Analysis

  • max time kernel
    166s
  • max time network
    173s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    02-08-2024 02:07

General

  • Target

    960b8e06d0db96f0bfcd044167a1af9b7397c73a13f222cdcce13f4824a8ffd4.apk

  • Size

    20.5MB

  • MD5

    662a29140ea32f87a19fa76996137563

  • SHA1

    cd0a4bd3abbf0fe2773a9c7a7a589a0609582219

  • SHA256

    960b8e06d0db96f0bfcd044167a1af9b7397c73a13f222cdcce13f4824a8ffd4

  • SHA512

    511b9d8e95dc7fa26fbf385c4f8bbdd0120830d7a4a031ac6929807bf265e7edafaa4778cdae6e80e632b8f1cfd4e7fb194a776328082402fbd2d22b79174b0c

  • SSDEEP

    393216:tGtsJA35z7A79L+v291mbgafiubchZHb9T9i/zVN2I+TX3VyKpPbNiRSKcsbJo:tLJA35z7c5vLmbBffc3Hfi/zVN2Ikn08

Malware Config

Signatures

Processes

  • xspcmj.qiegf
    1⤵
    • Checks if the Android device is rooted.
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Queries account information for other applications stored on the device
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Queries information about the current Wi-Fi connection
    • Requests cell location
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    PID:4253
    • su
      2⤵
        PID:4295

    Network

    MITRE ATT&CK Mobile v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • /data/data/xspcmj.qiegf/databases/SettingsDB

      Filesize

      124KB

      MD5

      4c0ccabb25100a908b9db06434a6af8b

      SHA1

      555d9ecfa42e17aec483e1c05be0fc1362db9e66

      SHA256

      79aee6f8af24ae6adc8537de3a061bde3778d3d9634265b85b3e8727d4116304

      SHA512

      b9a4a1227fa927f0ef987a720c5bf16af71f3fba8c1a40d5387ad0d4ba193a1b7b23634b0850af7c25b55c8b2e984e7c84ab8fb3e55c83b3bc2ff859f4dcc5bb

    • /data/data/xspcmj.qiegf/databases/SettingsDB

      Filesize

      96KB

      MD5

      03e0545916304d37650604ad2e6c3ee9

      SHA1

      c72e8dec118da4930006ff5a73530122df528247

      SHA256

      4369c676e8c51a8cea10c9956d1b10ca655dd479c26b2b8cab6aa15bf486dec5

      SHA512

      069e3f2c36215cedae469c07b9db7a6d1dfb93fa4a65d81fc34da04271961a018ebeba247242541791909410ffcc7935e88212fa0ca61b3a09d8a308cd85c96f

    • /data/data/xspcmj.qiegf/databases/SettingsDB

      Filesize

      96KB

      MD5

      4368f35a7f3d2315047b349138770d69

      SHA1

      01fba9cb01d14d1a603381f24b6b61ead1bef6e1

      SHA256

      79ab1537247f14efc09f3eefcd0b8e376969c986b1bda40b418e340bd27056a0

      SHA512

      dc3a99f995cb629e441864263ebb4edfc80991f3200b2e4b068adb7c534116fe9e46affc308ac8825f14cfa6b10f65d24d3d8c614f9260ef03976ea270a94cea

    • /data/data/xspcmj.qiegf/databases/SettingsDB

      Filesize

      52KB

      MD5

      b6815b344f6926d458cea05acd052cdd

      SHA1

      88f524aff1d4c5fee979a203dd952427871a7097

      SHA256

      028666f28ae0086b18fb740f792e8a80ad05547f0c7cb9d2dc8080e5125db366

      SHA512

      0431375f80e9c467d0abb042e43681a973bce455fe8354f5a138f19a3b28d3adc7eac3fe4c20bf44f085810749569b87a393185cd8f8bf2687f0923b8de4dade

    • /data/data/xspcmj.qiegf/databases/SettingsDB

      Filesize

      96KB

      MD5

      27ef279f99a4960d80ab3e48342b1e6e

      SHA1

      56e153bd600e11ff9fed9dd765c6cc340b03608f

      SHA256

      cc7a89085ab7cba279ede22352834d6a7d039cba4a692bd65450d29b02e4bc77

      SHA512

      a116f778a1786764725b863723d161a1c64b8e707b3322cfe982d594675796d3c879361521bfa79012ea7cb078f08c6e4d785f4fdaa8ad9bfacf430ca5bc136b

    • /data/data/xspcmj.qiegf/databases/SettingsDB

      Filesize

      144KB

      MD5

      9f69b9d5a90f43cfeb04e9ed68db2b0c

      SHA1

      f3c16aae41d2dbd9fa3325fa7ceed6fff79eaf20

      SHA256

      25f1e4101019ac36d4af1c9ec64c2b53abf1096ae88c180eb735f1cdb2f12810

      SHA512

      60aa8bd0c7480e983ca009d6c6f96d7d33c920084320f0b411bcb676f68f99e0bd9ab26306355463379df804a806caf633f45de1316c65ff10626ba4ba81a531

    • /data/data/xspcmj.qiegf/databases/SettingsDB-journal

      Filesize

      512B

      MD5

      35a4b26c6ba05200451a1013c6774ff7

      SHA1

      9c6180aacd2e12818ab767296a0c1d35c1a0ca76

      SHA256

      f8058ea124b21e2c565068709d0142ec2fccf59486b80bc0b57563d16834ce84

      SHA512

      b2c19f74f037d341b51f1696ffe13cd7f69ea3d08594572f78f4abf22dbb9cc7628fe5086acca66cb52ceb489fb2ad9e4a46fd94d3408bf6e4a866d78b3fb671

    • /data/data/xspcmj.qiegf/databases/SettingsDB-shm

      Filesize

      32KB

      MD5

      bb7df04e1b0a2570657527a7e108ae23

      SHA1

      5188431849b4613152fd7bdba6a3ff0a4fd6424b

      SHA256

      c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

      SHA512

      768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    • /data/data/xspcmj.qiegf/databases/SettingsDB-wal

      Filesize

      414KB

      MD5

      9610f71bba928bd8416e59087d5a848a

      SHA1

      60bd37e242b7d7b93a5989c30b0078f593ed7ced

      SHA256

      1eba97c1d194721f33bfaf1e87b25f850daeb53ad40897435f5032033b166d15

      SHA512

      0984f45229f457319829c672848b6634269710bad7392f6a1efce4737e2b5857ef8dd05ae4d928b9b7ec034f94133e33e4ca91609e6f79eeb99efdc8038735f5

    • /data/data/xspcmj.qiegf/databases/SettingsDB-wal

      Filesize

      8KB

      MD5

      54a0eb0a8f53cc2d2e3a9afb6d3c285a

      SHA1

      d053667facde597c639d9d3595ac7aa0dc19e58d

      SHA256

      cd2b0154f762514c0baa19537e2ddd15549eca9f13808d2908452741d5f91427

      SHA512

      48ff59c945ef7b901dbaed093f391af6c5ecf3d926bc9f196366d527a1ac90d1fde8c634be22b88b131b3a6d070f53d0060792223ef1aa47aa0877da9b3971b7

    • /data/data/xspcmj.qiegf/databases/SettingsDB-wal

      Filesize

      8KB

      MD5

      0fe3ba6198b3366ba4158633ab6d08be

      SHA1

      80cba1e0226a241afdb5a6d0a691531e008c6c51

      SHA256

      ca4030a12b76899fb74cbbcc2710d9ca336c9749f85af2efcdcfca87eeb47016

      SHA512

      8b03a72a079d2e78fbc32856b8bd3350afd2c211dd3e6e41454e122f6f3d6797f200394e3bc0f179fd721bc91bd440d28e107e228f349088f1b9ca6743ef9327

    • /data/data/xspcmj.qiegf/databases/SettingsDB-wal

      Filesize

      4KB

      MD5

      fe8bb7844ceb0512aa43a579de032b52

      SHA1

      15ddec53304cd4addd8f7003b990ba5d14790b42

      SHA256

      bf09912dd7c4ff9a8ed2e1a26796bbef98467a9de37b45d969be593522c16c9d

      SHA512

      30757753ed6c08a6ab3dcb535d065e036bcfd171d38b11d59374a334d9a8e857940a432e318a4107a542151091215696ed5af5f05bba081f3e22ff315a69f618

    • /data/data/xspcmj.qiegf/databases/SettingsDB-wal

      Filesize

      8KB

      MD5

      a1f7e7620f327ca27626121808788923

      SHA1

      604ba9b5c2572be019864cc10f1590cd95912733

      SHA256

      5a0f66d7156943fed5cca062a24578853300cdab598b1ad289c5fa0112798755

      SHA512

      893610a880469ed321e46637020deb3a470c3abf62fb6c7b622390d577066158115c8fce34cdd8d3ef83fed530cf3880466153e49b0b1b89df57dba5230b4664

    • /data/data/xspcmj.qiegf/databases/SettingsDB-wal

      Filesize

      418KB

      MD5

      2e349b58b94cbf6cc503e6fa9c658e64

      SHA1

      c68b17143fc20500d369cc0a5a2d173a1d994c59

      SHA256

      281cc4c56794ac4ceda4f550e22ad7cf4a43c413ac949380dab401f0df3d4519

      SHA512

      ebebdafb7d8f3f486eafae3d1d95dc4172670418ab63db56a948c1f5a7faddae43bc1307bf5f44e22bf00f38bae2bbe4fb7aeaa0b0b6bf360272fd466ae959f2

    • /storage/emulated/0/.am/dm/md/main.md

      Filesize

      2.6MB

      MD5

      8aa5d8f3622ac78fa2cc58d58c87dfaf

      SHA1

      33071f0a26c21320a749a25a5e94a694aaf346de

      SHA256

      db50acab3ed87a8cf5df819c8c88e3364f966dd5279d1f3a3f8e3154ab8cc326

      SHA512

      0ca20d27a1e8511ef0d588d15fe4c6f443a706af90d414e94d4d7e021080309f574892c327054c9b072a6a8740a9ab88e774116d2d815ed839ea7f813ef35251

    • /storage/emulated/0/.am/dm/md/main_tools.md

      Filesize

      1.2MB

      MD5

      51112e0a7f7962a8e02bc885025414ef

      SHA1

      40622959af4fe349d8881c885b9b30441de8804c

      SHA256

      2b089f76930214706716aceba0bc6cefe6e132d14dd7d0a7c59eaa4f90f126f0

      SHA512

      f02971a0f493fb72539381c3d1503d8573e8bc67f147014f443df8c01e71bb28437f832c5702d25a8bef2c34c64fb1f46d0000523eed04ea7981186ada22e402

    • /storage/emulated/0/.am/log.txt

      Filesize

      173B

      MD5

      7e43c4df153aed9a83f925ba5826bbab

      SHA1

      fa5806913b4509dc0cdb91682eb8e6685f8927e6

      SHA256

      68b2afa0c3e38c2aec99c232230b1b5f48d47f54a9bae412d1966da86501d432

      SHA512

      608614480c6d3bca013a9ac64a415616c68543e892474982586fee82689e304213abad413e010ed462ca43dc06492e8b743e4a9530a4af0a70d974b7509fe5fb

    • /storage/emulated/0/.am/log.txt

      Filesize

      152B

      MD5

      635166e98f6a6d337ad70df4771c6ab4

      SHA1

      c7be3aac5b369b5a18f0753bd5b464d48736f5b7

      SHA256

      2fa865a9770b5726eef835a686bd97685f37578f400bd35b7b4a057618216fe0

      SHA512

      3ad3ccb9a7618eb771d0287e8ca39fafa375748dae4397752f2ed9ff839955a873423f15aa0ad485b373b47d1d936819b4f63d25259b2281ac31c7bb011dc516

    • /storage/emulated/0/.am/log.txt

      Filesize

      3KB

      MD5

      541d6f5abf0575384a395f8c64e4637c

      SHA1

      f3ed96d0f1848ca4f247385b25948adf56cb7ba2

      SHA256

      9ad65c643c189366a1c2975fffa7dfcda4e876773b0aebeb743ec7ba94a115d7

      SHA512

      14bb89d544c140a802985a180bb00de78a387304cb91ac6fc3ff5d32ec6d1c7e86c0bb738a827ec6294724a63fd425cc4643b342ad5345b6fe2970f423a67d24

    • /storage/emulated/0/.am/log.txt

      Filesize

      64B

      MD5

      9bdd9a9e5679e74b567a5003e5ae4f78

      SHA1

      ddc87a3b92e07244aec316cba6387e9fd308ff6d

      SHA256

      8390ff2660b16fc9cc4d261ff7ba1d7192d4a7675082827e534f304103b0dd1b

      SHA512

      884d5a5f884f40238055d01e974878a465eb0756cff566bc7b6ef3b7d9b7187a927e184a0e1cfce3352705de4eb8c724fc3ebcf8b5d31e1e248b92bd04cb913c

    • /storage/emulated/0/.am/log.txt

      Filesize

      72B

      MD5

      5ee3cc9917c931300b9bc77039e2a50f

      SHA1

      7377924661ca7fb7b720370f522169f250fa5769

      SHA256

      8a6338cc6635f86c69bcc9bb788b557f150b5beb064fbfa8a33361299a727ff4

      SHA512

      ea4d89203289b4a670b3de27f80794879a261fccd6c3cfa39cb0348c6069372ff17ff7c22d142eb44e929de547d277ca79fd54352c56b652e0b50e6da31a92c3

    • /storage/emulated/0/.am/log.txt

      Filesize

      153B

      MD5

      99fcb1e0350b65d91c2f15d1a1a11f26

      SHA1

      6fd3fb7f7f060905425efe6bb5cb8b1e610e1de7

      SHA256

      61a1f224af544db506ac2b2e4eb2761fa3da85e7500b5c4422108464d01e8c3c

      SHA512

      28c403a948ee51fec1f29ec408bf9a12bee317b4319a5c9a89f471c97c0cafd08a2d6581698fddb9e1c56721001ac4d7dae150e0ef79c4542879bfc43505449c

    • /storage/emulated/0/.am/log.txt

      Filesize

      129B

      MD5

      03c30944fbbab74fc31998e33156e675

      SHA1

      e45633258b25e2a4fc94c8c17e5fee28d4576e45

      SHA256

      6b61aa908923632558dae2010e141105aa999016ad63a9dd8494bf19c8608d21

      SHA512

      990511b488e95748827a63295abf911a4ff5287a60b14fc070fd6b7053a465e8019c164481b9502305e31a3125f3c9213bc691c9a8aba04037fdb7e8003fa050

    • /storage/emulated/0/.am/log_.txt

      Filesize

      24KB

      MD5

      29f4e855cced193ca76610e0f6a98808

      SHA1

      4e94e8043124e3646bfc26e01e527578b27c5473

      SHA256

      63d6ddde864e5890fc9d44965436edab073433cbbf6b93caf4bd1f440bd7e51e

      SHA512

      96c6ac79fc23369233c5bd20b4c919e74d71143ba82aba0d567ed65d351e84794a5af1b0f8e890eb1d3076c8ef836d7a5a49d4bdba55bcc5ddaedd91763e2a40

    • /storage/emulated/0/.am/log_.txt.zip

      Filesize

      6KB

      MD5

      768dda7ac8f66a6f5b3d15138fc87615

      SHA1

      2c90ca9b4bf53bef67e42d2ba9b5fa4ca4e06645

      SHA256

      b92d33f534b3aeb52be29ae3d2485d2e70fb2490ef316813dc6d0ff87f092725

      SHA512

      28ab914a15d80e29ff95220c23b964830ffad70c4c3a99b8c09c2be3fa2cb50ad9123d6bf01babc3d671317dc9ed1e728fe636a54a0cf052d5391a46e1f1192a

    • /storage/emulated/0/.am/log_1722564496755.txt.zip

      Filesize

      220B

      MD5

      015cb28b475fba1757c8bd6badc2052c

      SHA1

      234aa1dbd61b1ff8f53a41e3c000a427d938848d

      SHA256

      6ed6f0977383975f388e0d2198c11c9d49c432f85eeb415291c4f0943a216c60

      SHA512

      00eaefa49f9aa46cac3f37f62d6eaca385118e1c18ef5f602478bb5a98186036c09f2c4263932ad89f06b1cae3a17046fa41b034e0e4fc23bed62dcb1da80bd8

    • /storage/emulated/0/.am/prog_class.name

      Filesize

      72B

      MD5

      fda9182e3ed7babfe6cdfb2fc79f91a4

      SHA1

      63c41d4facdb15262581b9096fef50492c48c801

      SHA256

      d09df77525b05a62e89c70cc207651dd416cf2b9a73d0ac5b37db77e93325803

      SHA512

      8554dbe745a8b52ee7cce25f4cd6ed4a92601223b616ad8357bcce09a9907b09dab3042220d2c41649b3b70b409124c1c2c8efac855c10d8c347c662bb3f98d7

    • /storage/emulated/0/Android/data/xspcmj.qiegf/files/Download/mch.apk (deleted)

      Filesize

      64KB

      MD5

      13684d2547f64dabfe299d1c6553a05f

      SHA1

      b000477d2cb51e917f2ebce3a8c53745ba7e0fd0

      SHA256

      3cf935d3101700253aa86e9d233201e587cfdd71b44491414b9d0f8f351febc0

      SHA512

      e75a7c2d43b9223cbb58cf21640ed86a1df77fbeab56d9f7904748898feac40aa6a372dfdfd44c93ea8480dad2f9889684bf37b85549d4bf8e2a2c7c79172217

    • /storage/emulated/0/Android/data/xspcmj.qiegf/files/Download/mch.apk (deleted)

      Filesize

      53KB

      MD5

      de94217e1d19221c964f0c158c995817

      SHA1

      5ebf89fe6183e60e105ef3459fb6744241a24f50

      SHA256

      f266d122fbff1b9e1380403a8e11c51898403a2e7dc0dd024e323997e682a9ac

      SHA512

      79f14cb896a63bb9a4e8341802877a10200a07297450e09a61e1f93f0e778cbfa31ee32a8c69f59594d3327504985d81ea6b5cb8c54e889187e87fa2d07d83b5

    • /storage/emulated/0/Android/data/xspcmj.qiegf/files/Download/mch.apk (deleted)

      Filesize

      64KB

      MD5

      66083c4afb0b0c7b2bc397e5d55f73f8

      SHA1

      f76af2ea4df0649ff7a2505ee0d33f7e7f0d661e

      SHA256

      c9b830dad8dfc1bea8ac1bb478af1729aff2356ac782cc29c757bde54e07a2db

      SHA512

      8ca65286dfb51428e9bff09d334587d8806793b41dc95d43661bc26a8491322c3c95d9d1447fc9d8fe1afd0a8ff067da5903ec33c9911dc3bbb9f245d17dea7b

    • Anonymous-DexFile@0xcf318000-0xcf5aa80c

      Filesize

      2.6MB

      MD5

      3bca1a576ba29bd493e42938a489aa5d

      SHA1

      0e5d4bc3a7daf6864fb3076e6c1e9685e254efd9

      SHA256

      b1da8dddf686b15b020b54c3509896b4a96b080604cd9d9cbf302e4beee473ce

      SHA512

      39a80b04bc764b98d47e035fb46ad89607bf599110bb5f62dc394f50e2c329fe913fe4be70b2a7879be3e2d7650eb9322f026e4996c62a45632e4045cc71bdc0

    • Anonymous-DexFile@0xcf60b000-0xcf7364b8

      Filesize

      1.2MB

      MD5

      336921950a9f279733cd787f1203d73d

      SHA1

      cefc36a7c17909054cf2a507b34f545af96c0e36

      SHA256

      c6f157d3401cf969f57b4d102e14fc097676f11cd4911a68a3e08cafaf2aa94c

      SHA512

      6fa4f733298e00a8495648b623c04a5a7912a6a5af26089749e9ad26f30e20ba8295dfb901084bbf7e6976acb65ac78d7ce7a0037b1a4044ec5ddecd29801f87