Resubmissions

03-05-2024 17:30

240503-v3bn2aeg58 10

03-05-2024 15:32

240503-syk1ssdb37 10

29-04-2024 16:36

240429-t4ld7aff4v 10

20-02-2024 15:07

240220-shaj5aah26 6

Analysis

  • max time kernel
    29s
  • max time network
    40s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240221-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240221-enlocale:en-usos:android-11-x64system
  • submitted
    29-04-2024 16:36

General

  • Target

    Clash royale.apk

  • Size

    3.2MB

  • MD5

    f2b9ffb8bb4684754a7e1eb02f1added

  • SHA1

    b3d4a329b035a97c21f09698eb20e3db732aed82

  • SHA256

    eeac062c8c9149a6739371238b857f18fb8a61c146443a972d1eb201d504216c

  • SHA512

    37ca4bedd0054ab5233b441861e9c30f128238e75849ef744195d92e5c0a8f5da6db633c95b05397a978d0f7bdb31be4c2cfbf696687a3e968dc5cef17043345

  • SSDEEP

    98304:F1yqxOabNLn7Rk3H0bbamJL4F/E+roUWwvlL1K:zLwyNLVcCJk6+rotsl4

Malware Config

Extracted

Family

truthspy

C2

http://protocol-a748.thetruthspy.com/protocols

Signatures

Processes

  • com.ClashRoyale
    1⤵
    • Checks memory information
    • Acquires the wake lock
    PID:4459

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.ClashRoyale/databases/core.db

    Filesize

    27KB

    MD5

    c7b5801f4970b944a556dda8d75097f6

    SHA1

    ab62d5c3d60940ac286f019fecd21f822af864f2

    SHA256

    cc9e08d0728cef73f1f391fc1486845d285b6a14d778ef14c0ac2401e6b3fde0

    SHA512

    6ac93f5393ce957d0be7de34145f433285f6ee37f6037f174f4532502da62218dddfc0e32883bf94830b4c79f63aa16cf10b3fa7b6eb4187b72f7703b6e0f0c1

  • /data/user/0/com.ClashRoyale/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    d58a21dd780cee548cbdef81d20d793b

    SHA1

    fb37e340ad370858604de5cafb0d7885aa9d691f

    SHA256

    9ddd6448554e05f109bcab74eb63c20ebd9612a1b88f701563419c914cee2298

    SHA512

    8fcdbca20211f084c65214eea093bd8e5ffa24577193c030468f27064df1b035312fb79b36e344b3592ff845ab3f343b080e5fbec27e46f553fc368ba4091baa

  • /data/user/0/com.ClashRoyale/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    e4a484aa3dd58b00e2b10ea489a732c9

    SHA1

    8109c7854c82e635668dce2e6e1e03f6217ddc8a

    SHA256

    447398f897afad0dd2398eb81daa008371036668fe7c87470400e980712ac798

    SHA512

    0d177df869a5ed3dccfbde766464d635900fa8262751453fa53dc96db05bbe6772bdd215f4eedfec38fb0551965ff1d40fe03be556059b61efc63c79f6c55a33

  • /data/user/0/com.ClashRoyale/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    a1f281c1f565bc7a5d38999dca7fe303

    SHA1

    b20120de7e5beaddeb8a8f0f3033eda44baf972e

    SHA256

    2b20b7b0c554b7b3034fe8a36a0c9e4e7a0449a236c81202160ceac31e94933b

    SHA512

    34645923e7225f8f89c7d793bbe7eebdc6decadbc9489a32fda5af422af6f1d9d4b05ac0771c5fc4b157383a8d7a754ee5da6ae1bf0a6959f277e82ee46948fc

  • /data/user/0/com.ClashRoyale/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    35415c30e2da053ad60d6fc059d1c428

    SHA1

    48d513568f45ce477fb5150f22cf665c3cbfbb04

    SHA256

    7217855fe02d58ac7285c8253b1b487c36c32dcf606e00908ffa96a4edab982b

    SHA512

    c729ae5f4e68dcd00384e79c70b152ee343af5031ed404caef6ecd5081eb46eeee77057bf1b6747460d735605759a3cd9508aef9adc3b4206e3aa3f8f9840328

  • /data/user/0/com.ClashRoyale/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    169146b1416b4d79f642a689b1c432a7

    SHA1

    8d42a233c1be6486780e314270b9ac22c87f557e

    SHA256

    5a6a66f15b99c60f0944792b031b68cb0d394c4784bab1ff16c144c948330e09

    SHA512

    a9f7cf19b9cce2606cf517f61de54221103cb4aede50758ab6dc557fef7fc4e7f505da702e973e98a3e8b7a9b2bc8f80b3c049b8702b4324bcb8bcc237eab530

  • /data/user/0/com.ClashRoyale/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    e2b6960b4291e810b77cfa713ad36d54

    SHA1

    bb00565cdffae29b0c4a03d5f44b6a42cbb9118b

    SHA256

    0e8a0f96ad0ddba59669ec7eb841907c97d4830e17bb3d82cfc1755772bbcfae

    SHA512

    6ee018b97bda3349e45a29957d0c3f2c2bf5f3c8eb39cb33e3ac713e5ebab4d330e6e4576fc417efaf367ba5032209dce6c5f6d3c1819b0c30546415bf572543

  • /data/user/0/com.ClashRoyale/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    9c9d07ab1fc3d62ec4f149101a56ea95

    SHA1

    a66815ca671a4fa078faa312e6e086493a9ccf27

    SHA256

    f9430d1c5ff75b42933ccb30de1e0a88473121d3433c454f79a826fca6c76b8e

    SHA512

    2589bc4db95764ec37f8a721907385d8ac0d657da64db6eec617f0562f3527c3eaca41e0f8aa45d7188a8f218cf3230263c1ac0a190ccbbe150cf54bd941ef26

  • /data/user/0/com.ClashRoyale/databases/google_app_measurement_local.db-journal

    Filesize

    4KB

    MD5

    1c85128d35cc5bb923cca6fb0734c4d4

    SHA1

    c89022bc6147b4939a387a0c6b236b340ea5bc2d

    SHA256

    ec3793199d2f681392456581de15c23510a983acc07b09ffb7fb320a1ecdb385

    SHA512

    db1c23948e96b7c9219f9905dd5df7b05b6f6e469784bd508ff23bf790d8246101a542ef399411a12b44135bb218e7f4cde25a0a9b13984f8e63f5d98007f9f9

  • /data/user/0/com.ClashRoyale/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    34cea9b8e2d0602f994beaa2f11b3f5d

    SHA1

    9d395c81da5a5bf8e1ca5609c3f6ad1e75df4e74

    SHA256

    e0e3d5b3b5fd96cbe29f7942b29a8ee56296592ba272dc2b50dca6609057b44d

    SHA512

    14c1b27a1b37c9caac0724b2b9efd1eeb900afb28677e93405e5848884503c871b2c08535637a0ce2f1beae60b28be12b829716f5c64a07894c84447bcc3347c

  • /data/user/0/com.ClashRoyale/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    7b3bd3c28fbbb8310627ec84141bd60d

    SHA1

    73cb388efe2878c81f6370c953bf6a266fce26e5

    SHA256

    a5506a696d3c1cb9834ca0da0949d15ff6ccf3d28c03715e9d676e1cb77576a3

    SHA512

    070ed87143887756a0f3c52f5748f494a0af1fe2845e38dd9275c3fe5cd5cffbdf95c781ac6a38d1f53651c0d4f76bdaaf6abbe237e66f473b47dc15a7cfad54

  • /data/user/0/com.ClashRoyale/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    48dc9c40387c7fde3443d5af5633df25

    SHA1

    9aa89283fa347e37a8d7eb22d4bf2aa639731f27

    SHA256

    5a4c6fcdede7bea91ec3cbdb01b7e41a96c0ed71ea28dcbacf87396e7cd4f5c8

    SHA512

    35030953353416314884773157c3773e238f39fcc923f4b46a0b81d3bf7142d4f6f5d74cdec92eec315b62ea8d70485cb192c3985244fc6024bf490ccdec0283

  • /data/user/0/com.ClashRoyale/databases/google_app_measurement_local.db-journal

    Filesize

    512B

    MD5

    55c92d3aafac2b381599defaba13104d

    SHA1

    a1ed2e2059cc05fdd3160b21aa6a00d3767655a8

    SHA256

    9b735a15ce44623fad1d51da01f2bd05dcd81e228e70d5356f2a6865f9c778d4

    SHA512

    bf94dc2e0d3f0a1c1873c381dfc5cc76766d8ec3db966c2346605b7cc49a19a2b0989aaae355d2734fe5322bb29cace1e5abc456e415825d5d23d729ed301979

  • /data/user/0/com.ClashRoyale/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/662FCCAC034C-0001-116B-A9ECF78E6C6FBeginSession.cls_temp

    Filesize

    77B

    MD5

    c1e5d1cc0a2615ba58cfc2feba01f7e9

    SHA1

    83604eeb45ad7bf5f7a8398870aa507a94d5911c

    SHA256

    aea895daa62d965237a8ac023d873cb9ae64b61ff789bad4acd1fa4deac01bd5

    SHA512

    1ba57160cb83aa9e685d9e873f62b7c15a9b2f0695ab2fbbd2373b04fe688be890f165dbb028f2646c83e6a5bbd824875b8cbf61d74df4bbd243a4e5d5618b00

  • /data/user/0/com.ClashRoyale/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/662FCCAC034C-0001-116B-A9ECF78E6C6FBeginSession.json

    Filesize

    132B

    MD5

    9f4cd8bfafa54ad5c56dd993572dd4ad

    SHA1

    625bb7b3347eead6e2e4f08889a4192d8691a6b5

    SHA256

    deb8f1c0796f462b7ad76514bf2b612c986ddc22dab0ec8f6c70d1e67d7a2b46

    SHA512

    12808ea379de193bd767e94f645aaf27e60736faa0581a405bc47ad8eb4cbd625ed5e409c7bda75dd57086dda73b2026fe0fcded79edfa87942b2378ba7f1813

  • /data/user/0/com.ClashRoyale/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/662FCCAC034C-0001-116B-A9ECF78E6C6FSessionApp.cls_temp

    Filesize

    107B

    MD5

    e2f6bbe6e1a59c02a2244ff8c27b8ffa

    SHA1

    6b23c0cf4dbd843e9a9e424d7435557005bacd1e

    SHA256

    3eb8cfd8d1d68125a5eca74a46951f73728ca792f570617c6949c94ee3ed63d6

    SHA512

    3630d206742df58d1468238356942b9de7f9861cd338a96e637dbb0a897dcdb1602132f1f304349679f43f32ce619d8a458f26b0864551baa3c8086e26d0e527

  • /data/user/0/com.ClashRoyale/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/662FCCAC034C-0001-116B-A9ECF78E6C6FSessionApp.json

    Filesize

    221B

    MD5

    aeaef4acf48d49ae77be3f5e8b90bbea

    SHA1

    3fcb1a5d39f425983d627c46316468454ee0688e

    SHA256

    b40a5cdbc81bec0cca278142c7d518ecc23d2f88c974dc2cb470c5953c4b4c6b

    SHA512

    92f4c16a46b142e891f9fe4f60d27fa3c95828a24bf52689c704ec1f7e83e3512d633e5c5548815861af611a40554c6b9baabce193f6f985a7cf08281ff8d50d

  • /data/user/0/com.ClashRoyale/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/662FCCAC034C-0001-116B-A9ECF78E6C6FSessionDevice.cls_temp

    Filesize

    48B

    MD5

    fd6372364a5c5c9cf8945ac3ea7a5d94

    SHA1

    3c798cab71f6ae7a81e71e58712368231230588a

    SHA256

    7400bf714ca32b64dd89440c9d5ace4e0115ddce44d169839e465df0e1638641

    SHA512

    a18b18d061dfd979bce1e0b769009668c322300e7174f51d2532e86dc6018769194507a106dd30b97317f8c1a7539d13a7baeab2900c1e00da7c74e899dab276

  • /data/user/0/com.ClashRoyale/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/662FCCAC034C-0001-116B-A9ECF78E6C6FSessionDevice.json

    Filesize

    202B

    MD5

    eeeb942571fa704cf8ae49731fbe9789

    SHA1

    b5989c4cb932ffc779ee25bb3f7bfb79cf720427

    SHA256

    78809f7ae96de01e3922b6d3a134c3f7e9a0cbdacef313f70e8d9345bf5fbd71

    SHA512

    71e55c16f9f8fc936f8607448916bbfa1ba233b7120b8676fe11552916ac4dd3e3a7b0f9c31e14048933c8bb9c9d6d630ab7d28389f31749640cc965b2636565

  • /data/user/0/com.ClashRoyale/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/662FCCAC034C-0001-116B-A9ECF78E6C6FSessionOS.cls_temp

    Filesize

    15B

    MD5

    b3d9541cc92a9153d14e5160f8d8c008

    SHA1

    2e1ac80eb381dd82a03795b682f92020348c0113

    SHA256

    1ead5b213c87f182ffce484c34f7d9f140ad3425c0f303f460492efe8a26c56d

    SHA512

    78074409135a210ba4e1407ad9b3f784f5683e83aac4ce3482d4e8135425cf2b30db1ff5dd0041901c490a551a477237c6d255671c7b1fad74090980dcf3334f

  • /data/user/0/com.ClashRoyale/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/662FCCAC034C-0001-116B-A9ECF78E6C6FSessionOS.json

    Filesize

    55B

    MD5

    fc1dcee4e422d77e7fab7c08c8a41344

    SHA1

    d5340127e9d5f735b9d33b9dc61c772fb0e2dc15

    SHA256

    b843f05ed78cd137c272ba7f0ce8ede3aa853098a856863e51d5c223b58f21c7

    SHA512

    3ec07617e3e1008572f6f2528de9d4b827050cc5a7cf19a1604c961f9ec370ede6f5fd83bfcc252c0ee286fe244ee6734046ef1aa638dcfc689cd4407a6a8f61

  • /data/user/0/com.ClashRoyale/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

    Filesize

    2KB

    MD5

    f9f9519f8d78357f33989795bc4c4f66

    SHA1

    5cd11090f16659374edb14f4ade73b2e34dc9a47

    SHA256

    a525c5024bcfaf238587590bdea90c84ac5be9dfac50f2c5d3667f8be07e9c78

    SHA512

    12541beeb89a8b633533da5836bed99c5db8dfa4dfaddefd5b40dd02664f7729f1d47809dcb02dd1ce3251d96ef2c7ed87f41f32c30f2bb5a6acb1ede549a8de

  • /data/user/0/com.ClashRoyale/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

    Filesize

    394B

    MD5

    cba3ed7a2e0512e8eee94e28ca9843f6

    SHA1

    4c633415441e42a68400c7e247b06c3a1503f3b2

    SHA256

    c7ac6234e0d80e91a333a8673f335c1567db5abd68da6d8cd4bcd4ef3a067d0b

    SHA512

    16abcca203644ef739b37a6a289bd12220218832660a2827ec34a0f838942855e947269af71d595863349f88ed912d1c6832907a27d690c68657640bd0ea66d5

  • /data/user/0/com.ClashRoyale/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp

    Filesize

    16B

    MD5

    c33583fae4e0b61cde1c5b9227963237

    SHA1

    fe2ebe4d27469af1460f7e852031a04208ef629b

    SHA256

    35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

    SHA512

    fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

  • /data/user/0/com.ClashRoyale/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_96231bd8-3343-48f3-8aa2-c0498b77cbba_1714408621914.tap

    Filesize

    317B

    MD5

    b1d6c22f41cb1129f189cdba1a2fbf4b

    SHA1

    383ea3f9cd9aa1bfbb63fe16a7368f028375c507

    SHA256

    847292f26fa9c59b078909c4d6ffc775337e1036749db4fa666e3e4620d4b200

    SHA512

    40713e4021ddbeb0acd4c8fc47ea970ac2534a92e4a6d85d998f560b1c080ac30058219e66f2baf2aa3f925ec2df6fd983e547f7011b08195b3555f8b88ec3ae