Resubmissions
03-05-2024 17:30
240503-v3bn2aeg58 1003-05-2024 15:32
240503-syk1ssdb37 1029-04-2024 16:36
240429-t4ld7aff4v 1020-02-2024 15:07
240220-shaj5aah26 6Analysis
-
max time kernel
29s -
max time network
40s -
platform
android_x64 -
resource
android-x64-arm64-20240221-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240221-enlocale:en-usos:android-11-x64system -
submitted
29-04-2024 16:36
Behavioral task
behavioral1
Sample
Clash royale.apk
Resource
android-x86-arm-20240221-en
General
-
Target
Clash royale.apk
-
Size
3.2MB
-
MD5
f2b9ffb8bb4684754a7e1eb02f1added
-
SHA1
b3d4a329b035a97c21f09698eb20e3db732aed82
-
SHA256
eeac062c8c9149a6739371238b857f18fb8a61c146443a972d1eb201d504216c
-
SHA512
37ca4bedd0054ab5233b441861e9c30f128238e75849ef744195d92e5c0a8f5da6db633c95b05397a978d0f7bdb31be4c2cfbf696687a3e968dc5cef17043345
-
SSDEEP
98304:F1yqxOabNLn7Rk3H0bbamJL4F/E+roUWwvlL1K:zLwyNLVcCJk6+rotsl4
Malware Config
Extracted
truthspy
http://protocol-a748.thetruthspy.com/protocols
Signatures
-
Truthspy
Truthspy is an Android stalkerware.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
description ioc Process File opened for read /proc/meminfo com.ClashRoyale -
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.ClashRoyale -
Checks the presence of a debugger
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
27KB
MD5c7b5801f4970b944a556dda8d75097f6
SHA1ab62d5c3d60940ac286f019fecd21f822af864f2
SHA256cc9e08d0728cef73f1f391fc1486845d285b6a14d778ef14c0ac2401e6b3fde0
SHA5126ac93f5393ce957d0be7de34145f433285f6ee37f6037f174f4532502da62218dddfc0e32883bf94830b4c79f63aa16cf10b3fa7b6eb4187b72f7703b6e0f0c1
-
Filesize
16KB
MD5d58a21dd780cee548cbdef81d20d793b
SHA1fb37e340ad370858604de5cafb0d7885aa9d691f
SHA2569ddd6448554e05f109bcab74eb63c20ebd9612a1b88f701563419c914cee2298
SHA5128fcdbca20211f084c65214eea093bd8e5ffa24577193c030468f27064df1b035312fb79b36e344b3592ff845ab3f343b080e5fbec27e46f553fc368ba4091baa
-
Filesize
16KB
MD5e4a484aa3dd58b00e2b10ea489a732c9
SHA18109c7854c82e635668dce2e6e1e03f6217ddc8a
SHA256447398f897afad0dd2398eb81daa008371036668fe7c87470400e980712ac798
SHA5120d177df869a5ed3dccfbde766464d635900fa8262751453fa53dc96db05bbe6772bdd215f4eedfec38fb0551965ff1d40fe03be556059b61efc63c79f6c55a33
-
Filesize
16KB
MD5a1f281c1f565bc7a5d38999dca7fe303
SHA1b20120de7e5beaddeb8a8f0f3033eda44baf972e
SHA2562b20b7b0c554b7b3034fe8a36a0c9e4e7a0449a236c81202160ceac31e94933b
SHA51234645923e7225f8f89c7d793bbe7eebdc6decadbc9489a32fda5af422af6f1d9d4b05ac0771c5fc4b157383a8d7a754ee5da6ae1bf0a6959f277e82ee46948fc
-
Filesize
16KB
MD535415c30e2da053ad60d6fc059d1c428
SHA148d513568f45ce477fb5150f22cf665c3cbfbb04
SHA2567217855fe02d58ac7285c8253b1b487c36c32dcf606e00908ffa96a4edab982b
SHA512c729ae5f4e68dcd00384e79c70b152ee343af5031ed404caef6ecd5081eb46eeee77057bf1b6747460d735605759a3cd9508aef9adc3b4206e3aa3f8f9840328
-
Filesize
16KB
MD5169146b1416b4d79f642a689b1c432a7
SHA18d42a233c1be6486780e314270b9ac22c87f557e
SHA2565a6a66f15b99c60f0944792b031b68cb0d394c4784bab1ff16c144c948330e09
SHA512a9f7cf19b9cce2606cf517f61de54221103cb4aede50758ab6dc557fef7fc4e7f505da702e973e98a3e8b7a9b2bc8f80b3c049b8702b4324bcb8bcc237eab530
-
Filesize
16KB
MD5e2b6960b4291e810b77cfa713ad36d54
SHA1bb00565cdffae29b0c4a03d5f44b6a42cbb9118b
SHA2560e8a0f96ad0ddba59669ec7eb841907c97d4830e17bb3d82cfc1755772bbcfae
SHA5126ee018b97bda3349e45a29957d0c3f2c2bf5f3c8eb39cb33e3ac713e5ebab4d330e6e4576fc417efaf367ba5032209dce6c5f6d3c1819b0c30546415bf572543
-
Filesize
8KB
MD59c9d07ab1fc3d62ec4f149101a56ea95
SHA1a66815ca671a4fa078faa312e6e086493a9ccf27
SHA256f9430d1c5ff75b42933ccb30de1e0a88473121d3433c454f79a826fca6c76b8e
SHA5122589bc4db95764ec37f8a721907385d8ac0d657da64db6eec617f0562f3527c3eaca41e0f8aa45d7188a8f218cf3230263c1ac0a190ccbbe150cf54bd941ef26
-
Filesize
4KB
MD51c85128d35cc5bb923cca6fb0734c4d4
SHA1c89022bc6147b4939a387a0c6b236b340ea5bc2d
SHA256ec3793199d2f681392456581de15c23510a983acc07b09ffb7fb320a1ecdb385
SHA512db1c23948e96b7c9219f9905dd5df7b05b6f6e469784bd508ff23bf790d8246101a542ef399411a12b44135bb218e7f4cde25a0a9b13984f8e63f5d98007f9f9
-
Filesize
8KB
MD534cea9b8e2d0602f994beaa2f11b3f5d
SHA19d395c81da5a5bf8e1ca5609c3f6ad1e75df4e74
SHA256e0e3d5b3b5fd96cbe29f7942b29a8ee56296592ba272dc2b50dca6609057b44d
SHA51214c1b27a1b37c9caac0724b2b9efd1eeb900afb28677e93405e5848884503c871b2c08535637a0ce2f1beae60b28be12b829716f5c64a07894c84447bcc3347c
-
Filesize
8KB
MD57b3bd3c28fbbb8310627ec84141bd60d
SHA173cb388efe2878c81f6370c953bf6a266fce26e5
SHA256a5506a696d3c1cb9834ca0da0949d15ff6ccf3d28c03715e9d676e1cb77576a3
SHA512070ed87143887756a0f3c52f5748f494a0af1fe2845e38dd9275c3fe5cd5cffbdf95c781ac6a38d1f53651c0d4f76bdaaf6abbe237e66f473b47dc15a7cfad54
-
Filesize
8KB
MD548dc9c40387c7fde3443d5af5633df25
SHA19aa89283fa347e37a8d7eb22d4bf2aa639731f27
SHA2565a4c6fcdede7bea91ec3cbdb01b7e41a96c0ed71ea28dcbacf87396e7cd4f5c8
SHA51235030953353416314884773157c3773e238f39fcc923f4b46a0b81d3bf7142d4f6f5d74cdec92eec315b62ea8d70485cb192c3985244fc6024bf490ccdec0283
-
Filesize
512B
MD555c92d3aafac2b381599defaba13104d
SHA1a1ed2e2059cc05fdd3160b21aa6a00d3767655a8
SHA2569b735a15ce44623fad1d51da01f2bd05dcd81e228e70d5356f2a6865f9c778d4
SHA512bf94dc2e0d3f0a1c1873c381dfc5cc76766d8ec3db966c2346605b7cc49a19a2b0989aaae355d2734fe5322bb29cace1e5abc456e415825d5d23d729ed301979
-
/data/user/0/com.ClashRoyale/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/662FCCAC034C-0001-116B-A9ECF78E6C6FBeginSession.cls_temp
Filesize77B
MD5c1e5d1cc0a2615ba58cfc2feba01f7e9
SHA183604eeb45ad7bf5f7a8398870aa507a94d5911c
SHA256aea895daa62d965237a8ac023d873cb9ae64b61ff789bad4acd1fa4deac01bd5
SHA5121ba57160cb83aa9e685d9e873f62b7c15a9b2f0695ab2fbbd2373b04fe688be890f165dbb028f2646c83e6a5bbd824875b8cbf61d74df4bbd243a4e5d5618b00
-
/data/user/0/com.ClashRoyale/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/662FCCAC034C-0001-116B-A9ECF78E6C6FBeginSession.json
Filesize132B
MD59f4cd8bfafa54ad5c56dd993572dd4ad
SHA1625bb7b3347eead6e2e4f08889a4192d8691a6b5
SHA256deb8f1c0796f462b7ad76514bf2b612c986ddc22dab0ec8f6c70d1e67d7a2b46
SHA51212808ea379de193bd767e94f645aaf27e60736faa0581a405bc47ad8eb4cbd625ed5e409c7bda75dd57086dda73b2026fe0fcded79edfa87942b2378ba7f1813
-
/data/user/0/com.ClashRoyale/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/662FCCAC034C-0001-116B-A9ECF78E6C6FSessionApp.cls_temp
Filesize107B
MD5e2f6bbe6e1a59c02a2244ff8c27b8ffa
SHA16b23c0cf4dbd843e9a9e424d7435557005bacd1e
SHA2563eb8cfd8d1d68125a5eca74a46951f73728ca792f570617c6949c94ee3ed63d6
SHA5123630d206742df58d1468238356942b9de7f9861cd338a96e637dbb0a897dcdb1602132f1f304349679f43f32ce619d8a458f26b0864551baa3c8086e26d0e527
-
/data/user/0/com.ClashRoyale/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/662FCCAC034C-0001-116B-A9ECF78E6C6FSessionApp.json
Filesize221B
MD5aeaef4acf48d49ae77be3f5e8b90bbea
SHA13fcb1a5d39f425983d627c46316468454ee0688e
SHA256b40a5cdbc81bec0cca278142c7d518ecc23d2f88c974dc2cb470c5953c4b4c6b
SHA51292f4c16a46b142e891f9fe4f60d27fa3c95828a24bf52689c704ec1f7e83e3512d633e5c5548815861af611a40554c6b9baabce193f6f985a7cf08281ff8d50d
-
/data/user/0/com.ClashRoyale/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/662FCCAC034C-0001-116B-A9ECF78E6C6FSessionDevice.cls_temp
Filesize48B
MD5fd6372364a5c5c9cf8945ac3ea7a5d94
SHA13c798cab71f6ae7a81e71e58712368231230588a
SHA2567400bf714ca32b64dd89440c9d5ace4e0115ddce44d169839e465df0e1638641
SHA512a18b18d061dfd979bce1e0b769009668c322300e7174f51d2532e86dc6018769194507a106dd30b97317f8c1a7539d13a7baeab2900c1e00da7c74e899dab276
-
/data/user/0/com.ClashRoyale/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/662FCCAC034C-0001-116B-A9ECF78E6C6FSessionDevice.json
Filesize202B
MD5eeeb942571fa704cf8ae49731fbe9789
SHA1b5989c4cb932ffc779ee25bb3f7bfb79cf720427
SHA25678809f7ae96de01e3922b6d3a134c3f7e9a0cbdacef313f70e8d9345bf5fbd71
SHA51271e55c16f9f8fc936f8607448916bbfa1ba233b7120b8676fe11552916ac4dd3e3a7b0f9c31e14048933c8bb9c9d6d630ab7d28389f31749640cc965b2636565
-
/data/user/0/com.ClashRoyale/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/662FCCAC034C-0001-116B-A9ECF78E6C6FSessionOS.cls_temp
Filesize15B
MD5b3d9541cc92a9153d14e5160f8d8c008
SHA12e1ac80eb381dd82a03795b682f92020348c0113
SHA2561ead5b213c87f182ffce484c34f7d9f140ad3425c0f303f460492efe8a26c56d
SHA51278074409135a210ba4e1407ad9b3f784f5683e83aac4ce3482d4e8135425cf2b30db1ff5dd0041901c490a551a477237c6d255671c7b1fad74090980dcf3334f
-
/data/user/0/com.ClashRoyale/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/662FCCAC034C-0001-116B-A9ECF78E6C6FSessionOS.json
Filesize55B
MD5fc1dcee4e422d77e7fab7c08c8a41344
SHA1d5340127e9d5f735b9d33b9dc61c772fb0e2dc15
SHA256b843f05ed78cd137c272ba7f0ce8ede3aa853098a856863e51d5c223b58f21c7
SHA5123ec07617e3e1008572f6f2528de9d4b827050cc5a7cf19a1604c961f9ec370ede6f5fd83bfcc252c0ee286fe244ee6734046ef1aa638dcfc689cd4407a6a8f61
-
/data/user/0/com.ClashRoyale/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap
Filesize2KB
MD5f9f9519f8d78357f33989795bc4c4f66
SHA15cd11090f16659374edb14f4ade73b2e34dc9a47
SHA256a525c5024bcfaf238587590bdea90c84ac5be9dfac50f2c5d3667f8be07e9c78
SHA51212541beeb89a8b633533da5836bed99c5db8dfa4dfaddefd5b40dd02664f7729f1d47809dcb02dd1ce3251d96ef2c7ed87f41f32c30f2bb5a6acb1ede549a8de
-
/data/user/0/com.ClashRoyale/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap
Filesize394B
MD5cba3ed7a2e0512e8eee94e28ca9843f6
SHA14c633415441e42a68400c7e247b06c3a1503f3b2
SHA256c7ac6234e0d80e91a333a8673f335c1567db5abd68da6d8cd4bcd4ef3a067d0b
SHA51216abcca203644ef739b37a6a289bd12220218832660a2827ec34a0f838942855e947269af71d595863349f88ed912d1c6832907a27d690c68657640bd0ea66d5
-
/data/user/0/com.ClashRoyale/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp
Filesize16B
MD5c33583fae4e0b61cde1c5b9227963237
SHA1fe2ebe4d27469af1460f7e852031a04208ef629b
SHA25635c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e
-
/data/user/0/com.ClashRoyale/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_96231bd8-3343-48f3-8aa2-c0498b77cbba_1714408621914.tap
Filesize317B
MD5b1d6c22f41cb1129f189cdba1a2fbf4b
SHA1383ea3f9cd9aa1bfbb63fe16a7368f028375c507
SHA256847292f26fa9c59b078909c4d6ffc775337e1036749db4fa666e3e4620d4b200
SHA51240713e4021ddbeb0acd4c8fc47ea970ac2534a92e4a6d85d998f560b1c080ac30058219e66f2baf2aa3f925ec2df6fd983e547f7011b08195b3555f8b88ec3ae