Resubmissions

22-08-2024 18:21

240822-wzd6estdnj 10

01-08-2024 02:15

240801-cpkexa1cqg 10

Analysis

  • max time kernel
    36s
  • max time network
    50s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240624-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
  • submitted
    22-08-2024 18:21

General

  • Target

    am.apk

  • Size

    20.5MB

  • MD5

    662a29140ea32f87a19fa76996137563

  • SHA1

    cd0a4bd3abbf0fe2773a9c7a7a589a0609582219

  • SHA256

    960b8e06d0db96f0bfcd044167a1af9b7397c73a13f222cdcce13f4824a8ffd4

  • SHA512

    511b9d8e95dc7fa26fbf385c4f8bbdd0120830d7a4a031ac6929807bf265e7edafaa4778cdae6e80e632b8f1cfd4e7fb194a776328082402fbd2d22b79174b0c

  • SSDEEP

    393216:tGtsJA35z7A79L+v291mbgafiubchZHb9T9i/zVN2I+TX3VyKpPbNiRSKcsbJo:tLJA35z7c5vLmbBffc3Hfi/zVN2Ikn08

Malware Config

Signatures

Processes

  • xspcmj.qiegf
    1⤵
    • Checks if the Android device is rooted.
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Queries account information for other applications stored on the device
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Queries information about the current Wi-Fi connection
    • Requests cell location
    • Schedules tasks to execute at a specified time
    PID:4465

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/xspcmj.qiegf/[email protected]

    Filesize

    2.6MB

    MD5

    3bca1a576ba29bd493e42938a489aa5d

    SHA1

    0e5d4bc3a7daf6864fb3076e6c1e9685e254efd9

    SHA256

    b1da8dddf686b15b020b54c3509896b4a96b080604cd9d9cbf302e4beee473ce

    SHA512

    39a80b04bc764b98d47e035fb46ad89607bf599110bb5f62dc394f50e2c329fe913fe4be70b2a7879be3e2d7650eb9322f026e4996c62a45632e4045cc71bdc0

  • /data/user/0/xspcmj.qiegf/[email protected]

    Filesize

    1.2MB

    MD5

    336921950a9f279733cd787f1203d73d

    SHA1

    cefc36a7c17909054cf2a507b34f545af96c0e36

    SHA256

    c6f157d3401cf969f57b4d102e14fc097676f11cd4911a68a3e08cafaf2aa94c

    SHA512

    6fa4f733298e00a8495648b623c04a5a7912a6a5af26089749e9ad26f30e20ba8295dfb901084bbf7e6976acb65ac78d7ce7a0037b1a4044ec5ddecd29801f87

  • /data/user/0/xspcmj.qiegf/databases/SettingsDB

    Filesize

    124KB

    MD5

    f15335a640f24813c9b345c99da7e16d

    SHA1

    a0e7fdc85b3c1420bf342676be577f146f5dce49

    SHA256

    6baf6ee8c7c503ed9962ff49957fe3c0b707171d1913450d97c84856a6ae31b9

    SHA512

    5f51ec199de29b23e398d143c4f0faf58ba655a4f455ecafd5b6303c0ef428f3165f5db49daf4697f1dba3033da51113730ee5ad158a9ea9f8f6b9a10b044f19

  • /data/user/0/xspcmj.qiegf/databases/SettingsDB

    Filesize

    96KB

    MD5

    230d4315daec407232a12ea66fdbacff

    SHA1

    c309267a3d813a4a1817f52c0d36f8b35bd34ad4

    SHA256

    8153f4b29495a54aaff819354ee4d982df37620f2e0b03a4a9651da3f73fa3a5

    SHA512

    1110a04eb021e6cc965795e65274e830dea6c9721d41c1f15bd4473a5d7c78f2bc635f2d2541a57bdceffd7b2938389d7380096f615a47e75ccd556e0d0945d5

  • /data/user/0/xspcmj.qiegf/databases/SettingsDB

    Filesize

    96KB

    MD5

    75adb76dc4949a6e407bca70d87d7522

    SHA1

    9d45e5347688d4f49b39756a1bf3e5ca2fb7c5d5

    SHA256

    1cc33bd4a2dc12e4237330f8ac5fe16c53192f617b0252a9eae8d3ecd9f0b6f9

    SHA512

    f26969dda3e2c39f2713dc0ff2720d4f5e38be2322f8cc17bb33a645ab43a68ceabd28de8bbd9bb9cdf578ed57669b512948bb9b091aa614080b2c2efecc3991

  • /data/user/0/xspcmj.qiegf/databases/SettingsDB

    Filesize

    96KB

    MD5

    b15d98e5ea286fadd200d0b0ec8eaf0f

    SHA1

    356bae25def71f2cdeb83f44c6363a0f1410ab9a

    SHA256

    e20286ae2d2c64e5123e492baa2ecd56b9b33490f72b46e28162f5e00f62c352

    SHA512

    58588514d6bba5403f8b06b5f8e11115f3997d85f251b128aebc90d4e900f96ba7b8d1ecb767337bf5af21658958df1b996dc0e1483cb3f352aa865b1941e72c

  • /data/user/0/xspcmj.qiegf/databases/SettingsDB

    Filesize

    96KB

    MD5

    496e8e8203e1deb0540a892d8fbcc46b

    SHA1

    f0ffda7be7066cb62519f1ca37df94a3772be8d2

    SHA256

    9f4e3d856734dc303f129680f800efb670b2feeb054c44a4d6386ec2506fa0c4

    SHA512

    369f646b6bc13195977b2f4fcc19adb6ac729c6c6573e14b0efdcca999eb00a0bdb03e981013992c9536445e5c4502c746d0be0ca537b32806e6b7ce34d0ca8e

  • /data/user/0/xspcmj.qiegf/databases/SettingsDB

    Filesize

    140KB

    MD5

    6ef0517f0231c21cc5c149bc14f4c02d

    SHA1

    19df616a1f332bd3af7475d04b204097d9eb3909

    SHA256

    d526031acf1300a166dee79a3a04d4ea311479306833da278b3b0d1f59333408

    SHA512

    92a82321c45be6ab1d43e06f44021403ba6491a32dfc9feac77afe7ce0ae41b41195573f254ff2b55468076371b2b7cbd4e3591dfb6bd4377dc32e307870ed74

  • /data/user/0/xspcmj.qiegf/databases/SettingsDB-journal

    Filesize

    512B

    MD5

    fcd13a6dff95c5bd0aa614b2df5fc4ee

    SHA1

    87b97b92f522c67c2b50e7d67199c5aafb9ae137

    SHA256

    9a0d81fcaecedfae006182368b2f2a62ac2c4a09c192b3a5d8325ba1a5f312a1

    SHA512

    bf6aa4a9eb250890d20c9b7670b887f1ab117c4a50b2052883fc67a8051535192916f4edf5204c76ae5fa74aebc4931ae4470aeec717893b70bc4f1a14f1ffd1

  • /data/user/0/xspcmj.qiegf/databases/SettingsDB-journal

    Filesize

    8KB

    MD5

    12ff418079602ce761126ecdab76d31d

    SHA1

    cf295eb40d48d1f0d4056de106b262558f5cf697

    SHA256

    c347752d122b64d94167dec30b80fcc376b0b4966428d74788ced19bc535505a

    SHA512

    f4a642f5cf3a6e467e08aaeb1b98bc7ddf698c753ac8dce9aba178f5a6788fa1d529f3bd2869825f0b8ebf885c1dd2c9459c26922876dc40e83df229199497fc

  • /data/user/0/xspcmj.qiegf/databases/SettingsDB-journal

    Filesize

    4KB

    MD5

    e62157e23ffb5435fad7b99a293a9697

    SHA1

    9209bde7c879792761b3c9b6a6b6330635a86eff

    SHA256

    66fd655ec754213b390702e413e9895001470d5584840378235e2a4579c01594

    SHA512

    7e59ffc2e3313f8d44f2096333c1e9d949342f05a9771c930d14f5feb3e9c24649d6a286d2790b68fd8fb9f4170d742a0ca1dc19b2d93e26646f029c84df8bd0

  • /data/user/0/xspcmj.qiegf/databases/SettingsDB-journal

    Filesize

    8KB

    MD5

    ff23332f030071cfd30c5657e1209f88

    SHA1

    38726ea1b55ceed83f3e62ed424ce12b5717887c

    SHA256

    6ae23b97c72539a989cc6b22ce345305f4b7454e231bd41bcccc7d22254b906e

    SHA512

    c08aae555e61306cc2f7e4b7ea8239b3e49f0e90d679dd98466e9804b1188b0259cdd7a08c9b9cf47ca6e44e4122fce0d9997e338a6e36028fb377dff8840d1b

  • /data/user/0/xspcmj.qiegf/databases/SettingsDB-journal

    Filesize

    12KB

    MD5

    1f67975b16802764f454eeb45510c6ad

    SHA1

    58685f186f77f09e6ec586948d22ff206e50316b

    SHA256

    9d98c0513f03c4a7c343f1af7a61b6091c793e5b2a999753a7e8635fd1cff392

    SHA512

    14b368a1bcf9e98f9d206d3f29e9ba5893a7c0e5e42cabd12761a6626a3b06aa8c9b1710367b13a764ff0a2dd41f2138c0ae178d1b9fb0844d5fc7c516455d9c

  • /data/user/0/xspcmj.qiegf/databases/SettingsDB-journal

    Filesize

    20KB

    MD5

    9788480840c9566155f008d6f03ef4ce

    SHA1

    370d343858dc3102d0ecf16d8d9742d7949348d0

    SHA256

    38b62bf53f3b4ed9c36cb9ebf89c40a0a18282f43467b9acb9d880effffb479e

    SHA512

    98a3bdb4824723aba05eb1e422e03aaa2e89d6043642f818bcae45a96b911e102c9bb3176108692f512a0facfca2df8eae08b9ccabda42aa60509bfdd41428ec

  • /storage/emulated/0/.am/dm/md/main.md

    Filesize

    2.6MB

    MD5

    8aa5d8f3622ac78fa2cc58d58c87dfaf

    SHA1

    33071f0a26c21320a749a25a5e94a694aaf346de

    SHA256

    db50acab3ed87a8cf5df819c8c88e3364f966dd5279d1f3a3f8e3154ab8cc326

    SHA512

    0ca20d27a1e8511ef0d588d15fe4c6f443a706af90d414e94d4d7e021080309f574892c327054c9b072a6a8740a9ab88e774116d2d815ed839ea7f813ef35251

  • /storage/emulated/0/.am/dm/md/main_tools.md

    Filesize

    1.2MB

    MD5

    51112e0a7f7962a8e02bc885025414ef

    SHA1

    40622959af4fe349d8881c885b9b30441de8804c

    SHA256

    2b089f76930214706716aceba0bc6cefe6e132d14dd7d0a7c59eaa4f90f126f0

    SHA512

    f02971a0f493fb72539381c3d1503d8573e8bc67f147014f443df8c01e71bb28437f832c5702d25a8bef2c34c64fb1f46d0000523eed04ea7981186ada22e402

  • /storage/emulated/0/.am/log.txt

    Filesize

    173B

    MD5

    f73f42f71cebe0d54a55323a574b0ba5

    SHA1

    2d27ff6e90ababea983b5ba7ef2358a2c320fb37

    SHA256

    b12471288b17c20580054c6b3186412d330fe6c096ac1e57e93d88db5ebcfa44

    SHA512

    b3bf25b554b26ef2d8ab65e27f619100e893320499ada35f3ced4ec5b00868febebd91ebf5f2a5b9e8db945e4c3b6081c74057bd43c9ef6a7202ebdd3ecee30b

  • /storage/emulated/0/.am/log.txt

    Filesize

    152B

    MD5

    0866d72feb046360bb153e0e010022b6

    SHA1

    82ac22a3c06a94930a0f444b5ea6567156c6d3ec

    SHA256

    3baf56a61dfc90a893dbc217b6945e27fc7d13970d1d17f8a6931ec77fb7c95c

    SHA512

    91e5aa8c0a79e4c470886ce8d5fde38c6fe1fd8e1ca5241dcd2333ca7cab9517dfb6d1c5da824fa8709f904c1aa8c09b38cd49a43637d8543509507dad7640d4

  • /storage/emulated/0/.am/log.txt

    Filesize

    4KB

    MD5

    8214faf3ca56db5d9961546a7df0ec28

    SHA1

    9132dea5b04aad972bcb57e76f0a1fc1f6ac7d5b

    SHA256

    60c225abaa64bac230c92c90c16a1902f3d7f895819f4dc9450ced31a850c4c5

    SHA512

    3d3a877f4af2f22a5683c147f84b8ad0a89faed34b6a41a5ee09dc3862c9c85a4fc2860c4324cda37d7af5184f405ac1278eb45db287f378da2b354e2c9df6f4

  • /storage/emulated/0/.am/log.txt

    Filesize

    64B

    MD5

    57c2dcb958b9634c3f23fa3abc15a87e

    SHA1

    eee7f19c5cf4f4b92dcafd7b9798a5ef87e50b3e

    SHA256

    25a09d4ecf8a33c6ce3de54b931b407de570fbd754fbe59c86e149dbefec276d

    SHA512

    2f6729efa7f88bbd673e82657a7b12db35d30fab6b9d0965946c900006d91ca84a5a3e02ce6107da1c4aa12b41e96de98cc9b8e316e24c6affb650311e413fa7

  • /storage/emulated/0/.am/log.txt

    Filesize

    72B

    MD5

    9399d0e885ae89ab4904c6484467cea6

    SHA1

    38ec3b444658449f2f9433ddb7a83c33944cc8be

    SHA256

    1eb35f182d896bc073802d1042c514f4d768099a940a933a416c603cd140100b

    SHA512

    e4d103824cc11a2d4008fdfc96b77d8bd5bd6db5b920ab0d93f842d3751ebd16b659154d6d48a4e52cc7490666b65af2f3f3855a7dc30165968720c68b2aa1d7

  • /storage/emulated/0/.am/log.txt

    Filesize

    183B

    MD5

    95b1e174960ab7054421044a8e75e881

    SHA1

    81e0a2ab4eec421ca439d15367a648bde340e303

    SHA256

    4c426250fad232f6047068988f04116169c6764132e9ff630b49872bdebd9d4b

    SHA512

    d213594cc693d2c0a4dacc16fed3d456c210795895c0cf01c91ffd9c1f33b5c9a14fe64b0715bcde05d0eeade87854364b18802701a32fc048a06cb213ac2572

  • /storage/emulated/0/.am/log.txt

    Filesize

    129B

    MD5

    f9b3ccebc4d802113b57b2190800f5bd

    SHA1

    c9df48946fc0b5b240142f1b7c57e18037dbe880

    SHA256

    e1123bca86bad2de1887855c2fbb665171adc60c1955e5eb6219b5c361ba1bd9

    SHA512

    ad74ae978d1b470ad0bb33a99f43a6c6e9a9e7a5313c2af05dbdd2b775ba571bcfdc1d8d8098657be93c859f435410a47057e55ed69091b79fdfee6bcf347a8d

  • /storage/emulated/0/.am/log_.txt

    Filesize

    25KB

    MD5

    ff80fcacfacd90a9be2207be12f9ca45

    SHA1

    0b8cfe1694aedc4bfd7ff0f690b7189155bac487

    SHA256

    aa16d2b871dace52d1954823945f30d25829a4ff8d0922f1e10c6250d3efe72d

    SHA512

    b0b3d7bd1564c39be017fa046ad3e216b3a397aa71af5cd3002e1a463320ae86c62cc16b7f96d2338476a11ce0826d5cd9cc8456e8d889a5d33ed89a402f5668

  • /storage/emulated/0/.am/log_.txt.zip

    Filesize

    6KB

    MD5

    9b2eea369651faf6808606589e0fcc65

    SHA1

    c6d3141da8ef7dca3ddbc037cfff4f732c2603d8

    SHA256

    13b03b014b2f962d95d2deea01666300586658f3065bdc2e0749cb813041badf

    SHA512

    fa737a7226b0228af96e888482951b586a86063ba5d6464287e957c6b92cf3cd2e6b7a151a4626abf5ae3558a90244f251cb220c20efcfabbe95d15c539e79ee

  • /storage/emulated/0/.am/log_1724350898324.txt.zip

    Filesize

    220B

    MD5

    dbcf787f758b1728edeab01cfe577c87

    SHA1

    19daaf2062b6fdb659d2be943946fac3eb25c617

    SHA256

    50d84e5145515f39efdb9cf92dc9a4f765e3a869b820868aa2e79bc9e0748e8c

    SHA512

    ffcc555dd838ace5eb2254abe64b0785e795fa0600dfe745f7532d65b7f4cae5f699a61a44c818cbabaef47508a6397e18b2a4f90b508ed7f561923f332cb484

  • /storage/emulated/0/.am/prog_class.name

    Filesize

    72B

    MD5

    fda9182e3ed7babfe6cdfb2fc79f91a4

    SHA1

    63c41d4facdb15262581b9096fef50492c48c801

    SHA256

    d09df77525b05a62e89c70cc207651dd416cf2b9a73d0ac5b37db77e93325803

    SHA512

    8554dbe745a8b52ee7cce25f4cd6ed4a92601223b616ad8357bcce09a9907b09dab3042220d2c41649b3b70b409124c1c2c8efac855c10d8c347c662bb3f98d7