Analysis

  • max time kernel
    170s
  • max time network
    190s
  • platform
    android_x64
  • resource
    android-33-x64-arm64-20240624-en
  • resource tags

    androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system
  • submitted
    02-08-2024 23:36

General

  • Target

    960b8e06d0db96f0bfcd044167a1af9b7397c73a13f222cdcce13f4824a8ffd4.apk

  • Size

    20.5MB

  • MD5

    662a29140ea32f87a19fa76996137563

  • SHA1

    cd0a4bd3abbf0fe2773a9c7a7a589a0609582219

  • SHA256

    960b8e06d0db96f0bfcd044167a1af9b7397c73a13f222cdcce13f4824a8ffd4

  • SHA512

    511b9d8e95dc7fa26fbf385c4f8bbdd0120830d7a4a031ac6929807bf265e7edafaa4778cdae6e80e632b8f1cfd4e7fb194a776328082402fbd2d22b79174b0c

  • SSDEEP

    393216:tGtsJA35z7A79L+v291mbgafiubchZHb9T9i/zVN2I+TX3VyKpPbNiRSKcsbJo:tLJA35z7c5vLmbBffc3Hfi/zVN2Ikn08

Malware Config

Signatures

Processes

  • xspcmj.qiegf
    1⤵
    • Checks if the Android device is rooted.
    • Loads dropped Dex/Jar
    • Queries account information for other applications stored on the device
    • Makes use of the framework's foreground persistence service
    • Requests cell location
    • Schedules tasks to execute at a specified time
    PID:4376

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/xspcmj.qiegf/[email protected]

    Filesize

    2.6MB

    MD5

    3bca1a576ba29bd493e42938a489aa5d

    SHA1

    0e5d4bc3a7daf6864fb3076e6c1e9685e254efd9

    SHA256

    b1da8dddf686b15b020b54c3509896b4a96b080604cd9d9cbf302e4beee473ce

    SHA512

    39a80b04bc764b98d47e035fb46ad89607bf599110bb5f62dc394f50e2c329fe913fe4be70b2a7879be3e2d7650eb9322f026e4996c62a45632e4045cc71bdc0

  • /data/user/0/xspcmj.qiegf/[email protected]

    Filesize

    1.2MB

    MD5

    336921950a9f279733cd787f1203d73d

    SHA1

    cefc36a7c17909054cf2a507b34f545af96c0e36

    SHA256

    c6f157d3401cf969f57b4d102e14fc097676f11cd4911a68a3e08cafaf2aa94c

    SHA512

    6fa4f733298e00a8495648b623c04a5a7912a6a5af26089749e9ad26f30e20ba8295dfb901084bbf7e6976acb65ac78d7ce7a0037b1a4044ec5ddecd29801f87

  • /data/user/0/xspcmj.qiegf/databases/SettingsDB

    Filesize

    124KB

    MD5

    011cd6a11afb071cc79ef5019e0548e2

    SHA1

    06456658c8ad8e29492347ea80b83b0cd1dd20f0

    SHA256

    9b72e53428efa4d1b97f3e59a765390e5116af3b6be16c645a61a8f96c040c97

    SHA512

    ad7ef191f6be037bdad532e90c4e48c152b6665e720a640f4bd7ba35801d91b5730f131201da223443b0a964b8bb815c719ca7b6344d8d1ae5655aac4ce16d30

  • /data/user/0/xspcmj.qiegf/databases/SettingsDB

    Filesize

    96KB

    MD5

    4bf3ce18088063574be865da51add144

    SHA1

    cb0f8a554d7daeab3a202a1620c3e685600065f5

    SHA256

    0b891bdfee4b0d54f4d1393a07904b29bc9c25b06f2f5f3ba07730a2ab10706e

    SHA512

    9252a6bfc65fe732a9d9e318686de63cdb4df259ed2760d2f9a4680ef1f2dab7d98e983b59b844c36ba667ecbd7e9e54d286927f6486cb4bc8ab351d4fa37d07

  • /data/user/0/xspcmj.qiegf/databases/SettingsDB

    Filesize

    96KB

    MD5

    3ad74fdc4297d22b45866e95ed8b5c8e

    SHA1

    6a9631d614893b8ff25e83b04056b9214a8c2f61

    SHA256

    9fab6073ffb9dc81165ae8493073c54f5963556623681845d9a3e46b51e79855

    SHA512

    ae146864fb035acc28f6badb7f00b29065a1e6725cb62a34649ba3a6790f1bcfb4938242271659941b8e39d381fbd3d541ff1053d42f0f1cf64f3549e02a90a1

  • /data/user/0/xspcmj.qiegf/databases/SettingsDB

    Filesize

    96KB

    MD5

    bda02ab61240a42b71edeafa5935c4a1

    SHA1

    982eab5930c451869bec75920d57bf2f2a87b599

    SHA256

    2ca2e770a33992a81e5eddcfb609dfa028e6bd6286b30a252311f84f35590b40

    SHA512

    6ba4c415e7ae03154029e04de5a73ed565b478ed0aca1234831a9277ef34d4559ede578e1ba42555301692c0c1fc363936940c6cb74ff42e7395737aed6a4da7

  • /data/user/0/xspcmj.qiegf/databases/SettingsDB

    Filesize

    96KB

    MD5

    998e34a92c984d5b7aa0d4e90839bac9

    SHA1

    914baa1dd36ad4c4291367b244ddfcc5e8d7e0f0

    SHA256

    49afd97486f0aa5b0dbdb466188e2491c6ed2d87fb3eb3638b0f24297b5610fb

    SHA512

    d410bf43d89c1506614e1e9f3c3c70d4f398d210ec01a2e6faa6fb192717d2710b75828ae409c406d32ec48009023d2c04183e1520fce754327f748230b751b7

  • /data/user/0/xspcmj.qiegf/databases/SettingsDB

    Filesize

    96KB

    MD5

    17999b949a0e972edc5b3795aa504f98

    SHA1

    3e43a7c7aadca297bfe1a507bb8bed88b7f69da6

    SHA256

    82dcf5d4060c8623fa08f4d3fb6044e423b698e1a1c4df9ff13a583d4dc6b174

    SHA512

    13b62890f250beac09855120170084b9528e1da624aa4e908108ad3792cbb741db6d62c58154ad67a44885567d8f9071984449d79b1c7868895511bd9f6a6819

  • /data/user/0/xspcmj.qiegf/databases/SettingsDB-journal

    Filesize

    512B

    MD5

    1c12f1fd5b747db84512a5858e626dfb

    SHA1

    afa545b5451612564b1443c89ee94076d8d54696

    SHA256

    2d427f4f674f1de2ab6ba5de043bb51a64bcef3c37c65e2bbc8fb5123629c989

    SHA512

    cab1d96330e4c37db283fce452700844aa5a56b38fe7707fa2825539de58f7b0053d7a4d1b588aedd761a0e57a2af764fa818d399e50c45fa0bedda80d4c9d11

  • /data/user/0/xspcmj.qiegf/databases/SettingsDB-journal

    Filesize

    8KB

    MD5

    928c89984ade3ba2e93a12a9acfda8a4

    SHA1

    b3b33d2550f3665400a5d2323626bf29dc4cf4ad

    SHA256

    eee211b7839264ec95fb6e47f13205f0ed03b5cd595f9f118a363451565e5f4d

    SHA512

    7e79282779486198474e397edfc189b4effaa117c98af19014fe9c34aecc66b3eab6641432ce7b2d88c66519e6cbf7511241fa8b20abe49470cffda8264f2f14

  • /data/user/0/xspcmj.qiegf/databases/SettingsDB-journal

    Filesize

    4KB

    MD5

    354bb0806628078c3bb0e8058ba956c6

    SHA1

    d1f85315d37cd228269a1f13dccc344f85cdebee

    SHA256

    6edbcaa37b069a250856b1c20ec6b0dd490b1dff2bc992c37a7fe43d0e0366ef

    SHA512

    d5e8655673f4bf21effd6cb79cc4622ef712a26664005d2f9b834b0b20881433e63fd6c9f899b356d3db90a293d5b8432a5981e33d5882dcf4f521a8f9f26748

  • /data/user/0/xspcmj.qiegf/databases/SettingsDB-journal

    Filesize

    8KB

    MD5

    3e5ea28bbf9c2e9ce268021c946b1641

    SHA1

    206ac0ef96a1c2ddedd691712898792413097644

    SHA256

    141c5c6c8628fa5bce55e318936a169097c59644bcadc2ca0369b89da7491926

    SHA512

    259b997eae9cbca6185bc4d6ad0aae3e508b93894e408f1642670f1155f4d9270122214f94378b8880e0fe74e1ac21b37a5fe76e319be89f790dd5b8471b895d

  • /data/user/0/xspcmj.qiegf/databases/SettingsDB-journal

    Filesize

    12KB

    MD5

    fa53ca38f5d372139e2de6f151f83fbf

    SHA1

    11e40539ecf9f226d432a3cea24d18bd36b172e5

    SHA256

    a5b8156aa6e603604e78b481047a95b1e82fdb51cafb75a9c8d438fb8f217f2f

    SHA512

    1bd27b8a8e55be108fb1811eb7842f3b5d3d8549359e31c43697595f5169b1291878dbf60ee751af2270a0813365c491e7d07e0a3e310733477dc59befbb9ca1

  • /data/user/0/xspcmj.qiegf/databases/SettingsDB-journal

    Filesize

    20KB

    MD5

    76eedfd2df458c245bb0a9009540dcad

    SHA1

    f6c882ffcad450ddd0c91e27567744dd7ada7819

    SHA256

    e59396401bb65816cb3a784b22f040d4b121c8f70ae94acb0436a5665e71b890

    SHA512

    af3e3f4c67fc514f5cb4cc7587b356e1975a42471041681fef152d8e02827fadd2cbf342f8c728ca2b841312ebf849e5c03fb59e6d65a881519d1858485c96d4

  • /storage/emulated/0/.am/dm/md/main.md

    Filesize

    2.6MB

    MD5

    8aa5d8f3622ac78fa2cc58d58c87dfaf

    SHA1

    33071f0a26c21320a749a25a5e94a694aaf346de

    SHA256

    db50acab3ed87a8cf5df819c8c88e3364f966dd5279d1f3a3f8e3154ab8cc326

    SHA512

    0ca20d27a1e8511ef0d588d15fe4c6f443a706af90d414e94d4d7e021080309f574892c327054c9b072a6a8740a9ab88e774116d2d815ed839ea7f813ef35251

  • /storage/emulated/0/.am/dm/md/main_tools.md

    Filesize

    1.2MB

    MD5

    51112e0a7f7962a8e02bc885025414ef

    SHA1

    40622959af4fe349d8881c885b9b30441de8804c

    SHA256

    2b089f76930214706716aceba0bc6cefe6e132d14dd7d0a7c59eaa4f90f126f0

    SHA512

    f02971a0f493fb72539381c3d1503d8573e8bc67f147014f443df8c01e71bb28437f832c5702d25a8bef2c34c64fb1f46d0000523eed04ea7981186ada22e402

  • /storage/emulated/0/.am/log.txt

    Filesize

    172B

    MD5

    88a3e79acd7bd069bfe1656fe0dcdb7c

    SHA1

    5cf87895a1895e6e9301a3ca5d4610584e09ee97

    SHA256

    eb24b9187307a1e0dca48d22603bf14c2bdc2ffe6c6da5e2cd0038b3a34990b8

    SHA512

    b1598ebfd268059ab33742d71c86158884a511aacdcecf999914c856d5f04b652dd66b8aeab8e3384b62ea38cb215c78336975bb76c64da39e9136a4e3fae8c3

  • /storage/emulated/0/.am/log.txt

    Filesize

    151B

    MD5

    c6c546e13dfd2a0270206d5acd6d6908

    SHA1

    5f142c502a78b848f11453d37371dca8e8b244bf

    SHA256

    3e54a60d042eee4045816a9ff080871293d8df17de970556c16bddb39004c3c7

    SHA512

    bd80aabb46f2a7067952e7f534d7fe375e9d029a6c0ac75deca7cb2b197ccccd43e57757293c244e8d1ccc7a3f1d01148836be46b530279803099439556bb44c

  • /storage/emulated/0/.am/log.txt

    Filesize

    4KB

    MD5

    3109cba1d07172daf2e6d3b0d5cb3e7e

    SHA1

    f6b32b03abaac8378272a24a49f6856031fadcfa

    SHA256

    7a33c702fbc7e291311f5620314758746668ef244b0ac36b72916578c4415ea3

    SHA512

    42f78835e433468155c2779e02610a95f8d64888cc078531bf7e75fd8c865251bdb5c1fb431c47f05c3c369ba5c7e7f48be2e844c0a46c3d644c12c41958d63c

  • /storage/emulated/0/.am/log.txt

    Filesize

    63B

    MD5

    f4bb7e5358e154c8902b59b1b6539871

    SHA1

    9f928c07e6c20c11432cfd7bac7c78236a00def8

    SHA256

    35eceb7a37656a4aac66d961f77c1e2b7f9731a90bed4d1023c663e63aa18819

    SHA512

    5d9cf223e476c0ff55995f6fd319cb3cdda374c191000efa314d8456136d35d354925c95fcaf8a3a9319e8779dbea781290d312698c8f4fd2c70eb030c5e1e77

  • /storage/emulated/0/.am/log.txt

    Filesize

    71B

    MD5

    28db1c7469576497418dada2efff944d

    SHA1

    f817c41c07d6622c4d89604b8ac773b44eee3884

    SHA256

    7a966d3695454f2785b850bc41bfb52c34744aa6993ebb1a0918b2072cfc8b6f

    SHA512

    4ca1b5891582447a1da74bfcc29d486291b9fc66b1ecbe30201025686d8474062381bd546162b3da7a131f0afaaeaa1ba8937cb5d3b35c14acb75ffd534d8777

  • /storage/emulated/0/.am/log.txt

    Filesize

    182B

    MD5

    ab2e9ae2e24f2a46ae9ced9b897cea60

    SHA1

    7cba1c10bb0d0f88d7f520d05ecbe9181c48f870

    SHA256

    77f3e46b8ffcd4cb0e48853f133eca1946619b4174fca3d759cdc8db6068596d

    SHA512

    b0ae5c129a31d22397ec0524f3984bed0c2448cbd4ada9f424e27300bd9ea4e1034f9cb1ef9fba583ac90f85cca03f5feb6df28cbec2401730dabaf0e1a88eb0

  • /storage/emulated/0/.am/log.txt

    Filesize

    128B

    MD5

    c7d467b0eb65d5b4cf8dd4fdc15159d3

    SHA1

    15412677a95be11df58ceee951886cae95234db6

    SHA256

    4a03ff1c33d39de8b0cb6be25ab7eeb8bc6c8d3caf779950be3b5d2c20dd4814

    SHA512

    415efa8eef306ca252a02310a749814469d5be9e30865dc380075cc028021252257855100765353b1e37402d6b7a4068a689c77fd9377b270f05073dcc3bde7b

  • /storage/emulated/0/.am/log_.txt

    Filesize

    22KB

    MD5

    b5cb77769af23c8a9b0c18543eba6b99

    SHA1

    7eca62b5a3e0ebcc69875f571923991194b2dbff

    SHA256

    f77fdb6fd9ae59763798b948ac3f51e211fc534a230448543cffdb9cd5440866

    SHA512

    1c652595149fee5ee23765857e23216dbc90a8f883b6184744c62670fe35dd9910e39bb559dc3fb304f7e328e56d59b349fffabab2785a164d7a658ad03f03b6

  • /storage/emulated/0/.am/log_.txt.zip

    Filesize

    6KB

    MD5

    5d6d407abfb3a4353b1cac8f271f4869

    SHA1

    f12315d869d0d68c3150c2c831415ccc6d7accc0

    SHA256

    9dc8261d1528c26aab8f02966c1b58cf83a0dc847844983c966a594576a508b0

    SHA512

    47b2447e6466c0850b2af60395156ce7d100be1cad73dbd2c3aaa3cca368be230f245f2698bf0f2172d8cd0c3da4adb79efa878e61982e429d9c5289b94d0680

  • /storage/emulated/0/.am/log_1722641853178.txt.zip

    Filesize

    219B

    MD5

    2d79369885f2693365e1cb5f3ee5e720

    SHA1

    0dbaf1579078e130662a905bffddadd931cdd09a

    SHA256

    a97699b880afdf7caaa362652360796275a58aef50b8ed882c08cc4863ce0123

    SHA512

    ba394d5b47c4f820ee92cc58b26cf4fbe242457514be2054aa4c5356583c4a3876bf880abe3f9a9c0436d42bce0b22fb1b4afa178ae7a39e2dedde33eb51518e

  • /storage/emulated/0/Android/data/xspcmj.qiegf/files/Download/mch.apk (deleted)

    Filesize

    64KB

    MD5

    13684d2547f64dabfe299d1c6553a05f

    SHA1

    b000477d2cb51e917f2ebce3a8c53745ba7e0fd0

    SHA256

    3cf935d3101700253aa86e9d233201e587cfdd71b44491414b9d0f8f351febc0

    SHA512

    e75a7c2d43b9223cbb58cf21640ed86a1df77fbeab56d9f7904748898feac40aa6a372dfdfd44c93ea8480dad2f9889684bf37b85549d4bf8e2a2c7c79172217