e6d14d2917543c441093296e7129637092
SHA256 00f7ac887320923a3fadb821527ee7117a40271853300cf46ae72e4758519828
SHA512 d36d4bd067bbabc06f87306396a4caeeaea68b4398c27b6d8c9bbf050d4d5fe9e1356c3bb3e29a581ced64370edc0bd36815807e01044316a26e3a510a1f7f92

/data/user/0/com.qihoo.appstore/databases/filelist.db

MD5 cfd91df67d18ab2c9c147bc15c1d5fed
SHA1 71bc452d517c45dc4949e3269d546d37e98e5460
SHA256 8e09c27b071f60633a8530c1047c99a4aed367139983d32db4fb9ad2dd9fb303
SHA512 9f63a78d12f2e554f80d5cbe008ae24d3a02a03b901072e3a27a2a17d7308b9d8f0dcd4e45a4316accd828615a18b8467974dc20b88a84664810f8d383b80be1

/data/user/0/com.qihoo.appstore/databases/filelist.db-journal

MD5 4048b25d3bc8ece975058b2668b9b006
SHA1 17809de2fbc10aa5540b6aa5663e09c4181a748b
SHA256 68ac45d2054c4a81c31ccd3407f85ec348bcf7d656951eff4857ac7e30db867d
SHA512 2c94219e4df926801445dfd8cf05c5f025c188114f7deaae150f7f622c41182118e6d3429a405d8b9114a0804d51b40193f2d07d07f05c7d2f1e7722c00b0f76

/data/user/0/com.qihoo.appstore/databases/download5.db-journal

MD5 9d78f33b7dbed0506be71b6e64347c96
SHA1 0127a52ad8c7154f40694458213158209ad83933
SHA256 345ee4b4d1733eeeafa36397c1ac6771405f919403bdf2f8efbff2699db47584
SHA512 45eaad58a914a492463db70c15d4e486477fd17fe8cacd9add78de50fea3b5ab621c98cc2e3e62af8980985ce4cac9e8853bd4cbc4cc2a6ece2c3f90ead90f17

/data/user/0/com.qihoo.appstore/databases/download5.db

MD5 6d65d3bfc5e50a7b1486a033386c4c05
SHA1 4e3f36226dd38222bcf0fdda39ae7e02dcd5ebf2
SHA256 0b1ff9bcc864cbfe2651875661c78e0c235383364dd049539dd397e858acad3e
SHA512 d5ffeb07377d0e0c9b51963cf8d34b49c694daec5468e7163c3270f39ad6f0b3b7e912a13add10e4b26b4db6617982443a6a7327b3b2d778645884eca4c91436

/data/user/0/com.qihoo.appstore/databases/filelist.db-journal

MD5 8b7328c4ea60c980063892d3b96a0790
SHA1 7c453eecd15111d11e192a7ec50d38ca6884e9ca
SHA256 c5cc3c6f5c3e7e2caa6b8d70d46bcc77d96781735d67407273b29fb6768e1ac4
SHA512 401a063aae56cab4cce91c96794851415ea5703ae7a33120e6c8a595a7af356388da5aa7cfd53b73b41cb52fd48c91a8225604d85f209aad348bb7e2f6297bde

/data/user/0/com.qihoo.appstore/databases/download5.db-journal

MD5 ee642431f2f7262aaa9699b20258cd4c
SHA1 d0d396a7e6c2312e33e25ff3c5b03b3e6cf12109
SHA256 89a3bef4738f812942882432eb74de6028e7a5696d6d2f8c18b7ba79dd212893
SHA512 7d2e77cbb93fbec69b77b4a4bc65d5ef07a5f67051914be7d7ea3969ee565d830781fe4ce74b137247365d8cc465835611a9185e912d342d80cf6ff7a51d122e

/data/user/0/com.qihoo.appstore/databases/download5.db-journal

MD5 00c23f7f2369e1fd26e6ef524ec0aa47
SHA1 cbd9ed123a3d18f9c63c3ddfbb8552ef1fb6dea7
SHA256 0d26f277cf514a4d910dcf41d3edc9726033ff847bcd359d954bd580f9abb501
SHA512 478f7ed237192f561f93985b43f3fa069771d91e1b51813e52fb08a5405d430854b16a567c7705b6f906f390bba2e1f06b7a6ac97eba906282f5dd5b8201c9cd

/data/user/0/com.qihoo.appstore/databases/new_downloads.db-journal

MD5 1852ae2b476dc73a29114dc3cfcdb412
SHA1 2489cad1fa10bdb17fea0ef3730929e4a4b00225
SHA256 3d6031e423e7fbda57808ea611c74db7acc84bb905092f1187baa00d6701d5b8
SHA512 73f1c7837aebebb8ff52a250db92c90cffabfcc84a5baaed62af946dc2b498ea42d242cf82376eab831e1480d05bbff799d52ba8931a133cbdfba8946897909e

/storage/emulated/0/.sfp/.sfp

MD5 738ab40d4fea8a53e681bbd5b9ce8b57
SHA1 7137bd5e4fb43547d4602f60fdf8abdaa8c89fc3
SHA256 e4f4b26b58807f37c59082ea99ac606e11085eac3ba40813c418232cc3c3d0d0
SHA512 a02837dfcb4d8965629e3d04729cdcc5e616e850cf281b273fc11b3d8e4165f8e4bafea39ec02bceaf98844ce69ae088305d2c0f91d8d97c5ca0940d365bd00a

/data/user/0/com.qihoo.appstore/databases/new_downloads.db

MD5 171aedf968e17a2744d2585715606cb9
SHA1 bbeddeb3b89fcf809619c35b4a318a80e7d5b029
SHA256 d2ab452d9360848f46af866b870b5c6fc98230b09c72b89cb1a4b2778586678e
SHA512 78a0f517ee3d21c153dda6dbfec4187ebaee9d520d7b1b63f358bcb125d08aea53f26943907a56fdeba40161d9fc7e4fd63f9ae3154dd2ad887ba0162738285b

/data/user/0/com.qihoo.appstore/databases/new_downloads.db-journal

MD5 e12f37e670ea2b31d80838735b7b6c62
SHA1 095844a5b96e99c60db7a4686a23abd8bd4d7841
SHA256 2f70bf8ff47f41ffc17e16365a93fce49e8cdeef50e908df61675fbcfdeba945
SHA512 2ac5423b0f42f510c0a2049ecc3f499cdc7633e709a817c46f8a471f20ae35a0773270c801375dd04c5338498b1df7349829f2834d4f982b8de98204e2acb648

/data/user/0/com.qihoo.appstore/databases/_ire-journal

MD5 91b9f8486e4d96b2b592bab2a222c4ab
SHA1 32d389341b4531a7b096c90cbdaa0fa30cd9eea2
SHA256 cae0bff1f0097841d76516f4ce6c9ebf60b0fb8bd19c2935a0b43da2aab1c6b8
SHA512 390fb0aeee3bdd1aa58b01602184c45cbb14105475111a324014b24bfafc54549de4c6f843312414ad842966bfe8f601969bdbc0e4feef5bf96598ea2431e144

/data/user/0/com.qihoo.appstore/databases/_ire

MD5 2e8d2b7e3b1a8758ee427d301314b7ef
SHA1 32bcf7c03fd4934e1224feaf2114df2ae56d0551
SHA256 67b1e827a498e60301f0b57d15e0e342027c49266e8be14c7441dc7f774c299d
SHA512 2a7acd5dff858b159ad5ddd05f8392dda9a0d2185dd5b2b4b20ab660d8946bd3686cdaaaeff7317d717a23a2da1d86e5e42e0221e20e55cc020a2d9a16b0869f

/data/user/0/com.qihoo.appstore/databases/_ire-journal

MD5 0b74b0b77e8b0caf06890da87dda9142
SHA1 f9b8bbd96d11fc14207e014e99ff2788efc1a047
SHA256 2770546b92fcd2d98333ce96d6aba58157581511f36ba64bb80900aa936e3f56
SHA512 cae2d7a76e80916ea3669bb9d1934e9753b9e632abb54d60d413326a8f15e69e7e71278dc37a13402e5859e16616bfb43c766d52712370309c30f1f41e0bb67b

/data/user/0/com.qihoo.appstore/databases/_ire-journal

MD5 a6a4f2776f5e0890c45fb4b16473246a
SHA1 06aef31f3eaa16b7b8f94ff3b7759ef60cd0f7e1
SHA256 4b336c4248e465d6f3f952ab1625f4b095b10393fb6a77917172971996957763
SHA512 c2eb356f0029560e88f9feac1b875dd8e2f6d2207c41ae3da2bee5905a860e256d2500fda6a89f5d4011cb3a94ac81810e45a695fc1ca6fc5117c1e19c376031

/data/user/0/com.qihoo.appstore/databases/ignoreupdate_appinfo.db-journal

MD5 cd98734f1fbd33219b9c0b2e16652d97
SHA1 1bece5b0c5bcc0d94e15e4ed81c481b3b33bbdeb
SHA256 2a996fec44177e993708c6e348f34d26d7e06d491716b2203bcde6e13ef9fe3a
SHA512 288b5fcf6c3843b788fb869e8d15a1f7e2d517fc123f5aae3ea3d2bb2800b95de6e05683befb49cd92cfebd96cdff61f737c189f4e39f16ff495f6ec850ec638

/data/user/0/com.qihoo.appstore/databases/ignoreupdate_appinfo.db-journal

MD5 436bc9202a559c87d287e90dea956514
SHA1 c1708c636e3d56796da284e2ceabed53119e566a
SHA256 c207b3144b7ea6c863a3e1d12652475ac349114a947594e211d330e0bf455ba8
SHA512 6632b3e4329a532f71bb179a8395632f1afad2d3f2817625e6135df9e15963d8009f920253712ed50d903ce4b61d9497c174983e8e8f319699666ad91a53428a

/data/user/0/com.qihoo.appstore/databases/ignoreupdate_appinfo.db-journal

MD5 c58c2f9e6b9357083a384ecdc540cdfb
SHA1 65b4d20e9578816e094e1d2fdd47bedaa4fa42e8
SHA256 803f057c04f61b98614afae45874e1b8cebdc16401ce54e4632dfadf56371ca6
SHA512 a12ba2954165f6e6700ea9b041d9e48ce477cb81cd650d401b1f1df5096b43204b5a6f7de34b559090c00ef7d214527b16f9502de19346cefcb5d52316ce899d

/data/user/0/com.qihoo.appstore/databases/ignoreupdate_appinfo.db

MD5 5b8c1dcf057a68205287484c9396d28c
SHA1 3d9adce9ef4241685710cf40afb78b8c9ec89607
SHA256 c7697eef33212f41e3bcffe8434f3fd01700db4717bf1ea60cc0826604e13589
SHA512 2bf7977cc261b7385004e50c137222f73965ca19585a41525243f02f4eca7e6a571d73e7be670ceae7649ad0c6dc6a128664d010174a6b727125480602c31ff1

/data/user/0/com.qihoo.appstore/databases/ignoreupdate_appinfo.db-journal

MD5 d8a67b510b40e6ef131961ba716718af
SHA1 80cf633699b510bd62ed8cc3dea091169985c47a
SHA256 a8d212f2def28412f4a9c91a59db0b41148467c39948aa9c5576945929a769c1
SHA512 3a6da0c1c68f00e83a0593793fa766c633033e42e7a5f28171e1e401654f63286308bc63cad7cfbb98c2c431c1abbbd379a9905c73d74b4c51495d582104af7b

/data/user/0/com.qihoo.appstore/databases/ignoreupdate_appinfo.db-journal

MD5 130f1883ae45a00829086f0a166dd822
SHA1 5da3ec2f262cac55e7b5ecf908a055c6a1ff0c80
SHA256 a97f0429fab0f2461794fe23b35b0d7b698b4f1aad46e22347e2218c81143969
SHA512 f09a2946373e036549d0ba59827f9ed5ce3c2dc10e65d6c3deee01b78a692a9f662cfe7f0f73edb14b67d5e05d6073e0c145fbded61a3b8ae5f568d54ef3a524

/data/user/0/com.qihoo.appstore/databases/ignoreupdate_appinfo.db

MD5 0f2f4e066d2715d160223674a2f3e357
SHA1 dbe4dd0ba15d056b5af61676eee51067d1aa4c43
SHA256 f788fa93ee15080a627598c189caff36a90ddede8510bf2d3b5496c028d98773
SHA512 b90bc2eb1c7ac330b12b2f8cc02e1d04f19bf86490a24d7d4be1a21fcfb7768a1a1e030355f3e78da8ac247d77f18a6bd3df065575aea990e27beb9a1d069abc

/data/user/0/com.qihoo.appstore/files/360/sdk/persistence/data/Y29tLnFpaG9vLmFwcHN0b3Jl

MD5 e7251966fc69b97df21d0afdcfa764ca
SHA1 2fb5749cf341a8ac0190e8ccf81949c5232cb4da
SHA256 d77d4c19e7ea62d9e07477a3d1c3b934cdba957c04f99d4a04201b122c202c41
SHA512 f2be5ee4dffeecdf28d5eb526c663adf551b695dcb84857dd82be45f5d1f09c03870df845005c303842237cdd080e0870aa1dca4bf32c3481817c1212d636b0f

/data/user/0/com.qihoo.appstore/files/360/sdk/persistence/data/Y29tLnFpaG9vLmFwcHN0b3Jl

MD5 0349a315cd884e6f7d6cd386dc8be403
SHA1 fca083a8ddb6043cf3d7d11e3c1270612360e5e2
SHA256 0a80bda0ee61e9dac84ced51880a0cf623484d05a91fe0e358f4b582ea55505a
SHA512 64acf3cb5bed2dfd60e3d56037c8ef159a7277f88ee732ece86cb5e0eed2bed9232335275f394c9bfc52ad56d1729c81931b39b6241f3501ad4d08dfed4f53d2

/data/user/0/com.qihoo.appstore/databases/update_history.db-journal

MD5 2dc161e785a39535e65b4b2430b953e0
SHA1 ed6f350bd779eaf381623d77082b9a18111f5abc
SHA256 054617ce95de3bd09ae08b37599c449b9ac4ade75fcbb10ae5d78064682205ed
SHA512 d950249716d0d50ea0cded5962795050ba54f06a7b759b1e82b4cd8cc3508bc1b7c62d665215534a996fa9fca7ff6fb754a1f3a100ce2a78869ab434f9deba3c

/data/user/0/com.qihoo.appstore/databases/update_history.db

MD5 2252653e7b771e27d34816586139005f
SHA1 b2a9bdee7ba880cbe52d0a41f4a03190d48c0f06
SHA256 cedf5ce8e27874c3b635b7ecb3c9c404aa00f6924b45e8901e4c723f8b76b52f
SHA512 697d53afaab836022a9a7842f7b4b3db08f0645273b6ae1948387ddfae3b2fa97a2b3cadd6727d3a50ba1873b9dc01b8f5b68d299cda1d2943e71735ec1e20d8

/data/user/0/com.qihoo.appstore/databases/update_history.db-journal

MD5 6d1849013406bb1b84d7ae6b3e59ac2a
SHA1 5a5e2831ddcff3441aae8a8c6249f0ab9d827d28
SHA256 1ae4d2c29fa6b67a1deafb7209413434efcbbc4e18bdd3ddac6b41b72baf95ba
SHA512 9d1f773f0978d2d5d2c249edc1ef25f47ce070fad92278e07f64587aa19091987977b24b404972e5cc980ad723e80b294f4701da05ce5b2afda1bb2b89c1d40c

/data/user/0/com.qihoo.appstore/databases/update_history.db-journal

MD5 769e64efcb5019b3213d642fb8346da9
SHA1 80683ada33beb71d1c8b4c1972bad7944a8b08a2
SHA256 9c8d3db834a84112ba37338dbe9a9b30076486663896d387e62e6290ec94903b
SHA512 065267db2ef5849afea5e2f40acf942e0e29255c37f0f4e38b34aa6a28796b2474ddfde3cfd755994dfc20bf8b705a89648592f57064d1fc83c303c56ceb15d3

/data/user/0/com.qihoo.appstore/files/360/sdk/persistence/data/Y29tLnFpaG9vLmFwcHN0b3Jl

MD5 754e2e40bc6703f41cda25343896712e
SHA1 43e7cc6a3c2c4369c95c8915d5feec0d6e158b52
SHA256 fd1be8e59bb9465528616b3ceadf21c28d83f85c77232ebff226806aa87d648b
SHA512 5d0880d96b812a2c1e944853c4688b7ce759b8427a587d51987c5337135c576770fe6dca57ac08ea659977c9947c4e22f495d4c5fff62567268fa217734690b0

/data/user/0/com.qihoo.appstore/files/360/sdk/persistence/data/Y29tLnFpaG9vLmFwcHN0b3Jl

MD5 b4e81d52f4fa907386eb2b6ecf8d5c99
SHA1 965028d4c50d48c9c21b5a7cd6dd14a3a956b7a6
SHA256 1fc6b2ed072b909dec69dd83e80675df46f699ede0b6d6e18ba0ea726fca76b7
SHA512 a8b7f9b9ac5ec0a9faafcd33a162671d4b08ecc531b94ff31c66a66f0690924523d94e9ef8a583c51d2aa5a9a86139e88f49d548a8fe8b561f824bd9f7430f76

/data/user/0/com.qihoo.appstore/localApkInfo.json

MD5 4356798de4271fd0557a29c244e816fc
SHA1 d14c21ff386ea56a64f598707b5c431b4c02aae3
SHA256 4ba1945758929b208b70d01386c258db7fee6a8b1a17f848b1b7961ef32d40d7
SHA512 6cf1f4bb35542377cbe6c63e4b7ff8f1dc2cecd4d1c15e27f87177ff545d54d81a879b88058855e1a52b796bf0d17ae2ac5a03039e5fd5418f1743bdf4e01434

/data/user/0/com.qihoo.appstore/files/sllak/opt/4626/oat/finalcore.jar.cur.prof

MD5 ff904337e6204d0d88c61717b7250892
SHA1 bf3e717ef7dfb324948df19b1f4801b1b9b2c1c4
SHA256 f7da9d749ac9b6d3212ca1da55282f25525fd53222e782d14b52b73d18e9b796
SHA512 b70f10a43795ad77d8e223815c18cf0e6b246cc2ef0cd769abb77974a97cf67a8e934890039ac0b013faf2e3b4f0ab13c54d73fd83fef51edb6a63e5eae06e99

/data/user/0/com.qihoo.appstore/files/sllak/logcache/log1717399653196

MD5 30b0897c3a6131feefa5467e1daaefa9
SHA1 98ce596821bf879e272a2aaed8b274cb741d4eee
SHA256 8925d21f30f35764f1addb97ab78d3a8f7e609b68ea5f70de17a77cec9a2f065
SHA512 9e382de684249035df52b18518a3cb5f458409feef6d25f62827da8e322a12459a522908c870a8d0f1e2cf042f5fdc3deefc6267943583bf6580b74344d5a3f4

/data/user/0/com.qihoo.appstore/files/sllak/logcache/log1717399653338

MD5 78da0f29844e2e31dc8541edeb65e68a
SHA1 5fd7936c2b9ce5ad03d5bc8e0c6bba6dacaacdea
SHA256 c4cec6c36cb87b7373f1a80ae57cb288623f315f05fde4ce5bcc65e6d0a14ea4
SHA512 5a6ce8f380142560046cd0f1e21e59853b06de5eff8cbfd667c0cf93027b0862ac5bca75edd50ce9a89bf29221ca4435448a0d043f8a6bfa4c1a86acc48245a7

/data/user/0/com.qihoo.appstore/files/360/sdk/persistence/data/Y29tLnFpaG9vLmFwcHN0b3Jl

MD5 b2c6e69f08e1f6aeea0a2fe6c7ac12c0
SHA1 93dc813735764f131818a2f4e446a1849fbb8514
SHA256 dfd3319b35fcca21c6889874dac8cccd0b4df4f473957c2dfa01eb6a091fa70d
SHA512 875cd4e4df6da72f455e482c444ee5da9e877aceea7a7400be67da98bd685b7ff17197768ba2d7b9754a0f0969f5cad1b81b46c33ef3b46532114399fbc33c1a

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-03 07:27

Reported

2024-06-03 07:27

Platform

android-x64-20240514-en

Max time network

9s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 216.58.213.10:443 tcp
GB 216.58.204.67:443 tcp
GB 216.58.213.10:443 tcp
N/A 224.0.0.251:5353 udp
GB 216.58.204.74:443 tcp
GB 216.58.204.74:443 tcp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-03 07:27

Reported

2024-06-03 07:27

Platform

android-x86-arm-20240514-en

Max time network

8s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.169.42:443 tcp

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-06-03 07:27

Reported

2024-06-03 07:30

Platform

android-x86-arm-20240514-en

Max time network

144s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 142.250.200.14:443 tcp
N/A 224.0.0.251:5353 udp
GB 142.250.180.10:443 tcp
GB 142.250.179.227:80 tcp
GB 172.217.16.228:443 tcp
GB 216.58.204.67:443 tcp
BE 108.177.15.188:5228 tcp
GB 142.250.180.14:443 tcp
GB 142.250.180.14:443 tcp
GB 142.250.200.14:443 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.200.2:443 tcp
GB 142.250.200.35:443 tcp
GB 142.250.200.35:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.201.110:443 android.apis.google.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 www.youtube.com udp
GB 142.250.187.206:443 www.youtube.com udp
GB 142.250.187.206:443 www.youtube.com tcp
US 1.1.1.1:53 mdh-pa.googleapis.com udp
GB 142.250.178.10:443 mdh-pa.googleapis.com tcp

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-06-03 07:27

Reported

2024-06-03 07:30

Platform

android-x64-arm64-20240514-en

Max time network

166s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.169.14:443 tcp
GB 172.217.169.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.169.40:443 ssl.google-analytics.com tcp
GB 142.250.200.4:443 tcp
GB 142.250.200.4:443 tcp
GB 142.250.187.194:443 tcp
GB 172.217.169.78:443 tcp
BE 74.125.71.188:5228 tcp
GB 142.250.178.3:443 tcp
US 1.1.1.1:53 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
US 1.1.1.1:53 www.youtube.com udp
GB 142.250.178.14:443 www.youtube.com tcp
GB 142.250.178.14:443 www.youtube.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
GB 172.217.16.238:443 android.apis.google.com tcp
GB 172.217.16.238:443 android.apis.google.com tcp
US 1.1.1.1:53 accounts.google.com udp
BE 74.125.71.84:443 accounts.google.com tcp
GB 142.250.178.14:443 www.youtube.com tcp
GB 142.250.178.14:443 www.youtube.com tcp
US 1.1.1.1:53 www.google.com udp
US 1.1.1.1:53 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
GB 142.250.180.4:443 www.google.com tcp
US 1.1.1.1:53 jrsyrmepl udp
US 1.1.1.1:53 wuprlduluql udp
US 1.1.1.1:53 rkdxstegcecv udp
US 1.1.1.1:53 mdh-pa.googleapis.com udp
GB 216.58.204.74:443 mdh-pa.googleapis.com tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 216.58.201.99:443 update.googleapis.com tcp

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2024-06-03 07:27

Reported

2024-06-03 07:27

Platform

android-x64-20240514-en

Max time network

9s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.227:443 tcp

Files

N/A