Resubmissions
03-05-2024 17:30
240503-v3bn2aeg58 1003-05-2024 15:32
240503-syk1ssdb37 1029-04-2024 16:36
240429-t4ld7aff4v 1020-02-2024 15:07
240220-shaj5aah26 6Analysis
-
max time kernel
28s -
max time network
34s -
platform
android_x86 -
resource
android-x86-arm-20240221-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system -
submitted
29-04-2024 16:36
Behavioral task
behavioral1
Sample
Clash royale.apk
Resource
android-x86-arm-20240221-en
General
-
Target
Clash royale.apk
-
Size
3.2MB
-
MD5
f2b9ffb8bb4684754a7e1eb02f1added
-
SHA1
b3d4a329b035a97c21f09698eb20e3db732aed82
-
SHA256
eeac062c8c9149a6739371238b857f18fb8a61c146443a972d1eb201d504216c
-
SHA512
37ca4bedd0054ab5233b441861e9c30f128238e75849ef744195d92e5c0a8f5da6db633c95b05397a978d0f7bdb31be4c2cfbf696687a3e968dc5cef17043345
-
SSDEEP
98304:F1yqxOabNLn7Rk3H0bbamJL4F/E+roUWwvlL1K:zLwyNLVcCJk6+rotsl4
Malware Config
Extracted
truthspy
http://protocol-a748.thetruthspy.com/protocols
Signatures
-
Truthspy
Truthspy is an Android stalkerware.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
description ioc Process File opened for read /proc/meminfo com.ClashRoyale -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.ClashRoyale -
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.ClashRoyale -
Checks the presence of a debugger
Processes
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
27KB
MD5c7b5801f4970b944a556dda8d75097f6
SHA1ab62d5c3d60940ac286f019fecd21f822af864f2
SHA256cc9e08d0728cef73f1f391fc1486845d285b6a14d778ef14c0ac2401e6b3fde0
SHA5126ac93f5393ce957d0be7de34145f433285f6ee37f6037f174f4532502da62218dddfc0e32883bf94830b4c79f63aa16cf10b3fa7b6eb4187b72f7703b6e0f0c1
-
Filesize
16KB
MD5c2eb46510760465e83c3bd0995050874
SHA1ae2778fe75189cdcac456a9904cea5804e94dc6c
SHA256e89cc943f63e7dfc8e08dad6305410d10ed2a81cb8ab33d5dad36620573535d3
SHA5127ac4a4763a5f24a4f089646e0dfa1a15e8390f5a1050e7b3e18c7a8d0118d40db47feea9d65bd0bd41dd2e59186fdaea9b2e9f81be043393d55aa64437c7f925
-
Filesize
16KB
MD541172d46ff8888be4cfc7da9dc7d75bd
SHA183758a810bc86c52f60c838acebb9bd0c541be19
SHA2567c27b82cb8af372763b0699274222450a8311bcf96cd8e876b717d4ead2a4c9c
SHA5126d2556fbd104bc18366276346a8fa3d36992b5a7e98b2dc43683912ab4322dfda0ddf76c43b20710f8b5a8018655e731e5a52b2e573fd62f0ba0767b868c3972
-
Filesize
16KB
MD59154ad2f692d782aa208caee9da3751d
SHA1f53dd96bbc6a44adc213b697cd063c01c9c9fcb3
SHA256ff60ca9cb4ca1f6148b157e06682cace02b0667ec7f5c5d39c7ece99afc45e65
SHA512a638498c9e12ded8471aab919e1ba1da4d4c091a20c55dbcf2618c1a54b964b7730eb8ac659f7f7c61804dff963f711f80a05ab59d7dff62a805402683fef427
-
Filesize
16KB
MD526a76c2f833f767e77c888472638f2db
SHA1635bed1ab4ba6afd35bfa3e47d4e29a8aa8b3845
SHA25687cccf153b8f35cfac6f787c42102a957b1928578463453f20b262e1a2f2ee76
SHA5125dc3ca2332378f9a232c41247e2d6480ad5c77888dcfbe2c56eb5bf2612ecbb69fb8f1401c687f44f5f411f0f0a29d98ef05c30ef47350409b174e6b8f17b4ce
-
Filesize
16KB
MD5fe3b558c686931152484e7525843b468
SHA1452c27e2732e5a11dcf0ea6ac31fa962bf25307a
SHA25635052038399294c016c232890f221afaa288d95568821b74da31dffd20824cbd
SHA512178161c0da96cc4adfefb8342cf0f3ecbcdb1af6056997fd5f832018ef51734feaee92ba2c4ed87ea871ec98bb172e8cb1ec81fb63e2f87c69b9b9a311ed2388
-
Filesize
512B
MD5154afc0726c43b8a9dd0b0a9a4962261
SHA192ee1f78ba4d81d0be619a8a9f2556f616032aa6
SHA256192d57df77920ab82eb92362fa5bd1f7fa3f2b9a9741802d2de1d8b225319848
SHA5123960c816e06c898e95ed67774d3c8bd5f4cc835793fd4453facf5d9ad171bef3757fa1f7221076c7568186c888b14731619d0d8798f9317d6e599ec4c7d7bd2a
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
36KB
MD54cc7a466fee417e4f0501e7ec7c81c2a
SHA1ca773a2c223543886583e791dbad522ebec2b3d9
SHA256f245b7ece929e055a07aca098867ecf358b799cc2dfd45abc2fab18d5282c0ce
SHA512a060bbbf811b0d5c81d08389a78712029571b9eb0ecba08a726e0f57c5f0321da9dd7c3089baf49114c2ba0ed805f93ce8b073cca45c03692bc2d0e87b2fb725
-
Filesize
4KB
MD58f6dc6d54cace4ab3ea3ef312b62e268
SHA1f3249d1d5b3a7a82e3cce7fca4a19367c8a787a2
SHA2565910e0f05efcb060502ce585e1c8d2105766ab8204c5b355c75c8695f546fed7
SHA512bdf9680eb33c9fa4f1e946268287efc858a999172e4bdba9284a76b040ce4b54ce0b4cf4d15ae9d21d0b8d219f4b12d8ac7c15463a829b0592ba34cffe304ac9
-
Filesize
4KB
MD511cd9b4000804c9bf7d3fdffd9da67a4
SHA1594e5f39d549f6ce57b1690f78b763a59bb36339
SHA256addb67671f7ee4ebaaa0c891db70726c91bb13f762edaea09b833be1ee436329
SHA512730caab1be338cb0940e11ff9c84ee29b6868bae7317809b4f047ac4d44decc4a59f7f09da42faeea7637660a6de6e2fd7343374faa396b3ca41e8f6c11f00ea
-
Filesize
4KB
MD56c990bc074934c45e50695a338ddeb36
SHA15bb60ec896b7fb76c7550deefc0a643b11f650d7
SHA256ee3005e354249e047e9ae3a94a68b111f65d20ae39226404eb057de0bae70a99
SHA5128dadc250af26cf2ec3d66d1540d14676afa5a1ef72aaaeca1851a3618554c96a4a1b6011d2b73e4fc3f3b75d581a4260ec93b44dfebef596173c44dc584ceeb1
-
Filesize
4KB
MD5182b001d86d90caf05c9785fb7229142
SHA1bf0f8b3ca75298f9513e48d8eb7fa980749a9b84
SHA256132338536f35c2a9dbc53fd77149f7c17c46cb01b1b737614aa7a845d6ef26cb
SHA512bb27ad915e9b85d2a707357e1fd706340da432e4378c4f1e53f9c6382140093c06bd8095373761059c006468d19a09c6779e1744f5be9248da8c52bd68c47e24
-
Filesize
4KB
MD58e357d975fb556d2fe89b4b6eae0a4ac
SHA1b9ea1c33babb93e8987024a5a32c832060182f7d
SHA256df4ff77cd0eb2d8832a7f920d4d8ad282593e75f6b860b5b31df80780f7fd071
SHA512a33f6c7758f4eebcd67be007aeb1bb0d6d3a9f1995f506828736087ef227d07d2ce3166f22a78bbc91b04da895627fb1f0902e78c3c1cddc9229be93334960f7
-
/data/data/com.ClashRoyale/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/662FCCAB02E1-0001-108E-E419F8ECEA81BeginSession.cls_temp
Filesize77B
MD57d79839fb4e81810eba72f079d124ebb
SHA1f00217b21e65e33156824275abeab5fda6af8652
SHA2562cb884208ff92c05512baaa197128e6076ddac65cee6774572649a5f0081e7db
SHA512cf8ebc3f5cea926f4f65f8bb28f959777dd3815fb15e55b5f550b63413b4534a93a6582ba8c80d2a0ee8538a1fc49a256f728858cf2ef4910f6786c260dd4f32
-
/data/data/com.ClashRoyale/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/662FCCAB02E1-0001-108E-E419F8ECEA81BeginSession.json
Filesize132B
MD5561130b5c844e09223596113a846ea9c
SHA199d0d153375ca32040a6186ad31306bf6f6ca829
SHA25672e30540894853bf2258037b62cb0699eb6c4c4f9e03557ac2ce8e4ea096f20f
SHA512f601bdb55577f876c699747cc97d7c65648eb2fc534820ac0abf75c32d88e81a2c7aab95ef241b76c455390cbb59e5c1c1881ea67b0080cf1808a6b4f1cb2dfe
-
/data/data/com.ClashRoyale/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/662FCCAB02E1-0001-108E-E419F8ECEA81SessionApp.cls_temp
Filesize107B
MD5d31d5210a7ad306027b0e2d935acca59
SHA1747a01bb8ac6e4782de89c4341bfeb0675291b69
SHA256dd8793c30c2cae30c0d88a7cb4d3d573e8595cbca34a8f03fb3e57d82dc1635b
SHA5123e1cc5f7b2960aa304a1c54adafadc40e98105354a936e519851e4927ee489a141aa02ed26820c90b006a2c23c1103df950da5d9d44b03d32d73cbe213b949bb
-
/data/data/com.ClashRoyale/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/662FCCAB02E1-0001-108E-E419F8ECEA81SessionApp.json
Filesize221B
MD5ddd2a25c8759543cf5da792e441245b2
SHA1421d7d9c85dd3a96802b9b2ee6cef0fd5c383f3a
SHA2565bde13cc8c6d806e6f02bdd28e3e4fe32bd86a6674d3b9de79ab0760ed2b2598
SHA512581f73fba732e00a50dab912aa2a5d0612eecb617211c408cd1cec743b24f093792dbd63aa183f1cf911f42d5923976e5cc7e71cbfc8e790123f54c73dde39d5
-
/data/data/com.ClashRoyale/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/662FCCAB02E1-0001-108E-E419F8ECEA81SessionDevice.cls_temp
Filesize48B
MD5630aaf4621d940e95530e8a8b0d39283
SHA1d06c5d18de58b6abb5890a83b6fb3c3aa4a2139e
SHA2562f752007f6c33aaba282800edfe3d52da2ea954e3eceddf08efb0bfdc989cb93
SHA51298c301f0188ced6036a863ba790e03ba22f88ec55a884fdf808711147228e97ee0571abad094ad68d758b2482db6ee3f2950d43d56c875bfeda7f0a58cd1a86a
-
/data/data/com.ClashRoyale/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/662FCCAB02E1-0001-108E-E419F8ECEA81SessionDevice.json
Filesize202B
MD58c1412ceb8c8543650bed0f85dcf4c99
SHA1e2ea16a5e4f49d8f4fc661f127bc8ce6f5d2e485
SHA256b33eddddb3bd84b5d5975b074dd2fccb335c715b8506862cfaf451ec1f8398bc
SHA5128d067a69ce521a0e004215bf6b746279e4c32e0bb8ba90de9e3e7e519e421997aafe1a3b8d636cdd4da578ee3c538cb1b84fa60c368c0dac9307d4064fd33687
-
/data/data/com.ClashRoyale/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/662FCCAB02E1-0001-108E-E419F8ECEA81SessionOS.cls_temp
Filesize14B
MD59b3d4522944ce6396563812bfdb92fa9
SHA16d2a6133c8f01938a48ccc77ef86ad8ca335c020
SHA256d32805d685a3f50caa7f1c0bd7c8804c4d937a866513289f60e3184f7a591ed9
SHA512091d87643712530bf9006135db42a5a50742bb5ca3026bcc5f2c1c17bf4fd984a8938d29263b0abde3d15cac196d2230902534e200b0b79485e3a1bd97d95727
-
/data/data/com.ClashRoyale/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/662FCCAB02E1-0001-108E-E419F8ECEA81SessionOS.json
Filesize54B
MD593023624eb8dff5c20050da136aaae0a
SHA1acfd1ffed752c28fb135ba83c0c6345ddf2f6995
SHA256968bcd7c4f1abed89a09cc0e6dadd238a81e8655e64196b39a86be49ceecd39c
SHA512bb25dfa144d3f0e17203936c503c5fedec5f9ca710e177f99e273010ba4a682199d4bda5684151d65f3cb1549f4611b3a645ce39646d3db9a1b2c17d6b160579
-
Filesize
3KB
MD550b7f8fc4348b9e7feb071233107dd10
SHA1aa67bb48c4da0d7191efe90cdd9d3727eca03e55
SHA256be6a1d0932124d82407a68cb3a5d00d53f69bb22c1533f60f16db7f6b699e095
SHA512d838f1b16c7b85a10f985ec88a1c530c84f5143c856f944342f273433f259b180a7e903c56044de172269bb81a474678983db674eddd93ff396bb2b05fc02efd
-
Filesize
393B
MD5b062ab1d704cdeb691d6e6acb3cedbb9
SHA1abfd7fbc6b25d4cc8057d6293e9d30a8264d96ee
SHA2568f952285dd9edb6e9cd6b3bf74f028440b8841a720b8181cb61210e90a74e9a4
SHA51257c35c43636f90d1043453bad97f9a8cd90145bfb52c933f6119e308e4442084466c1c161c1a867d984f06852bd4a12a555d0e228bd12c42994cb3328fbf0f44
-
/data/data/com.ClashRoyale/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp
Filesize16B
MD5c33583fae4e0b61cde1c5b9227963237
SHA1fe2ebe4d27469af1460f7e852031a04208ef629b
SHA25635c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e
-
/data/data/com.ClashRoyale/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_d516efb2-3d12-4121-a06a-c0aa0db91081_1714408620678.tap
Filesize316B
MD573d870bccde6ca4166aff620bd46e5fa
SHA152c7f6eec79e74c9aa2b8ecd4dc22c9fa4d5824c
SHA256aa92238eeeda8d5d8917d1abb49ab1723f3cd8db8bd289d320d1eb9e3a3226e8
SHA5122b158d9c3e1f0ee4f8706b9dbf490c1c6c8cf18cf2262f1e0530483e1f0f38ef6cc231bdc54013fc192f736aec0cf534034d33df3c4494845ce1642764b1c3b9