Resubmissions

22-08-2024 18:21

240822-wzd6estdnj 10

01-08-2024 02:15

240801-cpkexa1cqg 10

Analysis

  • max time kernel
    167s
  • max time network
    178s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    01-08-2024 02:15

General

  • Target

    am.apk

  • Size

    20.5MB

  • MD5

    662a29140ea32f87a19fa76996137563

  • SHA1

    cd0a4bd3abbf0fe2773a9c7a7a589a0609582219

  • SHA256

    960b8e06d0db96f0bfcd044167a1af9b7397c73a13f222cdcce13f4824a8ffd4

  • SHA512

    511b9d8e95dc7fa26fbf385c4f8bbdd0120830d7a4a031ac6929807bf265e7edafaa4778cdae6e80e632b8f1cfd4e7fb194a776328082402fbd2d22b79174b0c

  • SSDEEP

    393216:tGtsJA35z7A79L+v291mbgafiubchZHb9T9i/zVN2I+TX3VyKpPbNiRSKcsbJo:tLJA35z7c5vLmbBffc3Hfi/zVN2Ikn08

Malware Config

Signatures

Processes

  • xspcmj.qiegf
    1⤵
    • Checks if the Android device is rooted.
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Queries account information for other applications stored on the device
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Queries information about the current Wi-Fi connection
    • Requests cell location
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    PID:4253
    • su
      2⤵
        PID:4292

    Network

    MITRE ATT&CK Mobile v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • /data/data/xspcmj.qiegf/databases/SettingsDB

      Filesize

      124KB

      MD5

      4c0ccabb25100a908b9db06434a6af8b

      SHA1

      555d9ecfa42e17aec483e1c05be0fc1362db9e66

      SHA256

      79aee6f8af24ae6adc8537de3a061bde3778d3d9634265b85b3e8727d4116304

      SHA512

      b9a4a1227fa927f0ef987a720c5bf16af71f3fba8c1a40d5387ad0d4ba193a1b7b23634b0850af7c25b55c8b2e984e7c84ab8fb3e55c83b3bc2ff859f4dcc5bb

    • /data/data/xspcmj.qiegf/databases/SettingsDB

      Filesize

      96KB

      MD5

      191ed998a9ca1210c3bbc0645592519d

      SHA1

      be9714d74f87bf5604a7b031d2a649bedc39c54d

      SHA256

      e5cae53266f61e9eeb76f2a8a0c65239ca0a8dbe9a7c39b4b759aaf8e255fbd5

      SHA512

      1366b30449253a56cf590b03d59fab822df952ba0aefb3f13f2cc14780c20666381543cdcf59d517000b4abffcb77d94516f9c51c9ccca7b889b4d56762a53bb

    • /data/data/xspcmj.qiegf/databases/SettingsDB

      Filesize

      96KB

      MD5

      b05b5f2e3afd927fd5e47535e8e6437d

      SHA1

      a4b983e0a23097e15b34110f90ae9ced4b315be3

      SHA256

      cc53c12173d50c993104b9b22f50adede902034d707701bb1370a88c63f27b9f

      SHA512

      a9cb13b25102a39fd4c2051b8f1d938f58a8da640f6bd59fb2ada59c0711e2b42abdec6856f7eb0982222e875161ca9508fb1d883312f63d549199a8ab024d2b

    • /data/data/xspcmj.qiegf/databases/SettingsDB

      Filesize

      52KB

      MD5

      b6815b344f6926d458cea05acd052cdd

      SHA1

      88f524aff1d4c5fee979a203dd952427871a7097

      SHA256

      028666f28ae0086b18fb740f792e8a80ad05547f0c7cb9d2dc8080e5125db366

      SHA512

      0431375f80e9c467d0abb042e43681a973bce455fe8354f5a138f19a3b28d3adc7eac3fe4c20bf44f085810749569b87a393185cd8f8bf2687f0923b8de4dade

    • /data/data/xspcmj.qiegf/databases/SettingsDB

      Filesize

      96KB

      MD5

      0842cca3ca947b8252de5d53823643db

      SHA1

      6b0d601c1b1de9f06748d2f7727ed6cc826e5e46

      SHA256

      e9b5a85de9fe9a28ba01e1fee18a9e04208ea7e752003e8d8fc885d6117f050b

      SHA512

      e05d4ec4ab1c3b623b4202153d12cf6d5ffb2c04ecd6c0a84bd19c171e0bade576c0b4b255c3f736b549c95b7f79bbc3f772de78e0fd71a5616798998fdc4a7d

    • /data/data/xspcmj.qiegf/databases/SettingsDB

      Filesize

      144KB

      MD5

      182fbd6c12a095f7ec417bc79815a777

      SHA1

      4c8c0a735be08ec8ae08c329a6bc70c7ae355dbb

      SHA256

      a93d0338420a7f1d42b4e5d32f4a48cadba57b2237a78252bd967eb49e837843

      SHA512

      f0c3b859cb94dc63458c387c70abdaa84cc29154542d2599e6f13432e76de8ce598dc62e1e4f6412c091d90e1044b9d999b82f9faeb33e10f1e21cef8c3fa3ee

    • /data/data/xspcmj.qiegf/databases/SettingsDB-journal

      Filesize

      512B

      MD5

      e2e7addd2aa40bf9d0218c31be16d104

      SHA1

      3425b1f21e0991a3c785d7a622c9b705486ca740

      SHA256

      992d75c8cfaac5c0e011d9880e2b42471f1d7e54b16ad864d0f405dfeacef2c3

      SHA512

      e868fc6c8ec12497bb586f4a069c918478cdeda48c2d43848f34c0a1c19783311d935fa194aed5f752f6d1e6aa6b2b8dc6e0ef899c50c5f6d13357ff1529ffa5

    • /data/data/xspcmj.qiegf/databases/SettingsDB-shm

      Filesize

      32KB

      MD5

      bb7df04e1b0a2570657527a7e108ae23

      SHA1

      5188431849b4613152fd7bdba6a3ff0a4fd6424b

      SHA256

      c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

      SHA512

      768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    • /data/data/xspcmj.qiegf/databases/SettingsDB-wal

      Filesize

      414KB

      MD5

      2b678cc09f5f7ae8cede66c7244c98ed

      SHA1

      a3dd1a0940216571f83c94092be4f57103fdf11d

      SHA256

      e70f5b432339101cb2b7824eea4c9254bd46897aa52f8f27f47b7d39d12ec314

      SHA512

      a475f905effe5f5749d206e9ce97a3382ac1497503fbf217d81e53393cebe1f9487dd97b0d0749adf43af608e64ee105d7cc8a1c142203e227c44e34c50f6fc7

    • /data/data/xspcmj.qiegf/databases/SettingsDB-wal

      Filesize

      8KB

      MD5

      096914ee412176a31ebbb5ac8a3c1515

      SHA1

      83c09ab513ee5b5d954b67c190dc8ab4eeba2aac

      SHA256

      2283aa4899d48ccefbfdba307271bfbc76625501790c8a17f1a85cb229e2ff11

      SHA512

      a89152587d981854cd5680ceae7b4bcce079c42c78a7b9d2722da63adf282dff8881fa809389e3e415a13c1752707fffc5711f54d5321ffe05da42a7d8e81483

    • /data/data/xspcmj.qiegf/databases/SettingsDB-wal

      Filesize

      8KB

      MD5

      1498f20b2cef322e7b6170e489e19603

      SHA1

      746b8ab2d3f4d1d427e13ce10e99dc65b2486df8

      SHA256

      1d1a6bb23c6b90915b7dd8a9213c9358777c111a70fcbefb0c1b08a6eab8186e

      SHA512

      7b2e2765ee260deff73d407f7ef7bf6101f7773502c20aa881b5a9de067cc8cf44571de8486e2104e5533ac82ec397f13dd78a4e013b0ea070d637864f61c04e

    • /data/data/xspcmj.qiegf/databases/SettingsDB-wal

      Filesize

      4KB

      MD5

      9fbd9eed627578ced786ad9d46a13252

      SHA1

      521acff806a1f2c6eafb10ec26c7fc05693211f2

      SHA256

      06bd131dd9352f970c0b83cbac21273f5f5e590490da39a602683d62be83ee70

      SHA512

      da7959ccc0fe810018d20069e8e3143d8c2e7f9e051e88ff46eb3197da77b88b4e56e1674e08c4252f7ffd0bee72e06532be0c0596d57a21b5731fdb4d5526da

    • /data/data/xspcmj.qiegf/databases/SettingsDB-wal

      Filesize

      8KB

      MD5

      7ff7626baf688d4d3c10d3c42d173c0b

      SHA1

      b2e1875d4a339a06cce12f30577d1b7d82b7a987

      SHA256

      87ee55f33ce97f902ed0e0d978aacf7df4db65fa7b91735ffb80ddbc1705b976

      SHA512

      3a379f008085237b28ed5f0d093f9b8a3e7acf71ace0df2edd46a82ebb52fc17ba122ad15e86283970650fececc13fdbdc9c5fc59d00419c03ef2ff11cce8c75

    • /data/data/xspcmj.qiegf/databases/SettingsDB-wal

      Filesize

      418KB

      MD5

      b55717466aeee48ba75d76ac0d7ac078

      SHA1

      acaedcf3cbeb74a391f4cdd26e15dba20fd65aef

      SHA256

      38fb90e25bf9b25d8d1cd24d438a9c7e9f363f47156f82a21f4f6e6f79067def

      SHA512

      3f616bef31c11f9d4e9d46f42251c0e66ca6e470b0858c227b94976177c6c47224ea139f564cbe128d1371414dc5ec3fe7c82182263a0bb13139f62089db38e4

    • /storage/emulated/0/.am/dm/md/main.md

      Filesize

      2.6MB

      MD5

      8aa5d8f3622ac78fa2cc58d58c87dfaf

      SHA1

      33071f0a26c21320a749a25a5e94a694aaf346de

      SHA256

      db50acab3ed87a8cf5df819c8c88e3364f966dd5279d1f3a3f8e3154ab8cc326

      SHA512

      0ca20d27a1e8511ef0d588d15fe4c6f443a706af90d414e94d4d7e021080309f574892c327054c9b072a6a8740a9ab88e774116d2d815ed839ea7f813ef35251

    • /storage/emulated/0/.am/dm/md/main_tools.md

      Filesize

      1.2MB

      MD5

      51112e0a7f7962a8e02bc885025414ef

      SHA1

      40622959af4fe349d8881c885b9b30441de8804c

      SHA256

      2b089f76930214706716aceba0bc6cefe6e132d14dd7d0a7c59eaa4f90f126f0

      SHA512

      f02971a0f493fb72539381c3d1503d8573e8bc67f147014f443df8c01e71bb28437f832c5702d25a8bef2c34c64fb1f46d0000523eed04ea7981186ada22e402

    • /storage/emulated/0/.am/log.txt

      Filesize

      173B

      MD5

      1f863ee16dfc4a44ae3b67385913b9c0

      SHA1

      d12b7541426ccb11e3df0093c6df85cea3a13482

      SHA256

      3bdacc75a004613a0e2107ed787c445ba836ef9ef43974fdd6ce04c66f474de8

      SHA512

      39ba5247746276d5da36e37e72a551e08919fbe5717cf390997b1ac9a1e0db48dea5c881eb12b2f323f7a462e6e9c52ae2f555163874b1ef810261b0e65c622e

    • /storage/emulated/0/.am/log.txt

      Filesize

      152B

      MD5

      a028c4ade2cc189558caa6da727ab644

      SHA1

      a488c5634b1ff87f3d33f3998625198d99045db0

      SHA256

      1572d64f6dc767e4f05d6631c8c47d75b7ce6658e1eeecffa4eb021acd7d1195

      SHA512

      94dbac97d1affbc49f88f02dff39c4b433b653d630d8d6e24de8746ee6ee0be71c7387deca339f789883f0c9651a6deef2e77e711b4d9278a81c8430747129e9

    • /storage/emulated/0/.am/log.txt

      Filesize

      3KB

      MD5

      a431e3d38f94e22af81cd8b01d1c1d9c

      SHA1

      093050d4cef3e89c1969ae421fe5921da2a7146d

      SHA256

      7ceb27c91d36ae12f6910331a25b9f27d72228561db8602d5c3d82b14a946163

      SHA512

      74285dd438ded4d487c2e9f99c7d6e67bb8f5da1c3e7058422878e90d88dfd7e0c16ba08430696a7657c9787d94dc33d04cc05aaccf80544b613daee95d24f60

    • /storage/emulated/0/.am/log.txt

      Filesize

      64B

      MD5

      f4ed2463c530b646acf3ecebca74aa98

      SHA1

      bcaf928b2608300990ab56f2593de5f1da0b0dfc

      SHA256

      ceba181fef3fbd97270ff9ac6928d058d51fc1a43f712f72ebfccfefec5913ce

      SHA512

      4c20f1a94e75db74f1e3fd4b1aa2aab3d5e8a00a3cd04701db5fa0f3f222efd8b273c18b08e66b035237225fb6c8780c5267a5c9793ac346d71d12a9a5254369

    • /storage/emulated/0/.am/log.txt

      Filesize

      72B

      MD5

      44bce3036790232ab5a4042ab320b5eb

      SHA1

      85208d258dc5ab3b0021c8313d1e1326dba718ae

      SHA256

      d25542e7e0a8d665bfa2af058cd6a034e08b1d89220f893422b3536c6876bf71

      SHA512

      86f3d35a5642b8a3d4af4ddc3b37c368b6544b5f38399a138a28f0afad2974690bfd6d7391fed242c79bb90a94a57a531d2c57f14f5db5a0eab785bc6d3ed9b0

    • /storage/emulated/0/.am/log.txt

      Filesize

      153B

      MD5

      133a6dd7f49e1dc48858b7dc8c90fc87

      SHA1

      e1cea85ddc0e842f2c62aa9113e2a1255320f808

      SHA256

      bd0d0a5b3d24a4c4e4e450a79fce11e349e196fd58e3c915dc3e3978a8853c43

      SHA512

      1ee8a508b6bc52dbb7195635d677d127fa55d02198a4a0b88f0838ad09c0c46718bbff1ea3af2280b74999b59729ba2269126c71da2eaa2ecc8d6e2b5852e32b

    • /storage/emulated/0/.am/log.txt

      Filesize

      129B

      MD5

      df2f643dff5b8c24122d54a789f9d0b3

      SHA1

      ae53e5b4000a98769c6993c5bd2b50710745a3f1

      SHA256

      20718f7e6ee91187fa5bc1b404af63fdccc02d2a07bc8f2c0ae39a37bf6fa85f

      SHA512

      64781a6eb683f74998e27ae9e69fa359ffbc3c87f87c1dfd345dc45a52fb890992c773381ab5c72ff0a0a675cd3b2b500b7d5c4f84614b55dc870e8c7ae53531

    • /storage/emulated/0/.am/log_.txt

      Filesize

      24KB

      MD5

      db37bd2faa292882de9a27e5ccfa5752

      SHA1

      40aaa1d1aa6edbb7c4698abc69ae38c989a350c4

      SHA256

      df37e0635c607ebc21d968cba1ef908be1ce99a162801fa5e7713a9d9484e852

      SHA512

      5a6791ff5956ebc83fca640c9e7f18f42fdf4b5bf80cab4b867ad82282365724330e7995a59234f6f32eb18a35cf290588a24e51051f0b23db23e272d3079df0

    • /storage/emulated/0/.am/log_.txt.zip

      Filesize

      6KB

      MD5

      c3bb007ffe34f68ba5a49140ff9c59a7

      SHA1

      3925f7b77849d83eeeee6e95bf90a18670a7e46b

      SHA256

      91467a0b69bc996bc06c8207c88a608cdd15239f22ba69f029475d60d8664876

      SHA512

      debe425f7bca9a38e4ca96a0924d16a2be347d4daf6b8fc558cb31690910910dac94ab078722cb2793efa9996a316560de5fb78f84c0d44754abadc5fde1b67a

    • /storage/emulated/0/.am/log_1722478557509.txt.zip

      Filesize

      220B

      MD5

      26edde40f481efb9a5c7181e581fdbd1

      SHA1

      6b5d99a74b0392debabf48dff9300b3b0eaf2b17

      SHA256

      5e96211b4a7350b9fef1fac057dc2b257f40ea2248cfdfc4331ff933ace58c01

      SHA512

      dcabe0ab8760c020f62f2ac5da19c5681bb6ff51ff111e2615d07f032c8f0f7dead7e7d78b121f71d0a9c288cc3a94516bf1c1e02e3e958e16d3c132ee5782aa

    • /storage/emulated/0/.am/prog_class.name

      Filesize

      72B

      MD5

      fda9182e3ed7babfe6cdfb2fc79f91a4

      SHA1

      63c41d4facdb15262581b9096fef50492c48c801

      SHA256

      d09df77525b05a62e89c70cc207651dd416cf2b9a73d0ac5b37db77e93325803

      SHA512

      8554dbe745a8b52ee7cce25f4cd6ed4a92601223b616ad8357bcce09a9907b09dab3042220d2c41649b3b70b409124c1c2c8efac855c10d8c347c662bb3f98d7

    • /storage/emulated/0/Android/data/xspcmj.qiegf/files/Download/mch.apk (deleted)

      Filesize

      64KB

      MD5

      13684d2547f64dabfe299d1c6553a05f

      SHA1

      b000477d2cb51e917f2ebce3a8c53745ba7e0fd0

      SHA256

      3cf935d3101700253aa86e9d233201e587cfdd71b44491414b9d0f8f351febc0

      SHA512

      e75a7c2d43b9223cbb58cf21640ed86a1df77fbeab56d9f7904748898feac40aa6a372dfdfd44c93ea8480dad2f9889684bf37b85549d4bf8e2a2c7c79172217

    • Anonymous-DexFile@0xcf31b000-0xcf5ad80c

      Filesize

      2.6MB

      MD5

      3bca1a576ba29bd493e42938a489aa5d

      SHA1

      0e5d4bc3a7daf6864fb3076e6c1e9685e254efd9

      SHA256

      b1da8dddf686b15b020b54c3509896b4a96b080604cd9d9cbf302e4beee473ce

      SHA512

      39a80b04bc764b98d47e035fb46ad89607bf599110bb5f62dc394f50e2c329fe913fe4be70b2a7879be3e2d7650eb9322f026e4996c62a45632e4045cc71bdc0

    • Anonymous-DexFile@0xcf6f3000-0xcf81e4b8

      Filesize

      1.2MB

      MD5

      336921950a9f279733cd787f1203d73d

      SHA1

      cefc36a7c17909054cf2a507b34f545af96c0e36

      SHA256

      c6f157d3401cf969f57b4d102e14fc097676f11cd4911a68a3e08cafaf2aa94c

      SHA512

      6fa4f733298e00a8495648b623c04a5a7912a6a5af26089749e9ad26f30e20ba8295dfb901084bbf7e6976acb65ac78d7ce7a0037b1a4044ec5ddecd29801f87