Analysis

  • max time kernel
    51s
  • max time network
    61s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    02-08-2024 23:36

General

  • Target

    960b8e06d0db96f0bfcd044167a1af9b7397c73a13f222cdcce13f4824a8ffd4.apk

  • Size

    20.5MB

  • MD5

    662a29140ea32f87a19fa76996137563

  • SHA1

    cd0a4bd3abbf0fe2773a9c7a7a589a0609582219

  • SHA256

    960b8e06d0db96f0bfcd044167a1af9b7397c73a13f222cdcce13f4824a8ffd4

  • SHA512

    511b9d8e95dc7fa26fbf385c4f8bbdd0120830d7a4a031ac6929807bf265e7edafaa4778cdae6e80e632b8f1cfd4e7fb194a776328082402fbd2d22b79174b0c

  • SSDEEP

    393216:tGtsJA35z7A79L+v291mbgafiubchZHb9T9i/zVN2I+TX3VyKpPbNiRSKcsbJo:tLJA35z7c5vLmbBffc3Hfi/zVN2Ikn08

Malware Config

Signatures

Processes

  • xspcmj.qiegf
    1⤵
    • Checks if the Android device is rooted.
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Queries account information for other applications stored on the device
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Queries information about the current Wi-Fi connection
    • Requests cell location
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    PID:4240
    • su
      2⤵
        PID:4281

    Network

    MITRE ATT&CK Mobile v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • /data/data/xspcmj.qiegf/databases/SettingsDB

      Filesize

      124KB

      MD5

      4c0ccabb25100a908b9db06434a6af8b

      SHA1

      555d9ecfa42e17aec483e1c05be0fc1362db9e66

      SHA256

      79aee6f8af24ae6adc8537de3a061bde3778d3d9634265b85b3e8727d4116304

      SHA512

      b9a4a1227fa927f0ef987a720c5bf16af71f3fba8c1a40d5387ad0d4ba193a1b7b23634b0850af7c25b55c8b2e984e7c84ab8fb3e55c83b3bc2ff859f4dcc5bb

    • /data/data/xspcmj.qiegf/databases/SettingsDB

      Filesize

      96KB

      MD5

      fed95b33c44936c8a24ca967e0755315

      SHA1

      336ddff9231fdaedad0742051071fa3e03dfda25

      SHA256

      3b5b6f48ef65a593acd281c0ff88d8bd161c58b4f74c8ea0c95e92f0ca6dbd9a

      SHA512

      20efdd46bee9b87049668cbf9a934226c501f393ca86acbcf22732536a10aff8bf54d8041458fd8f47a6a42b808b680ab65e1d32bdc9c63b5defd00b760d7fbc

    • /data/data/xspcmj.qiegf/databases/SettingsDB

      Filesize

      96KB

      MD5

      b568faea564456246832f5232016c98a

      SHA1

      65783d4f3a42475de1a3ba800ec23e6d692e7f58

      SHA256

      c816b0b3e2c9c7b37e5de633896eee7ba67f53e2c40c3e07a762d27012a01794

      SHA512

      e2fa812bfcc6e6d5f56d7977c0373acf94da9bb037344cf5779ba9d55bed3dc8f475b2c97927aabc2077ef0192911174ed72c0398cfec9cc563f89508fd9f94e

    • /data/data/xspcmj.qiegf/databases/SettingsDB

      Filesize

      52KB

      MD5

      b6815b344f6926d458cea05acd052cdd

      SHA1

      88f524aff1d4c5fee979a203dd952427871a7097

      SHA256

      028666f28ae0086b18fb740f792e8a80ad05547f0c7cb9d2dc8080e5125db366

      SHA512

      0431375f80e9c467d0abb042e43681a973bce455fe8354f5a138f19a3b28d3adc7eac3fe4c20bf44f085810749569b87a393185cd8f8bf2687f0923b8de4dade

    • /data/data/xspcmj.qiegf/databases/SettingsDB

      Filesize

      96KB

      MD5

      c396df9e0551e9d7084e767b3dfbaa1d

      SHA1

      969e1d39a9c452ab426f9f1e7236bec000e47454

      SHA256

      914fbaf34bceb762a90351e62419d323a35a38d8ffc3b5c1640432db9a1a1982

      SHA512

      bb00ce5b9a6335b0623d260b5565ccad900d4d7fa2534a63bd4eae0ef67199d02b67d7ee9e14b7284240ea64c657c7020e952c8ba6189b04dbd70c90b17c6092

    • /data/data/xspcmj.qiegf/databases/SettingsDB

      Filesize

      144KB

      MD5

      4ea488ffcbd17898b5d9af0ca5420fe6

      SHA1

      2c1c08b17fa30ae622c3ad1468da1c62200ae985

      SHA256

      c10fc01de9d5d8aa5e0de2ac4ebd7b19ff2d71db9c73944102afffe582502758

      SHA512

      582b1e6d096912e5f2603b7ced8bd1d7566211b0e16f93e4f28fdd4f09459f981672ee046c610cfd999b6e663c966fce43a1f24c305565c845b8f6bb47b61f80

    • /data/data/xspcmj.qiegf/databases/SettingsDB-journal

      Filesize

      512B

      MD5

      f4daef126c4043b8e1048de3fc44f0a9

      SHA1

      dbfbeafa036676949858bbfbe186ccbc05594a6b

      SHA256

      79be65cb9c677f02a0c70eef2aa8a352cb8c86e57bea781917c9530200915a95

      SHA512

      342d17a34f612a5b757f8b6ff45cb2602708fb7c3901f068ebabdb7b06f27b3e564d6eb1c1932ea0916b58ca0f54efef4b3e691821529b3ed9024ddf9cb00594

    • /data/data/xspcmj.qiegf/databases/SettingsDB-shm

      Filesize

      32KB

      MD5

      bb7df04e1b0a2570657527a7e108ae23

      SHA1

      5188431849b4613152fd7bdba6a3ff0a4fd6424b

      SHA256

      c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

      SHA512

      768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    • /data/data/xspcmj.qiegf/databases/SettingsDB-wal

      Filesize

      414KB

      MD5

      3e0f6fef3ea4303643454ba4abb0eeb0

      SHA1

      f3b5e9646138cb91799ac55fa2c3402836261795

      SHA256

      b1590c0fe06882577401041da2aef76dc09c9ef5c09e1446e088f776af4ff2a8

      SHA512

      f6de1e7f57ab7f200c640f58d8ecde30092fd71d6ac1defc43a803d8608c08725fc4164d3edd21eeaa6e82d1a2b2c665ccb4fe42ce63a4439bf894ebbfa449bd

    • /data/data/xspcmj.qiegf/databases/SettingsDB-wal

      Filesize

      8KB

      MD5

      bd0915544e25f5c0b6019cce2e3a1b3b

      SHA1

      856a8ec90cc5fb6d09ca535d75c36f690d91490d

      SHA256

      2dbe2f38764b34034478786674ceebb3fda5d08b2663cc62fa3d9d9bf324d3bb

      SHA512

      64a11a310024d3db8febd26c9ab2a032fa4d50816ca62e02b31e0fb9d64204c27575cc0a1556a69d30c891d5dcd932a17b0e1c828fc71d5b61d3ac2fa6f59829

    • /data/data/xspcmj.qiegf/databases/SettingsDB-wal

      Filesize

      8KB

      MD5

      ea5d4f75f13926139625278618e3abf2

      SHA1

      f4f06af306042dcaa69bae33648e35fe5926fccc

      SHA256

      ce70763b607d4ddacaa0a86cf432f2a8d735427daf1762878be4c3dd6142770e

      SHA512

      3b0f89cf5219742f079bd65b59ba55ee6d5ea5aea3ca348159d04449f6b405a389a57900aed99dae97fe63195692f7448f93a8d8a8089dba36b2113e185f5595

    • /data/data/xspcmj.qiegf/databases/SettingsDB-wal

      Filesize

      4KB

      MD5

      318567f6e02e14fc8bf46f0fe4ab01c1

      SHA1

      62c3c693cabf07649a91773f02c0f4cd65ad36a6

      SHA256

      4f7abce42c114d343db15091419d59aab6a5d95da1c837adb9b0a33eaa2793d0

      SHA512

      7544252828b17c5fe57ba2bc481baee6c119be11023a4dfc118ca71e92de1e0817e2555859f0fbc2e7d5a8808fabbe1100aa101a62dceb7d6506c98e3d70ebaf

    • /data/data/xspcmj.qiegf/databases/SettingsDB-wal

      Filesize

      8KB

      MD5

      bf1f749814b3433a004190071638dace

      SHA1

      6435a4a10407080b12d2ea87ce03e8dac304c89c

      SHA256

      407073d0202db829ee447f7bbcff9ec0fb0c2deb100cee8858df45c50e18b289

      SHA512

      e55e223d86726a1564d983ad4b796fe987d1d94a9b69b74677417dc89d61a25358abb101b693563232c7f2a608c5c1773c568aa420d1e64c10d72232591d457a

    • /data/data/xspcmj.qiegf/databases/SettingsDB-wal

      Filesize

      418KB

      MD5

      d7ce82c7490d19ff2c2b6c2d233e621b

      SHA1

      2e233b15133ec602b29b8ba105bbc9516d41d7b3

      SHA256

      5ff9ac43771953a7f96897376bba411ef0b18c1586b06fb9ee842320cf4e9c05

      SHA512

      967458605dbfe8ffbc7c47bf352976afbb306c9fc35b3b108bb7f5efee153f04110a03324501fa1d3a661cea853e776b73ecff901943d34ede5c248a3104b075

    • /storage/emulated/0/.am/dm/md/main.md

      Filesize

      2.6MB

      MD5

      8aa5d8f3622ac78fa2cc58d58c87dfaf

      SHA1

      33071f0a26c21320a749a25a5e94a694aaf346de

      SHA256

      db50acab3ed87a8cf5df819c8c88e3364f966dd5279d1f3a3f8e3154ab8cc326

      SHA512

      0ca20d27a1e8511ef0d588d15fe4c6f443a706af90d414e94d4d7e021080309f574892c327054c9b072a6a8740a9ab88e774116d2d815ed839ea7f813ef35251

    • /storage/emulated/0/.am/dm/md/main_tools.md

      Filesize

      1.2MB

      MD5

      51112e0a7f7962a8e02bc885025414ef

      SHA1

      40622959af4fe349d8881c885b9b30441de8804c

      SHA256

      2b089f76930214706716aceba0bc6cefe6e132d14dd7d0a7c59eaa4f90f126f0

      SHA512

      f02971a0f493fb72539381c3d1503d8573e8bc67f147014f443df8c01e71bb28437f832c5702d25a8bef2c34c64fb1f46d0000523eed04ea7981186ada22e402

    • /storage/emulated/0/.am/log.txt

      Filesize

      173B

      MD5

      c60e63fa029d448851bc345768deb1df

      SHA1

      7dddc71c09b92e7448aa2881d55abbfebc9479e9

      SHA256

      880950072b952d6a1cbedefd03c9f48315265faf1711bbff1dc41766b1f7d2a3

      SHA512

      7548ad46a2c506451ec6b93494ffcc73fbcd25e6ff28c7f18d1cd905a78d364dffdc5fe526206bd602d2b24ad68e50a2eb21801f74e9b6f148a4803b75204600

    • /storage/emulated/0/.am/log.txt

      Filesize

      152B

      MD5

      9bc51d70004c163cc3e54cee24fefc86

      SHA1

      6628850fee2c3003d86802fb7792956b7784e9ca

      SHA256

      eae5a9b13203562760727498252c7cb969636ad14ab45cf1ccccd6d5d442109d

      SHA512

      bef4ab3b939a27bc362a188dc064f75916b204af7123bf1589a794cb6027e0f01ea7ae0ec6da4b57190448c50f231ed5de333b3b50b38b63c5e015312cf5dbf1

    • /storage/emulated/0/.am/log.txt

      Filesize

      3KB

      MD5

      91195d01094c83397ae0d566db73245f

      SHA1

      7afea7f1f88146ead9be2126512441d2d8d47dad

      SHA256

      ce299da82753ec29b4fb21001d3545211c4f38e21dbc4f03c8f698fbe6a0edf1

      SHA512

      8625b18dad36265d440b8e821aa8ab3d464321120879a312b5e03fc126d58c555adae1c876316520136cdc029d8370af69c7d88c3a38b1b8ec0ceb5b67899325

    • /storage/emulated/0/.am/log.txt

      Filesize

      64B

      MD5

      f8a2d9dc08bc93642a5645bd84342ae0

      SHA1

      b7c1db65840a57e975685140a04b4bccfd829ed7

      SHA256

      96a0aa23558a6baee2e8b6a4081dd6825a29639458cf2cb5a5e59a14a0f013c2

      SHA512

      8b07a3f098735a9a8d74fe55578af95aed6742fdbe6dd20a988895923a38efe09c15294207aeebcf2d72b3924498e085c4ad9dc8af628961b6079eb9c7110080

    • /storage/emulated/0/.am/log.txt

      Filesize

      72B

      MD5

      cac84bfeb45cb98c0a6733e8fa37a515

      SHA1

      50660282cab91fa1d1b69e14d1309a162156a421

      SHA256

      2366cc09617d81a6b506278bf609c2b8cd6a8a861ef7f9242cd5794cd080ecec

      SHA512

      addf14da489a4eb557aefb71ce9fdb9832dcd5797a765b9248808d0548ef5c5d76125906c91b3ca4c815d2b45611c7c4f7955d05bd39a1d75034e415e4bb4ad5

    • /storage/emulated/0/.am/log.txt

      Filesize

      153B

      MD5

      680701185af3414b9f665700ebade94e

      SHA1

      aff298070ad2d3a8ca8724d6b85c8eb4721f40bb

      SHA256

      984ec62a80864b919c7a5afac7acfcf81fd9abb4b93874cd5070e8605ed590fe

      SHA512

      2b2a205f906bce54fd909f16f8594841075f7e05d6dd2fc1fb6a66d7dec0fa7b0379df188512f958c7668203d7e72a9d520020b77f53aa32086fb89dcf310c9c

    • /storage/emulated/0/.am/log.txt

      Filesize

      129B

      MD5

      1a1e84d6b02da79c8f0f1bb2b64a3367

      SHA1

      ab439a7bc63986289ada3abeecbf8cfab664c6fb

      SHA256

      233319b372144a749410706f5246e27b647aa014d53c12ce6ab4d4351605903a

      SHA512

      13e02eb58e02d1faf0f7c0ad2d6eb95b8156827895d855cfe2d7e0448275f9342712111b67eadb523054a105a8aa67b59be14f7de23ef6cf2272db7e77346b63

    • /storage/emulated/0/.am/log_.txt

      Filesize

      28KB

      MD5

      084b5f7bb68d7f2d53042633be0c3f74

      SHA1

      854f112e9ff5966ee5e13e3bd7b6b6198851a4ae

      SHA256

      89f59b7daa6f53bdbb59195cd556656e3f97c7dee3ecdcfd9bf9db73c9b2a647

      SHA512

      9737ec2cf47ebfd46225551397d5ce484213dd644d9a76b1701fee04a3cd02c2ba67081c1f5a40d59463e7eab90cd2299c04c9edbce3f0402a5c62a00f0e9fb0

    • /storage/emulated/0/.am/log_.txt.zip

      Filesize

      6KB

      MD5

      cd5fac06097d103425d66b1b99c0df4d

      SHA1

      c592adf0397a9be7896bb72d814ffca8080c675d

      SHA256

      ef53c9e19d5ac08e4605e9c1a1fbbcf528f7bcca923aa017ab92b189d108a615

      SHA512

      15cd8d25ade7086f6afe78142424e316f856e814a7e8636afd4ffe16aba1022b12a907fda4793eef4b395209cd5e9c456fca3babd1890fb8bd6af93d038a5f45

    • /storage/emulated/0/.am/log_1722641842387.txt.zip

      Filesize

      220B

      MD5

      817914b62cc2c07c07fd6ace52cc9715

      SHA1

      92a32435fa66c99bd60d7284aed887a47362ca59

      SHA256

      e1001327e65d3a7eaa85ab79c4a1fbae37dafaa44ca50e4f0b5165d6c05404d1

      SHA512

      3a886998c6b6e4c27a3eedc41f9ebcb5ad06170157525f27485c4c4bd839eef67a495c3d87472a6231f64a02ff8b66d3d128223e7243d2b5b709aabc2a28a242

    • /storage/emulated/0/.am/prog_class.name

      Filesize

      72B

      MD5

      fda9182e3ed7babfe6cdfb2fc79f91a4

      SHA1

      63c41d4facdb15262581b9096fef50492c48c801

      SHA256

      d09df77525b05a62e89c70cc207651dd416cf2b9a73d0ac5b37db77e93325803

      SHA512

      8554dbe745a8b52ee7cce25f4cd6ed4a92601223b616ad8357bcce09a9907b09dab3042220d2c41649b3b70b409124c1c2c8efac855c10d8c347c662bb3f98d7

    • /storage/emulated/0/Android/data/xspcmj.qiegf/files/Download/mch.apk (deleted)

      Filesize

      64KB

      MD5

      13684d2547f64dabfe299d1c6553a05f

      SHA1

      b000477d2cb51e917f2ebce3a8c53745ba7e0fd0

      SHA256

      3cf935d3101700253aa86e9d233201e587cfdd71b44491414b9d0f8f351febc0

      SHA512

      e75a7c2d43b9223cbb58cf21640ed86a1df77fbeab56d9f7904748898feac40aa6a372dfdfd44c93ea8480dad2f9889684bf37b85549d4bf8e2a2c7c79172217

    • Anonymous-DexFile@0xd1592000-0xd16bd4b8

      Filesize

      1.2MB

      MD5

      336921950a9f279733cd787f1203d73d

      SHA1

      cefc36a7c17909054cf2a507b34f545af96c0e36

      SHA256

      c6f157d3401cf969f57b4d102e14fc097676f11cd4911a68a3e08cafaf2aa94c

      SHA512

      6fa4f733298e00a8495648b623c04a5a7912a6a5af26089749e9ad26f30e20ba8295dfb901084bbf7e6976acb65ac78d7ce7a0037b1a4044ec5ddecd29801f87

    • Anonymous-DexFile@0xd17ea000-0xd1a7c80c

      Filesize

      2.6MB

      MD5

      3bca1a576ba29bd493e42938a489aa5d

      SHA1

      0e5d4bc3a7daf6864fb3076e6c1e9685e254efd9

      SHA256

      b1da8dddf686b15b020b54c3509896b4a96b080604cd9d9cbf302e4beee473ce

      SHA512

      39a80b04bc764b98d47e035fb46ad89607bf599110bb5f62dc394f50e2c329fe913fe4be70b2a7879be3e2d7650eb9322f026e4996c62a45632e4045cc71bdc0