Malware Analysis Report

2025-01-19 04:51

Sample ID 240618-ns9prawdpr
Target bbbd4f1e2dbc215b5a4323a5dac3543d_JaffaCakes118
SHA256 37b93e1e8cc09cf34c3939d78b5f67f61eaca8217967935f719b80c4067a4edb
Tags
banker collection discovery evasion execution impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

37b93e1e8cc09cf34c3939d78b5f67f61eaca8217967935f719b80c4067a4edb

Threat Level: Likely malicious

The file bbbd4f1e2dbc215b5a4323a5dac3543d_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

banker collection discovery evasion execution impact persistence

Checks if the Android device is rooted.

Queries information about the current nearby Wi-Fi networks

Requests cell location

Queries information about running processes on the device

Loads dropped Dex/Jar

Checks known Qemu files.

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Requests dangerous framework permissions

Acquires the wake lock

Makes use of the framework's foreground persistence service

Queries information about active data network

Queries information about the current Wi-Fi connection

Reads information about phone network operator.

Declares services with permission to bind to the system

Schedules tasks to execute at a specified time

Uses Crypto APIs (Might try to encrypt user data)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks memory information

Checks CPU information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-18 11:40

Signatures

Declares services with permission to bind to the system

Description Indicator Process Target
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A
Required by VPN services to bind with the system. Allows apps to provision VPN services. android.permission.BIND_VPN_SERVICE N/A N/A
Required by input method services to bind with the system. Allows apps to provide custom input methods (keyboards). android.permission.BIND_INPUT_METHOD N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to write and read the user's call log data. android.permission.WRITE_CALL_LOG N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to write the user's contacts data. android.permission.WRITE_CONTACTS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an application to collect component usage statistics. android.permission.PACKAGE_USAGE_STATS N/A N/A
Allows an application to read the user's calendar data. android.permission.READ_CALENDAR N/A N/A
Allows an application to write the user's calendar data. android.permission.WRITE_CALENDAR N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-18 11:40

Reported

2024-06-18 11:44

Platform

android-x86-arm-20240611.1-en

Max time kernel

178s

Max time network

184s

Command Line

com.qihoo.appstore

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /sbin/su N/A N/A

Checks known Qemu files.

evasion
Description Indicator Process Target
N/A /system/lib/libc_malloc_debug_qemu.so N/A N/A
N/A /sys/qemu_trace N/A N/A
N/A /system/bin/qemu-props N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.qihoo.appstore/files/sllak/opt/4221/finalcore.jar N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.qihoo.appstore

com.qihoo.daemon

/system/bin/sh

com.qihoo.appstore:critical

app_process32 / com.qihoo.appstore.rootcommand.persistent.CoreDaemon --nice-name=com.qihoo.appstore_CoreDaemon --daemon

/system/bin/sh /system/bin/pm list packages

cmd package list packages

cat /proc/version

/system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq

/system/bin/ping -i 0.5 -s 56 -w 10 -c 10 221.130.199.88

/system/bin/ping -i 0.5 -s 56 -w 10 -c 10 221.130.199.88

/system/bin/ping -i 0.5 -s 56 -w 10 -c 10 221.130.199.88

/system/bin/ping -i 0.5 -s 56 -w 10 -c 10 221.130.199.88

/system/bin/ping -i 0.5 -s 56 -w 10 -c 10 221.130.199.88

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.212.238:443 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.179.228:443 www.google.com tcp
US 1.1.1.1:53 g.sdk.look.360.cn udp
HK 101.198.192.67:80 g.sdk.look.360.cn tcp
US 1.1.1.1:53 openbox.mobilem.360.cn udp
CN 180.163.251.81:80 openbox.mobilem.360.cn tcp
US 1.1.1.1:53 api.kuaidi.360.cn udp
US 1.1.1.1:53 s.360.cn udp
CN 180.163.251.230:80 s.360.cn tcp
US 1.1.1.1:53 sdk.mediav.com udp
CN 101.198.1.205:80 api.kuaidi.360.cn tcp
CN 180.163.247.134:443 sdk.mediav.com tcp
US 1.1.1.1:53 p.s.360.cn udp
US 1.1.1.1:53 m.irs01.com udp
DE 47.254.148.188:80 p.s.360.cn tcp
DE 47.254.148.188:80 p.s.360.cn tcp
US 1.1.1.1:53 update.api.sj.360.cn udp
CN 180.163.251.81:80 update.api.sj.360.cn tcp
GB 142.250.179.228:80 www.google.com tcp
US 1.1.1.1:53 sdk.s.360.cn udp
US 104.192.108.192:80 sdk.s.360.cn tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
CN 180.163.251.81:80 update.api.sj.360.cn tcp
DE 47.254.148.188:80 p.s.360.cn tcp
CN 180.163.251.81:80 update.api.sj.360.cn tcp
DE 47.254.148.188:80 p.s.360.cn tcp
DE 47.254.148.188:80 p.s.360.cn tcp
DE 47.254.148.188:80 p.s.360.cn tcp
CN 218.30.118.222:80 tcp
CN 180.163.251.81:80 update.api.sj.360.cn tcp
CN 123.125.82.206:80 tcp
CN 180.163.247.134:443 sdk.mediav.com tcp
CN 221.130.199.88:80 tcp
US 1.1.1.1:53 track.mediav.com udp
CN 180.163.247.134:443 track.mediav.com tcp
CN 101.198.1.205:80 api.kuaidi.360.cn tcp
CN 180.163.251.81:80 update.api.sj.360.cn tcp
CN 218.30.118.222:80 tcp
CN 180.163.247.134:443 track.mediav.com tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 180.163.247.134:443 track.mediav.com tcp
CN 221.130.199.88:7 tcp
CN 125.88.193.234:80 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 180.163.251.81:80 update.api.sj.360.cn tcp
CN 101.198.1.205:80 api.kuaidi.360.cn tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:80 tcp
CN 221.130.199.88:80 tcp
CN 180.163.247.134:443 track.mediav.com tcp
CN 221.130.199.88:80 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 101.198.1.205:80 api.kuaidi.360.cn tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:80 tcp
US 1.1.1.1:53 md.openapi.360.cn udp
US 104.192.110.216:80 md.openapi.360.cn tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:80 tcp
CN 101.198.2.147:80 s.360.cn tcp
CN 101.198.1.205:80 api.kuaidi.360.cn tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 101.198.1.205:80 api.kuaidi.360.cn tcp
CN 221.130.199.88:80 tcp

Files

/data/data/com.qihoo.appstore/files/sllak/opt/4221/finalcore.jar

MD5 21518a9824304d1c56755125b1483c04
SHA1 382e6b5d36e61afb170ab651936a88e24e25291c
SHA256 920f1d26c67d6f9a5a59e2382cdbca6e1e224117d2af9a356d88716258dd7f95
SHA512 9a217f28a62582773a786401ba69b720ccb1e0d5b8febf04a93ee689ac07a97961d9ecad369606f6fb018834c541c20e6322da5088e9b70249a981c8da5af5fe

/data/data/com.qihoo.appstore/files/sllak/opt/4221/finalcore.jar.tmp

MD5 bdce310d1e67ab2ff10fd11ea68e5eb6
SHA1 1a07c7755cfd30ccbfcb479281ebe27e84ee85ff
SHA256 debe0011e638365205fe152231b8ee9e4a725c03c4e764eb7e6b5e23fd1d984a
SHA512 88674f56e6a24cf0b1cdd5ae5fbc107df2a47ef97e208fd78153c40513100eb681413dcc644a720e3d860bac05bbe7e5c3f5cd9b886f2578a6ea0bc8ce8d80cc

/data/data/com.qihoo.appstore/databases/filelist.db-journal

MD5 947957a29601d915e126f8365cfcc435
SHA1 bc3c765a551b5a442f4de495b0258f5f337361b9
SHA256 2376753b332409651ff66b218b4eeeadabf30d249d73c0cbc6dd1e9e3849fe35
SHA512 4be23d9d3b4cb286bd6074f3a1f436c50643ad66d5822fc4857fb6bcb916678b85e2718da458dae44c074918a96504257fc066b22c3c0078e74333cb00577224

/data/data/com.qihoo.appstore/databases/filelist.db

MD5 198ffc98ebc6ddd0f546688ef94623be
SHA1 20ed5f841fbb99fc6db81b8971369dac3084ca0a
SHA256 9fe3dfa8339e98aaf19ca82a96178ec2aaec3007f2d9b8c9718b6b8c549352f4
SHA512 82847afe31672c81b9375ac2e180e547f42cfba1ca3251f81fdc4c472bfdbe9b6ea692bbc5b598038cca76bf193fd4afbddb7034829910f2d6bf8ca01e331ac5

/data/data/com.qihoo.appstore/databases/download5.db-journal

MD5 e979c8da1712fd823a0f14fbf4e48bbe
SHA1 ab8186d7a95b0a40ec79ff601f992b4ecfe89ced
SHA256 d605ca35db4b9d22e5d77a2f24903c1630a368259a44ed7e34a324436627bee5
SHA512 6a50b0af02f4b1246c7060d621606a4e4faf6531cee387978eecb9eedbe007e755a0e7ed1fa8b4378d22b533a7c8cb155a6fddd92dc5bb61c1daadf95f7a4c53

/data/data/com.qihoo.appstore/databases/download5.db

MD5 642b3bd4c85d1217b2724bb875f7ec6e
SHA1 87dafb4b818c54085b650c146259090adb1b4699
SHA256 7810576c9528c1be78ea8691721b28d40b3e7206c48295324790b2f0a193e0e5
SHA512 82054277b4a008224fea9f858abda27565439e2fdbb21eab7fa0d11e6f68c1429fd5c30c0bb777ce0810d705ce14272c6296ef7b4770e510be1f677e401a6a6d

/data/data/com.qihoo.appstore/databases/filelist.db-shm

MD5 622d27f276743e701421d47b42762440
SHA1 6cb9ace1a2503f13d9a687f5465719149aeaa2a4
SHA256 689835c46232a632e7c58b7ddbdc4ef9c24dde1ebfaecf048bdc348076d860bc
SHA512 a67efbae400f25e1c24005301209aa53bcfb7f82770b90033c38e8ddcc038fa3b0aebb333bc2826d9c08d814d554b320405eaa1d97ae3bfcfcc1fe6320a36f27

/data/data/com.qihoo.appstore/databases/download5.db-shm

MD5 2e822b0d450a3c8e46ed84edf0f31940
SHA1 2259a2c8dbcd2d887787b23370338e53d5c8353c
SHA256 619123bb4f417398f86c2cbbcf0bb41ad1950d4645d03c62cd3f7d83af73308e
SHA512 51c6ac28c9609e332bde373bf50ce720e61f4b901f869ad789ae6dbae8fd022c002008fc51d137a61c0bd9d968d3777ca2f8fb494b5ca637bc44d5285a023223

/data/data/com.qihoo.appstore/databases/download5.db-wal

MD5 8a782e22aeb82b8b4d8f18e457ea9dfd
SHA1 5639a5bd08c571183c4298fa1ddb14cd475782e5
SHA256 fa16c97859a394f97655647e14e99235b9919bced642d4be631bd54390bc1a6a
SHA512 2f139cc2d19aedc24e3b014a7adee6e45827d968aa4d8085fe98d4b571fd48280f6a45914ba99c034ca73a4feaea4ff6cc7ed9d99d303a9843c85148c5af700e

/data/data/com.qihoo.appstore/databases/filelist.db-wal

MD5 98e42edaf838a9f4fde74e0cda49d6f6
SHA1 25c0b0d18367462a7f422142a4a3736e89c5d748
SHA256 50401f5df370a4a949947fa679ccd88354d220bac14bf33a6c3f2e5aef2e7343
SHA512 49eae0cb36d202fd6237eb78f0b9a686e0cd28f1d6501961cdaf19ed7a5a5ed14d487cf3fbe3e609f84c9f70976220e311bb3353e4d92d0f0296e64b97a9ea52

/data/data/com.qihoo.appstore/databases/new_downloads.db-journal

MD5 b24d3933c572e81129208ff3e3a22b39
SHA1 cc24afa8b4c87bb7d94c0431288e693a8cc84177
SHA256 f171e61e15159343c118feb27ef239f3c365f33fd05af29aeb3cab08eac8f6e7
SHA512 0983784a0653c1edfbf943c62d2d00e881ec97f76603b4f1081c15535e995d239dc6dff1f487c3addd9c601ba9d74eb1728f5ff4c1cf5bad99372f922583d864

/data/data/com.qihoo.appstore/databases/new_downloads.db

MD5 3fe30614d7e0d11db870b4624f6c50e0
SHA1 053ff0fc621ab40f2afeddb3e7b4a73ee41ec533
SHA256 67c532f0324228dd33b445cd399c1426e3a0e0cdc7b9358c66b402c5d40a838d
SHA512 c7c09e97a408e88aacaf8099ad4d1fa604d58113393500a384eb3c2eb7c3c105af41314934b86eca2f088045cbab5a20d768bbb295448dc1ae6cb6c3f59821ae

/data/data/com.qihoo.appstore/databases/new_downloads.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.qihoo.appstore/databases/new_downloads.db-wal

MD5 6a445da5ee9bae97d7ff10fcc1da4834
SHA1 3accfae6b7888a9ea9aaee8de909eca47d0da33f
SHA256 fbcf8d4bdb30713c5cda770f3143c33d8814fb365d5074cea396dce62c71c1eb
SHA512 bf2b2195bb8568db7efbb421c50f3a78d0b9d1a42cbbbcddca7dd6f426b2d8940863ad38dbc4f447812bdc320eb6e998976393d8534efc76b5aea3b6b61dcf4a

/data/data/com.qihoo.appstore/databases/ignoreupdate_appinfo.db-journal

MD5 8c17244835e21d23de57f1c0e9a45bfa
SHA1 7c84a8cff6a0d0c8fedfc8c5a8ac2457caf86383
SHA256 cdcec4b6429b1105b0a85e31a8df5a14b7d228d8e32348708fb1d26510849ea2
SHA512 c7e1f7858927ef9a83585e1354805286c07b562f6776e881886817a1fb06831948d8d9c768fc21a2e7a033eb6a5d1c0703f529bffad147178d8cc4590380865a

/storage/emulated/0/.sfp/.sfp

MD5 8b08ad5e466b92ae802c2037d71051ae
SHA1 50ed95c7bfbd8e42e6b9c01d43e937a5e86ad746
SHA256 94bfc52e76b98ee5b38ed23383529df354be1074eb4fd5c7693644224a06dec7
SHA512 6f1bd687af9b077a935e77e9d4748fd873a3f0caf10383b38a68309f44992b8075308d36d4c0f822727e4e3d67c363d53f72fd7efc2de2376dbdd5b72cb1405e

/data/data/com.qihoo.appstore/databases/ignoreupdate_appinfo.db-wal

MD5 37618d0c274af55d74106715a74a8722
SHA1 f781649334d0bb6f058dd2e39bf3f2934c66096b
SHA256 5785521eae0a867fbb6a7634cd16dffc6830817b911fbd749589a7eea2789cb8
SHA512 4b4eb2fc84c1925bb91c66bb869d386531e1c2ca6932a939e1da11077c568671b06720c5a03d163d280d3f792b3a25f8b5e8158c2b280b0edd1bf67b7fc3da58

/data/data/com.qihoo.appstore/databases/ignoreupdate_appinfo.db-wal

MD5 df02c1371fb84033d3b157d5e8227589
SHA1 43f506ee3bc2cebfec40096897f18af00cbf8dd7
SHA256 9a1037e741765d19875a167eef5855538a89e119711c2f78a5be93fe7f2e7d7b
SHA512 2ddacd3db7021546226623dd16ac58982cd11b537513b6e6b7a5915a1b8a6e744774405d0a888ee11851f87c6b5ceac519e473d4a787f50340c7f07cfbdfd84b

/data/data/com.qihoo.appstore/databases/ignoreupdate_appinfo.db

MD5 60e4cf217e77c56efd3707b603797c5b
SHA1 816247b4883d3adb30c4db39fda16d2288e27de0
SHA256 8e2b8343f703045fb8596dee1888f65fc66b64d10304a4a49fd4ad1f63bd67ea
SHA512 22a8cd2974663e8caa220177e7bc64aaf35735dc8abc3870a7e47ea86b02d8b06b041000e5505039b3116290aee67e9645ad2d9c26218749f5b5b2e332712af2

/data/data/com.qihoo.appstore/databases/ignoreupdate_appinfo.db-wal

MD5 6436e97303fb4850c66a5cdaeb6c09bf
SHA1 cdad0cbfeb2279a1bbe9bb91edb414f3603e14a6
SHA256 74b7483aad0c490277343eb8cafe0f146eca435ba822feae5a66ec5b69519b65
SHA512 5f3068bd3b28a95d7e694910790c318535329ae2fe84c2ceb05801bd31db7df795844c469454d6560a3115909bc871cdd25a049909e39adb122a2b82839e62f4

/data/data/com.qihoo.appstore/files/360/sdk/persistence/data/Y29tLnFpaG9vLmFwcHN0b3Jl

MD5 f57b71e654bb69cf87109c22df2e4068
SHA1 6110417c561e8f76b320d19db4221b84b5a73ccf
SHA256 06642b47124341473f2732b9375cf9f183b073ecc5dd5bb7c34ee81b1d11525f
SHA512 841261692f7173a2fcffd26b6841ab8676f4fb087882dccc40f991ed74f735dbce0e184e433e970c2930ede5379b8c128f00b0160ad5e85791c0475bd3096d9a

/data/data/com.qihoo.appstore/files/360/sdk/persistence/data/Y29tLnFpaG9vLmFwcHN0b3Jl

MD5 2c46448c8552621407640170861cee5b
SHA1 e9fd5f811771b76379bd6f7c987b49af9fe12955
SHA256 1cc52eb996e0377ffe538ff6b9be470dd729f0042917000fab4d5751efbcdc03
SHA512 c4235b61ebe538f856004a4e18cd67aea911b5a9cf0a38f2c95f05f9e0851999a9c167e485dec9c462bc9ac76529508146fb280c58f175426348458dc1404f88

/data/data/com.qihoo.appstore/files/360/sdk/persistence/data/Y29tLnFpaG9vLmFwcHN0b3Jl

MD5 004f1929de118b3e200991db132c2ceb
SHA1 90e1bdeea8246016bf7965dc5b128394eab36c21
SHA256 38851d59745579d1426c631dc5c3951a12e819add76f9c489e24ba39a0a623b5
SHA512 fddc3c843f0027a1af05ea5a960a966fdfb1281a0eebada685d10e8914747fb86300e999340db920e718d4c0c814e3388b384bc0b2806d0c9829bcd1814d1d0f

/data/data/com.qihoo.appstore/databases/_ire-journal

MD5 04284fd4458a079eef2798563bafb276
SHA1 f4e2519c638fb69d48fc89aab53f4a46784d0e25
SHA256 fec1ed84d7e1f2f313c62f956f71d18b3372399720ea1dc568ad1a08ffdd8571
SHA512 c4660838ae341b6368e0476eafdc4bba7f25a086b6136fbd7dba59799476ac30354b39c5ad168a15a8b474916bad7835050b8601932d86b56ff5e20edac11256

/data/data/com.qihoo.appstore/databases/_ire

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.qihoo.appstore/databases/_ire-wal

MD5 da85e5eb983d2e47d41bd385244d202d
SHA1 1cbae135db5992910d36c4c18c262a9b4ef9472b
SHA256 1b94fe00089deea1d77660821e196141c4ca899a19d6568f7a1edccb920c12fa
SHA512 84ee41fd3678f50f53b6887ef3182b61ff6c3eb270a904cccda47106fc0f14a2d1774a786fb222646ab0f0f219a7e4e5f552172ec73f95447b0580b553aadeca

/data/data/com.qihoo.appstore/files/360/sdk/persistence/data/Y29tLnFpaG9vLmFwcHN0b3Jl

MD5 af670fb471a060fa79f61a477f612492
SHA1 48a30c63a8dd4f6047f77d5c12b562ab0376ceee
SHA256 96925fd244497eb7a9b57bb6db4b2dcf1db1d98741ee83de83912fa7ee3d67da
SHA512 ddbf7a2cb2ad811c28ec4b11a4b20df0cc8f9964c20e99d59fe2ecdf7762ba8b97de11ef34b8d88cc1b49637b2002f393b182f77e76f238e569f9d46df467b02

/data/data/com.qihoo.appstore/databases/update_history.db-journal

MD5 c65fa325152fe5edbf013c0d45d67cc0
SHA1 73f3e1e69c30636af0b1bcc79dee10b7fee6cadf
SHA256 a33a53b28128a01631c3cce724616a76deb2b1399a628bce90bcec048fd0bdee
SHA512 17d9fb5844e94a6d48ab9dad6104832544e13b2b10114abfb84dc0017a587fd300005ff163c552a399f18c2a42932bdaf3fc8c02f1a62e07106225a9fa97ed25

/data/data/com.qihoo.appstore/databases/update_history.db

MD5 e0ddc29dccfd6312689ea105cf0434a8
SHA1 59191210f5a80bc047f8155ea92544f4095c38c5
SHA256 3079b5c02af6b7ddced940086bf7095b1205bf0f396b87da0d5c5f6d8b5b6143
SHA512 d5ec8a2bd21928c07ada4ab4df8e72b6905872533d01afe4eb243ef06674e630a9834a03dc5fc2f8d487c3cee8aa3b3117e73379ae64e6f4dcf3f8dd0145fdb5

/data/data/com.qihoo.appstore/databases/update_history.db-wal

MD5 27d439dec06c4efe62b0f9c1b1bd71a3
SHA1 6f087c91cda1ecd2a397839d401f5c37e941d8f3
SHA256 920dd519c965b5e77b96c0f9f69535c0be5e31ed3e6c693cdc866594b78d69d1
SHA512 3930928f6cb5dd50fa9055fcbde60a97eb263d18782fd7f1236cd70771a806f2bb2cbdeed9a81c6e3cd4ec7ac39b75b5c7d56571976cdb67df1859edc1b299ba

/data/data/com.qihoo.appstore/files/360/sdk/persistence/data/Y29tLnFpaG9vLmFwcHN0b3Jl

MD5 4a8f2d77efcc8f17aba55ee9d357f02f
SHA1 61a5274e1ce9fb6eeca66b6003cfc1227cc56f08
SHA256 8ec0976eabd55257ebd6131573305ca5261c67200aa86ae09450a3514cbd3108
SHA512 7b68e8ff67f21e7321d708dc17c4d4e046a203cf57b0bd300261438f112cda2051de17956a9b51733b2ebbb5e63cbd1eb91daaa7a41a546a1cc627a7b2772826

/data/data/com.qihoo.appstore/files/360/sdk/persistence/data/Y29tLnFpaG9vLmFwcHN0b3Jl

MD5 4ae607f3c0dd63e12c352a0219d629dc
SHA1 48fb5583e872bdccd6ea7ac48f13300a5ab326bb
SHA256 d0d6af7111c4ca4ea3aa2d86d96af27337b7d1806e63f94e7d9ba0753e8ae9c8
SHA512 9344789854b9437fd4d64c2613a299398b09a0606cfaa4ee5ab01a8f99cb1e6ca1b17ad9da08f8baa1c9a735d60ad6462b29ff6497f5a052abe4dac1450a06b6

/data/data/com.qihoo.appstore/localApkInfo.json

MD5 e79acc019ab25c8528c97f7ea06c7795
SHA1 d7656036714ce6e4c1d5ef98927b3de3f5b3ab2f
SHA256 af1f43df2f10e260184497a54ed4c7eb21d6dfff931d0aa5f75df690284658cd
SHA512 3326863d323ec844c059447df5c384e03ccd8ea424bf157d2ca882f82220ab38fba47d50494de2312dc8958254af702164bf8b8a4269e6c7f5653ff3d9a22a2c

/data/data/com.qihoo.appstore/files/sllak/opt/4221/oat/finalcore.jar.cur.prof

MD5 06715c6aba5c911fe2f15c35acde9ba2
SHA1 216b9331214d2506603b24359e32857204280c23
SHA256 4a07f110bcada67915c872d3479df0e9b3323f9c94c512373b1041ca9413ca5f
SHA512 e791f0ca2b5c27a2c56c6158b6411083f8d74faed6a37ce353a900105dcb8e04dca7b04f285b47148e7e26946f810804164b74c2ac500f4f8e089c61b0a7fa5b

/data/data/com.qihoo.appstore/files/sllak/logcache/log1718710898171

MD5 c38daa6471a8e628a17b2469a1c0c8c1
SHA1 955f588ab2475f2be57dde587665898c5acc5fb1
SHA256 ec73ff8ffd40c011702f3a2a7c89b4a895c131ba33d6ff15d2738110743bbdf3
SHA512 ec7199fa1231d9e54c5ae35eba533f486eeed6de7a61b07bd48907ce8c2b0eeefb69c6fb0847f49a4596465b4d4033a2bb12201d9dfd74d17edd9ad34dc6c761

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-18 11:40

Reported

2024-06-18 11:42

Platform

android-33-x64-arm64-20240611.1-en

Max time network

7s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 172.217.169.68:443 udp
GB 172.217.169.68:443 udp
BE 142.251.168.188:5228 tcp
GB 142.250.179.228:443 tcp
GB 216.58.204.74:443 tcp
N/A 224.0.0.251:5353 udp
GB 216.58.204.74:443 udp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-18 11:40

Reported

2024-06-18 11:40

Platform

android-x86-arm-20240611.1-en

Max time network

3s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-06-18 11:40

Reported

2024-06-18 11:45

Platform

android-x64-arm64-20240611.1-en

Max time network

176s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.179.234:443 tcp
GB 142.250.187.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.169.72:443 ssl.google-analytics.com tcp
GB 142.250.180.4:443 tcp
GB 142.250.180.4:443 tcp
GB 216.58.213.10:443 tcp
GB 216.58.213.10:443 tcp
GB 216.58.213.14:443 tcp
GB 142.250.187.194:443 tcp
GB 142.250.180.3:443 tcp
BE 108.177.15.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
GB 216.58.201.100:443 www.google.com tcp
US 1.1.1.1:53 www.youtube.com udp
GB 142.250.200.14:443 www.youtube.com tcp
US 1.1.1.1:53 growth-pa.googleapis.com udp
GB 172.217.169.42:443 growth-pa.googleapis.com tcp
US 1.1.1.1:53 lh3-dz.googleusercontent.com udp
GB 172.217.169.1:443 lh3-dz.googleusercontent.com tcp
US 1.1.1.1:53 lh3.googleusercontent.com udp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.201.97:443 lh3.googleusercontent.com tcp
GB 216.58.212.206:443 android.apis.google.com tcp
US 1.1.1.1:53 accounts.google.com udp
BE 64.233.167.84:443 accounts.google.com tcp
US 1.1.1.1:53 mdh-pa.googleapis.com udp
US 1.1.1.1:53 safebrowsing.googleapis.com udp
GB 142.250.200.10:443 safebrowsing.googleapis.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.179.228:443 www.google.com tcp

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2024-06-18 11:40

Reported

2024-06-18 11:42

Platform

android-x86-arm-20240611.1-en

Max time network

3s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 172.217.169.74:443 tcp
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-18 11:40

Reported

2024-06-18 11:41

Platform

android-x64-20240611.1-en

Max time network

5s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-06-18 11:40

Reported

2024-06-18 11:41

Platform

android-x64-arm64-20240611.1-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-06-18 11:40

Reported

2024-06-18 11:44

Platform

android-x86-arm-20240611.1-en

Max time network

160s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.212.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-06-18 11:40

Reported

2024-06-18 11:43

Platform

android-x64-20240611.1-en

Max time network

131s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.169.42:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.40:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp
GB 142.250.187.206:443 tcp
GB 142.250.187.194:443 tcp
GB 172.217.16.228:443 tcp
GB 172.217.16.228:443 tcp
GB 142.250.179.238:443 tcp

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2024-06-18 11:40

Reported

2024-06-18 11:42

Platform

android-x64-20240611.1-en

Max time network

4s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2024-06-18 11:40

Reported

2024-06-18 11:42

Platform

android-x64-arm64-20240611.1-en

Max time network

5s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 172.217.16.238:443 tcp
N/A 224.0.0.251:5353 udp
GB 172.217.16.238:443 tcp

Files

N/A