Analysis Overview
SHA256
0eb6c3e7fbc28493979d2d55b37b6f2246e48ba46cd990efd5fbdcb84c52e7b0
Threat Level: Shows suspicious behavior
The file 0eb6c3e7fbc28493979d2d55b37b6f2246e48ba46cd990efd5fbdcb84c52e7b0 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Requests dangerous framework permissions
Uses Crypto APIs (Might try to encrypt user data).
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2023-03-28 02:19
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to record audio. | android.permission.RECORD_AUDIO | N/A | N/A |
| Allows an application to read the user's call log. | android.permission.READ_CALL_LOG | N/A | N/A |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
| Allows access to the list of accounts in the Accounts Service. | android.permission.GET_ACCOUNTS | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
| Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. | android.permission.PROCESS_OUTGOING_CALLS | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-03-28 02:19
Reported
2023-03-28 02:22
Platform
android-x86-arm-20220823-en
Max time kernel
637797s
Max time network
130s
Command Line
Signatures
Processes
com.qzogle.xndroid.jacfup
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| NL | 142.250.179.142:443 | android.apis.google.com | tcp |
| NL | 142.250.179.142:443 | android.apis.google.com | tcp |
| NL | 142.250.179.142:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | infinitedata-pa.googleapis.com | udp |
| US | 1.1.1.1:853 | tcp | |
| US | 1.1.1.1:853 | tcp | |
| US | 1.1.1.1:853 | tcp |
Files
/data/user/0/com.qzogle.xndroid.jacfup/no_backup/com.google.android.gms.appid-no-backup
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.qzogle.xndroid.jacfup/shared_prefs/com.google.android.gms.appid.xml
| MD5 | 612a012ad44bdbf52088f04b658aaf19 |
| SHA1 | d47d830ef6c3702e603bbe15d04b9f749d35135b |
| SHA256 | 05f7ad38f217f8f155099de8dcd82f828bf22c5f80739eb3da85c7727fba3f2e |
| SHA512 | 1d17609724a9cd7f2d52a4325ff77897839f9f73d6168f4566b1b17c0c4dcad6520c482463416afeb6f370738340e55e0e83f0d281e9e3d435261ab6f93db9df |
/data/user/0/com.qzogle.xndroid.jacfup/shared_prefs/com.google.android.gms.appid.xml
| MD5 | a036bb6124bb72497bb8412776863d7a |
| SHA1 | 2e962d22df9d1890c84f8a47a23e52c5ad3c08c7 |
| SHA256 | 7a40269a8ea10f9007b6c621257402ab44ff67db1033ac16619b4a64d3a2b4f3 |
| SHA512 | f45bc9c9a25ff3bc330f04b7846a462e4c98324af7fc7624dd83900cbc8fc0f6bbdc1dd966830c32d3d1195930d736c772aeed145a0527234f542c3760c04ae6 |
Analysis: behavioral2
Detonation Overview
Submitted
2023-03-28 02:19
Reported
2023-03-28 02:22
Platform
android-x64-20220823-en
Max time kernel
637764s
Max time network
136s
Command Line
Signatures
Uses Crypto APIs (Might try to encrypt user data).
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
com.qzogle.xndroid.jacfup
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| NL | 142.251.39.104:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.208.110:443 | android.apis.google.com | tcp |
Files
/data/user/0/com.qzogle.xndroid.jacfup/no_backup/com.google.android.gms.appid-no-backup
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.qzogle.xndroid.jacfup/shared_prefs/com.google.android.gms.appid.xml
| MD5 | f422afdc82dd35847a20c26547b67e01 |
| SHA1 | 7e8749aee3d0cd2f116cf08b8217c8206ac12649 |
| SHA256 | ca837861eff3586fcd180318b2e81f9f9571081085f9bf3e31e1c69ef08d5674 |
| SHA512 | 51826c2ba6f3c02e151942b76f629e6dc193305e1d0fcf8b434705f7ffacd06351a4ac8cdd6fcb0b585a8db97bb951c1c5de9da76860bbfdde25f1f85c43b20f |
/data/user/0/com.qzogle.xndroid.jacfup/shared_prefs/com.google.android.gms.appid.xml
| MD5 | 2ea05ef12be99de0fbef8299f287dd82 |
| SHA1 | 38d096883bc04cf8fb8dc67ad4cf91edbce9adf4 |
| SHA256 | 2446002ed079a19862c2d6eee54e9e1bcf0d129a2dd775406571664d4c0ae3d9 |
| SHA512 | e11a26b962f9a76ba76ff194f01e945ca154231857aa17c777549fa572ace07cbd8555d7f409d4ab0ffe078fcc17dccbfab18d07350851d9eeb1ca61e9b319ba |