Malware Analysis Report

2025-01-19 04:53

Sample ID 240618-gr7ensvcmm
Target bb08ece436d67b417679cdc37cf5020b_JaffaCakes118
SHA256 2c2222bdbce1af7b89b497b6fe5f4edbc3859a82fb5140dd6c75ef6f7229fa1e
Tags
banker collection discovery evasion execution impact persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

2c2222bdbce1af7b89b497b6fe5f4edbc3859a82fb5140dd6c75ef6f7229fa1e

Threat Level: Shows suspicious behavior

The file bb08ece436d67b417679cdc37cf5020b_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

banker collection discovery evasion execution impact persistence

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Queries information about running processes on the device

Loads dropped Dex/Jar

Queries account information for other applications stored on the device

Requests dangerous framework permissions

Acquires the wake lock

Makes use of the framework's foreground persistence service

Reads information about phone network operator.

Requests cell location

Queries information about active data network

Queries the mobile country code (MCC)

Queries information about the current Wi-Fi connection

Listens for changes in the sensor environment (might be used to detect emulation)

Uses Crypto APIs (Might try to encrypt user data)

Registers a broadcast receiver at runtime (usually for listening for system events)

Schedules tasks to execute at a specified time

Checks CPU information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-18 06:03

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-18 06:03

Reported

2024-06-18 06:06

Platform

android-x86-arm-20240611.1-en

Max time kernel

173s

Max time network

185s

Command Line

com.poketec.landlord.qihoo

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.poketec.landlord.qihoo/files/qihoo_plugin_apk/360sdk_1_2008.zip N/A N/A
N/A /data/user/0/com.poketec.landlord.qihoo/files/qihoo_plugin_apk/360sdk_1_2008.zip N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries account information for other applications stored on the device

collection
Description Indicator Process Target
Framework service call android.accounts.IAccountManager.getAccountsAsUser N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Requests cell location

collection discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Processes

com.poketec.landlord.qihoo

com.poketec.landlord.qihoo:PushClient

com.poketec.landlord.qihoo:pushservice

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.poketec.landlord.qihoo/files/qihoo_plugin_apk/360sdk_1_2008.zip --output-vdex-fd=82 --oat-fd=85 --oat-location=/data/user/0/com.poketec.landlord.qihoo/files/qihoo_plugin_apk/oat/x86/360sdk_1_2008.odex --compiler-filter=quicken --class-loader-context=&

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 sdk.s.360.cn udp
US 104.192.110.245:80 sdk.s.360.cn tcp
CN 123.59.62.126:5574 tcp
US 1.1.1.1:53 9658758D.rtc.youme.im udp
US 1.1.1.1:53 9658758D.rtc.youme.im udp
US 1.1.1.1:53 pg.xdrig.com udp
US 1.1.1.1:53 id1.cn.com udp
US 54.153.56.183:80 id1.cn.com tcp
DE 47.254.135.114:8012 9658758D.rtc.youme.im udp
US 1.1.1.1:53 api.gamebox.360.cn udp
US 1.1.1.1:53 mpay.mgame.360.cn udp
CN 101.198.3.39:443 mpay.mgame.360.cn tcp
CN 101.198.3.226:80 api.gamebox.360.cn tcp
US 1.1.1.1:53 p.s.360.cn udp
CN 180.163.249.138:80 p.s.360.cn tcp
CN 101.198.3.226:443 api.gamebox.360.cn tcp
US 1.1.1.1:53 sdk.open.talk.gepush.com udp
US 1.1.1.1:53 sdk.open.talk.getui.net udp
US 1.1.1.1:53 sdk.open.talk.igexin.com udp
CN 183.134.98.112:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.102:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
US 1.1.1.1:53 ddz.poketec.com udp
US 1.1.1.1:53 ga.xdrig.com udp
CN 116.198.14.95:443 ga.xdrig.com tcp
US 64.32.14.144:80 ddz.poketec.com tcp
US 64.32.14.144:80 ddz.poketec.com tcp
US 1.1.1.1:53 cache.poketec.com udp
GB 142.250.187.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
US 1.1.1.1:53 cache.poketec.com udp
US 1.1.1.1:53 cache.poketec.com udp
US 64.32.10.28:80 cache.poketec.com tcp
US 64.32.10.28:80 cache.poketec.com tcp
CN 183.134.98.102:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.112:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
US 1.1.1.1:53 mdm.openapi.360.cn udp
US 104.192.110.216:80 mdm.openapi.360.cn tcp
CN 106.63.27.86:80 tcp
CN 220.181.150.197:80 tcp
CN 123.125.82.184:443 tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.102:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.112:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.102:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.112:5224 sdk.open.talk.igexin.com tcp
CN 101.198.3.226:80 api.gamebox.360.cn tcp
US 1.1.1.1:53 android.api.360kan.com udp
CN 101.198.3.226:80 api.gamebox.360.cn tcp
US 1.1.1.1:53 relation.gamebox.360.cn udp
CN 101.198.3.226:80 relation.gamebox.360.cn tcp
CN 101.198.3.226:80 relation.gamebox.360.cn tcp
CN 101.198.3.226:80 relation.gamebox.360.cn tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
CN 183.134.98.102:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.112:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.102:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.112:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.102:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.112:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.102:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.112:5224 sdk.open.talk.igexin.com tcp
US 104.192.110.216:80 mdm.openapi.360.cn tcp
CN 106.63.27.81:80 tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.102:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.112:5224 sdk.open.talk.igexin.com tcp

Files

/storage/emulated/0/360/sdk/persistence/fmR

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/storage/emulated/0/Android/data/com.poketec.landlord.qihoo/files/ymrtc_log.txt

MD5 c33178d294d4bdb2aa13e9180d6b8073
SHA1 e230ec096a5bd755f5676f4fa66f4e94fdc2ac3d
SHA256 c25e0befa5239f015804366fe8dd80527e14cea49eab148cb49e105738035dbb
SHA512 e9f791692932fb05ce0e255862a2b095f2a8ef3789671fac3bc25a395dd675c6cb2168fecafd94ac83f5535ccfb08d24ef6dc258ea6ce34f3e72e76907ae2f86

/storage/emulated/0/Android/data/com.poketec.landlord.qihoo/files/report.db-journal

MD5 8af5fd8eb7870ecdb0b1e0cb39a98c29
SHA1 0f8c33fb6e4131df7954905905d89f3d60cb834e
SHA256 19a66a5bb9d686458729b88c5a3ab7949e6465085759c4965fc4270bad0c75bf
SHA512 ce047a5e65fdf9ee9cd7cd727ba35b43e195fd505e6a42bbf5bf1676f9e295639780bd0bb5269294d48e51813ad5610dc7eab495cc34aa3cb695b2a9d4163894

/storage/emulated/0/Android/data/com.poketec.landlord.qihoo/files/report.db

MD5 791f96a27dacf79dfb6d530a74ad91cd
SHA1 8cb0de7a7362a469b5858687ee90cd5b0781011d
SHA256 0a70e748a05736dfc0db9afdbe9eacf234b6f30ba9faeaab69ac36e22d57a59f
SHA512 b94662b463e8ea658bd2fda1abcf80df74c3da10026b629d1bcf69784a100efc07e59c4956a066d793f354a8b0ee8a165c0cfcf60783336e76d9f59747c5ceb7

/storage/emulated/0/Android/data/com.poketec.landlord.qihoo/files/report.db-journal

MD5 b2e2bc76007c9ad76a448a4b33ad8df1
SHA1 70093608582dc77aae2e678be0258f28ac29d7fe
SHA256 9274f573f0e3af63208435943e9da009f245e0636536dc5d7740fae4e943e9bd
SHA512 317ef72fe9c6c3e34bf27e8beb731bc080d6c312b06a7d38c6107ac0a5c045ec9d5c3682492e08a84b22296047f29f57303a2c745226ac64b7bd42420f6bdbd1

/storage/emulated/0/Android/data/com.poketec.landlord.qihoo/files/report.db-journal

MD5 98712a7616eb4e8eea11e4bc1c3848a3
SHA1 edfb60859c0b39056faa57d3d2377c8be7fa5062
SHA256 0ba1e1ec7915a8543641a49bd7e306a6558f2b47570363f5011885a4b80104e6
SHA512 642c15e15a8ac33bc1fc5e5097d0ebb681d2e8b890330aecd53536b406be9d70d90db03348e4e83c8332e3fc57ee30924243ad2318bcf224c7b210b82e570470

/data/data/com.poketec.landlord.qihoo/databases/mpush_game.db-journal

MD5 79e359bf40494fa56291f9267aa6ac78
SHA1 708aa22b0e4af2d787d26897a27ea9d0968f96dd
SHA256 8c015f1aea48220f6c9704dba0e74354df93e8a121bd107cf5a767287c48d191
SHA512 4da65f3ec201dd3a11f826772ae83b0ac53e06d073c0bc5390f8025e15e24c63b050d3da8a4e447d511190da1250dbe41aef7e6bf630f1ed4324fc384d66cd26

/data/data/com.poketec.landlord.qihoo/databases/mpush_game.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.poketec.landlord.qihoo/databases/mpush_game.db-wal

MD5 bd6e95c5414dd664886f33867e03d15f
SHA1 fee1638f55d61364aca68e517ed289a8bd85e2b9
SHA256 77baacd8006a58941149e4256aa3021a5b59ceecbc60520a977269735cd70bc4
SHA512 46e8184b4342d7799996c1a82ffecce0e9ada5d306487a5d6c93c453fa6a904c3ce73a5a7eb5ee25b3e3c4f6ba1212bd0a1b954694c3b58c671649a9bf9a1a99

/storage/emulated/0/360/.deviceId

MD5 1d8d16c4e3b19ebf18988530d9b9a757
SHA1 bc94c1cce05cd848a53271ecb9c5311e27ffebf5
SHA256 abd87140da8de3d0aa39a24a8d52bfe7b2eb28f7a3d505f205471c7e8f4964d7
SHA512 4562d1eedbc5c2dd7f25cd1c70343053fd451026403585182b142a64f17016c1bd0bf6ad51667b439b220e425640e55fbbda08517e7106376cdc220a4555da82

/storage/emulated/0/.tcookieid

MD5 176d9e1ff043e4a33fff043e3d1d23f3
SHA1 0bf5111e2a5cb4e24dac770852707099cc6a88bb
SHA256 a75d7ad5205df667b6afc3f457218b846db289bf9fd0a6a7487e9fd51837ba52
SHA512 ce9e66d43a62c6f7689e62184b4a0e38665b44d5c7fe6fc60cbe919008c0f1ad4cd755b6ee05522932acac4dc7ff97d83c475700a6fed3ac4ebcd0b86372709a

/data/data/com.poketec.landlord.qihoo/files/mpush_version_preferences_file

MD5 4e732ced3463d06de0ca9a15b6153677
SHA1 887309d048beef83ad3eabf2a79a64a389ab1c9f
SHA256 5f9c4ab08cac7457e9111a30e4664920607ea2c115a1433d7be98e97e64244ca
SHA512 e053886e1b797bc5a80f932302f0201265a599d82e2502d41941d6e652614ef88fa058e009094d26655f880200df12c2100f690254fd1e5bae75d7441763cd33

/data/data/com.poketec.landlord.qihoo/files/mpush_gateway_preferences_file

MD5 6ed7f19572d045a5b7ef8c079e36c0d6
SHA1 a3e9e52106de281203fbabc33131fef7b1fbc602
SHA256 081b605597dadd810d53492bdc096c28002883214e6bdd0ba0fcdf5a9bc02d37
SHA512 1a6b137be6ff21b7894657146eac757f63c4f8ee7881aeb2dfec15ea416cbb8a0313add31bd110651acaee205a25f7afa725ac7e9a69676ccb0624bdfb9ca62a

/data/data/com.poketec.landlord.qihoo/app_td-cache/tdandroidgame

MD5 cb2fff4fc4baaf0f71a244fbfc24d47a
SHA1 db102db469823079253bac6a0c2e2ccd0226447a
SHA256 7c6c8e45ddc9360575ff7f1bf0d2d5c09b76cb172b8562f1f97d97f33df5e30e
SHA512 a18e4e4ea70180683b0cbdd0d6cb891986adbbea2f95ea568a2f62d2c24d37330f1be5ac76715e0b670c89a2955cd0a8246024c49fc11ca8f7a17bc66addf310

/storage/emulated/0/360/.deviceId

MD5 b28e9bb450417b847a3edf50ba0cd4e1
SHA1 86cd97314944ce6af5142891ca45ecbc55124552
SHA256 3850d2834beb238f15e8cad6c7c187e711025a5bb45b85aa9806691459080ecd
SHA512 1a97d83ff319fdd5c55081fcc570e1b55efd8ef48ee62aa481a792153d32cbd9cf96c06cde156d09048de44073f33aa5721f73c23995d4ccf1929cf46c186128

/storage/emulated/0/360/.deviceId

MD5 01db01abd911b55b157afd7ef3121f98
SHA1 52caddeefe6482cb04a89275be418d0802eab0b1
SHA256 b50c0e08602550eb2e3c87485473d0f42a8832241b13ea5faacaf460d6f36390
SHA512 5f4a6271bc692b55658b99528de3fe7a9265c92a0ff4011992142f509fd5fac6d78b91ccfe8a0078906f9f0d7e6a1324e779126bf7b2b4f8093ef72b440e2708

/storage/emulated/0/360/.deviceId

MD5 9cb91dcf6d8ade1a8b90ba1f1fa0739c
SHA1 1e9f47c9ee66ab94c071584ce962a371fefad515
SHA256 7ea3fbe0eab037b1c89bec58a96323d74670bf7436afb3343526d2e887ec1f3d
SHA512 091c5fe9a545787801237b7efadd59f8f77b4cbe84695244aefab4e9ada57ec1a099dd8cb58a9eb01e946a8fb4df337ab59d51dad204565b36ad5e6c1d68e98b

/storage/emulated/0/Android/data/com.poketec.landlord.qihoo/cache/uil-images/journal.tmp

MD5 8c92de9ce46d41a22f3b20f77404cc1d
SHA1 8671a6dca00edb72be47363a7071be65cf270373
SHA256 68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA512 30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

/storage/emulated/0/Android/data/com.poketec.landlord.qihoo/files/report.db-journal

MD5 eb72d4edf5ee798b99a0a53cae4129a2
SHA1 64d25d3da55041f85fcd995d8c40dc6aefeec220
SHA256 5f5d9cb7fb171648f204ba3bd410aade2ad2f6ed6b88bba2c97c4a39ceab8285
SHA512 72bbe75739e7aecc8d69029aa4d41dcaf33155f432e37c211f395ef543a2776da31d1c0eb60286b3c9a419b27c8e66b4dbd0d6428fbf6703389380bd5537b1df

/storage/emulated/0/Android/data/com.poketec.landlord.qihoo/files/report.db-journal

MD5 f663747343bff35e1e418ac218aa20b6
SHA1 aca7bfabaf184ca01f64e145ab9d18863405397d
SHA256 49ddb1afd7b5ba8b371112fb94ddb86839af94d5b28b5270849e4a8b1d9540b3
SHA512 a3bd761e20c35c10bb9ebfcac885c394acfb5a7f84cdab1c06e7db005594f609868e951b2ecb5c2db0a7edb410f0d204ae21f259271de510608e6f69f062f0d8

/data/data/com.poketec.landlord.qihoo/files/frameso

MD5 12f4941c7b5759fddac1942666c7ccda
SHA1 267ad96ee13763124c4f72e7244c7bf1b0605940
SHA256 65cc43ea0380482e5f97817743bb7a081df35182b010a58f730d1a4aa914cab2
SHA512 253aa0f538163ea7f9888a782221e2582a9bd41c4e654fbd238beb2e5441df709cd0a7f5e944d3e3eaf212994d1810d5d5774c5e90a3cde91f77b3a527d864a4

/storage/emulated/0/Android/data/com.poketec.landlord.qihoo/files/report.db-journal

MD5 6f7f60e663613e29dc9507f0639a3ea2
SHA1 868a351b6151f89056d9a175e7b2417b8880ac28
SHA256 9dc163f44b54d84b30461b708f06f507d68961b53078cc6caa0547281f0c6988
SHA512 3f08efd7fe5510e0cfd4b35333907eac589c33ed1f5f79193bda0c52b2e044dc8ff9744cef9ccc1315ac53385d92bc50e32ae426fd492af9ff321c4469a3e7a0

/data/data/com.poketec.landlord.qihoo/files/qihoo_plugin_apk/360sdk_1_2008.zip

MD5 72f323789a8cbb4f97f3e4aaa52c7497
SHA1 db520020f0c2fe199b57dfb331e228ebdf72447b
SHA256 b247b653d011457fc35c361b49603a91cbc00af2c2205820b0561a9993ed1c15
SHA512 182ba0b914a25ff2871d828e3b845a4042338887dc6100bc2c7499a00355addf7bb127ef42ae94d501cccb8dcd981b469444d59132dbefc693028313c57ced39

/storage/emulated/0/360/sdk/persistence/data/Y29tLnBva2V0ZWMubGFuZGxvcmQucWlob28=

MD5 fe5d7b96a53c70c6b4bc08da04f75233
SHA1 2df9994dba5b708de4c42bfb25cb82a83f6a9131
SHA256 b305686fe9147c772f32cc041d8c98d8a459f4d861e4b16561d1b0b6192867ba
SHA512 9d1de4472a43b068d4f7dbaa8cbd4896f108c440dbbf326aa631d0f60656a8f7437c70328b52e2e5287bd13ac1210e2286a1bcba921f9197ae4c46d1d2a69c95

/data/data/com.poketec.landlord.qihoo/files/360/sdk/persistence/lock/Y29tLnBva2V0ZWMubGFuZGxvcmQucWlob28=.tick.lock

MD5 c26974a14d07fef3775f4f44589948cc
SHA1 9dcb4528954e042b19f59e986f107e7dae3d76ab
SHA256 066125cf9ff7b2cb4a4f58aa03d76257f8944befc9bbe0790e54e414de032248
SHA512 648d04073c6f914769088f772bb59321648e0ea4f33d5fac9c91da2f76c567d8d0b2f50854958759c0e243b95863339fb1bcffb50ce33c46a5df2a2726f3564b

/storage/emulated/0/360/sdk/persistence/data/Y29tLnBva2V0ZWMubGFuZGxvcmQucWlob28=

MD5 7e2072e828d0d1d5da18680eec75d401
SHA1 de82e760c51f58d60d6e4fe21cc53b5f062530a9
SHA256 8526ba64d233b727c0e07e9a8cf835ae2ac925e9c0857d318e7820467e8262a9
SHA512 295852845f38636b6bfbaf281f5e083ec5f438ee509f71ad18be14f4e58cb3eb111d695319cb5861769d618cdeb3b34aff178c50cc9c907f65c45553ee9b89e9

/storage/emulated/0/360/sdk/persistence/data/Y29tLnBva2V0ZWMubGFuZGxvcmQucWlob28=

MD5 d3f09cc017a988c99306172c2d987232
SHA1 698d8039c392f5bc0cda6aa7533f6074dab677ee
SHA256 d65eaeb22cf039f11edebf8ecabbf087f733cc8c5cac99bfeaa2fbe92e0ed5e6
SHA512 2d1a50647b5ed8656ada851e95dbab0fccc03e88d15d87015b23a87046c69457374235881e2a5afb230520680d4d44b71de4f9e02698ceb135cd9865a432aaa4

/storage/emulated/0/360/sdk/persistence/data/Y29tLnBva2V0ZWMubGFuZGxvcmQucWlob28=

MD5 389c976693a59c643dec6444086ce241
SHA1 d4b8de22da6d13bff6104013a0a07061baf46227
SHA256 3981d1ad6a0493b68d8f831ec04b0acd90487420a93402af64ed8b0f8eb335b8
SHA512 1dcacd0d2a9a970e5037afd56dedd8d717a11e665cf2e7a79d7e0a962f86b1af1401308cf01160a17484884e0f413e338ef42777c0d487a6d419278f3971bc73

/data/data/com.poketec.landlord.qihoo/files/init_c.pid

MD5 b7830465fc09714d90fa5a0eeb6d9335
SHA1 6759ae54326b65199c646240eef52160af5b8c72
SHA256 dbadd946c32f82e734383e447274706324ff3384eb17f9b2de63c04009d93a6c
SHA512 8ddb7ec8be118e911a16ce4a7a2172e2d60479d2c58e93a0cc866fc0a412a1198132941b34c99ac00f4510dbb14104cf368e4434690d01079ec7ddd58f3ebf7d

/storage/emulated/0/360/sdk/persistence/data/Y29tLnBva2V0ZWMubGFuZGxvcmQucWlob28=

MD5 90cf7984a6e2de3abdcd2ec89a657b6d
SHA1 934db95e37514f10d7e6e0f0f337c3f4bf1befd6
SHA256 d3f9f69c232eefadea17e9fd602303ea4bb1569656643299401767e849c2f3cc
SHA512 cfd63aec33767a45c7a7bc26cbba8f704cf5026a6ac69e27c3bd8a2c4ccb806c9c8ce604bccdd30d4c4a58336c7f87b565794a791995c17a85d665268b86e94a

/data/data/com.poketec.landlord.qihoo/files/download/data.ini

MD5 41b1ac841674559f1ffec75d3ac1d552
SHA1 84c6ca30b5844d4d6d8f6f92f0efab4c1835836b
SHA256 0a7f9fbf28c1c9de00467a8083795733be21b965512b73cba66553912967ab88
SHA512 ad380eaf41ced9446b1c090847edb99f14f5f3babf041bcc6a42c4838c3b44bf017467dae9ff2adb7abc7117a392ad97f3eeddfb165d8e4df583c8d9219c4e11

/data/data/com.poketec.landlord.qihoo/files/download/data.ini

MD5 3084bfd48e0b0c2305e9fb9df7ea53e2
SHA1 8555938f9526e38ee9456d6e87811e66b6d7d1f3
SHA256 179432e6917e17c7c32f9a9e0c9e7d677a868f3a5d9579ab8589ea0b053ba88c
SHA512 620d2737544321005adc4a5a88539c55457481e1cc606dd6bb12a569fa08383dfc06abc61025bca20826c7d21e661732f92729aff4256dc3e30f709cb819d923

/data/data/com.poketec.landlord.qihoo/files/download/data.ini

MD5 1f13b7199c402633095ddaf8ba33730f
SHA1 0ff1689691a3a46ee8cba2ddd57b71c49444513f
SHA256 382e37101297e7cbd3519d8b0438f9a0f0fb4b58a4a93ebb0dfd996d3c3569ad
SHA512 1b2b6549df67c651b82eb496352ea9b8d65c4c283278281d9db51953b49707246a2d586bd30a0de421badf0422ca2836941dbf845815899824b36d1487308abc

/data/data/com.poketec.landlord.qihoo/files/download/sound_v210.zip

MD5 2a8130d8efbc84de5ff4b5f0658bfda8
SHA1 ab862807c4268c3324b4a66e8d68cce84b42855f
SHA256 1a9e0adc821e91b06bef215ed1cc71a7ca9fc607ce18807e9d09a29164443fd0
SHA512 40fc7a224f7e19b20ef688938c69e6b6c015031ebb8d68094b796e502192fce7e037cff474b4c7082dcb13561ee01978794f0d26726fe38df74c18be751411b8

/storage/emulated/0/360/sdk/persistence/data/Y29tLnBva2V0ZWMubGFuZGxvcmQucWlob28=

MD5 ddb17a0be2695204dbf092fe292bfe34
SHA1 03c5a7b074fba16b8149504796198b6462960490
SHA256 094d1e633e3925d500a05ed89a987121fce51df1fabb6228b5b7896d376f5b8e
SHA512 f727ee0b8d912f21e1dd1120e1adcc373f7f6e8112da5a3a750791bbba609df524264f1775d9ae22b3462c166583e1fcc083482103552efa085eca8c0db8cc90

/storage/emulated/0/360/sdk/persistence/data/Y29tLnBva2V0ZWMubGFuZGxvcmQucWlob28=

MD5 44312ae5895bf3c152a6f7eee956ba1d
SHA1 f742597d6a12811be2663342c0d30df218e46206
SHA256 09c418ab65c0584a47cad9d7cd944cf8f89186d05adb45ab74b8f95e8e462169
SHA512 4894c4e85e3abd25f1f2fab00a21c56ab11875dc5e3872847447c2d8b7702ac8e95453c2ff6a23243cc07667e52e43197ee1c764d35776b0f03704747aa1549d

/data/data/com.poketec.landlord.qihoo/files/1/2008/libmono.so

MD5 f7c2415666cecad5b094d0d0eb7b7b4b
SHA1 4b30500d6e95c875e1b19f04344d747cc40ddbec
SHA256 b2b267ba64f04b939cf12c2479ea7323d6f3bc89beb1de1140a724cabac8516f
SHA512 e8f593dddba296c1627afa2c76c6840d46c158ffe897398880d6f2201721499417a36a5e1a66d704b89156c38bd8294cf7f2cff6f2a177dbf7a8de42df57b3b5

/data/user/0/com.poketec.landlord.qihoo/files/qihoo_plugin_apk/360sdk_1_2008.zip

MD5 5c44c411cd234d84091e31a3fa814f2a
SHA1 622e4c40e8de8c92f821182ca4795d73be7db4f6
SHA256 7b96d4f7cde54678031c6ee7eda7683b3a31928d50651c2748ebe8d9667a5f2c
SHA512 46a2ef5ec81e3484a06e19df1f8c72ad214debf772135430d2de34e43a78558646f52a4b829a3cbc88ac5a1dbc143944d4b7a125a4641c04c0d7844a6a729322

/data/user/0/com.poketec.landlord.qihoo/files/qihoo_plugin_apk/360sdk_1_2008.zip

MD5 8889b0b33ce510d3abf8e8afe07a47e9
SHA1 6be7b4684e4ac190bbf3551badf563725a248ee1
SHA256 bf18653b7ebbf4e82eb4ccdffb4059e9efde259eeb30e362eba1e2b449a6b673
SHA512 e049cd279b5dcf8493ff27326bb7fe242cd95979ddb9f8daa248c0604418eb79a437053b83b45fd701232d2dbc458a94ba21702c91bfbb6a284be6d4c47eb71c

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-18 06:03

Reported

2024-06-18 06:06

Platform

android-x86-arm-20240611.1-en

Max time kernel

7s

Max time network

131s

Command Line

com.qihoo.gamecenter.pluginapk

Signatures

N/A

Processes

com.qihoo.gamecenter.pluginapk

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp

Files

N/A