Malware Analysis Report

2025-08-10 22:59

Sample ID 230328-crw7gsac9z
Target 0eb6c3e7fbc28493979d2d55b37b6f2246e48ba46cd990efd5fbdcb84c52e7b0
SHA256 0eb6c3e7fbc28493979d2d55b37b6f2246e48ba46cd990efd5fbdcb84c52e7b0
Tags
ransomware
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

0eb6c3e7fbc28493979d2d55b37b6f2246e48ba46cd990efd5fbdcb84c52e7b0

Threat Level: Shows suspicious behavior

The file 0eb6c3e7fbc28493979d2d55b37b6f2246e48ba46cd990efd5fbdcb84c52e7b0 was found to be: Shows suspicious behavior.

Malicious Activity Summary

ransomware

Requests dangerous framework permissions

Uses Crypto APIs (Might try to encrypt user data).

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-03-28 02:19

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-03-28 02:19

Reported

2023-03-28 02:22

Platform

android-x86-arm-20220823-en

Max time kernel

637797s

Max time network

130s

Command Line

com.qzogle.xndroid.jacfup

Signatures

N/A

Processes

com.qzogle.xndroid.jacfup

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
NL 142.250.179.142:443 android.apis.google.com tcp
NL 142.250.179.142:443 android.apis.google.com tcp
NL 142.250.179.142:443 android.apis.google.com tcp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
US 1.1.1.1:853 tcp
US 1.1.1.1:853 tcp
US 1.1.1.1:853 tcp

Files

/data/user/0/com.qzogle.xndroid.jacfup/no_backup/com.google.android.gms.appid-no-backup

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.qzogle.xndroid.jacfup/shared_prefs/com.google.android.gms.appid.xml

MD5 612a012ad44bdbf52088f04b658aaf19
SHA1 d47d830ef6c3702e603bbe15d04b9f749d35135b
SHA256 05f7ad38f217f8f155099de8dcd82f828bf22c5f80739eb3da85c7727fba3f2e
SHA512 1d17609724a9cd7f2d52a4325ff77897839f9f73d6168f4566b1b17c0c4dcad6520c482463416afeb6f370738340e55e0e83f0d281e9e3d435261ab6f93db9df

/data/user/0/com.qzogle.xndroid.jacfup/shared_prefs/com.google.android.gms.appid.xml

MD5 a036bb6124bb72497bb8412776863d7a
SHA1 2e962d22df9d1890c84f8a47a23e52c5ad3c08c7
SHA256 7a40269a8ea10f9007b6c621257402ab44ff67db1033ac16619b4a64d3a2b4f3
SHA512 f45bc9c9a25ff3bc330f04b7846a462e4c98324af7fc7624dd83900cbc8fc0f6bbdc1dd966830c32d3d1195930d736c772aeed145a0527234f542c3760c04ae6

Analysis: behavioral2

Detonation Overview

Submitted

2023-03-28 02:19

Reported

2023-03-28 02:22

Platform

android-x64-20220823-en

Max time kernel

637764s

Max time network

136s

Command Line

com.qzogle.xndroid.jacfup

Signatures

Uses Crypto APIs (Might try to encrypt user data).

ransomware
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.qzogle.xndroid.jacfup

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
NL 142.251.39.104:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.208.110:443 android.apis.google.com tcp

Files

/data/user/0/com.qzogle.xndroid.jacfup/no_backup/com.google.android.gms.appid-no-backup

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.qzogle.xndroid.jacfup/shared_prefs/com.google.android.gms.appid.xml

MD5 f422afdc82dd35847a20c26547b67e01
SHA1 7e8749aee3d0cd2f116cf08b8217c8206ac12649
SHA256 ca837861eff3586fcd180318b2e81f9f9571081085f9bf3e31e1c69ef08d5674
SHA512 51826c2ba6f3c02e151942b76f629e6dc193305e1d0fcf8b434705f7ffacd06351a4ac8cdd6fcb0b585a8db97bb951c1c5de9da76860bbfdde25f1f85c43b20f

/data/user/0/com.qzogle.xndroid.jacfup/shared_prefs/com.google.android.gms.appid.xml

MD5 2ea05ef12be99de0fbef8299f287dd82
SHA1 38d096883bc04cf8fb8dc67ad4cf91edbce9adf4
SHA256 2446002ed079a19862c2d6eee54e9e1bcf0d129a2dd775406571664d4c0ae3d9
SHA512 e11a26b962f9a76ba76ff194f01e945ca154231857aa17c777549fa572ace07cbd8555d7f409d4ab0ffe078fcc17dccbfab18d07350851d9eeb1ca61e9b319ba