Malware Analysis Report

2024-09-09 13:18

Sample ID 240613-ck17vs1bja
Target a37f1ac6c332d79c5f816db36459a344_JaffaCakes118
SHA256 7b3312aa3c9a6b670a2e1223e7d81b01e327beb401dcc82846eb73b353e3ce8d
Tags
banker collection discovery evasion execution impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

7b3312aa3c9a6b670a2e1223e7d81b01e327beb401dcc82846eb73b353e3ce8d

Threat Level: Likely malicious

The file a37f1ac6c332d79c5f816db36459a344_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

banker collection discovery evasion execution impact persistence

Checks if the Android device is rooted.

Loads dropped Dex/Jar

Queries information about running processes on the device

Checks known Qemu files.

Requests cell location

Queries information about the current nearby Wi-Fi networks

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Queries information about the current Wi-Fi connection

Declares services with permission to bind to the system

Requests dangerous framework permissions

Queries information about active data network

Reads information about phone network operator.

Acquires the wake lock

Makes use of the framework's foreground persistence service

Schedules tasks to execute at a specified time

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Checks CPU information

Checks memory information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 02:08

Signatures

Declares services with permission to bind to the system

Description Indicator Process Target
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A
Required by VPN services to bind with the system. Allows apps to provision VPN services. android.permission.BIND_VPN_SERVICE N/A N/A
Required by input method services to bind with the system. Allows apps to provide custom input methods (keyboards). android.permission.BIND_INPUT_METHOD N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to write and read the user's call log data. android.permission.WRITE_CALL_LOG N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to write the user's contacts data. android.permission.WRITE_CONTACTS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an application to collect component usage statistics. android.permission.PACKAGE_USAGE_STATS N/A N/A
Allows an application to read the user's calendar data. android.permission.READ_CALENDAR N/A N/A
Allows an application to write the user's calendar data. android.permission.WRITE_CALENDAR N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 02:08

Reported

2024-06-13 02:12

Platform

android-x86-arm-20240611.1-en

Max time kernel

167s

Max time network

187s

Command Line

com.qihoo.appstore

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /sbin/su N/A N/A

Checks known Qemu files.

evasion
Description Indicator Process Target
N/A /system/lib/libc_malloc_debug_qemu.so N/A N/A
N/A /sys/qemu_trace N/A N/A
N/A /system/bin/qemu-props N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.qihoo.appstore/files/sllak/core/finalcore.jar N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A
File opened for read /proc/cpuinfo N/A N/A
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.qihoo.appstore

com.qihoo.daemon

/system/bin/sh

com.qihoo.appstore:critical

com.qihoo.appstore

/system/bin/sh /system/bin/pm list packages

app_process32 / com.qihoo.appstore.rootcommand.persistent.CoreDaemon --nice-name=com.qihoo.appstore_CoreDaemon --daemon

cmd package list packages

/system/bin/ping -i 0.5 -s 56 -w 10 -c 10 221.130.199.88

/system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq

/system/bin/ping -i 0.5 -s 56 -w 10 -c 10 221.130.199.88

/system/bin/ping -i 0.5 -s 56 -w 10 -c 10 221.130.199.88

/system/bin/ping -i 0.5 -s 56 -w 10 -c 10 221.130.199.88

/system/bin/ping -i 0.5 -s 56 -w 10 -c 10 221.130.199.88

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 update.api.sj.360.cn udp
CN 180.163.251.81:80 update.api.sj.360.cn tcp
US 1.1.1.1:53 openbox.mobilem.360.cn udp
CN 180.163.251.81:80 openbox.mobilem.360.cn tcp
US 1.1.1.1:53 s.360.cn udp
CN 180.163.251.230:80 s.360.cn tcp
US 1.1.1.1:53 api.kuaidi.360.cn udp
US 1.1.1.1:53 sdk.look.360.cn udp
US 1.1.1.1:53 show-m.mediav.com udp
CN 101.198.1.205:80 api.kuaidi.360.cn tcp
CN 180.163.251.81:80 openbox.mobilem.360.cn tcp
HK 101.198.192.67:80 sdk.look.360.cn tcp
HK 101.198.192.67:80 sdk.look.360.cn tcp
CN 180.163.247.134:443 show-m.mediav.com tcp
US 1.1.1.1:53 sdk.s.360.cn udp
US 104.192.108.192:80 sdk.s.360.cn tcp
GB 216.58.212.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.201.110:443 android.apis.google.com tcp
US 1.1.1.1:53 m.irs01.com udp
US 1.1.1.1:53 p.s.360.cn udp
DE 47.254.149.104:80 p.s.360.cn tcp
DE 47.254.149.104:80 p.s.360.cn tcp
US 1.1.1.1:53 sdk.mediav.com udp
US 1.1.1.1:53 www.google.com udp
GB 142.250.179.228:80 www.google.com tcp
CN 180.163.247.134:443 sdk.mediav.com tcp
CN 180.163.247.134:443 sdk.mediav.com tcp
CN 180.163.251.81:80 openbox.mobilem.360.cn tcp
CN 180.163.251.81:80 openbox.mobilem.360.cn tcp
CN 125.88.193.234:80 tcp
CN 221.130.199.88:80 tcp
CN 221.130.199.88:80 tcp
CN 180.163.247.134:443 sdk.mediav.com tcp
CN 180.163.247.134:443 sdk.mediav.com tcp
CN 180.163.251.81:80 openbox.mobilem.360.cn tcp
CN 218.30.118.222:80 tcp
CN 180.163.251.81:80 openbox.mobilem.360.cn tcp
CN 101.198.1.205:80 api.kuaidi.360.cn tcp
US 1.1.1.1:53 track.mediav.com udp
CN 180.163.247.134:443 track.mediav.com tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 180.163.247.134:443 track.mediav.com tcp
CN 180.163.247.134:443 track.mediav.com tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:80 tcp
CN 218.30.118.222:80 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 180.163.247.134:443 track.mediav.com tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 123.125.82.206:80 tcp
CN 221.130.199.88:80 tcp
CN 101.198.1.205:80 api.kuaidi.360.cn tcp
CN 180.163.247.134:443 track.mediav.com tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 101.198.1.205:80 api.kuaidi.360.cn tcp
CN 221.130.199.88:80 tcp
US 1.1.1.1:53 md.openapi.360.cn udp
US 104.192.110.235:80 md.openapi.360.cn tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:80 tcp
CN 171.8.167.90:80 s.360.cn tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:80 tcp
CN 221.130.199.88:7 tcp

Files

/data/data/com.qihoo.appstore/files/sllak/opt/4176/finalcore.jar

MD5 c0e457a8812d8852605f210d43411eeb
SHA1 1c2870d77d9bc7cfa2fd83fc85be0dbba58519a1
SHA256 7352a4f62a2f44b4a668ba02346d9064e02625a00282628cfe8850b739fb3ab2
SHA512 ee9ad7b1b27954141f381abe14d49de3a67773c814e04bc6cf25d52048bedc4d13a5bc934a7bf69017f43134d4efa5a0e2b5f89b298f0c3f3e24f9d8230fb585

/data/data/com.qihoo.appstore/files/sllak/opt/4176/finalcore.jar.tmp

MD5 e9d9cf2754ac03d28cc6c8eb1cfcfaec
SHA1 ad678e30cd0293b060d78d49cf7f25583cf3fcb0
SHA256 957363291c4abe4e85c6b36d985e890d121492ea89c68a3bff953109b3389368
SHA512 8c0168a9cedf2814a64bdff4d40d74e7ad8b14f9a7a977fd620818b2b4cfb530e4e624bc4ce21816d6b0b6de07f211db41d9dd4ae513b12aa3b77aab5de4eb17

/data/user/0/com.qihoo.appstore/files/sllak/core/finalcore.jar

MD5 b667ca71e42bbeb899566c8834ed085e
SHA1 053a3f889e326efdfa0d3ae7e5b2655f0b7376d2
SHA256 536678202267f95d80480f15065e784d7ec609922a0963d935e9c5a4b0f62bef
SHA512 52255d3d7066d01bd47a9da788f86c707af14e7666a918737fa5ffb4bb003e97b28dd84a7cead3439ee39e10b568c97e80174a80bf776c7dd58335b06656f8f2

/data/data/com.qihoo.appstore/databases/filelist.db-shm

MD5 fbb57f94f75ca888b7eae4b46abd89a8
SHA1 a4b0b709676ed6986d84bd919a313af927e72c74
SHA256 0245c568c953323845a94a3dcb797ac7003d8fa77dba867c9935170793db7c8f
SHA512 c00c8ddcf7748116ffe9b8b61abfa0fd723e4806d4508a95960f2d48346af40265036c12d58d3aa9e28d985910d97e8328946343036a39e4a900722609686fb1

/data/data/com.qihoo.appstore/databases/filelist.db-wal

MD5 40e03cf7dd9cc0daa942617f24dec86e
SHA1 c5b3d7453352c50c52b802b9cc473b57dc40a476
SHA256 5bdc96ee754ab4fc16cc7f75823db9b091f0241b3f42f54a0250dcb61b07fa4b
SHA512 7ba8ca2816d5a06cdf71a8e53dae72710862bbadd5de58b93de1a02f35941c85cfc6ba83976cc8fbf1165eca907ef682c863262a98d24bbf6e6b18a85bdca8ce

/data/data/com.qihoo.appstore/files/360/sdk/persistence/data/Y29tLnFpaG9vLmFwcHN0b3Jl

MD5 1a377645c892c5d478ca00188afc5211
SHA1 e5731a7a169f64b3a8b4d1472c70f993483fff33
SHA256 baa2c4ce6814aab110086f8a2aa4aef9aae6c674f486642c36649c39ea2258c1
SHA512 f9434cbea80f41a82ace567dba2892114b767fc9996a5d5e01855bd42b5016424753b01866e3fe4f4df59282149c85ef028305d013071dd7e3a5f0a7cca48e01

/data/data/com.qihoo.appstore/files/360/sdk/persistence/data/Y29tLnFpaG9vLmFwcHN0b3Jl

MD5 68855ecfb044cca793c040d5d7f6d10d
SHA1 070af9dce7b9c1a29a3c2184f963ffdf4556a6d0
SHA256 a2599894032105f99a2b96368f5b50cfba20221ae25028ff9a6458bce2a849eb
SHA512 4dcaf4babddb1e23d3a8fe9e89e861403feed31b5ac65e0d744f6bf50d22cc6f561defc5249f08839d1bdc30c84dcd743e3f26852616835dd679c525ce79a21d

/data/data/com.qihoo.appstore/files/360/sdk/persistence/backup/Y29tLnFpaG9vLmFwcHN0b3Jl

MD5 eaf103c49199867871b4cdd98ea0dab1
SHA1 4550edf11fd52a8fee04a2447bebe7cdf50131a8
SHA256 3e56dee0bfc777a801f00a0d604a1c02e672c95eba8cc23e34973ebcfb509c7c
SHA512 0ee52a1f40a40ab9e080ce511f4a51127a31d1d0e7e9ca1c97b2c4670cb5ce035a8ce5cae100ef02daa90350a5fffad7a13d61af7562c3a7f85be7dfee222a5f

/data/data/com.qihoo.appstore/files/360/sdk/persistence/Y29tLnFpaG9vLmFwcHN0b3Jl

MD5 0f8d29caa8c134c0f7b7fdef39693b2b
SHA1 2c71ca49eb21168936e721627e8036e6309d28f4
SHA256 e1ffd440bf9c82851c1fc4e282d55c7f08620519380f1eb793bf74c915d1dbd5
SHA512 c0d7828feba78808e1b52fcb5819269d3d84153c6283f6c1d4d56b0c7379a0360e0c66774ad3efdd84fffd3c1d0c08e6b753100768fb5e768fe02fe585022326

/data/data/com.qihoo.appstore/databases/ignoreupdate_appinfo.db-journal

MD5 08d9d820d9104de6a52e1615cce88fc3
SHA1 c23aa45c3dbfc5fb15a3cf4a43fb7b17437913f5
SHA256 fe6dfec4a098ba4b6cf06b20d0a9e53483534beeffb6f7815ea8bc61aaa79e20
SHA512 3dac29afcce0366ed16f950e85444da779855fee0a61d3baf795fdc60835f1aaa0388aabb2b5ee088275024a5a21044ca984ef211ad6995874f46c1caeeeaaa0

/data/data/com.qihoo.appstore/databases/ignoreupdate_appinfo.db

MD5 3c6fc00a30815fc7a3c64625ffc18512
SHA1 39839f0e6989a8f2cc2447a77d7514f24425b54b
SHA256 1f2c1bfd7d14a2eb19c38a5c4debf210966bde2dbde76191195b43793c858b7f
SHA512 e6a7550fc4bbd2707ea76eb6bf9a6d90da411efd5617c903ad6698c42fc6e04f369924edb271755739a6c2b7469eba20eba429427b89f4043d366a8e5c5877ec

/data/data/com.qihoo.appstore/databases/ignoreupdate_appinfo.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.qihoo.appstore/databases/ignoreupdate_appinfo.db-wal

MD5 fab4148123670c93cd1c2fbc9d752323
SHA1 d7f872efb867f0f8ed18249a269ea4eab0526456
SHA256 9380aec3832b1ed630203ba3fc2d6a287b1731c035af9f636af6e5d57c674343
SHA512 54bc08318dc5b86ddf44c8dd11c3786b6ad07be97a0e652cc8a5035783a8e7d8a581f3e3a7da6d1cb27dd1d8e39fc7f362a87af5c5b6328d947039393db856cf

/data/data/com.qihoo.appstore/databases/download5.db-journal

MD5 c98fbf27371db42304794573f7b9b22b
SHA1 ee405dcc95dc9e8b2207a17c1c00a91b0e0b9b50
SHA256 67aee83aaa63d93ee5032d09d9c853e6d4ff79d34fe3f550fd87f2265511b0d5
SHA512 5f3808b512c12e24f555de6325d01ec9d85513926c168faa1e4f21cc6974567de6c53ea8ad38a8f568bf0d8f7e60909d912b03d19f39a7d7067b5f1e2da81532

/data/data/com.qihoo.appstore/databases/download5.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.qihoo.appstore/databases/download5.db-wal

MD5 117720b1a6690ce6b55b7030fd683b52
SHA1 cb2d0ba530def00334bb09eb4c5898c2ad99c03a
SHA256 728889b5819785b69bb0cfb6d2f8c79c8d80029912e44d06bb63a8ea7ece5e0a
SHA512 b6407e723db17dd06584ac16f889e47598d053b8f53d93b0999f400a2a7f1688629b2323ca740284791f1332072cee9070543d55cd73c9b1d9adfa8b352eb9e2

/data/data/com.qihoo.appstore/databases/ignoreupdate_appinfo.db-wal

MD5 724b18e996db9f2d3b6a78d0f8ac2b16
SHA1 f19fdd87f77a563025014abc9cf0e277592aa6cd
SHA256 57541cc46a59d24de74fff8791e6f2c0b758683a9cf4d14ce8c849ef7c7eda67
SHA512 ab7c737870707c9b8e17f163643d8e1e7d385d25902ad28598b24a9a05540f149bccc7b6ee7f7ef8579faff8aedc086ae79fc27231dfb589d51c56a6ea3f8b20

/data/data/com.qihoo.appstore/databases/new_downloads.db-journal

MD5 5621fcfeabebc7e2514f66cc5e448d1d
SHA1 8f62fc65af3fca88b7ac9d634bacd32d8cdc91f6
SHA256 4218b95c9e360d3c3cb3c5342f24ce94d49edebd93f07460bef74a809928e9bc
SHA512 21f3eadf718af601cdba7ca0ee285f14fad7b5838aca73592755eeac60bd0847a84485337ede937831960b8d6a295c38f40dddd7c57cb671e5139cbee3089bed

/data/data/com.qihoo.appstore/databases/ignoreupdate_appinfo.db

MD5 60e4cf217e77c56efd3707b603797c5b
SHA1 816247b4883d3adb30c4db39fda16d2288e27de0
SHA256 8e2b8343f703045fb8596dee1888f65fc66b64d10304a4a49fd4ad1f63bd67ea
SHA512 22a8cd2974663e8caa220177e7bc64aaf35735dc8abc3870a7e47ea86b02d8b06b041000e5505039b3116290aee67e9645ad2d9c26218749f5b5b2e332712af2

/data/data/com.qihoo.appstore/databases/new_downloads.db

MD5 3fe30614d7e0d11db870b4624f6c50e0
SHA1 053ff0fc621ab40f2afeddb3e7b4a73ee41ec533
SHA256 67c532f0324228dd33b445cd399c1426e3a0e0cdc7b9358c66b402c5d40a838d
SHA512 c7c09e97a408e88aacaf8099ad4d1fa604d58113393500a384eb3c2eb7c3c105af41314934b86eca2f088045cbab5a20d768bbb295448dc1ae6cb6c3f59821ae

/data/data/com.qihoo.appstore/databases/new_downloads.db-wal

MD5 c609d408a89dd57b6ae2d54b60d1da70
SHA1 3c9ae6011d27a35a5d8d84999e64e54f83db2f62
SHA256 3dd33b635d69e6e6138ec4f0a92e9e8276a7a16871d3400e7bf7e796e610c9b1
SHA512 9425ce45179dc7536ae5efc874c8c2cc0c3c388b506a12747bbd60323cbb870f70ad660dc6389b1745a3cffe05a5f76ec07639b92d4aba245187784d86525c9a

/data/data/com.qihoo.appstore/databases/ignoreupdate_appinfo.db-wal

MD5 68e7c282782785baa172a85468b81221
SHA1 e144f4314b53faced16620bbf0c87a8a257d99e3
SHA256 5e1657d5fefa6f62a4c68458e51fffb763ef04c48186fe086f0e2eb635bae823
SHA512 4dc89854421f28297ff164723329486d414e8202849fe23eb37cfd2cb500f9a17bb8988b24807ceee3ba2e9e5a222fa553d9364f71810a3eacfd64a168188986

/data/data/com.qihoo.appstore/files/360/sdk/persistence/data/Y29tLnFpaG9vLmFwcHN0b3Jl

MD5 a977b16c220ab891289e6f45b708cea5
SHA1 7c87f1974f3f9a0c0e1afe7de08d64ec1f3b8af0
SHA256 efb338340ff9d4e1c01fe5360ebae1a356a1a1b1511c49a20e19ee890cac2194
SHA512 d5f2e48ba6ff79532b8481757ff74e3a92fc83968ad274d4628c886771c00f73421fa604e05b6a8179ea6736f23895c779150244469376f0e45fe5bba4b05d18

/data/data/com.qihoo.appstore/files/360/sdk/persistence/data/Y29tLnFpaG9vLmFwcHN0b3Jl

MD5 d0077b68209fa94a3de33ae4da6387be
SHA1 13b875818c5ce23455ef3d11c8d7dab343e580bb
SHA256 b64832ce8658b20a4339c27da0f7ac2840d5ca2f074101b8cc1a73cc2bbab9a8
SHA512 c56494b159d665fcb8669a80720e71c5f2b927d39c2432301e2889529cdf5dbf6eb9de1ae2316eb196644c1ff8b65091dc6dc74d942f3903b2d22a7e391cc3ba

/data/data/com.qihoo.appstore/databases/_ire-journal

MD5 061a48b98961f986bc57aeaa5769340f
SHA1 e0376467d82d02f6a2ba60a56d172e77270805fe
SHA256 0304f4826476ea29b6469df9900daae2c14a254465de8c64c8eda516bead4e1a
SHA512 ef9cc33457d3b49f8e8ee5cc83115acf90eed28c49375748e5c5eaf8f4c2364f4d8b865797de33af143f5425251d27533bb2380db7c071d988032c8b2fe16b1e

/data/data/com.qihoo.appstore/databases/_ire-wal

MD5 eb2a4d6fa6810c462622b649c295c0e5
SHA1 18c9211f726bad20964209719f9eb36149775f23
SHA256 a6642348224741a1d2e0db2764078456c422166193102f3da6fcec0707372ef0
SHA512 51ac2c9977f6ef8387058d208fb35dd42048bef2d1ec7e8348f9883bc1cb5fb2dd9afd5d0892d13627035fa67be1359f28b1084b9b4e56369ebae6510298aabd

/data/data/com.qihoo.appstore/databases/update_history.db-journal

MD5 5d2f0fe5b1313234148e5c4e01691475
SHA1 d237fd510d4fa9ef5fd014029cf8cfebd9e84c38
SHA256 fb2a138abb05c4bd8aaede2c7fd85f822c35a00ba30f863a94ccdd4d43963262
SHA512 11e5b2c17cd399e6d46b306269c3a38a8365114e9f4df1b295e51b6829fc2919dcfa173c8d299478bde02b64d37c02d4a25e032517f0bfa8b9dfad70d490571c

/data/data/com.qihoo.appstore/databases/update_history.db

MD5 e0ddc29dccfd6312689ea105cf0434a8
SHA1 59191210f5a80bc047f8155ea92544f4095c38c5
SHA256 3079b5c02af6b7ddced940086bf7095b1205bf0f396b87da0d5c5f6d8b5b6143
SHA512 d5ec8a2bd21928c07ada4ab4df8e72b6905872533d01afe4eb243ef06674e630a9834a03dc5fc2f8d487c3cee8aa3b3117e73379ae64e6f4dcf3f8dd0145fdb5

/data/data/com.qihoo.appstore/databases/update_history.db-wal

MD5 d0b663d0641348d3fd80e390e756bbcc
SHA1 5407d6ae416e3039e70769dd2c853272fa3f0d11
SHA256 0efdfb839811a425c82e92ca3f845efcc6081d49e4a9b664950c0ed6df68f77b
SHA512 6066b7f666ec5ddbb5bab9066add83a305e0727cc3da101dc781db37f4c71061bc74b6ea78cfe02ac223eac7108caaeb6edd18c5e9b024ce543c030d5b6a3f79

/data/data/com.qihoo.appstore/localApkInfo.json

MD5 e155a0b2d395d938529d2969d74cdbae
SHA1 51af24121d88b849931eb2827440b01cff32a008
SHA256 369c936f7da0aa64fdab40f1e09bae1126e4299013d8b2c03cbb00d8d3d765c9
SHA512 ed15a8b3ebb208361be447112d0d17b3f03a96fbc0aa735a80ce35e3632afede391bad9d3178d78c33f56922418f4db57c3f2184358d05d2a5d752ed742f9286

/data/data/com.qihoo.appstore/files/sllak/core/oat/finalcore.jar.cur.prof

MD5 6615445abb5fc89ccca1f7cf5654c20e
SHA1 c7781c1ed52002a099e0ebe57c76532c220676ba
SHA256 a001df550836c0b278803a4db7ede82255f54f1287dba023020dc8190b3be6eb
SHA512 87c1195cf45bd26324ecf10a5dc83fb448950ee4763177ee4dfa58ff2a6ed35025b0cf1da9f594113600944076fce0498d1fd5dacf4a1c16d715273fda4316af

/data/data/com.qihoo.appstore/files/sllak/logcache/log1718244570991

MD5 1315913bfaef227a4c1a677e673e1491
SHA1 300213fe8bfa610aefd2c34dcd119154c8033fee
SHA256 503a8687df6317dbd0b8309e09d92c9ca421e1df3da24c0c7bc954e55b243557
SHA512 7aad844a81330b2e8fee54c57f36a3104e573a14502e146f09aaf75633395d6bb247d5710789f925a5fd5ec473d2480b60abad758d1367edaee6762a9ba4ee90

/data/data/com.qihoo.appstore/files/sllak/logcache/log1718244571194

MD5 de869d6c7d38fb03108b8247abd8c551
SHA1 9c1e1ad6e23ab0340508ded5d79a2d8b1c95fd6e
SHA256 08bd2d5b46a322ba66d1a1acaeacdf1ba0a090c03f28a3a771491c1075a0b676
SHA512 750ddf3f8027745332c4dadc7641ea9dc63c8197555dba734919cf373df74576bff4804e14c7c5d88493d1824852786a5ffb145b263eb884a01828c2962ce720

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 02:08

Reported

2024-06-13 02:09

Platform

android-33-x64-arm64-20240611.1-en

Max time network

10s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 172.217.169.36:443 udp
GB 172.217.169.36:443 tcp
BE 173.194.76.188:5228 tcp
GB 172.217.169.36:443 tcp
GB 216.58.201.106:443 tcp
GB 172.217.16.228:443 tcp
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-13 02:08

Reported

2024-06-13 02:09

Platform

android-x64-20240611.1-en

Max time network

9s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-06-13 02:08

Reported

2024-06-13 02:09

Platform

android-x64-arm64-20240611.1-en

Max time network

8s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-06-13 02:08

Reported

2024-06-13 02:12

Platform

android-x64-20240611.1-en

Max time network

129s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.200:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
GB 216.58.213.14:443 tcp
GB 142.250.178.14:443 tcp
GB 216.58.201.98:443 tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2024-06-13 02:08

Reported

2024-06-13 02:09

Platform

android-x86-arm-20240611.1-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 142.250.180.14:443 tcp
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-06-13 02:08

Reported

2024-06-13 02:12

Platform

android-x86-arm-20240611.1-en

Max time network

171s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-06-13 02:08

Reported

2024-06-13 02:12

Platform

android-x64-arm64-20240611.1-en

Max time network

162s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 142.250.187.206:443 tcp
GB 142.250.187.206:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.200:443 ssl.google-analytics.com tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
GB 216.58.201.110:443 tcp
GB 142.250.179.226:443 tcp
GB 216.58.201.99:443 tcp
BE 66.102.1.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.200.36:443 www.google.com tcp
US 1.1.1.1:53 www.youtube.com udp
GB 142.250.187.238:443 www.youtube.com tcp
US 1.1.1.1:53 growth-pa.googleapis.com udp
GB 216.58.201.106:443 growth-pa.googleapis.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 lh3-dz.googleusercontent.com udp
GB 216.58.201.97:443 lh3-dz.googleusercontent.com tcp
US 1.1.1.1:53 accounts.google.com udp
BE 142.250.110.84:443 accounts.google.com tcp
US 1.1.1.1:53 lh3.googleusercontent.com udp
GB 142.250.187.225:443 lh3.googleusercontent.com tcp
GB 142.250.187.238:443 www.youtube.com tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.200.4:443 www.google.com tcp
US 1.1.1.1:53 mdh-pa.googleapis.com udp
GB 142.250.187.234:443 mdh-pa.googleapis.com tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 216.58.204.67:443 update.googleapis.com tcp

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2024-06-13 02:08

Reported

2024-06-13 02:09

Platform

android-x64-20240611.1-en

Max time network

9s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2024-06-13 02:08

Reported

2024-06-13 02:09

Platform

android-x64-arm64-20240611.1-en

Max time network

8s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-13 02:08

Reported

2024-06-13 02:09

Platform

android-x86-arm-20240611.1-en

Max time network

8s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A