aa222944ec68ec102f6551266fb6aa33061277e92e908cbacd82d3b72c7cb94f

Analysis

max time kernel
2916626s
max time network
156s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
24/12/2023, 00:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

aa222944ec68ec102f6551266fb6aa33061277e92e908cbacd82d3b72c7cb94f.apk
Size

6.9MB
MD5

6beb743346d9c92035a6538dfcd9f9e0
SHA1

efd0b69e46b45fe75a078f5500387c3e331a607a
SHA256

aa222944ec68ec102f6551266fb6aa33061277e92e908cbacd82d3b72c7cb94f
SHA512

d9245d9a5418fa8a2e7fc65b0356484422b9c1e491a5736e7fb8d05dcd5b6421eaa17fac91b93570db1e221be1f9544aed08a80a510ca83ad954b7dccc112c31
SSDEEP

196608:DE+UFJSj8pHfmkNHQnbCqHGnR4PRZRqLbSgK:DdMIGynHK4PrRqnSL

Score

7^/10

Malware Config

Signatures

Loads dropped Dex/Jar 13 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.excean.gspace/.platformcache/main.jar	4395	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.excean.gspace/.platformcache/main.jar --output-vdex-fd=53 --oat-fd=54 --oat-location=/data/user/0/com.excean.gspace/.platformcache/oat/x86/main.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.excean.gspace/.platformcache/main.jar	4316	com.excean.gspace
/data/user/0/com.excean.gspace/.platformcache/kxqpplatform2.jar	4424	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.excean.gspace/.platformcache/kxqpplatform2.jar --output-vdex-fd=46 --oat-fd=47 --oat-location=/data/user/0/com.excean.gspace/.platformcache/oat/x86/kxqpplatform2.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.excean.gspace/.platformcache/kxqpplatform2.jar	4316	com.excean.gspace
/data/user/0/com.excean.gspace/.platformcache/kxqpplatform2.jar	4473	com.excean.gspace:lbcore
/data/user/0/com.excean.gspace/.platformcache/main.jar	4516	com.excean.gspace:smtcnt
/data/user/0/com.excean.gspace/.platformcache/kxqpplatform2.jar	4516	com.excean.gspace:smtcnt
/data/user/0/com.excean.gspace/.platformcache/main.jar	4647	com.excean.gspace:smtcnt
/data/user/0/com.excean.gspace/.platformcache/kxqpplatform2.jar	4647	com.excean.gspace:smtcnt
/data/user/0/com.excean.gspace/.platformcache/main.jar	4716	com.excean.gspace:smtcnt
/data/user/0/com.excean.gspace/.platformcache/kxqpplatform2.jar	4716	com.excean.gspace:smtcnt
/data/user/0/com.excean.gspace/.platformcache/main.jar	4812	com.excean.gspace:smtcnt
/data/user/0/com.excean.gspace/.platformcache/kxqpplatform2.jar	4812	com.excean.gspace:smtcnt

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data) 2 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.excean.gspace:olle
Framework API call	javax.crypto.Cipher.doFinal	com.excean.gspace

com.excean.gspace:olle
1⤵
- Uses Crypto APIs (Might try to encrypt user data)
PID:4248

com.excean.gspace
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4316
- chmod 755 /data/user/0/com.excean.gspace/.platformcache/kxqpplatform2.jar
  2⤵
  PID:4357
- chmod 755 /data/user/0/com.excean.gspace/.platformcache/main.jar
  2⤵
  PID:4370
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.excean.gspace/.platformcache/main.jar --output-vdex-fd=53 --oat-fd=54 --oat-location=/data/user/0/com.excean.gspace/.platformcache/oat/x86/main.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4395
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.excean.gspace/.platformcache/kxqpplatform2.jar --output-vdex-fd=46 --oat-fd=47 --oat-location=/data/user/0/com.excean.gspace/.platformcache/oat/x86/kxqpplatform2.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4424

com.excean.gspace:lbcore
1⤵
- Loads dropped Dex/Jar
PID:4473

com.excean.gspace:smtcnt
1⤵
- Loads dropped Dex/Jar
PID:4516
- /system/bin/sh -c ps
  2⤵
  PID:4574
- ps
  2⤵
  PID:4574

com.excean.gspace:smtcnt
1⤵
- Loads dropped Dex/Jar
PID:4647
- /system/bin/sh -c ps
  2⤵
  PID:4676
- ps
  2⤵
  PID:4676

com.excean.gspace:smtcnt
1⤵
- Loads dropped Dex/Jar
PID:4716
- /system/bin/sh -c ps
  2⤵
  PID:4745
- ps
  2⤵
  PID:4745

com.excean.gspace:smtcnt
1⤵
- Loads dropped Dex/Jar
PID:4812

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.excean.gspace/.platformcache/kxqpplatform2.jar

Filesize
1.6MB

MD5
7f91c6be7fd549e7cb4cf128ea0b344a

SHA1
ebcd51d9344864988b1c814c47e50ffa6312494f

SHA256
ca5226dfe083d9c898c8bfc0859050e0c5b526a14b7018cb18de35dcdc33f80a

SHA512
1a7cd98baa6ca01554fe0a0cff66fc58a971a516c38e0e9de3a95d6c08dd7ffd358a366dac201949f8d403f531d10fa7c8fb9c8c21525c134e82f5a90d8da8b0

Download Submit
/data/data/com.excean.gspace/.platformcache/lib/tmp3919936263197765869tmp

Filesize
1.2MB

MD5
6b7798c7624d7327bcfbfbbc2efe7296

SHA1
f33e811f83a02a104b6eb27c8721d05220137d5f

SHA256
ec093387297942b1cd7551cded000aa644171f9ae96492e885d81bcc41c16401

SHA512
7c1246390c29fae0097d0d738c8f46e5b81239459607e2c5bb5776b3650dff62a7a814519f11fb11910f7db0b0088484d12d6a659d8822e53db2a91fcbc4f5f8

Download Submit
/data/data/com.excean.gspace/.platformcache/lib/tmp6441478701388780404tmp

Filesize
2.1MB

MD5
01b0386c05ecb1d8cd4e6e70a9a9afa0

SHA1
d22284a2e5a82e30b9e71c7c7600434046d48a8c

SHA256
81652ad7a18dcbdc97e926e6d62ca2f841484a376141637223ed3232ac6e9307

SHA512
83178441f48e59672153d94d1622c1e5e0ca6f32840be0fafd6068bffbaa17e07529704c168a9ec16b9867c3eeeb85bffe2c099c0e4deb501e59e7defb555d50

Download Submit
/data/data/com.excean.gspace/.platformcache/lib_kxqpplatform/tmp2864041022528726869tmp

Filesize
108KB

MD5
d754d191eda76d940598316642e598cd

SHA1
8036481003e335ef4a6692af4aafd60c10cfbddd

SHA256
aa523e4fa4eaa5fb37bf746511f3f04f63d2ed691fdb65e5ecd15b7ac068d839

SHA512
13f4c60d2ffc62bb973880489e4ad31d0ed7aa0658496cdbd6550534461c36ef2208976cf7132520a97cd0d241c047ed980fa99a27ff6db883ea13bd30494245

Download Submit
/data/data/com.excean.gspace/.platformcache/lib_main/tmp2391590789703842818tmp

Filesize
1.6MB

MD5
7d10c2ce619810b69d3407dfd572b7f0

SHA1
2a4fd178c77beed3350a0c5c87173b86c6217e39

SHA256
03623c54f70025f7a51767b9c3c2ee39770b70dd1d146b110ef8536c98f5d53c

SHA512
83038c6c150aba51c71817649cb920cf59ae6ee00e991a4aaccde5bb27aa5848604ceee0a3a88cdcd24b6f0634b5fad988f2e9cb2be7fb84d5ff47d096f1f4a7

Download Submit
/data/data/com.excean.gspace/.platformcache/lib_main/tmp3758892447979003414tmp

Filesize
45KB

MD5
dc6db97082a29821e95b027603eb981d

SHA1
d648189f9fe7ecb0d23fa5f50b8ecbdaafc1f9ac

SHA256
6a805c9d299f9005483d54ead1409ee70cb2b3d9f1a210bd32fac155b1830a42

SHA512
5c2a1cec4bdbb54b30b109c109d0cbfe5b780ea4a5759b1e0afc2840be1f31cd29fd620dd8d8a8d98b23d73f132eb1a6e78cc398afcfb97a73ab3974f8cfd608

Download Submit
/data/data/com.excean.gspace/.platformcache/main.jar

Filesize
1.9MB

MD5
16d2f712027c00dab039a73606829ab3

SHA1
1746c35dc1a13ce7db4b987fcec86def27a7fb42

SHA256
bfaddd4f55427dbb79fd4bbbdd77fe92244106213fa0624f8e5484ed95ef3dae

SHA512
0ddd5ed5dff73e441b524fcacbfca44e9a97a2c5154d7495b6fde7d67d509a66212acb11646e1fb82a65b4f21ec73c66a23767bac59ba763b6fc38ce2be6df33

Download Submit
/data/data/com.excean.gspace/databases/lio_statistics.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.excean.gspace/databases/lio_statistics.db-journal

Filesize
512B

MD5
434d71bf88f9fa1e0ef96bf112347587

SHA1
25b42a80c048587452a192f7c484d53bca29bc49

SHA256
a679c8efce7bb44343e05458f4cd5b73254874e8c7d40089de9ab507a02774d6

SHA512
5418dc1207f1d92e788d164f640656dbfadcd3d5b78830a7b4d4966157c0dd3722c376412d98a8e1ab2ef8a74e3ca6f24ce94b10a1ffacacd3b4e4de358fad30

Download Submit
/data/data/com.excean.gspace/databases/lio_statistics.db-wal

Filesize
16KB

MD5
6a4e996b465031ddf5aec34ab886dc74

SHA1
a578de7876b7e2f5e07486855ba122596f138753

SHA256
f324d8c9e9dedcab1b1a2d8cccce98b5a2d83a563fc39efb867789a1d64e6dd2

SHA512
f43c8084862932805206c36810a15a68ac2fdc4e8c28f2b80407d0c6dc6f96fb80d8a1081fea9dec2885983a05102d18c29cffa06f70bd6f2b2f823943731eab

Download Submit
/data/data/com.excean.gspace/gameplugins/lb_amcfg

Filesize
45KB

MD5
5976a396ab2c69469851e7359bc53355

SHA1
02233cbca23e44d17ea44ba7f95faf0e496ede8a

SHA256
ecfc075c047938a8556ea1a59fec6213abc513eae962ffd73056754e6bcf57f8

SHA512
940c60575ca04518b7117df06aeff690c75b324870b49ee4ccccddec76bcef94241e71d0f8a9a49eca703cdc32823442af25e5d86dd318828d939f8ef566e163

Download Submit
/data/data/com.excean.gspace/gameplugins/lb_packages

Filesize
21KB

MD5
3e85cc8f3fa658fbbb3ca2440559c4b0

SHA1
3062bdbc1c7bc86ff5bf73d065d26c748714b9ed

SHA256
7845729b6d88ec038cf3d9ffc3f20ad1fa5e4e637ae9abcdf0cea222d53f3a01

SHA512
426036f58afcc042b9a21932c73b0d62e8a3ace804198783ba2612dfbc9817864640e9189fd6056ea29ba3825eb37fbc51f46de05c2bd271c739debb812ace53

Download Submit
/data/user/0/com.excean.gspace/.platformcache/kxqpplatform2.jar

Filesize
1.3MB

MD5
d264d55de467d6a79a6f78526f11482a

SHA1
3083675b4fa60cd1330115050d11f1ac94d8e9c9

SHA256
159320e9f685a93219baf9f0b8c4754d1bc0118b6bb6312e35b41d5cbcd8a400

SHA512
1c2c2e7970dfc43133cb654420d9ca7009049e206656264a0b710cc62afffc2a888227bb9bd60649248605d92f1b06024f7de397fc14e43305de61bbb6a6d3e7

Download Submit
/data/user/0/com.excean.gspace/.platformcache/kxqpplatform2.jar

Filesize
1.3MB

MD5
a3f013c7c2dfb97459f30d504c3fa3a5

SHA1
d51d660fd4ce475976a0a67e41f4c6b4ed8428d2

SHA256
fd765035e3bbbbb616681842eb9a67a6c087ae4defce229de09cc47b7981f035

SHA512
c695848fe0f9329d93c6544dcffb275807d3e26974e42d793ab1a52d59cf833c8065d2c4d51274ece58743f11ac09d1753a142a03defdfb2da8117b4cfa33339

Download Submit
/data/user/0/com.excean.gspace/.platformcache/main.jar

Filesize
4.5MB

MD5
3c8ac5fff38df5df5bbfd59ce120f5e7

SHA1
d9ac9c5f00636f92e915aaf8b71e097bfe5ee3f2

SHA256
c12bb0c01139f1f4c1a5ac043f92da1e8fb70154ecdb0664092c65ec54e6810f

SHA512
977f05d5646399f38ebc24804315ae20668a321295e82bc5bfaa37380ff3c714db8cf242dcb06a57909ff09ed5dcef510e6314de3ad52a850524d15a6345165b

Download Submit
/data/user/0/com.excean.gspace/.platformcache/main.jar

Filesize
4.5MB

MD5
dc9d2f2e6987835378df1d93416c919a

SHA1
b3e78247ded3748d977f54b79cff6f966ae404a0

SHA256
f1befee81592af8f19eb21adef37f4bf862dc1756ec5d91f5a8213af7d8a0bf0

SHA512
c5a8cfcba8b72ec8ed9b06fd6535abeb60f06ff26992b7695cd15e49524d2adf10e0cb8d2aede92081b562d6ca463671eef84fd319c0059ecd543d414d379527

Download Submit
/storage/emulated/0/.com.excean.gspace/game_res/compVersion

Filesize
5B

MD5
2c292d1be5eb1ed8faa7675d09de1ab9

SHA1
01b02059a7cf660975b3e06bdf44a2599987e0c7

SHA256
5136cf22a14d6395186da645a7c305d07eb9b7548122b8e5b6fee7535bddbf82

SHA512
bdac9266dd968e996fea58470dd9b8750c436f0228572211610453f7c6023bf68241860c576488bffe8c15028a901e219e0f36a83b3cf7d05ee0bfe90d459ab6

Download Submit
/storage/emulated/0/.com.excean.gspace/game_res/verinfo.cfg

Filesize
82B

MD5
64d753c8be42ee2bb4a08e7c4a6770df

SHA1
7311cfb7bbc69862f7a050f3a0dc374d6beeeecc

SHA256
fec3c4b260e850959dd16b0ea3819d87cef7b3809a982739ed76311275ec18f1

SHA512
7f7f77295cfcddf3a8d3408d5349d989bff3a205a27fdf83b96c58e5345f4c8f750f4417c3858172f76568ce05f9e2ee314e7555b2bc8088e521e0b681a75c2f

Download Submit
/storage/emulated/0/.com.excean.gspace/game_res/verinfo.cfg

Filesize
85B

MD5
a808586c385189afe2f0b9041fb28e1e

SHA1
31d76d537a9e9b8adfbf05b157d894545c75d1a1

SHA256
eaf0a231012c4aef1a87a8dcd43f658519cae63432df838733090f58e13363bd

SHA512
4a3a53579737d37e9deafd7acd82a7ec6ba54e7e8e555d35642a466bdbecd1eacd7d4a96224b62f8a4d5d6178f98d4819d026506e73631ac623511d411d674cc

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads