Analysis

  • max time kernel
    172s
  • max time network
    190s
  • platform
    android_x64
  • resource
    android-33-x64-arm64-20240624-en
  • resource tags

    androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system
  • submitted
    01-08-2024 02:14

General

  • Target

    960b8e06d0db96f0bfcd044167a1af9b7397c73a13f222cdcce13f4824a8ffd4.apk

  • Size

    20.5MB

  • MD5

    662a29140ea32f87a19fa76996137563

  • SHA1

    cd0a4bd3abbf0fe2773a9c7a7a589a0609582219

  • SHA256

    960b8e06d0db96f0bfcd044167a1af9b7397c73a13f222cdcce13f4824a8ffd4

  • SHA512

    511b9d8e95dc7fa26fbf385c4f8bbdd0120830d7a4a031ac6929807bf265e7edafaa4778cdae6e80e632b8f1cfd4e7fb194a776328082402fbd2d22b79174b0c

  • SSDEEP

    393216:tGtsJA35z7A79L+v291mbgafiubchZHb9T9i/zVN2I+TX3VyKpPbNiRSKcsbJo:tLJA35z7c5vLmbBffc3Hfi/zVN2Ikn08

Malware Config

Signatures

Processes

  • xspcmj.qiegf
    1⤵
    • Checks if the Android device is rooted.
    • Loads dropped Dex/Jar
    • Queries account information for other applications stored on the device
    • Makes use of the framework's foreground persistence service
    • Requests cell location
    • Schedules tasks to execute at a specified time
    PID:4351

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/xspcmj.qiegf/[email protected]

    Filesize

    2.6MB

    MD5

    3bca1a576ba29bd493e42938a489aa5d

    SHA1

    0e5d4bc3a7daf6864fb3076e6c1e9685e254efd9

    SHA256

    b1da8dddf686b15b020b54c3509896b4a96b080604cd9d9cbf302e4beee473ce

    SHA512

    39a80b04bc764b98d47e035fb46ad89607bf599110bb5f62dc394f50e2c329fe913fe4be70b2a7879be3e2d7650eb9322f026e4996c62a45632e4045cc71bdc0

  • /data/user/0/xspcmj.qiegf/[email protected]

    Filesize

    1.2MB

    MD5

    336921950a9f279733cd787f1203d73d

    SHA1

    cefc36a7c17909054cf2a507b34f545af96c0e36

    SHA256

    c6f157d3401cf969f57b4d102e14fc097676f11cd4911a68a3e08cafaf2aa94c

    SHA512

    6fa4f733298e00a8495648b623c04a5a7912a6a5af26089749e9ad26f30e20ba8295dfb901084bbf7e6976acb65ac78d7ce7a0037b1a4044ec5ddecd29801f87

  • /data/user/0/xspcmj.qiegf/databases/SettingsDB

    Filesize

    124KB

    MD5

    011cd6a11afb071cc79ef5019e0548e2

    SHA1

    06456658c8ad8e29492347ea80b83b0cd1dd20f0

    SHA256

    9b72e53428efa4d1b97f3e59a765390e5116af3b6be16c645a61a8f96c040c97

    SHA512

    ad7ef191f6be037bdad532e90c4e48c152b6665e720a640f4bd7ba35801d91b5730f131201da223443b0a964b8bb815c719ca7b6344d8d1ae5655aac4ce16d30

  • /data/user/0/xspcmj.qiegf/databases/SettingsDB

    Filesize

    96KB

    MD5

    464ff24df17ca510dcb1e7f69a261cae

    SHA1

    19f601b833c9c25fb5c35f2d1abacce010b2e426

    SHA256

    9121242a749612c5539be57072f3d270cf827eb0e5caff11504341007bf0a302

    SHA512

    fbd1e5f155778f21f2b13c28f11898842819ce5407d1e4d0938c9237b7f0dda9408db1638f10521e79e66bf0e065411febfc82958b34624245fbb1714e062341

  • /data/user/0/xspcmj.qiegf/databases/SettingsDB

    Filesize

    96KB

    MD5

    e4cd774ba37942cb15595d44b421e642

    SHA1

    145ffbcb7016e440b195ab62fdc92c0e72ff99d3

    SHA256

    fb23e2796918dadbfdd29313e47674fcd3689a12f78751ee94ac0d5df62883df

    SHA512

    6c892769f23057926d959608779855078d9de12c5566a321dd4958b318b140e69500c47fcf824302e95ce165bbad554a2cfa5f460217677b7cd7d81937b7dd0c

  • /data/user/0/xspcmj.qiegf/databases/SettingsDB

    Filesize

    96KB

    MD5

    f2dd8891b54b63ba05e843b767d0c10e

    SHA1

    4a01dcb5c4a7f8d0eae52b5bd94afbae4847c389

    SHA256

    1113b8493dc4216d5a86ff02eadb73d24f3f233895de78aec5c06e7d5bf552f6

    SHA512

    cf997639aa7427a78476a739366c5cc50368648ff59802bc689aea8843cc03b2d44d580196b975c6f5063f9a0c1184339a73e480bfa1913d4927c257665f3ed2

  • /data/user/0/xspcmj.qiegf/databases/SettingsDB

    Filesize

    96KB

    MD5

    d97950ae441282737adf814369a17da9

    SHA1

    fda6fd4b650e2aeca91806dc3f29f97debee789a

    SHA256

    77fe31071b5999dd18075fbf21dd38cc7ecd93fc3fa603a540457efada82b8ef

    SHA512

    f71a6a076eec952e9f01c76111931c5bbc118b8f49d712962e8730e7cb2de5521eb87c6bb70932ffdf5bfda591c2fc0da32a727a304530b8511b866bfaa60a43

  • /data/user/0/xspcmj.qiegf/databases/SettingsDB

    Filesize

    96KB

    MD5

    e50e1b82e9786a60513f70280e225ff4

    SHA1

    383331e114627ab5322b921a5ffb32182af592ef

    SHA256

    4dccea5b40b544546277c1af3df1093b2a900123a1a7009f5885f093573314e2

    SHA512

    422e4e91b3164dab04288567726ab0d22c911012454657859d67af41a212cfbb15bd11ebfd6edf940d13ff352e3411f88c2ee7175e4b0bbc466ab151ea2b5648

  • /data/user/0/xspcmj.qiegf/databases/SettingsDB-journal

    Filesize

    512B

    MD5

    20077fd85ddc119d57f19a342911c53d

    SHA1

    1696f7987b14b8dcfb533777c90311446612f7cb

    SHA256

    7356013a7e6e77efa16439637638314981656c114475eda42d5b8846c9d8fa20

    SHA512

    caf2dfcc70be23a5fb88e97b423d79e0893ccf6deb13ec68b3687d57e7d04786d4403b95026a440155bf90746ceaf2fd93a2536a92631965831ac816b6740965

  • /data/user/0/xspcmj.qiegf/databases/SettingsDB-journal

    Filesize

    8KB

    MD5

    dd53617f1c456d3c15031fe9c06244c4

    SHA1

    7267817e6d30dde94b1fc3c2f2debe510a3a07aa

    SHA256

    d1298edfc9bf9d4326cc2a6dd6cb7294b68450c4a9d21b07c1539bf9ef60d0eb

    SHA512

    4ef175a1d34bbd7e2108e1d85fb0fb7450fe6b548f73c7e0f3a9e7169dd39d6350da8482b9b1cc87203c8a37fe9af9739430b34117730e6cab0484fad68044fd

  • /data/user/0/xspcmj.qiegf/databases/SettingsDB-journal

    Filesize

    4KB

    MD5

    201b83517e430f1baac6200247371f56

    SHA1

    6a5c93fb214bb65f58c6f27505758b85801b45ae

    SHA256

    30cdff0d1ae9ed519307482a313e1b951e6ef5e34b47bb6a176130aa3026933f

    SHA512

    c2562cf4d7712a7f0a5581a6e1819708528d9dd3b94165184349053bcd98d7da27926cae2c81859655c622c03ebaf3091aa08728b3eb4fdbc1a7392ac961aa24

  • /data/user/0/xspcmj.qiegf/databases/SettingsDB-journal

    Filesize

    8KB

    MD5

    a09a5f39f1f372f6ddcef56b6a46b852

    SHA1

    de3596821bf873351ce2dcdcd4987b91da0b01ed

    SHA256

    5a949b5806c31674914ab6bf71db6fac6eec7b2dffe39663e839ae30742c4ef3

    SHA512

    70270ac16c4acf7a3e219d1b5ffc1c96caf64c30ba66e5c7c2018c96241f28a162869878f21770e92d99521aebd339730b26efcbb0c149d5a89552ceb81c2949

  • /data/user/0/xspcmj.qiegf/databases/SettingsDB-journal

    Filesize

    12KB

    MD5

    e117dd0c730f99fc72708b2cc8db65bd

    SHA1

    956cf874e0dd35fbfb24293d936f8a16b4cdf1f0

    SHA256

    be82cf2c7bb4f955b75f1f7c04a26ac33ad380aa4b3369bde1121f18c0e1c230

    SHA512

    a7527636782e9bec80561d15652723c2b0264f04927094a4ea48d218fbf674a3df21540e5b08eb2a1fccf893b233d2e33281b0f77f77e0646caf28e01cc10a0c

  • /data/user/0/xspcmj.qiegf/databases/SettingsDB-journal

    Filesize

    20KB

    MD5

    8d91efde62a81c713be2f1c48be60a65

    SHA1

    5c77817f96dc1e00121a169eddb398a2eb15e09a

    SHA256

    0c97ae447a1f9d9131f8c9d85411748e97bdd85caae495f051e919a780cd5518

    SHA512

    05749319b53fb1e39197c635469258ecc15c5c03d20105c75628dca6ee74593c053a29e7340cc2bc06e006e509d9342caa90f1ebfb453e7f2c912d1608cd9a10

  • /storage/emulated/0/.am/dm/md/main.md

    Filesize

    2.6MB

    MD5

    8aa5d8f3622ac78fa2cc58d58c87dfaf

    SHA1

    33071f0a26c21320a749a25a5e94a694aaf346de

    SHA256

    db50acab3ed87a8cf5df819c8c88e3364f966dd5279d1f3a3f8e3154ab8cc326

    SHA512

    0ca20d27a1e8511ef0d588d15fe4c6f443a706af90d414e94d4d7e021080309f574892c327054c9b072a6a8740a9ab88e774116d2d815ed839ea7f813ef35251

  • /storage/emulated/0/.am/dm/md/main_tools.md

    Filesize

    1.2MB

    MD5

    51112e0a7f7962a8e02bc885025414ef

    SHA1

    40622959af4fe349d8881c885b9b30441de8804c

    SHA256

    2b089f76930214706716aceba0bc6cefe6e132d14dd7d0a7c59eaa4f90f126f0

    SHA512

    f02971a0f493fb72539381c3d1503d8573e8bc67f147014f443df8c01e71bb28437f832c5702d25a8bef2c34c64fb1f46d0000523eed04ea7981186ada22e402

  • /storage/emulated/0/.am/log.txt

    Filesize

    173B

    MD5

    87136aea34931c7ef43344bdbe817559

    SHA1

    e2817a4b507be787d329939a953a4ce9e342ff8e

    SHA256

    e18830981b51b4e2541204c15878ec1818a5c6c4f97704ec4f4e2612cc60fdb0

    SHA512

    f6dc5c500660280bfec4c3b3be17d9a42d6635f6e650702c8187316d222ef8e86da23387766853192ee2f800a1f4d2d962895946d6a31782e16ea9b5bb55c56d

  • /storage/emulated/0/.am/log.txt

    Filesize

    152B

    MD5

    3ddcbdce63b917c0f5c467fb368d7577

    SHA1

    5a9f8cc156ea9527f24cf9644ab0f4d38cb091fd

    SHA256

    dee291ea50ff798dc7a3084286ccf308e79cfc82a737130ed6d5d7bf258edc9f

    SHA512

    5bb2433da477ee27c579058e62ae31bb01ec9e435808765eccff092cd5eb336b4367be3172447f290e1a9f7e11095319419062c52ade54ef5c97cb8343108242

  • /storage/emulated/0/.am/log.txt

    Filesize

    4KB

    MD5

    0720ae01fed2b8fd5ef3e29aa08bafda

    SHA1

    521ca0f2966091d744dbfcb6c1acc8bf92a139cb

    SHA256

    bb0338881f36e37a377e8aca73a8382754355e4e2ee62b11e16131d4280bb063

    SHA512

    0a3416b790a0f620d8f2d1e2e16fea3766993844fe5794b45ef057173d0054fd72b326cabef8bf6c553e53cc6cf4b070f82e5c73798b7c10377253fafc15a340

  • /storage/emulated/0/.am/log.txt

    Filesize

    64B

    MD5

    239af2b569a6a8a9c385f70da66c511d

    SHA1

    6c6a4bf974e71dad4a98c562432a9de74223cde4

    SHA256

    057173ea85eed5e6e2e6c78b013c80c5e0fff0b31e9090078646a042c9e32843

    SHA512

    c3b37f135cbf978742a04eb510ad82e920cd4ccf3f10179cf4762c12d8c0e75e4087622485eb3a49ad7e4864f8057aff56f78c75d07ef7c938fd0cec6e9d68a3

  • /storage/emulated/0/.am/log.txt

    Filesize

    72B

    MD5

    db85ef454fe55973db539bf6e8322e14

    SHA1

    c644c495ac96ecd15e394b1f045e0205c86c5a21

    SHA256

    30c8ed38032cc03a6585abc7c8d6fb25a3042a3a0b290b67136baabb1d6ec817

    SHA512

    9e196afdd966b0704a9d59dda64d1f04deb0a23a0f05681cae53b73a27f966240173e10f6160b39b002a17f057b5b0f6d307219d01aa985a0cbc7c72bfb9b058

  • /storage/emulated/0/.am/log.txt

    Filesize

    183B

    MD5

    6f50391c2c5badbc46b8060b514cdd7e

    SHA1

    0bcdb3ab5626ea3e237d9af20516217619a975cd

    SHA256

    72d60954562bb0881a1bf6ce8ede10ade42d6c94115fa3a32f2b683c8bec4493

    SHA512

    96b9d5842b4271b678202d6f5198673c764d2c324fb9c651871d1b296e990fd4e0f44a33d20c6e369c25d225e37419885a05733507babdfe7b61fdbfaf616e8c

  • /storage/emulated/0/.am/log.txt

    Filesize

    129B

    MD5

    d35cbfe925c333cc11da774f16d2112c

    SHA1

    e4c88a0e3fa886dddc7faeb67aa2dbaa996ef68f

    SHA256

    307fd6e23dd036d2c785dd1f14512b428f0f188327898e8540fefc9632abfbb4

    SHA512

    011f95fe896e52fda88166275d126342d3b33b810009bda120bcb3d3683a31ba7f4f8776f7ad05a8e9a5ef8939c89b15e18fc7a1799e5ca4910607133cc01ab1

  • /storage/emulated/0/.am/log_.txt

    Filesize

    22KB

    MD5

    52762b89c11da6b2e102d7ee1d28b5a6

    SHA1

    98e55ce177f2a2e7674fe7322d1ecf0966628e37

    SHA256

    60f82af813454a5045f8adf1de42212ee936054a80b166dc6eed89a00f0c7a61

    SHA512

    4e7fbca81999b6ffd5d99061ecee23a0eea050e1199b4f0d336a12b2f709fe0d5493c78cd6202ebaa5bea9541dab989491014ccc2231cdeb4a9d6acd5f214b2b

  • /storage/emulated/0/.am/log_.txt.zip

    Filesize

    6KB

    MD5

    6ac01f1a6a4bbe41fd7bb1692f0484ad

    SHA1

    46583b76448f3cb8a85d4034d752b766875a7d97

    SHA256

    93bf3209db7ea4a7cb3dc53f6cb2df8c2fc5e8d331cc436d2f5f829a0d832409

    SHA512

    62126d2800534dca3b7c2860b5a003cda4ac61c3c91e29a25696fc1fc3ef60400a4e93d08cef14182ccad0b8bace32b23a312c26e3d4289e2edef4c69352367c

  • /storage/emulated/0/.am/log_1722478510119.txt.zip

    Filesize

    220B

    MD5

    c71dc5137636614af58fef4eaad98449

    SHA1

    39ca2c74da4786c8b89060dd61889e0776cc1a9b

    SHA256

    254bda6c00f007624bc117d05a07487da519b7b404301bb3c2fbc1ab85fc1d5e

    SHA512

    b65bf33c3432d5fae828edb25b1cf36c2c6296c388e25bf8a5f0909fa1c4038b30a8f5a1b7091e2a3ba110da821a3ddb88849bf2596a128a475c8ebf2ca196a7

  • /storage/emulated/0/Android/data/xspcmj.qiegf/files/Download/mch.apk (deleted)

    Filesize

    64KB

    MD5

    13684d2547f64dabfe299d1c6553a05f

    SHA1

    b000477d2cb51e917f2ebce3a8c53745ba7e0fd0

    SHA256

    3cf935d3101700253aa86e9d233201e587cfdd71b44491414b9d0f8f351febc0

    SHA512

    e75a7c2d43b9223cbb58cf21640ed86a1df77fbeab56d9f7904748898feac40aa6a372dfdfd44c93ea8480dad2f9889684bf37b85549d4bf8e2a2c7c79172217