Resubmissions

03-05-2024 17:30

240503-v3bn2aeg58 10

03-05-2024 15:32

240503-syk1ssdb37 10

29-04-2024 16:36

240429-t4ld7aff4v 10

20-02-2024 15:07

240220-shaj5aah26 6

Analysis

  • max time kernel
    28s
  • max time network
    34s
  • platform
    android_x86
  • resource
    android-x86-arm-20240221-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
  • submitted
    29-04-2024 16:36

General

  • Target

    Clash royale.apk

  • Size

    3.2MB

  • MD5

    f2b9ffb8bb4684754a7e1eb02f1added

  • SHA1

    b3d4a329b035a97c21f09698eb20e3db732aed82

  • SHA256

    eeac062c8c9149a6739371238b857f18fb8a61c146443a972d1eb201d504216c

  • SHA512

    37ca4bedd0054ab5233b441861e9c30f128238e75849ef744195d92e5c0a8f5da6db633c95b05397a978d0f7bdb31be4c2cfbf696687a3e968dc5cef17043345

  • SSDEEP

    98304:F1yqxOabNLn7Rk3H0bbamJL4F/E+roUWwvlL1K:zLwyNLVcCJk6+rotsl4

Malware Config

Extracted

Family

truthspy

C2

http://protocol-a748.thetruthspy.com/protocols

Signatures

Processes

  • com.ClashRoyale
    1⤵
    • Checks memory information
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Acquires the wake lock
    PID:4238

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.ClashRoyale/databases/core.db

    Filesize

    27KB

    MD5

    c7b5801f4970b944a556dda8d75097f6

    SHA1

    ab62d5c3d60940ac286f019fecd21f822af864f2

    SHA256

    cc9e08d0728cef73f1f391fc1486845d285b6a14d778ef14c0ac2401e6b3fde0

    SHA512

    6ac93f5393ce957d0be7de34145f433285f6ee37f6037f174f4532502da62218dddfc0e32883bf94830b4c79f63aa16cf10b3fa7b6eb4187b72f7703b6e0f0c1

  • /data/data/com.ClashRoyale/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    c2eb46510760465e83c3bd0995050874

    SHA1

    ae2778fe75189cdcac456a9904cea5804e94dc6c

    SHA256

    e89cc943f63e7dfc8e08dad6305410d10ed2a81cb8ab33d5dad36620573535d3

    SHA512

    7ac4a4763a5f24a4f089646e0dfa1a15e8390f5a1050e7b3e18c7a8d0118d40db47feea9d65bd0bd41dd2e59186fdaea9b2e9f81be043393d55aa64437c7f925

  • /data/data/com.ClashRoyale/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    41172d46ff8888be4cfc7da9dc7d75bd

    SHA1

    83758a810bc86c52f60c838acebb9bd0c541be19

    SHA256

    7c27b82cb8af372763b0699274222450a8311bcf96cd8e876b717d4ead2a4c9c

    SHA512

    6d2556fbd104bc18366276346a8fa3d36992b5a7e98b2dc43683912ab4322dfda0ddf76c43b20710f8b5a8018655e731e5a52b2e573fd62f0ba0767b868c3972

  • /data/data/com.ClashRoyale/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    9154ad2f692d782aa208caee9da3751d

    SHA1

    f53dd96bbc6a44adc213b697cd063c01c9c9fcb3

    SHA256

    ff60ca9cb4ca1f6148b157e06682cace02b0667ec7f5c5d39c7ece99afc45e65

    SHA512

    a638498c9e12ded8471aab919e1ba1da4d4c091a20c55dbcf2618c1a54b964b7730eb8ac659f7f7c61804dff963f711f80a05ab59d7dff62a805402683fef427

  • /data/data/com.ClashRoyale/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    26a76c2f833f767e77c888472638f2db

    SHA1

    635bed1ab4ba6afd35bfa3e47d4e29a8aa8b3845

    SHA256

    87cccf153b8f35cfac6f787c42102a957b1928578463453f20b262e1a2f2ee76

    SHA512

    5dc3ca2332378f9a232c41247e2d6480ad5c77888dcfbe2c56eb5bf2612ecbb69fb8f1401c687f44f5f411f0f0a29d98ef05c30ef47350409b174e6b8f17b4ce

  • /data/data/com.ClashRoyale/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    fe3b558c686931152484e7525843b468

    SHA1

    452c27e2732e5a11dcf0ea6ac31fa962bf25307a

    SHA256

    35052038399294c016c232890f221afaa288d95568821b74da31dffd20824cbd

    SHA512

    178161c0da96cc4adfefb8342cf0f3ecbcdb1af6056997fd5f832018ef51734feaee92ba2c4ed87ea871ec98bb172e8cb1ec81fb63e2f87c69b9b9a311ed2388

  • /data/data/com.ClashRoyale/databases/google_app_measurement_local.db-journal

    Filesize

    512B

    MD5

    154afc0726c43b8a9dd0b0a9a4962261

    SHA1

    92ee1f78ba4d81d0be619a8a9f2556f616032aa6

    SHA256

    192d57df77920ab82eb92362fa5bd1f7fa3f2b9a9741802d2de1d8b225319848

    SHA512

    3960c816e06c898e95ed67774d3c8bd5f4cc835793fd4453facf5d9ad171bef3757fa1f7221076c7568186c888b14731619d0d8798f9317d6e599ec4c7d7bd2a

  • /data/data/com.ClashRoyale/databases/google_app_measurement_local.db-shm

    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

  • /data/data/com.ClashRoyale/databases/google_app_measurement_local.db-wal

    Filesize

    36KB

    MD5

    4cc7a466fee417e4f0501e7ec7c81c2a

    SHA1

    ca773a2c223543886583e791dbad522ebec2b3d9

    SHA256

    f245b7ece929e055a07aca098867ecf358b799cc2dfd45abc2fab18d5282c0ce

    SHA512

    a060bbbf811b0d5c81d08389a78712029571b9eb0ecba08a726e0f57c5f0321da9dd7c3089baf49114c2ba0ed805f93ce8b073cca45c03692bc2d0e87b2fb725

  • /data/data/com.ClashRoyale/databases/google_app_measurement_local.db-wal

    Filesize

    4KB

    MD5

    8f6dc6d54cace4ab3ea3ef312b62e268

    SHA1

    f3249d1d5b3a7a82e3cce7fca4a19367c8a787a2

    SHA256

    5910e0f05efcb060502ce585e1c8d2105766ab8204c5b355c75c8695f546fed7

    SHA512

    bdf9680eb33c9fa4f1e946268287efc858a999172e4bdba9284a76b040ce4b54ce0b4cf4d15ae9d21d0b8d219f4b12d8ac7c15463a829b0592ba34cffe304ac9

  • /data/data/com.ClashRoyale/databases/google_app_measurement_local.db-wal

    Filesize

    4KB

    MD5

    11cd9b4000804c9bf7d3fdffd9da67a4

    SHA1

    594e5f39d549f6ce57b1690f78b763a59bb36339

    SHA256

    addb67671f7ee4ebaaa0c891db70726c91bb13f762edaea09b833be1ee436329

    SHA512

    730caab1be338cb0940e11ff9c84ee29b6868bae7317809b4f047ac4d44decc4a59f7f09da42faeea7637660a6de6e2fd7343374faa396b3ca41e8f6c11f00ea

  • /data/data/com.ClashRoyale/databases/google_app_measurement_local.db-wal

    Filesize

    4KB

    MD5

    6c990bc074934c45e50695a338ddeb36

    SHA1

    5bb60ec896b7fb76c7550deefc0a643b11f650d7

    SHA256

    ee3005e354249e047e9ae3a94a68b111f65d20ae39226404eb057de0bae70a99

    SHA512

    8dadc250af26cf2ec3d66d1540d14676afa5a1ef72aaaeca1851a3618554c96a4a1b6011d2b73e4fc3f3b75d581a4260ec93b44dfebef596173c44dc584ceeb1

  • /data/data/com.ClashRoyale/databases/google_app_measurement_local.db-wal

    Filesize

    4KB

    MD5

    182b001d86d90caf05c9785fb7229142

    SHA1

    bf0f8b3ca75298f9513e48d8eb7fa980749a9b84

    SHA256

    132338536f35c2a9dbc53fd77149f7c17c46cb01b1b737614aa7a845d6ef26cb

    SHA512

    bb27ad915e9b85d2a707357e1fd706340da432e4378c4f1e53f9c6382140093c06bd8095373761059c006468d19a09c6779e1744f5be9248da8c52bd68c47e24

  • /data/data/com.ClashRoyale/databases/google_app_measurement_local.db-wal

    Filesize

    4KB

    MD5

    8e357d975fb556d2fe89b4b6eae0a4ac

    SHA1

    b9ea1c33babb93e8987024a5a32c832060182f7d

    SHA256

    df4ff77cd0eb2d8832a7f920d4d8ad282593e75f6b860b5b31df80780f7fd071

    SHA512

    a33f6c7758f4eebcd67be007aeb1bb0d6d3a9f1995f506828736087ef227d07d2ce3166f22a78bbc91b04da895627fb1f0902e78c3c1cddc9229be93334960f7

  • /data/data/com.ClashRoyale/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/662FCCAB02E1-0001-108E-E419F8ECEA81BeginSession.cls_temp

    Filesize

    77B

    MD5

    7d79839fb4e81810eba72f079d124ebb

    SHA1

    f00217b21e65e33156824275abeab5fda6af8652

    SHA256

    2cb884208ff92c05512baaa197128e6076ddac65cee6774572649a5f0081e7db

    SHA512

    cf8ebc3f5cea926f4f65f8bb28f959777dd3815fb15e55b5f550b63413b4534a93a6582ba8c80d2a0ee8538a1fc49a256f728858cf2ef4910f6786c260dd4f32

  • /data/data/com.ClashRoyale/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/662FCCAB02E1-0001-108E-E419F8ECEA81BeginSession.json

    Filesize

    132B

    MD5

    561130b5c844e09223596113a846ea9c

    SHA1

    99d0d153375ca32040a6186ad31306bf6f6ca829

    SHA256

    72e30540894853bf2258037b62cb0699eb6c4c4f9e03557ac2ce8e4ea096f20f

    SHA512

    f601bdb55577f876c699747cc97d7c65648eb2fc534820ac0abf75c32d88e81a2c7aab95ef241b76c455390cbb59e5c1c1881ea67b0080cf1808a6b4f1cb2dfe

  • /data/data/com.ClashRoyale/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/662FCCAB02E1-0001-108E-E419F8ECEA81SessionApp.cls_temp

    Filesize

    107B

    MD5

    d31d5210a7ad306027b0e2d935acca59

    SHA1

    747a01bb8ac6e4782de89c4341bfeb0675291b69

    SHA256

    dd8793c30c2cae30c0d88a7cb4d3d573e8595cbca34a8f03fb3e57d82dc1635b

    SHA512

    3e1cc5f7b2960aa304a1c54adafadc40e98105354a936e519851e4927ee489a141aa02ed26820c90b006a2c23c1103df950da5d9d44b03d32d73cbe213b949bb

  • /data/data/com.ClashRoyale/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/662FCCAB02E1-0001-108E-E419F8ECEA81SessionApp.json

    Filesize

    221B

    MD5

    ddd2a25c8759543cf5da792e441245b2

    SHA1

    421d7d9c85dd3a96802b9b2ee6cef0fd5c383f3a

    SHA256

    5bde13cc8c6d806e6f02bdd28e3e4fe32bd86a6674d3b9de79ab0760ed2b2598

    SHA512

    581f73fba732e00a50dab912aa2a5d0612eecb617211c408cd1cec743b24f093792dbd63aa183f1cf911f42d5923976e5cc7e71cbfc8e790123f54c73dde39d5

  • /data/data/com.ClashRoyale/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/662FCCAB02E1-0001-108E-E419F8ECEA81SessionDevice.cls_temp

    Filesize

    48B

    MD5

    630aaf4621d940e95530e8a8b0d39283

    SHA1

    d06c5d18de58b6abb5890a83b6fb3c3aa4a2139e

    SHA256

    2f752007f6c33aaba282800edfe3d52da2ea954e3eceddf08efb0bfdc989cb93

    SHA512

    98c301f0188ced6036a863ba790e03ba22f88ec55a884fdf808711147228e97ee0571abad094ad68d758b2482db6ee3f2950d43d56c875bfeda7f0a58cd1a86a

  • /data/data/com.ClashRoyale/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/662FCCAB02E1-0001-108E-E419F8ECEA81SessionDevice.json

    Filesize

    202B

    MD5

    8c1412ceb8c8543650bed0f85dcf4c99

    SHA1

    e2ea16a5e4f49d8f4fc661f127bc8ce6f5d2e485

    SHA256

    b33eddddb3bd84b5d5975b074dd2fccb335c715b8506862cfaf451ec1f8398bc

    SHA512

    8d067a69ce521a0e004215bf6b746279e4c32e0bb8ba90de9e3e7e519e421997aafe1a3b8d636cdd4da578ee3c538cb1b84fa60c368c0dac9307d4064fd33687

  • /data/data/com.ClashRoyale/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/662FCCAB02E1-0001-108E-E419F8ECEA81SessionOS.cls_temp

    Filesize

    14B

    MD5

    9b3d4522944ce6396563812bfdb92fa9

    SHA1

    6d2a6133c8f01938a48ccc77ef86ad8ca335c020

    SHA256

    d32805d685a3f50caa7f1c0bd7c8804c4d937a866513289f60e3184f7a591ed9

    SHA512

    091d87643712530bf9006135db42a5a50742bb5ca3026bcc5f2c1c17bf4fd984a8938d29263b0abde3d15cac196d2230902534e200b0b79485e3a1bd97d95727

  • /data/data/com.ClashRoyale/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/662FCCAB02E1-0001-108E-E419F8ECEA81SessionOS.json

    Filesize

    54B

    MD5

    93023624eb8dff5c20050da136aaae0a

    SHA1

    acfd1ffed752c28fb135ba83c0c6345ddf2f6995

    SHA256

    968bcd7c4f1abed89a09cc0e6dadd238a81e8655e64196b39a86be49ceecd39c

    SHA512

    bb25dfa144d3f0e17203936c503c5fedec5f9ca710e177f99e273010ba4a682199d4bda5684151d65f3cb1549f4611b3a645ce39646d3db9a1b2c17d6b160579

  • /data/data/com.ClashRoyale/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

    Filesize

    3KB

    MD5

    50b7f8fc4348b9e7feb071233107dd10

    SHA1

    aa67bb48c4da0d7191efe90cdd9d3727eca03e55

    SHA256

    be6a1d0932124d82407a68cb3a5d00d53f69bb22c1533f60f16db7f6b699e095

    SHA512

    d838f1b16c7b85a10f985ec88a1c530c84f5143c856f944342f273433f259b180a7e903c56044de172269bb81a474678983db674eddd93ff396bb2b05fc02efd

  • /data/data/com.ClashRoyale/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

    Filesize

    393B

    MD5

    b062ab1d704cdeb691d6e6acb3cedbb9

    SHA1

    abfd7fbc6b25d4cc8057d6293e9d30a8264d96ee

    SHA256

    8f952285dd9edb6e9cd6b3bf74f028440b8841a720b8181cb61210e90a74e9a4

    SHA512

    57c35c43636f90d1043453bad97f9a8cd90145bfb52c933f6119e308e4442084466c1c161c1a867d984f06852bd4a12a555d0e228bd12c42994cb3328fbf0f44

  • /data/data/com.ClashRoyale/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp

    Filesize

    16B

    MD5

    c33583fae4e0b61cde1c5b9227963237

    SHA1

    fe2ebe4d27469af1460f7e852031a04208ef629b

    SHA256

    35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

    SHA512

    fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

  • /data/data/com.ClashRoyale/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_d516efb2-3d12-4121-a06a-c0aa0db91081_1714408620678.tap

    Filesize

    316B

    MD5

    73d870bccde6ca4166aff620bd46e5fa

    SHA1

    52c7f6eec79e74c9aa2b8ecd4dc22c9fa4d5824c

    SHA256

    aa92238eeeda8d5d8917d1abb49ab1723f3cd8db8bd289d320d1eb9e3a3226e8

    SHA512

    2b158d9c3e1f0ee4f8706b9dbf490c1c6c8cf18cf2262f1e0530483e1f0f38ef6cc231bdc54013fc192f736aec0cf534034d33df3c4494845ce1642764b1c3b9