Analysis

  • max time kernel
    170s
  • max time network
    184s
  • platform
    android_x64
  • resource
    android-33-x64-arm64-20240624-en
  • resource tags

    androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system
  • submitted
    02-08-2024 02:07

General

  • Target

    960b8e06d0db96f0bfcd044167a1af9b7397c73a13f222cdcce13f4824a8ffd4.apk

  • Size

    20.5MB

  • MD5

    662a29140ea32f87a19fa76996137563

  • SHA1

    cd0a4bd3abbf0fe2773a9c7a7a589a0609582219

  • SHA256

    960b8e06d0db96f0bfcd044167a1af9b7397c73a13f222cdcce13f4824a8ffd4

  • SHA512

    511b9d8e95dc7fa26fbf385c4f8bbdd0120830d7a4a031ac6929807bf265e7edafaa4778cdae6e80e632b8f1cfd4e7fb194a776328082402fbd2d22b79174b0c

  • SSDEEP

    393216:tGtsJA35z7A79L+v291mbgafiubchZHb9T9i/zVN2I+TX3VyKpPbNiRSKcsbJo:tLJA35z7c5vLmbBffc3Hfi/zVN2Ikn08

Malware Config

Signatures

Processes

  • xspcmj.qiegf
    1⤵
    • Checks if the Android device is rooted.
    • Loads dropped Dex/Jar
    • Queries account information for other applications stored on the device
    • Makes use of the framework's foreground persistence service
    • Requests cell location
    • Schedules tasks to execute at a specified time
    PID:4341

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/xspcmj.qiegf/[email protected]

    Filesize

    2.6MB

    MD5

    3bca1a576ba29bd493e42938a489aa5d

    SHA1

    0e5d4bc3a7daf6864fb3076e6c1e9685e254efd9

    SHA256

    b1da8dddf686b15b020b54c3509896b4a96b080604cd9d9cbf302e4beee473ce

    SHA512

    39a80b04bc764b98d47e035fb46ad89607bf599110bb5f62dc394f50e2c329fe913fe4be70b2a7879be3e2d7650eb9322f026e4996c62a45632e4045cc71bdc0

  • /data/user/0/xspcmj.qiegf/[email protected]

    Filesize

    1.2MB

    MD5

    336921950a9f279733cd787f1203d73d

    SHA1

    cefc36a7c17909054cf2a507b34f545af96c0e36

    SHA256

    c6f157d3401cf969f57b4d102e14fc097676f11cd4911a68a3e08cafaf2aa94c

    SHA512

    6fa4f733298e00a8495648b623c04a5a7912a6a5af26089749e9ad26f30e20ba8295dfb901084bbf7e6976acb65ac78d7ce7a0037b1a4044ec5ddecd29801f87

  • /data/user/0/xspcmj.qiegf/databases/SettingsDB

    Filesize

    124KB

    MD5

    011cd6a11afb071cc79ef5019e0548e2

    SHA1

    06456658c8ad8e29492347ea80b83b0cd1dd20f0

    SHA256

    9b72e53428efa4d1b97f3e59a765390e5116af3b6be16c645a61a8f96c040c97

    SHA512

    ad7ef191f6be037bdad532e90c4e48c152b6665e720a640f4bd7ba35801d91b5730f131201da223443b0a964b8bb815c719ca7b6344d8d1ae5655aac4ce16d30

  • /data/user/0/xspcmj.qiegf/databases/SettingsDB

    Filesize

    96KB

    MD5

    83bb06feb5e5482d592ef49c49bc525b

    SHA1

    45f447eecf561ed5784d3b8518ff6eb5a44529a8

    SHA256

    e7c006515ba7147f66fa87b46b060d117bb3ecc706236b3295fdbc779471442b

    SHA512

    5aaf78896cdc61cdd276ec0c8c996c1ae67c88eb40c99984479495350009c1cdc0129d4cdb186c5c68cc7a7843b1187c86a8f70e1cb516c672da7768014f4bb2

  • /data/user/0/xspcmj.qiegf/databases/SettingsDB

    Filesize

    96KB

    MD5

    a3fb3318e23154384ef316ed901ac45e

    SHA1

    2df7706038a6389bdc80578922e8163ca45f4dff

    SHA256

    a8c1dba62ea2ad7ca35c3e52cad907e41141cad86a4a028fccc9e7ec03386fbb

    SHA512

    d12d975caf74cd465a2062a35838daa5e03a0f5936773414ed25c3a0e85dbfa5740ef0baeed7daea16dd498b97c9c20c369fa94ada3b504f71a3af63b8296475

  • /data/user/0/xspcmj.qiegf/databases/SettingsDB

    Filesize

    96KB

    MD5

    4a9ad716164b2a8dc4557317be026576

    SHA1

    da5395e4413cd45a3601c9e706969c8e6bdfd831

    SHA256

    3f74b13d11b94c366468a42a43c86401f3e5402eb66bc6093adacbae59a54e4c

    SHA512

    a4ee9e3453fd2a8891625d0d81f27014a2678f0d4f3a9daaa42448b814aea77c2aefb2afacd5638df63205da8f8fa53966714913231a3d99ddf151008b792885

  • /data/user/0/xspcmj.qiegf/databases/SettingsDB

    Filesize

    96KB

    MD5

    e37f396e149df7cb6540764b333f2f3f

    SHA1

    93686979bd60ad8ab166d45640b248e87fc3288c

    SHA256

    db42d4338fd7c82046a9459a198e0840ff2efd931e390a3e39024142443e6d01

    SHA512

    624904432496c628326e309779f5ada532f18c8f8879b091ba4372c6d3c51eaebea2e2a9fd3ae2c8f6bb8b46502d3dce65b07b4f3f7c482918fe09a14eb8e77d

  • /data/user/0/xspcmj.qiegf/databases/SettingsDB

    Filesize

    96KB

    MD5

    7e4864547844dc64c7fdfa30141f5d60

    SHA1

    031d5824f68ca0d7e85fd3a90d69ddb1cfb67feb

    SHA256

    1d6792317338e2eacc25df3c24b3621521d867443d793fc2de80cfde7d41f1d1

    SHA512

    5a088b950b1936d7f17cfe705ad113128e3e700e8e4f915e9942328818a95c9014fc39436518941848d8e5ae0f9556249e262f588714e5f08c765627d8852034

  • /data/user/0/xspcmj.qiegf/databases/SettingsDB-journal

    Filesize

    512B

    MD5

    8b71623dfc41dda99fd56129d7352959

    SHA1

    8ede50aa21e0447ee414277f8ec9fc0a0c0462fa

    SHA256

    cb0df13496ef220f09ec90f755c4ef98b4d4f038521bf9894d28a0a6c6d0a554

    SHA512

    1e5aa0ff3b3c4d96620def637a4d4112e76f1b24c89bdd30a5d49eff1d3c6722ad35cb8565203047252136c49c13a0b00bec83c91832885c1dce143d8f6f8cdd

  • /data/user/0/xspcmj.qiegf/databases/SettingsDB-journal

    Filesize

    8KB

    MD5

    7c573f5f737f267919f76e8dee1abe74

    SHA1

    935a140891a9aea95ad69f112a428b3fa9295071

    SHA256

    f76cb3926677194c2c0ef484720827760b96dad187a45442dada27c66fbc50dd

    SHA512

    1c055f33daae60524da454b29b7d0979ba445a225fd89f6a5b655213d24d34ffe8fbabe14c7f46ff73bf59b17f4152f1c7eb22e74044e7b7ec3ce9d2d35cf857

  • /data/user/0/xspcmj.qiegf/databases/SettingsDB-journal

    Filesize

    4KB

    MD5

    2c89abcce09ca01c983a4edb610ce5d0

    SHA1

    d62500970465ec04ccd56307173583a034eda977

    SHA256

    b92bc2f0c6f05766c6037a0af2fb85f12e84d5c29d5e4c2b23524746438260ed

    SHA512

    eb87dc6610195d965bd6b28a94ab5c2491a6815560c2afa7649e1e5884536ab88510ea4ebee733fccce62ad6dbf7e162bd78b9fa76a510ee2cbc09c436fafd1e

  • /data/user/0/xspcmj.qiegf/databases/SettingsDB-journal

    Filesize

    8KB

    MD5

    38fde895907d67332225395b122bd929

    SHA1

    e7cfc3410c2f3ea49e8e9c0bbd01cf891e9a8186

    SHA256

    7c9a915e280daa5dc6f4394f775efe302dc4e8a55310424392e058b3a1b5dd7c

    SHA512

    b3182f8538eccd4af1743d7e46a5824a444f0c7df3882660b85c7f3fd8fc6294cd8d0de393d1950f4e67df9601979aafc13774fab8196a175fec2651e28b9c04

  • /data/user/0/xspcmj.qiegf/databases/SettingsDB-journal

    Filesize

    12KB

    MD5

    a938b288c8de73c8aecf0a0b3d91eec5

    SHA1

    d0f229c1dc4c48cd87f1270c49d1a24a4bbe1383

    SHA256

    303a52478acc6e17c4956230783a096a6f9afb4359ffa2810b51567e9e1aa9b5

    SHA512

    d6c394a944d017d80a64ffad6249a003c57e23b6fb796bd3334bc93e2b1290331c0f03e1d9e5cc7dfa7736d396f6805caa826303fd90706ae28400127718cae3

  • /data/user/0/xspcmj.qiegf/databases/SettingsDB-journal

    Filesize

    20KB

    MD5

    0aa782776f5341a36dbe8ebd516648a2

    SHA1

    91c658af86e5baa709136c7d7a06423ca61f30c4

    SHA256

    da853af2fede24734066750f396a3e15482626cd3f2d2b562884595590fe4a21

    SHA512

    047a6fd7d6c544b79c47d923f3a51298eb11e91b716fce04e963489921d8a4a47f2b8c6c55dbadc8f8e242cc90454264e9848c83148d21004713fdfc4ad808a1

  • /storage/emulated/0/.am/dm/md/main.md

    Filesize

    2.6MB

    MD5

    8aa5d8f3622ac78fa2cc58d58c87dfaf

    SHA1

    33071f0a26c21320a749a25a5e94a694aaf346de

    SHA256

    db50acab3ed87a8cf5df819c8c88e3364f966dd5279d1f3a3f8e3154ab8cc326

    SHA512

    0ca20d27a1e8511ef0d588d15fe4c6f443a706af90d414e94d4d7e021080309f574892c327054c9b072a6a8740a9ab88e774116d2d815ed839ea7f813ef35251

  • /storage/emulated/0/.am/dm/md/main_tools.md

    Filesize

    1.2MB

    MD5

    51112e0a7f7962a8e02bc885025414ef

    SHA1

    40622959af4fe349d8881c885b9b30441de8804c

    SHA256

    2b089f76930214706716aceba0bc6cefe6e132d14dd7d0a7c59eaa4f90f126f0

    SHA512

    f02971a0f493fb72539381c3d1503d8573e8bc67f147014f443df8c01e71bb28437f832c5702d25a8bef2c34c64fb1f46d0000523eed04ea7981186ada22e402

  • /storage/emulated/0/.am/log.txt

    Filesize

    173B

    MD5

    5a59c657f396d09d60d7f1ee1b447305

    SHA1

    625fbafe27d2335f93023e840b5adc875244e2bd

    SHA256

    fcf092684795bfec3920dd5ba2e8bc54d3f74e0091034ca22637ddad3111afae

    SHA512

    f6a1c4905e0f0fbe115e76142182bd7d1003cd4eb78dcfaeea40ac5722abf8d3798119bbe10e30a83cf5710cf31a3be6f454a1ecea9e1eba1119bcb41c3559b6

  • /storage/emulated/0/.am/log.txt

    Filesize

    152B

    MD5

    e1ffc12599cfa08012cb3f61e234294c

    SHA1

    6d517d409819e9aa8661aafffbc672006416c4e4

    SHA256

    c993632a2015069ba0fa5896a92aa791e94a8ed8ef0a4471003d23833f938177

    SHA512

    a685fbf402857ce3be502ff47f7eebb737ecff90fdcf57fb4f78bf83d3d2a5cb7b1030976ef9625e5947d4f48c12e13646e52dad210dfe8e5464d331729b8fc7

  • /storage/emulated/0/.am/log.txt

    Filesize

    4KB

    MD5

    61e4c350d4e8355da8281a9e2afded23

    SHA1

    ab8a444173933ae4c31bb1465a046cc504f791d3

    SHA256

    cde3be8c677c63a08d0cc399cac84a9de46458ae8951b3dfd05809260f0e4dd7

    SHA512

    70bde08c86da60a73572b1983b74a501f3563ed475166c79805d8cf34ed9d4605e8a30e362b3835f9faf5a08fe9351bdc8a877507a9d08e4ee48467c781fda09

  • /storage/emulated/0/.am/log.txt

    Filesize

    64B

    MD5

    efdaee919c7106a93caed55cc7460687

    SHA1

    a7a37b19efb5bf3811b2c6c130e1f69f869263bc

    SHA256

    b551feb96df0e0508b333be71cb081f443617fadae27ee042d80dad15c5e97f1

    SHA512

    a4db4813176ecda7fdb72576fdc8a556e387bbed00bfca70a5ced77ac723bb978a06f0bedfdcc81e7d47873e62a946fe9d526dfd70ef73fa09a49868303484ff

  • /storage/emulated/0/.am/log.txt

    Filesize

    72B

    MD5

    6fd6130d0d5d9b6cbae95e931c00a78d

    SHA1

    6d075658af9dd2f183991f4cf4f348325a570d98

    SHA256

    424f3e1416734dadbc6283c6b00a15b5dd02107ca1f6b292907f74194527b2ac

    SHA512

    8a8f23fc06edd04fa2a0b2af647795b03d2cfb6353d157c442bf9f22231f1d13d0ad4773137ea886fc255c3eb33cdff914ae9e4bd423d8649d9a59674795412a

  • /storage/emulated/0/.am/log.txt

    Filesize

    183B

    MD5

    8247826ec513660efa4c86bdb12998a9

    SHA1

    81fcb34e84172f6809bdc2a37b0ff228734b018e

    SHA256

    3f1f05e4b1bb60d4a9be6ec0878fcbc262252f4a76c44a0d1a1d9ea7db8453c3

    SHA512

    4ca31a9b9d7a266b6aab13fad683f53a2358e98d006b5144752e2482290d05ff2c6529f1c6ac16e91ca284b9297b4d67000befd507aa81b4af9e6719d77a1c3a

  • /storage/emulated/0/.am/log.txt

    Filesize

    129B

    MD5

    3c891d7480ac23d2c9b4d7e39e23502f

    SHA1

    cbca88c807cb5ab97e4dd2ac3c0e712c25092b83

    SHA256

    b60cc1e140ece70162c1fd5c33ce162e74ae58762500a62385b582bf0e5e1795

    SHA512

    00d9815c81dd16b48c7fd3bfa4a96a09950d26afec34b305ffe9d614da305344c2b9a6a8774685e90118f4b746675c5d77fe1a6d9764f91528c52a95b35abfd8

  • /storage/emulated/0/.am/log_.txt

    Filesize

    22KB

    MD5

    eb2e169ba556fe9a79fdca51acc15b20

    SHA1

    074b054826d247d83ffd95f3147289ad00ed6027

    SHA256

    3d0d053f9291fb759224d05b5a07a06f6b171a8121b3d05b43a94db8cd0c802c

    SHA512

    d71706c9218bca892dbc5c286ddc0cb62a22c7741c08261edc21afa43e2632bffd4d6bb0e924ca83afb0259fe5210c52fcd8ceefb3280e5464e4c870b352873b

  • /storage/emulated/0/.am/log_.txt.zip

    Filesize

    6KB

    MD5

    978b222ae70911eeb6caeb0cc1ac120b

    SHA1

    ff89406062f0c2c3552db1383c4c19d54345b4b0

    SHA256

    c5465307fa53a0699550fdeb9e91a52c9e5db8c150eb288a52a394684338a733

    SHA512

    78a12ad10ec6ea658c1bdcba7e6f8fe48f50b890ea8ce4daefe04da5b0ff30fc235e78eed1d2c22f32469bcd3ae4a67b685cf44ae7283102a465a88df777be23

  • /storage/emulated/0/.am/log_1722564498677.txt.zip

    Filesize

    220B

    MD5

    7d13790880530a5faf98961580fc4e90

    SHA1

    3a7032f53feee659ac2fd6e23aa703069305700c

    SHA256

    0a3ca37ff899cca53ad87af2c080af91426e8c7d25c607c3462f09636213ed0a

    SHA512

    9441084a482041eacacec02d64a419e3a3a47de62b13000ca07dc5cd7a93a7745f138d7e7b31911822b07ce75b8f2a97d5f953c50eacefa4a53927506cc8c833

  • /storage/emulated/0/Android/data/xspcmj.qiegf/files/Download/mch.apk (deleted)

    Filesize

    64KB

    MD5

    13684d2547f64dabfe299d1c6553a05f

    SHA1

    b000477d2cb51e917f2ebce3a8c53745ba7e0fd0

    SHA256

    3cf935d3101700253aa86e9d233201e587cfdd71b44491414b9d0f8f351febc0

    SHA512

    e75a7c2d43b9223cbb58cf21640ed86a1df77fbeab56d9f7904748898feac40aa6a372dfdfd44c93ea8480dad2f9889684bf37b85549d4bf8e2a2c7c79172217