b7f53e9567cfc4db5a83df680c31142780d9ac1027c88702d0e500bfe6ee899a

Analysis

max time kernel
2941780s
max time network
160s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
24/12/2023, 01:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b7f53e9567cfc4db5a83df680c31142780d9ac1027c88702d0e500bfe6ee899a.apk
Size

29.6MB
MD5

e17c2ced315d4b038ae5802e6bbce89f
SHA1

73dac9d39815a0976bc16e4e1b01d3ecafacbe25
SHA256

b7f53e9567cfc4db5a83df680c31142780d9ac1027c88702d0e500bfe6ee899a
SHA512

c6049e29e988d2ad01ffe5bbdc476fa8648e0db17c57b6bbcf264b3b593535ed1a5a32c7feef49b877eaa059a9f05cde39f28490893c584aece2fe47c4beb04f
SSDEEP

786432:QlODb9QwV9UEa2r2qPD/eBpprvf0VH8y0rR4Po:SOD5QwXJa2rNP4TQVHZNQ

Score

8^/10

banker evasion

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 IoCs

banker

description	ioc	Process
Framework service call	android.content.pm.IPackageManager.getInstalledApplications	com.excean.gspace

Loads dropped Dex/Jar 3 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.excean.gspace/.platformcache/kxqpplatform2.jar	4255	com.excean.gspace
/data/user/0/com.excean.gspace/.platformcache/kxqpplatform2.jar	4669	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.excean.gspace/.platformcache/kxqpplatform2.jar --output-vdex-fd=45 --oat-fd=46 --oat-location=/data/user/0/com.excean.gspace/.platformcache/oat/x86/kxqpplatform2.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.excean.gspace/.platformcache/kxqpplatform2.jar	4586	com.excean.gspace:lbcore

Checks the presence of a debugger
evasion

Uses Crypto APIs (Might try to encrypt user data) 2 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.excean.gspace
Framework API call	javax.crypto.Cipher.doFinal	com.excean.gspace:chk

com.excean.gspace
1⤵
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4255
- chmod 755 /data/user/0/com.excean.gspace/.platformcache/kxqpplatform2.jar
  2⤵
  PID:4310
- chmod 755 /data/user/0/com.excean.gspace/.platformcache/main.jar
  2⤵
  PID:4324

com.excean.gspace:anr_handler
1⤵
PID:4381

com.excean.gspace:chk
1⤵
- Uses Crypto APIs (Might try to encrypt user data)
PID:4423

com.excean.gspace:smtcnt
1⤵
PID:4544
- /system/bin/sh -c ps
  2⤵
  PID:4623
- ps
  2⤵
  PID:4623

com.excean.gspace:lbcore
1⤵
- Loads dropped Dex/Jar
PID:4586
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.excean.gspace/.platformcache/kxqpplatform2.jar --output-vdex-fd=45 --oat-fd=46 --oat-location=/data/user/0/com.excean.gspace/.platformcache/oat/x86/kxqpplatform2.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4669

com.excean.gspace:smtcnt
1⤵
PID:4776
- /system/bin/sh -c ps
  2⤵
  PID:4803
- ps
  2⤵
  PID:4803

com.excean.gspace:smtcnt
1⤵
PID:4848
- /system/bin/sh -c ps
  2⤵
  PID:4875
- ps
  2⤵
  PID:4875

com.excean.gspace:smtcnt
1⤵
PID:4945
- /system/bin/sh -c ps
  2⤵
  PID:4971
- ps
  2⤵
  PID:4971

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.excean.gspace/.platformcache/kxqpplatform2.jar

Filesize
2.1MB

MD5
9ff6a9803a0e5b6fff23806641749d33

SHA1
a130f3d21daacfd74c4c4168734d262ec2c9a207

SHA256
afcb9ab8133afe88c7f3847014da8c4cfe9f7d1e9e7fd9bea01c7cdaa7f7bc06

SHA512
b15c786af5f01335f977690b864642c06b6de1fe2daa7cd1d6dfeaf4c7f1f9c04c94cddbe8128ee9d514b674ac2614455e9477dcab9b5b5ad02a5d667810a21e

Download Submit
/data/data/com.excean.gspace/.platformcache/lib/tmp6893122124757548829tmp

Filesize
533KB

MD5
d67817e40ce742b090050e1a4b29a4d8

SHA1
a3d8b103de3d07f2e06739b4fd2255c68ead90c1

SHA256
25233b40f3068024282f80fb1035bb010164824af65482578d874a84d56dee8e

SHA512
d5cd9b254e3213e23ad54b4651a7fdac04667a225dd93c0913e4ecb7298627b73dae25939c6af0bace72873b89b1037193cdd3779f8767a92a922f0e45da86f6

Download Submit
/data/data/com.excean.gspace/.platformcache/lib/tmp7951919714888825599tmp

Filesize
1.3MB

MD5
ca71104b5765e795d44bc25a775689ef

SHA1
0abdde680846b1f0617317867150629a37afe16b

SHA256
27ae7e3165bf220fbc8a2d45e1076a57fd53f5cc57efaffcf835dcb9340ed0ec

SHA512
3144a4540a314da28ab367326f67a388069a1f068a7ac6b8ff9edf5e7fe1c1245cccf52dacf504b1dd2cb4ef0597621e5fd71910584606ccc99a264a2a7fc3ad

Download Submit
/data/data/com.excean.gspace/.platformcache/main.jar

Filesize
2KB

MD5
03e198ddc87dd03d06c0d383ad81c905

SHA1
b7917dc00f032925ebe0e553a15bdef77420a856

SHA256
cf4fb2391c66df249a87e6e269c892cea9f3d2dae6222511ca1797c49a1d6bae

SHA512
6bf90832d4f12c6d772d874c7be7f3e5812b8a6bb73f4a13671f672cb271eba1086597038286895d48b74b4078ce9efe3a9f4562a7a433f1a2e6b33163068523

Download Submit
/data/data/com.excean.gspace/databases/lio_statistics.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.excean.gspace/databases/lio_statistics.db-journal

Filesize
512B

MD5
b26f732ff9697cc6dc7ac6c759eeafa6

SHA1
50d51d582e8d57b2df4d557b74c5a22d19683b90

SHA256
55aa8ca2f13b3bdf72f788f91916e991405c2adf8eaf57211156a267517aacdd

SHA512
dab87543ec5ec0285c0dc42c6b9d38480c074b9fa11edf0168b8ca11947ebded1e380dcdeaf325689da8bf4e208c1c4a0a0c591951569e23716d0adddfcc502b

Download Submit
/data/data/com.excean.gspace/databases/lio_statistics.db-wal

Filesize
88KB

MD5
6a13762c12088766bdc09f82a7e38461

SHA1
2ccee7eeb41bfb4bde067398072633337bdf365e

SHA256
43514195091b04f7d1deac652d9788b6afcc089e797e54c6b414329f9149b41c

SHA512
8f8bb010c6f77404b375aacbd556352659c6de1086e5c3bd59513d64997f7e6ef846acf441233b019394874adb26b605b772035db6282aa79cf9fad02ec7cdfd

Download Submit
/data/data/com.excean.gspace/databases/spushitemnew.db-journal

Filesize
512B

MD5
5e1c1910f45d061da6b46ef67f2307c5

SHA1
3a51877f937b4265756ff49c9d19f09598f22256

SHA256
912ed2f7415bc17a529ea9901a17046e80d4d450becc041ce30d7b55df54ad6c

SHA512
d4fab1615f4c896fbfc78df0365427b49734ddf576600c104f1d86eca592ae607bda6f61f54c3ff10313ce967ceaae96302749875d44dada7e9c0d61766c6597

Download Submit
/data/data/com.excean.gspace/databases/spushitemnew.db-wal

Filesize
36KB

MD5
ab35b084202f8686f1febdb232512b0b

SHA1
e78057df4aa733d9f5437aeea90114b033c664e2

SHA256
9697c60116fdf27bfdd21a4b6a6ee00e54bed3c93169b2ec21c4ab31a5e286c5

SHA512
0f8848d03e629d42e3a2b61404e1a7e571a34fa671d7b2c7de1de7d2c54f66dbeb77b14b6968e77d5b18db48c4c702912fad1d7d2fccdbb0895defb48e2e6d55

Download Submit
/data/user/0/com.excean.gspace/.platformcache/kxqpplatform2.jar

Filesize
1.9MB

MD5
e0b70574fa4971dfa67b6265c66aff01

SHA1
330c626b64626fac3a9f1e9664b6c372d6768833

SHA256
3107aa7fa91a3bcbd77e6c48f957b4bd72c15db0c4d48dfd2bf7a0c4a5ce5e71

SHA512
899171c0f4c40e9f31c232607ba0affa32c26930a69698cdbb0008632ae60e27c2bcf9a10789077195c988ce8e49a1a368bd87939d70d80a162becda57f08720

Download Submit
/data/user/0/com.excean.gspace/.platformcache/kxqpplatform2.jar

Filesize
1.9MB

MD5
f77a1cc7d61852a177175e4ae208a11f

SHA1
66a53462e03a4825d2f9450fe0b72970c014dfcd

SHA256
066af075c68f7a864690303a8b6391248a71fc08d30f93a64b9b379f48df44c6

SHA512
808725206a301bc63293de5ce5f55c623cf73ab62d0fe4807338b602ec50ef53dc1e8c5a79b684f31c5ed2b178834cb85b410107728631a423df4bb8c46de3fc

Download Submit
/data/user_de/0/com.excean.gspace/databases/config.db-wal

Filesize
44KB

MD5
1fafe6b843a1d34053fcb6df6dbeacbd

SHA1
91954c14d56858ea31fc0907f3129e6db7bfbdc6

SHA256
f975988d028f02c5e6e85d5461248c727262c2281ffe19436dd67b2df7de7ed2

SHA512
3bf521ec16f24339580d71785ca200731e987ce093a871184cbaf2f47e5e6ede95178685fd21b65810bda6784769fda99cb2f946e2bd6e83d39eec5aafa58b2f

Download Submit
/data/user_de/0/com.excean.gspace/no_backup/bypass-china.acl

Filesize
189KB

MD5
88ef109f1aba044ebab7a12d4438a414

SHA1
fd4a9707ec6731c3fe18a5fa9a59c83e9b11d8d3

SHA256
cae4319b3cdbf8f8290918be669083df61473aeb7dec2686f4ef91ca4eacdfc8

SHA512
5fd4950e5acea7a2fc051cb3262bd60fa9ddef097233c05ba69da1bbfbf42f9ab2a4ff18380ccb5e22e3cb7e28510b6aab2bc1517895ae9ae1b79434ac3036ac

Download Submit
/data/user_de/0/com.excean.gspace/no_backup/bypass-lan-china.acl

Filesize
189KB

MD5
727981d6579220e0fc0cad7dbd77d06c

SHA1
f8bf0aa6a8be11459314318538432b12f1fc2bbf

SHA256
b89a6145a67ec2e9e256c63bcfeeff3079ceeea4b6e0d55249f5892db61c96d1

SHA512
f619104192f713eaa7d2fde6e98264c1969a325ea3196ed400f01046e4bbbe94a5117201c75891cf09e765236fe67891d98549da527c8027322a40a2adb1fcb1

Download Submit
/data/user_de/0/com.excean.gspace/no_backup/bypass-lan.acl

Filesize
216B

MD5
d9bceba334ff045f3761028db22db0f7

SHA1
b4915e03c8a901fc01cc64e1fe171fbdde6e9e6d

SHA256
87f72765c66616cc91cb6dc387b8299a6040e7f84482d8c14a759071b879a270

SHA512
f20b2ed202c688b0f3ac0c187448a2b2ba339a252202f429159c87553cbfca5c5f3d195d933f3317fd964b26994d140de5370063df365dcb9887bfa4068d3718

Download Submit
/data/user_de/0/com.excean.gspace/no_backup/china-list.acl

Filesize
79KB

MD5
9e16d80fd9837857e197eb59b92bc8c5

SHA1
3081dbf4bec4470a2d4dc02189bd39fced4e33fb

SHA256
e1e63bddc7152c36051c1879b3970412796b93b658e4197b46776b81469972d1

SHA512
acf8cc0c9ebe1831c11c706edfb597f189c9476f52037f9d49c0b686242f596899ddc6253b5864c57868062d56162a0da7d6cff9067df3854f5dc299d3c0c368

Download Submit
/data/user_de/0/com.excean.gspace/no_backup/gfwlist.acl

Filesize
110KB

MD5
c98370c5a8b05d3d84b6ae5201ad3a14

SHA1
f80f8fb776c6d24396e931fbc0daee6530292179

SHA256
70dcaba667432b285708e7b9692fdb0a8f03710a6ddf59c17e25bf7326cebfdc

SHA512
09ed4b60f236a15db4ad439c956cd119e2861325a793430393cb3a4aa1d341f587abd23ff723d3d6471a00c2e6a515c01c93ab3c36e5e762e5e818c1b08e0744

Download Submit
/storage/emulated/0/.com.excean.gspace/.phoneInfo.cfg

Filesize
132B

MD5
698e66093e8ad20cb061ed4e22f471cd

SHA1
ffa5c17f5c48d38328e8a94e7c951045008fce38

SHA256
970e9cf6c0cbdf73bc9c9382dc55f94bd4d5f4fb9e434ffba10f8b93d24c004d

SHA512
d1cab733c63fa9cb0e07626b1ef2c570dc6a0563128e07ffd84d7e7a5f76299f682ddd9f414fa7aaf8131da373c8a98dac3652ee1197f1831f957c880358695d

Download Submit
/storage/emulated/0/.com.excean.gspace/game_res/compVersion

Filesize
5B

MD5
a1967e6de4ca99fb2635d94b99453928

SHA1
8b9d450a5d8aa0b8f741d20bd299592b9b5fd2bc

SHA256
d1e5ce2ae8f8593e738d14a2f233c587d5d34e4fcb13fd786b94080a5a9a404b

SHA512
04cf43c24a1a6cfedd67e5ce36a216a66adbfc7b7d8c74debc3629e536a3eba2e5143d053259391be205ed53921f7308ceb609df2d7d07d1978e5f9ef317a552

Download Submit
/storage/emulated/0/.com.excean.gspace/game_res/verinfo.cfg

Filesize
85B

MD5
2d218608541a46ef87f17044d9855c37

SHA1
970dda398470f78d3f46d17b4083644fa1b485d4

SHA256
638a578e03deec5cb857ed7acd5d003df4b81c776c8b5a8fc090d0761d5bb032

SHA512
a69469a74884d4818a3382aa5fbbfd5cebe963f8ec87be4fe3b0e472fc8a59bd9d65618a7e1b5a990bd66441f274abec97790a31eb48959525898bf6e410f884

Download Submit
/storage/emulated/0/.com.excean.gspace/game_res/verinfo.cfg

Filesize
82B

MD5
f5b8205dcfad80cb0fcb5c4cf8677288

SHA1
3740f9b28fcbf67e507e1907323022a1638faa17

SHA256
70a0916c6277c591ccef0fbe57d2cef61d68945d6b357dbf973f5fbe50c71095

SHA512
b1bbd8601b4622a1e296543ae2d81b52092d94b53e1abbe7ad695cc4b92b70a004641d9e4db1fa4653c64479955412a7e73f0ef116d180be41fcf356c067a89a

Download Submit
/storage/emulated/0/.com.excean.gspace/init_time.txt

Filesize
24B

MD5
9f61559f267af6cc10eb565c362b00c6

SHA1
20501fb1369c3c3781b32a5166450d4fccaa3f6d

SHA256
fb713dd7e9026fa078dd7ac3d3ff0f7a7f56db8bd9efabd629cb1e2d45438332

SHA512
60c5864ed6a28a3c03687583c28f77f3c44f601cf88c0397bced6b2a53511ee3b4de00fc9704a2c171fdf76ed241181bdf65582123307c2fb01340996e07b164

Download Submit