Malware Analysis Report

2025-08-06 01:23

Sample ID 241018-sde9tashjb
Target 58126b67676dacede73e09c7f79880da_JaffaCakes118
SHA256 dd172f66012c1b72e6955a8de8a07e7d49a493479affe4985e86072d3ec48792
Tags
banker discovery evasion execution impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

dd172f66012c1b72e6955a8de8a07e7d49a493479affe4985e86072d3ec48792

Threat Level: Likely malicious

The file 58126b67676dacede73e09c7f79880da_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

banker discovery evasion execution impact persistence

Checks if the Android device is rooted.

Loads dropped Dex/Jar

Queries information about running processes on the device

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Makes use of the framework's foreground persistence service

Declares services with permission to bind to the system

Queries the unique device ID (IMEI, MEID, IMSI)

Acquires the wake lock

Requests dangerous framework permissions

Queries information about active data network

Queries information about the current Wi-Fi connection

Reads information about phone network operator.

Registers a broadcast receiver at runtime (usually for listening for system events)

Schedules tasks to execute at a specified time

Uses Crypto APIs (Might try to encrypt user data)

Checks CPU information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-18 15:00

Signatures

Declares services with permission to bind to the system

Description Indicator Process Target
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to write and read the user's call log data. android.permission.WRITE_CALL_LOG N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to write the user's contacts data. android.permission.WRITE_CONTACTS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an application to collect component usage statistics. android.permission.PACKAGE_USAGE_STATS N/A N/A
Allows an application to read the user's calendar data. android.permission.READ_CALENDAR N/A N/A
Allows an application to write the user's calendar data. android.permission.WRITE_CALENDAR N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-18 15:00

Reported

2024-10-18 15:03

Platform

android-x86-arm-20240624-en

Max time kernel

148s

Max time network

159s

Command Line

com.qihoo.appstore

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /sbin/su N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.qihoo.appstore/files/rooter.jar N/A N/A
N/A /data/user/0/com.qihoo.appstore/files/rooter.jar N/A N/A
N/A /data/user/0/com.qihoo.appstore/files/rooter.jar N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A
File opened for read /proc/cpuinfo N/A N/A
File opened for read /proc/cpuinfo N/A N/A

Processes

com.qihoo.appstore

com.qihoo.daemon

/system/bin/sh

com.qihoo.appstore:critical

cat /proc/version

app_process32 / com.qihoo.appstore.rootcommand.persistent.CoreDaemon --nice-name=com.qihoo.appstore_CoreDaemon --daemon

com.qihoo.appstore

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.qihoo.appstore/files/rooter.jar --output-vdex-fd=75 --oat-fd=76 --oat-location=/data/user/0/com.qihoo.appstore/files/oat/x86/rooter.odex --compiler-filter=quicken --class-loader-context=&

su

com.qihoo.appstore:permmgr

chmod 755 /data/user/0/com.qihoo.appstore/files/permmgr

cat /proc/version

getenforce

cat /sys/class/android_usb/android0/idVendor

cat /sys/class/android_usb/android0/idProduct

getprop

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 update.api.sj.360.cn udp
US 1.1.1.1:53 recommend.api.sj.360.cn udp
US 1.1.1.1:53 sdk.s.360.cn udp
US 104.192.110.245:80 sdk.s.360.cn tcp
CN 180.163.251.81:80 recommend.api.sj.360.cn tcp
US 1.1.1.1:53 profile.sj.360.cn udp
CN 101.198.1.205:80 profile.sj.360.cn tcp
US 1.1.1.1:53 p.s.360.cn udp
CN 180.163.251.221:80 p.s.360.cn tcp
US 1.1.1.1:53 openbox.mobilem.360.cn udp
CN 180.163.251.81:80 openbox.mobilem.360.cn tcp
CN 180.163.251.81:80 openbox.mobilem.360.cn tcp
US 1.1.1.1:53 api.kuaidi.360.cn udp
CN 101.198.1.205:80 api.kuaidi.360.cn tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.213.14:443 android.apis.google.com tcp
GB 216.58.204.74:443 semanticlocation-pa.googleapis.com tcp
US 1.1.1.1:53 m.irs01.com udp
CN 180.163.251.221:80 p.s.360.cn tcp
CN 218.30.118.222:80 tcp
US 1.1.1.1:53 s.360.cn udp
CN 171.8.167.90:80 s.360.cn tcp
CN 171.8.167.68:80 p.s.360.cn tcp
CN 125.88.193.234:80 tcp
CN 101.198.1.205:80 api.kuaidi.360.cn tcp
CN 171.8.167.69:80 p.s.360.cn tcp
CN 171.8.167.89:80 s.360.cn tcp
CN 106.63.24.127:80 p.s.360.cn tcp
CN 171.8.167.68:80 p.s.360.cn tcp
CN 123.125.82.206:80 tcp
CN 171.13.14.66:80 s.360.cn tcp
CN 221.130.199.88:80 tcp
CN 101.198.1.205:80 api.kuaidi.360.cn tcp
CN 101.198.2.147:80 s.360.cn tcp
CN 171.8.167.69:80 p.s.360.cn tcp
CN 101.198.1.205:80 api.kuaidi.360.cn tcp
US 1.1.1.1:53 md.openapi.360.cn udp
US 104.192.110.216:80 md.openapi.360.cn tcp
CN 106.63.24.127:80 p.s.360.cn tcp
CN 101.198.1.205:80 api.kuaidi.360.cn tcp

Files

/data/data/com.qihoo.appstore/databases/download5.db-journal

MD5 b05a416cf8fe7aea9d717a7d6a989ea8
SHA1 8f3e3efa16580747482f18aeace57e33528665df
SHA256 939094f5e1b2c7fe3eb90d592686268b6c5dd0f979aec9e476d9f8181b7a61d6
SHA512 0da3611866dc142676a87286c4d2c97fd394bb34e7e10b3e225edf7bd8b8f9a4320288178488751b6a0361386eaa6271dfcc62ea62efd5171a25820f48701928

/data/data/com.qihoo.appstore/databases/filelist.db-journal

MD5 69c703030efd98d0641c0af71eec1fe1
SHA1 9c679b09397e256027af8eff1b24e1df628c4a96
SHA256 48e5c7d9e2260bcaf5bee96e319d38175066d1f845c25e4bcca2c90eac50b7fa
SHA512 ee0d44ae05e04be42845284e16946907f45ea58e87349fdc80429db706daf2843700f2df0726bc9996addc3536e7acf2bdab1b01d72f2adc297e19ad2ce73c2c

/data/data/com.qihoo.appstore/databases/download5.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.qihoo.appstore/databases/filelist.db

MD5 2f708a551fcac2cc9612fcf9f991a7df
SHA1 7371222da2233c5cad1d2ccde7d6b41a8b66e3f8
SHA256 e79ab4206c0252f9344974a64548cede04ae2d6c687b473527aae8f237fd180a
SHA512 5c58d7f92f6ffb0bdda604a868ead357c2b9031729b677f412e7b99083739e128bfc55d6983a3d40af87ee52f43bf62f70e08c56a06d3a86bab5c44fb11d2366

/data/data/com.qihoo.appstore/databases/download5.db-shm

MD5 b2273e767673f6ad08b9aa068a039e4a
SHA1 9c7a0ab71b275cd05f5062ebc6795feab68e5216
SHA256 132378395dd38fa770ac424f63511e5fc70a08bbfdfe27f526e52ca382b0533f
SHA512 54377f6815cce32d7c179ae337e81dec425b4e095092dfdd0bd2013a6160a7fc63525f0b96c2ad43adcf0a3135b941fe9ca5581a65d818146239ab1df789ca2c

/data/data/com.qihoo.appstore/databases/filelist.db-shm

MD5 2baaeb483db79574bec5280927ca0eea
SHA1 f51f239b7d135316ac135a65c0c3fd16be7d4f73
SHA256 02d66d2d4086686a7161e5b249cd01fc76946da577c71dac1d8f5be8707b4738
SHA512 46ebf1d050ea162d5ab33dc2a67d92c7820baaf7f9c461cce529c965e9a8e3f74b1aa59da4b518e65387693cb26df548b045d52662344be5896289e34cc573ab

/data/data/com.qihoo.appstore/databases/filelist.db-wal

MD5 0b4822ed079bfb2e83d032df77fa02ba
SHA1 f9b4010270e7f57852673cb99f202484d4ba2a84
SHA256 d8ee5145fd62b8dd4e302d27c166274aaa60ea6bab2f6e8690518c6becc95065
SHA512 32ac404ea55e861322f405bb62e0387febcade3edac88426c92a2acbd5aa4edd784caebfd88ec19021cba185d641dbab73931438d429ac4a98a7f31c8fd064ef

/data/data/com.qihoo.appstore/databases/download5.db-wal

MD5 b69fea5cb41d0f1fa5b6b7da3ab83e96
SHA1 7d8d407d35c43d81b33e657505fb6b3c62135dde
SHA256 9c915105bdda8c97614e4c751d5619926331b107905a17272d6a97f929ad67c2
SHA512 557a6d27d24ac01034c4dd5a29258e50c977979a4f07079d59c8302263f184ad42a8f7d8deb90e95d9dd1e4dc3c52a6d2d8399880386ec879068e1ce4b9764a6

/data/data/com.qihoo.appstore/databases/new_downloads.db-journal

MD5 ad2aebccbe017db9004b90cb5b477837
SHA1 fa712a418fb54f355c1e9283d3bbd0a53e0c9862
SHA256 2e22195cb588abceccb1b233d30ebf7a7de7be09e2d9a8573db5de79cbb53466
SHA512 3eb4848483dd63256b626388826d408fe47d8b56339e1945b68052ff7c36a928504024c57c8ca4feb0fb00224b6888e11d0c456be79863ed6a61326a77bb20bb

/data/data/com.qihoo.appstore/databases/ignoreupdate_appinfo.db-journal

MD5 dc7a3da9041ba890d74551df604e379f
SHA1 31f61008873aa13f19d3c4722b1f4f39f676881a
SHA256 f28b9f4893d6e89d843cc97d11c5bd23df81fcd9a5f82548c5ff9a0bfa987230
SHA512 bdf152f52dc59608c740621b3aa41a2205d625dadbb1e58fa64613f72b510b7f14ee615d3bc8fb5de6cf14784a2f4c47cfc8c0fa73daf451140d3fee8fefabd2

/data/data/com.qihoo.appstore/databases/new_downloads.db

MD5 79bb88c51f6592fa6b36d76c5e2f9dc9
SHA1 ab6d2b103c3d86cff02f2ca6175ab8060f557ed9
SHA256 c1ed6649dd3114d92836520c61480a38308dfb2eed5869a5d296fbcb48fac233
SHA512 f2c5951dee97bb24b4ef8249f1d13e2056ce36e5f27647670635ce80b5976926f382255c01ecc0b318cc7e1233d83d8fb8e03ae747cfba9d9c7d39b26550152c

/data/data/com.qihoo.appstore/databases/ignoreupdate_appinfo.db

MD5 3fe30614d7e0d11db870b4624f6c50e0
SHA1 053ff0fc621ab40f2afeddb3e7b4a73ee41ec533
SHA256 67c532f0324228dd33b445cd399c1426e3a0e0cdc7b9358c66b402c5d40a838d
SHA512 c7c09e97a408e88aacaf8099ad4d1fa604d58113393500a384eb3c2eb7c3c105af41314934b86eca2f088045cbab5a20d768bbb295448dc1ae6cb6c3f59821ae

/data/data/com.qihoo.appstore/databases/new_downloads.db-shm

MD5 da575869327980abb859c2ba5b67f219
SHA1 d0732ac794e814ecff6095992aaf7c7572e6c8bc
SHA256 79b25a386b89d12fea56a2ae2af3692582968a0a35bd00d50c176972398417eb
SHA512 0b60c312619cdb814a57ec4f867923268683f9e662af20f8fd7e41b201c774f2c4eb5faf042146708bcd7a04247022ddec46c25b00d319fb4bf537e7bb8df81d

/data/data/com.qihoo.appstore/databases/new_downloads.db-wal

MD5 f93db9ca9a0b9927d5a3e99efef6a5f2
SHA1 54a687d9724356b55cfee8b8872bc6b73a3632be
SHA256 c0d13059d3420130b0a8a5a238ff3fc8d99b8aeca782b12f4187e02163beaf0b
SHA512 59d88654f99a688d2b652c6cd268927f086db0cad9352ecb76d00c12873fbf1670655123e6b6b4671a98e6c5019b69b4d14d1fe5170137fe0022d592321eb755

/data/data/com.qihoo.appstore/databases/ignoreupdate_appinfo.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.qihoo.appstore/databases/ignoreupdate_appinfo.db-wal

MD5 c8d94d8e8731fc1a9652e70b77623313
SHA1 594eab3cdb540659ba66d8a08fc6be2fec17b15b
SHA256 f53b178839b9994cf2785fb4ed1ba66c2bf8d1f536250a4055175a6243496205
SHA512 7054e570d8b82d9c460501e44f5126be5cee373c367489b9844d0e7265417e82fef3ac42cb504f4fa36d37b893bf8d7533e516e30c3eeed904e97727518a39e7

/data/data/com.qihoo.appstore/databases/ignoreupdate_appinfo.db-wal

MD5 691e5cd229d84eee6c3d178b8c427ce4
SHA1 93906ddc4d8f536377c904344e721048984c27f7
SHA256 d66b292eda2a372fccdd51b3a5778cd044e6cd5a532fe7eccd044e699ec75772
SHA512 90a9eddedf61d965f0d1460ef5d5eae685d1ae5548ced19ee824980307ecd46fa27a2bce3672d1fd4c57509b133a08611ca7cd709087b6662eaf93b83e3e41b9

/data/data/com.qihoo.appstore/databases/ignoreupdate_appinfo.db

MD5 544cba5e2b2e9ba602cdd65f4f3a05ea
SHA1 edc1f65b37f8a3f6dfcc4471df8196c5dd0f07fe
SHA256 adc464f01f8244bc5f4e284e6d9c1c9915d9d1a382202f53033992af0afea29d
SHA512 ce6cea0eb6813a1da203ecf966cf4fd36fb3602a6f4429db30ad0b09abbcd5f7355046c4e1e3a27f11a36bbfb6a828a7b98206ab85097f0c46385fb2bc9decd6

/data/data/com.qihoo.appstore/databases/ignoreupdate_appinfo.db-wal

MD5 dcd7b4ecd6b5b75fde80d66880b8757c
SHA1 a5f926eb632c94599be0355a9cf6ea9742a014df
SHA256 33ded700b32448ea8564eb14257c67dfc8e0e4ba09652efd2af9ab8d90b0b6e5
SHA512 15506fec5f86d57328e28fb892419601253f5f6b1ff61ce01202bd50c4a870b4df6feabe12b5c742a70503b22fb114aa8b5f338b72e0f56c513cde8723bc5fad

/data/data/com.qihoo.appstore/databases/update_history.db-journal

MD5 929e853495204c482890405649f9841c
SHA1 03d82f7b2a3707534a8e6c435df9ed71b7987817
SHA256 e136f087b9f51e595aa63a4eee906880dec55ab4651bf6f1c1565baa04deb6b5
SHA512 005c35d03265cdb73d746b1745eeec828315fb3107277519490d69bee7ef2b9467d27ded2a9ff4477c3a183ccd23605cf8a4bb1fd336710b207713d69cc0aaa0

/data/data/com.qihoo.appstore/databases/update_history.db

MD5 c0b24a5c2bcf9e375408df6a47038a4e
SHA1 d5aac2082ac180d11384c677279ca0eef435e0bc
SHA256 d173d6dad25d335c2b0df9aacf74f2de49e254dd53ec7be5f90e3e9ba81de795
SHA512 540e61c99bd1d6c9279b77614aa0e4e0c22bb3ddc864c147235de694eb298d0c144ffae7cd9be11c0312e11adfc25d3edd1ceb7efef5dcb36151204c707ccbb7

/data/data/com.qihoo.appstore/databases/update_history.db-shm

MD5 9d7bdf5e26cf2277ff55569253301df4
SHA1 69a32063a629af4f011c83910fcc5de6c319c305
SHA256 ebfda438f1a623fa111845f4807271af0b2ea4a1767862cfd04c0928ea3ad54e
SHA512 85ab374f89b4e518b05482dc3184def345302ecf6b4d9f79c5f2a270d9b55510b11df861f8c0aaa0f870d36ca9a535b0eadfc8ab1e049a6970c22922dff0b389

/data/data/com.qihoo.appstore/databases/update_history.db-wal

MD5 e6debef1b9e125452da484b6fe8a3403
SHA1 4b8f8c2a4a608bca27d38d730ff917c16c653791
SHA256 3198f54da00f10b8c98525d908192b0974dc782ef224fd14862f3c44c7543b7a
SHA512 5467e05a52d03abd356de2c56bb6496122bb68a3060c5740f4e5a12417106e114c67d66c48ad93b7c032c557b2e40e18261023ccfbb2fa4adbbd0e72fc9cf856

/data/data/com.qihoo.appstore/files/360/sdk/persistence/data/Y29tLnFpaG9vLmFwcHN0b3Jl

MD5 f12644a9672a761297e4ff818ced8225
SHA1 52d698fa6fb4226f1303db89047a8c8a742119c2
SHA256 d5d68294ea437ef727be14ad35938b9fc405603a3db7103bae625ea22e1e499f
SHA512 99e010ffeb9a69a48450dc5cd160ff319f3ef8831f293047d6bf423b21dde70464ddbe1435c3c648f81f0d66ba43a0d32ccd4f9f8ad0c54e639fb9dca6c9572c

/data/data/com.qihoo.appstore/files/360/sdk/persistence/data/Y29tLnFpaG9vLmFwcHN0b3Jl

MD5 1fd290ecea7cffa982146b241eb43e33
SHA1 7d250a5a4de028b77620481ff9b57b94a73f6e82
SHA256 61019efb778a5647c0c68a4fccbf085c11bd64c5919710c32f0868c497442346
SHA512 64bbb6f20363177c4b972904621532e6aa4eb16f931ff85e7606b4ad1c04adc14344324710cf2fcbca6462a6624cf0a1213409162bc349ad63ebd3bcd16b1937

/data/data/com.qihoo.appstore/files/360/sdk/persistence/data/Y29tLnFpaG9vLmFwcHN0b3Jl

MD5 e055a10b0c351799950a3fc5d1e60b2c
SHA1 a697a624bc8f936ef45349a37f9a91d70b3f58c2
SHA256 3051f57fd2d6c4fff96f853eb2a745fb5cdcf6cd4f87415a972235921251b3be
SHA512 4097a022afadaed5ecb31cf5ce5e64421387b8bc480730ef5e6481e3bb77e7e55e8811e570a7615bf1503146d64115d832c2b2cfeedf3d2d78a683f2821f5594

/data/user/0/com.qihoo.appstore/files/rooter.jar

MD5 e6beb4e66852e393f6560e87cb757635
SHA1 80a65db419468db4e69f9fe12d9eea1976a00de4
SHA256 26fafeafdb66c57aabed31fb2973fdb6d999812de4fe61296c5cc5ee74e0548c
SHA512 de3b1234b0ea20c0c04f229a72d4b46e8aebca6670dd1af3a02741b0d9c33317dfe52c1b498310b7d0c2c1624f3fbbe8c7320f72699bd1713fc6f644876751a5

/data/user/0/com.qihoo.appstore/files/rooter.jar

MD5 25efecf530d00ff7ac94d602e7876ce6
SHA1 240a3382dfc438b4aa939f84a6f9a7022053a1c1
SHA256 7a4c7a934727b6ba4824f739fcc12bd190373a2afad71ae28150a1299bcbc5c1
SHA512 6a1587b095de64e220077455300346b53056a5830e0a88643104607460a88754f4e14bce93b9591b689b59e1a965af5ef5c4e2ceb5c11f168d00864ef2e6cc3d

Analysis: behavioral4

Detonation Overview

Submitted

2024-10-18 15:00

Reported

2024-10-18 15:03

Platform

android-x64-20240624-en

Max time network

157s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.180.8:443 ssl.google-analytics.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.206:443 android.apis.google.com tcp
GB 142.250.180.4:443 tcp
GB 142.250.180.4:443 tcp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-10-18 15:00

Reported

2024-10-18 15:03

Platform

android-x64-arm64-20240624-en

Max time network

133s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.206:443 tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.180.14:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.232:443 ssl.google-analytics.com tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-10-18 15:00

Reported

2024-10-18 15:03

Platform

android-x86-arm-20240624-en

Max time kernel

7s

Max time network

132s

Command Line

com.qihoo.rooter

Signatures

N/A

Processes

com.qihoo.rooter

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-18 15:00

Reported

2024-10-18 15:03

Platform

android-x64-20240624-en

Max time kernel

145s

Max time network

160s

Command Line

com.qihoo.appstore

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.qihoo.appstore/files/rooter.jar N/A N/A
N/A /data/user/0/com.qihoo.appstore/files/rooter.jar N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A
File opened for read /proc/cpuinfo N/A N/A
File opened for read /proc/cpuinfo N/A N/A

Processes

com.qihoo.appstore

com.qihoo.daemon

com.qihoo.appstore:critical

com.qihoo.appstore

com.qihoo.appstore:permmgr

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.40:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 update.api.sj.360.cn udp
US 1.1.1.1:53 profile.sj.360.cn udp
US 1.1.1.1:53 sdk.s.360.cn udp
US 1.1.1.1:53 recommend.api.sj.360.cn udp
CN 180.163.251.81:80 recommend.api.sj.360.cn tcp
CN 101.198.1.205:80 profile.sj.360.cn tcp
CN 180.163.251.81:80 recommend.api.sj.360.cn tcp
CN 101.198.192.8:80 sdk.s.360.cn tcp
US 1.1.1.1:53 p.s.360.cn udp
DE 47.254.149.104:80 p.s.360.cn tcp
DE 47.254.149.104:80 p.s.360.cn tcp
CN 180.163.251.81:80 recommend.api.sj.360.cn tcp
US 1.1.1.1:53 openbox.mobilem.360.cn udp
CN 180.163.251.81:80 openbox.mobilem.360.cn tcp
US 1.1.1.1:53 api.kuaidi.360.cn udp
CN 180.163.251.81:80 openbox.mobilem.360.cn tcp
CN 101.198.1.205:80 api.kuaidi.360.cn tcp
GB 142.250.179.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp
CN 180.163.251.81:80 openbox.mobilem.360.cn tcp
US 1.1.1.1:53 m.irs01.com udp
DE 47.254.149.104:80 p.s.360.cn tcp
CN 125.88.193.234:80 tcp
CN 218.30.118.222:80 tcp
CN 221.130.199.88:80 tcp
CN 101.198.1.205:80 api.kuaidi.360.cn tcp
GB 142.250.200.36:443 tcp
GB 142.250.200.36:443 tcp
US 1.1.1.1:53 s.360.cn udp
CN 180.163.251.231:80 s.360.cn tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 123.125.82.206:80 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 171.8.167.89:80 s.360.cn tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 218.30.118.222:80 tcp
CN 101.198.1.205:80 api.kuaidi.360.cn tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:80 tcp
CN 171.13.14.66:80 s.360.cn tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 101.198.2.147:80 s.360.cn tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 101.198.1.205:80 api.kuaidi.360.cn tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:80 tcp
US 1.1.1.1:53 md.openapi.360.cn udp
US 104.192.110.235:80 md.openapi.360.cn tcp
US 1.1.1.1:53 p.s.360.cn udp
CN 180.163.251.221:80 p.s.360.cn tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:80 tcp
CN 101.198.1.205:80 api.kuaidi.360.cn tcp
CN 221.130.199.88:7 tcp

Files

/data/data/com.qihoo.appstore/databases/filelist.db-journal

MD5 16af8f20dc5fbe5a83b44c3e80eeb057
SHA1 5ad02095b763b6dad53b627f25446a1646c9d06b
SHA256 d89164aee2ae0105d9cf0776d1ca72a6e0ac60bf311233c692f8545f0cf7e6df
SHA512 ea86415ba4623fa8ea1dcf3c26f6329aa1f6d4ab96ef2753edd22cdb6aede14ee976adcb136b077002232fe33ee32e287ffe2d70496b81542922d00d803f23d4

/data/data/com.qihoo.appstore/databases/filelist.db

MD5 65184bad62e83fb0f76cf4228ee2e1b2
SHA1 023d34eae92412643d4e1d4436a9c252abffe4ee
SHA256 805f1b0b48abb9672155ac88aa619597c1b6065b8588908d2144dcdffbce75fb
SHA512 c20ef309824515e1559031168063aef34a90a152ba30648776eb18c668f762722712980e3b64def4cabfa6bf78daa31b7948b0695c46f7d7d6a304337054ed14

/data/data/com.qihoo.appstore/databases/filelist.db-journal

MD5 e9588ab25416035881163a4aafaa2dae
SHA1 50e98c0ae356c75f3a20c25c3dd7d56302128720
SHA256 28694eeb0a6436005c2b34076979522a7ed411ee8d2fe7effce47c46d048a881
SHA512 1825c935d835ff0eaf1fd13c34aacfea9d3e07cc0bfd692ce6ba2f31e3dcd8a1676f8e56a4b6fddad6119ba5b88573323f537fe0bec11df443c21551ac070b82

/data/data/com.qihoo.appstore/databases/download5.db-journal

MD5 4e4fcbd88ad6771847ec9710fbb19323
SHA1 a07a6e47da0b62225a04eca3562636d98ba09bdf
SHA256 14989f4dfebce428cf5b5041c29719eccaf7c4d53b40df3c8645cd740dd9b725
SHA512 a427c88fe063861a427f5aea35111be74c7df62ba22781288376c89fdb8b98ce30ab128ea1cfc8bf495445d3ff9aeb703bf0cf9f0283c4cbd5ea79bb20a95396

/data/data/com.qihoo.appstore/databases/filelist.db-journal

MD5 7e0a37e8187a9287984b1b7d6492573e
SHA1 3a1be592acc95ffd1b7984903eeeb5d72d4d7500
SHA256 41faf40a754df45ac6f05b092b5de87855bded262e2a3f2da2f5e44260d1a8ea
SHA512 0a5cbe31ec4e3a71aac862eb662fcd82ea152594b219d1a2d58d6f24df5db838f313057ae592f7734169e0c2d58c18fa22a7026ca402b763b6cefa6c9f6c3f86

/data/data/com.qihoo.appstore/databases/download5.db

MD5 6c2ae16842e9538570ed90a183a41441
SHA1 d1d5f76fe2b3f173360f8eb3bd6740143e7b09aa
SHA256 9c047a0ade2623183d3178d618a7b304bc87aed212d6dd3b9a8f44be51ff2447
SHA512 30136b1712f0cb36ae71926f9e4568d99100a2bff4bb56af2fcc23bb6cb0dcd3a815dcac4bb7899bab610713c050fa487a0cfda217c36072321e5edc9f4f8367

/data/data/com.qihoo.appstore/databases/download5.db-journal

MD5 79bb88c51f6592fa6b36d76c5e2f9dc9
SHA1 ab6d2b103c3d86cff02f2ca6175ab8060f557ed9
SHA256 c1ed6649dd3114d92836520c61480a38308dfb2eed5869a5d296fbcb48fac233
SHA512 f2c5951dee97bb24b4ef8249f1d13e2056ce36e5f27647670635ce80b5976926f382255c01ecc0b318cc7e1233d83d8fb8e03ae747cfba9d9c7d39b26550152c

/data/data/com.qihoo.appstore/databases/download5.db-journal

MD5 6da302a2e5fc0263420684f38a00e3fd
SHA1 9e1c35e91c3b84600dd8ebc10e072ccb91b5895a
SHA256 a9b2f6227429fd83edc4db9e62c5e3f8c45b55598f7b10c3132d6b339283c8d2
SHA512 6e91d3076e4f382a5e4119e6429b90bd4d604c858acb4914e8b67226f4ad0626e29726e09d12965f075ac6aebc49eb22faf0f5c6a286913aad9515887f91fa1b

/data/data/com.qihoo.appstore/databases/new_downloads.db-journal

MD5 8b17b54c35e7152216d29f4b7cee7eaa
SHA1 d95acd536889117c381e04154ff77f5e6a236b89
SHA256 e7300cd1568ee0e119313de6f769f91e1941500fafe26aca5d671d8a1c7948ee
SHA512 8958bbe66c2e536f5a8c70146fcadcfe543e128beea3896eb6053ff80ecad4eeb00ac1f50922abf2d1303a9da234f9317fbe62f9131b12a7af037117df00b30d

/data/data/com.qihoo.appstore/databases/new_downloads.db

MD5 023e6c2c7de2f5375dcc92d4354e765d
SHA1 591f9b29df574c9fd9c13820aefb8dca1781e264
SHA256 06134d771da07985421af60c1fa0c79a3e45c647adfc8e52071860702adabd9a
SHA512 60f2e00b09f4882e474ad3a30303c8c8a57d442de73385724d4cf411256a07061df3666659f9ed2ec5506037b4b87135ad5056ee75dd2c30303b8148323d43a6

/data/data/com.qihoo.appstore/databases/new_downloads.db-journal

MD5 7a07d452ddfb257a30b240d4bfa93e33
SHA1 853510f3e5517684b6cbd9513e1d230f6add33c4
SHA256 226764cae887737cd61840c80bf51b866cf2f527367744341f361e6f9b667f30
SHA512 33b3e8a9bad2999df89ca42f90381d3b3f943a91c266ca77bf35f2f166355812ae1cd83c2e55a93a30c46df94e153fa60e2597e1aa62a8ffa383d4725bce976e

/data/data/com.qihoo.appstore/databases/ignoreupdate_appinfo.db-journal

MD5 4ecb8133dd363edc09f152069cad9708
SHA1 4c55ca4bba8c05e7d9610c0283c4edd18ab325fa
SHA256 2f464e988e1da4ec070b6f9f6db46ce687cb4abdf3276f18a61ef84859fa8ad0
SHA512 e16c1d35f89cb0fc9fc858626a34b4da5fe807cf1192bfff096864d80d00f3c1aade99e71b5eef0de3976effe34059080f6d35234cbb06ce6fde5aaaf1d7d9de

/data/data/com.qihoo.appstore/databases/ignoreupdate_appinfo.db

MD5 e14f30415c4234dd9dddb3c6ef96a7ab
SHA1 3fdd2b7cd701c3d6aa4ab74e4e22aebeb6e3a98e
SHA256 0c571cadd625eb37a0b64729126f2373c44c76e95e0f1e39547690775eefa7a4
SHA512 e2cc8b9152a0b7be2aeebb18fcef9ff3d91d2ef578eeb15bab7ea34e0295cdb182eaa1dfeb28b4c69c5882585e9aacdd69abb49967522b3fa270813675ff87b4

/data/data/com.qihoo.appstore/databases/ignoreupdate_appinfo.db-journal

MD5 dcd7b4ecd6b5b75fde80d66880b8757c
SHA1 a5f926eb632c94599be0355a9cf6ea9742a014df
SHA256 33ded700b32448ea8564eb14257c67dfc8e0e4ba09652efd2af9ab8d90b0b6e5
SHA512 15506fec5f86d57328e28fb892419601253f5f6b1ff61ce01202bd50c4a870b4df6feabe12b5c742a70503b22fb114aa8b5f338b72e0f56c513cde8723bc5fad

/data/data/com.qihoo.appstore/databases/ignoreupdate_appinfo.db-journal

MD5 b0943d6fb6ad8c59c9c13706707ed07b
SHA1 9ecffeb4293449bedc907e80c49b5f0eb4e5a3f7
SHA256 27ab7bd440a8d77336fabef3daef136916537ae4094b7ec28ad01dc63e40ecb8
SHA512 015d00916471ba4529a7652bad5b00f8df08604f78c79a868e4f3ad181084de1a04264850886b99221afd8ea6d9c07d69d8fa898d1cc9aa9f1c301e6d745da4f

/data/data/com.qihoo.appstore/databases/ignoreupdate_appinfo.db

MD5 45f3c9c0f1d2e8281534f9e5f8d73ec7
SHA1 26de4b20289b97ad1cde921ae207e6f2f978d193
SHA256 39c83fe8e17e9639450e684ab0cd8b31220ff7f265b88d4bee199717d134f806
SHA512 d9a41028d6d7a7556d1884db0f75aa3a0ee8783c659aafb3a099a87d0a6f45896fbf3cde607b49603fa147d8246ddee5e59f3cfc07f1a9bedf9fee798393f4f9

/data/data/com.qihoo.appstore/databases/ignoreupdate_appinfo.db-journal

MD5 2b969deb7a82511f82d04eadd02648ea
SHA1 6368cae4001a647c9bf79d5bf986c67faa12ba1f
SHA256 5b4ff66745b698b914676f07b4927152d8f0b1e3963c045f209aa39e354fa16b
SHA512 ccfcb1467806d0ca6de44c42d06383b85e7cf4f314afd0695359fd34333a92c94132d3049d1a9ebca8c7ab1c3594e3bd6d5d2a0c0b82c98569db3f3e1e61b52e

/data/data/com.qihoo.appstore/databases/ignoreupdate_appinfo.db-journal

MD5 e01323f55191778fdb5c627cebc92df9
SHA1 dbcafbbf8b6ea10585abb787f5297e1b2f4fd79b
SHA256 086d8f1aef4d45e2709398e29b062cad0876c08465875c41cea208700699b43f
SHA512 97cfee9e43501f089a285a0d91b2a68fc99b941072a77ca92f45d8592d74bee37f3cb32b665f6a7f4f1c0629f4f5ac3730ecdddede6461c1203a7a8616c3e4ea

/data/data/com.qihoo.appstore/databases/ignoreupdate_appinfo.db

MD5 4b0999ed86aaa8d056fa4ba72c66510b
SHA1 7f49e69644e2c1e0d17388badbdfa54dfbe738ed
SHA256 2432e4c23d1e9926223578a141766fc478289da12fbba57a8fc506d37a69f601
SHA512 4756793b9e7003bf96d2a4fb7d104e4d1daffc566ec7a04d5bffa27c73613148ea023026e9b409a769f9f085a02a319de7fd90555fbcb5c9efcb97b6e89fd4ff

/data/data/com.qihoo.appstore/databases/update_history.db-journal

MD5 be4929a7a7dca27064be492af6be62fb
SHA1 b240d0ae01d5d59e18bd3643bb11bb4a78bb23df
SHA256 b5fac1e0a2a5d26718ca2abfd4ce1b4593f426602d60d3cc3be393954f922823
SHA512 28f5bc19061b70f97c310171eeed2b42a8dc838a26acb4b34aacc40c50d4ae633b0993c9c6fa2c45a6d3221a9036b039f1d00c6243cc5fbccfeac6e16d93ea02

/data/data/com.qihoo.appstore/databases/update_history.db

MD5 f33ca769a2800880f6ce092ac81a64d6
SHA1 b9da3e5d37badc2af4b74d25b9eb50516dc46d83
SHA256 f13f73faab704399c4352dcdbfba4dcb7c171bb2a1de767fd961455569c58d8c
SHA512 ac77c136433a472f3357fc2ec6faa072bd1ca62067cd75f8b522cdcdddfcf07dc88e7f3e8513329e88a0d721eabb7da71f6d2f75480df3594010641cf51bd86b

/data/data/com.qihoo.appstore/databases/update_history.db-journal

MD5 3d93f39dac6107b3fafd990a73f395cc
SHA1 fb7f7e5c484475486d25d0e6ad47635ca9a47fd0
SHA256 7858eefa192cf5ba14661b1f63c40fcbd6a60015717d524934aeea2c9256ee96
SHA512 8964ec6da64a56f3e73f92fe2eb98726415ffab191e620e4f4cf92e67fc467766b86d786f42437e8fffd0663c56af4b3998e90917c831b7626058edc4271613a

/data/data/com.qihoo.appstore/databases/update_history.db-journal

MD5 14eb929984a420239395e83f160e27c4
SHA1 d1b54367922e2a915837af7bb569482b040daa8f
SHA256 c856487bce2b6e86d142bdaf689c6716edc54f5bd881bd10b669903a9bc86bdf
SHA512 adcc19b3b419308884ad78d6129b625dbd59ce7a3f8acc34a5a2a6baa6cbd4dd28256a320d3c49885f472f610d826bdf8d0549445ed2cc8218d0c4c779614f7d

/data/data/com.qihoo.appstore/files/360/sdk/persistence/data/Y29tLnFpaG9vLmFwcHN0b3Jl

MD5 e91115f4d4f055b51b52e5559e18f52b
SHA1 3ae679bfa4a17e18ff44ea79907eb829412d3008
SHA256 8009cdc5b12de6db697b4012cba8279f497622a6d864b4f9c7310a05d8b23313
SHA512 005607d176f64c748158bb72350c5e7fcf7b19050ff17a46bd1caf45266323677033c0a477b0ade0ed92dd58d068ac96d654b4e65b752242c6329daf8ca2c610

/data/user/0/com.qihoo.appstore/files/rooter.jar

MD5 e6beb4e66852e393f6560e87cb757635
SHA1 80a65db419468db4e69f9fe12d9eea1976a00de4
SHA256 26fafeafdb66c57aabed31fb2973fdb6d999812de4fe61296c5cc5ee74e0548c
SHA512 de3b1234b0ea20c0c04f229a72d4b46e8aebca6670dd1af3a02741b0d9c33317dfe52c1b498310b7d0c2c1624f3fbbe8c7320f72699bd1713fc6f644876751a5

Analysis: behavioral3

Detonation Overview

Submitted

2024-10-18 15:00

Reported

2024-10-18 15:03

Platform

android-x86-arm-20240624-en

Max time network

138s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.238:443 android.apis.google.com tcp

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-10-18 15:00

Reported

2024-10-18 15:03

Platform

android-x64-20240624-en

Max time kernel

8s

Max time network

158s

Command Line

com.qihoo.rooter

Signatures

N/A

Processes

com.qihoo.rooter

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.204.72:443 ssl.google-analytics.com tcp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.213.14:443 android.apis.google.com tcp
GB 172.217.16.228:443 tcp
GB 172.217.16.228:443 tcp

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-10-18 15:00

Reported

2024-10-18 15:02

Platform

android-x64-arm64-20240910-en

Max time kernel

7s

Max time network

153s

Command Line

com.qihoo.rooter

Signatures

N/A

Processes

com.qihoo.rooter

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.238:443 android.apis.google.com tcp
US 1.1.1.1:53 www.youtube.com udp
GB 142.250.200.14:443 www.youtube.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.40:443 ssl.google-analytics.com tcp
US 216.239.36.223:443 tcp
US 216.239.36.223:443 tcp
GB 142.250.187.225:443 tcp
US 216.239.36.223:443 tcp
GB 142.250.200.1:443 tcp

Files

N/A