Resubmissions

29-04-2024 16:39

240429-t5y2nsfc99 10

22-03-2024 02:09

240322-ck49hshb5z 8

Analysis

  • max time kernel
    51s
  • max time network
    82s
  • platform
    android_x86
  • resource
    android-x86-arm-20240221-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
  • submitted
    29-04-2024 16:39

General

  • Target

    .apk

  • Size

    3.6MB

  • MD5

    3b2bffa809e1332c8b77f91add1a7374

  • SHA1

    cf0489ae4122584fcc510ca1c6c93ba8c0405899

  • SHA256

    bff0087b9e9d47e64841c0fd32d89c521d1ff4065d695472c7c107ef620ac9ba

  • SHA512

    6a74cb476d094958b66b73501ccd961601d1bee0c2f86ef453ccde2dd9c2cf1c53437df8bfa6c1d64f212b27e6f8087b8d1d64ebda3d1582a6150513e2d98531

  • SSDEEP

    98304:88zYcEK7XH8yVw98Mbwb81jjrcz7dpN9hB/W+3e+NQGAytLu/:88nEK7XH8yOhjI99j++uG+/

Malware Config

Extracted

Family

truthspy

C2

http://protocol-a946.thetruthspy.com/protocols

Signatures

Processes

  • com.systemservice
    1⤵
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Acquires the wake lock
    • Checks if the internet connection is available
    PID:4485

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events

    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

    Filesize

    512B

    MD5

    80a7ca99aff21ec1c0b9d07ffd68ac05

    SHA1

    f1392924615c52707732bf5b97a15ae7ced063dd

    SHA256

    dff1192637108d211fc31400eee14087252a28a75d54255e30a26bbd9dc6efae

    SHA512

    8409af5255d3b8dbf079099d7b5830bd4ba5157e03d2be358a06e0e0c64fc32a3a4083cb60f062245f2e5d5b1a6c70cb4aea10d2b36684e74f25a48c37386c31

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events-shm

    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events-wal

    Filesize

    68KB

    MD5

    c8ac64d6868bbf5ad0f7f843c5947d3a

    SHA1

    f9c4ecf658922f77d2c91ab3f08b2d2f20fb290e

    SHA256

    a04997be0ecbce7556c86799a9e84fdf540e01ce8bea1846324c5ca1b2b54a3d

    SHA512

    a19499b6d9246c807c625e8faed7ecb0e68e5d9d810607dc4ce58b3c7322387997f85bf3dcec6db3f9008d3dd67b80e4e85308e6c4500172d7e69a100b9a1ada

  • /data/data/com.systemservice/databases/core.db

    Filesize

    36KB

    MD5

    045489a0639eee27bca52f48828cd93d

    SHA1

    436e7966e7c019273c44faa4d8c5709b816dfda3

    SHA256

    0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

    SHA512

    c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    7237409e0640cfab7bdbd429bf821a3b

    SHA1

    4c3da934842f8d4835dfe2a9c275a300e5123309

    SHA256

    5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

    SHA512

    c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    5fbd248ea45894cab4310810fc313dd3

    SHA1

    25556cfb98333b9afc35a39dda8fd6db964d05cc

    SHA256

    ea3a0e6ffe96b78dfc06289a6b91c9ef0c3366619c60288ac7ee0b6f968ac7ca

    SHA512

    f3645992e7093438522aed2d4dd69973032160977992bf7f9907bf281afdda682cf2ef661a7bd41061e64e5557994400c0f03b86091032e8cf2a60b5b49444ac

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    f74f3d4a5f17c820ba3511ff5d346baa

    SHA1

    5b98e6b43713b077d6925e92094b4ff0ad4db47e

    SHA256

    5b04f42352d104cb71c213c034911a724688305ec384e684acbc7e684c1f349a

    SHA512

    e6ce166f2ba035cefe8bca6ce1e34ab4b29682c2947a4bd2d8f0fd245c9f58f9499af5a5b8e5b6269a4f01664bde45157cb64dd7093db87452abd3b9264f8980

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    592a65ca8809344178826a5b8f84b76e

    SHA1

    0a39c19886cd21361082d58a93b1580b47b48f91

    SHA256

    3487e39f726344c6026ac9ab057585a3e3ea269fb495e758223e994582eda85d

    SHA512

    0fa2e1ef2da6bd7de9051fcae1d884f916bbab834717484bff18b9319441a806465f7ec529da4b8a3c25a0b486f5c3594b8b8f770b824ddfe2929893248f736c

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    ecc2eeba3076cf980dcea463bd23f54b

    SHA1

    93b4388c268e909e55386be3ceb7de9ec1b7c045

    SHA256

    13f94be4d99af00850f34585b25e268211869ec9adfdbf5722eb0187662b2d95

    SHA512

    9456d421998bf8c30349a4290543fc04a81ec714ef9492e3a8f78615eec984ed53c05e18503432ebe6fbfb59cc9860044b65da5752af3b59da29fb45da66a519

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    12713cc432d13249a44d412f9fd7f1bd

    SHA1

    f9676fd0156eb1d9e7f19b2c553b73720f930c4b

    SHA256

    5397b4e50e224dfe7cd6e6e2c2f9587ea91f62fb7d1cc73667c7f03b57492c85

    SHA512

    bc1f44e322089d61293ba8f8fabe7c0e656f87b97f923cf32667150fd56850ccb92be974d46f6d449c928be6772cd422de117efe14a92bca14d9ee3528e12db3

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    512B

    MD5

    c08a3760e6cdba846abbec3c6aa4cbfa

    SHA1

    b12fad9a0fa770c6d581d83f6d4b13564cc547d6

    SHA256

    5f4a927c1b5539fcf2295b26ccd511d73e1fc1e5a3adeb380b906f47d7c45506

    SHA512

    36c6e4f3d62ae8de2f5de6d9ffbc1daa222c0c619fc1ed128ba0d8de97dec1a29358bacf37e91bc76941165a1017c3a23c02bc13c507f294749ae89517a362d2

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-wal

    Filesize

    36KB

    MD5

    145193c2a034a2b75c2415e59a84967c

    SHA1

    82c2c3b533bf49b8f6fa338198ef9dc2bd36413e

    SHA256

    087aa2224500fbeef810fdc14c9b0cd3e42cb41105b1a64c486fa66e3e92d4f4

    SHA512

    7d7484c7c72813ee33caf844f83bcd413d30fe65447cefa100bb8714a5135ab7be1f803fc6d607078ba3a442c9356a8b0521109c23ee244e97f4a43831a2720e

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-wal

    Filesize

    4KB

    MD5

    7d016123e2a5c15d4e80a61e08291afb

    SHA1

    8ecc77a9df27be6213cd5563cc686f824d214a64

    SHA256

    66e2873ebec7c316ab7deb2d27506bb5aea556ddc8298da60c9d134ac0d4ae95

    SHA512

    772496f40596a0d17d7f84f3e427a8be4fe1ff1d666867fd7ea53b11348ad310e332ff7ab254345d230f2b93058d7e4e7c965c91a6bdec9dd3c556255786189b

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-wal

    Filesize

    4KB

    MD5

    7acca1fe9f2d1a90d40070877e88a2ee

    SHA1

    4ce26c03225e8063ec0796c7caab915540045ed7

    SHA256

    8b81204348c96373ac8e1fd071555bd5762a27f060863b21e5f4dcea12d37697

    SHA512

    45fe8c885954e478dcac45532893ae5b76bd332bc84fe3efbbbe7792021bce38884a77dd94c02aa3fcae914f569dbf53412994d19bc845be529c41b6ed114bf4

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-wal

    Filesize

    4KB

    MD5

    25e6db3ade9640dddf768a102849a74d

    SHA1

    502b43662e74eb00c903e7331cf4b0544eb2912f

    SHA256

    49c5fb322d84c89922cef7c3d497cc35077b1b4985db718bc672cfc77a036717

    SHA512

    866942ab70da5331f8b21289b1b337511a56a67f3087e09a7aa8709629762350d076a139fdb479a89264c66c870d9d72543b74b99b2187ea1c848870a12dcd82

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-wal

    Filesize

    4KB

    MD5

    2d1e9befa6418ab3774a630e5b3fc7b1

    SHA1

    2472c7cc3d85ad1de5b8ea3e34245bbaf4554543

    SHA256

    90a6093c2e5dee2251ab1e48cd8858cad5129940d2f2d5edb02c282816de6da2

    SHA512

    9ecc65d3e7f3e71261624ff3bbcc018960c059cc8da2fe675c05d5e167a00da19d2ded12f7fc0c6f337f1032a79376306a0bf964d027ae37956f7cecfaa9fea3

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-wal

    Filesize

    4KB

    MD5

    29a1ee70cdeb739ac2a0f5fd87278518

    SHA1

    4259725bafd842507652a56992624063eeda0646

    SHA256

    711f794e08972c245e28bc01e823dda313d910dcb20ed35ab83ac8076c9aa9d8

    SHA512

    cefbdba775f08a79d8629cb9cc4cd3f8f46a04d0ef5c15be137f590c582b8caf69cfa7d9d918a0e2197bd86a6734acaeb494904231a070ecf4178fe4a883943c

  • /data/data/com.systemservice/files/PersistedInstallation6210441469737097568tmp

    Filesize

    554B

    MD5

    aef18d3d340f2ca3cfa30fc2f8ad8f90

    SHA1

    c4fc77c574d1b89862213eb1a9dfeaff4e7ab73f

    SHA256

    31c7d588dc98b77c003dd250d3804ca239b7c520cc163215ba19efb07d612004

    SHA512

    7c9f633b7ddaec52bdc1e2464b37d70a43a090cea982ed8d449c11c9c9a42aee2bac00bb19f81f077d769db2373b3193014e80f1b134b94c4d7bdd20b5bbfeb8

  • /data/data/com.systemservice/files/PersistedInstallation788327212645385323tmp

    Filesize

    90B

    MD5

    dcc1f65ac5ecffd56afbe51813fabe24

    SHA1

    11ad69b9abb7ce4266636ff0141b29af7d975383

    SHA256

    a51a63e6f009e3347cfbc71981b3b68dbd68440ac2f479d6c41414e97a572581

    SHA512

    c2e9c4b01150d1bb4b05b46f094580c4fea5d3ee7b33ffa92a5b743e37a96a1d52e70e33a3f102c35185a150124bf938dbe4aa4f69df4c27edd6cd4e3b60276d

  • /data/data/com.systemservice/log/log4j.txt

    Filesize

    3KB

    MD5

    3dfbf45e3278c17f549754a20cd20713

    SHA1

    47761703194417a3a3a5a83b7db1391fefad80a3

    SHA256

    e3afb96c29910e0f76bc4155e942eaa84cdfc04d591ab35018f05b9ce4440955

    SHA512

    b5cecc6b0fe7e118670a18b02e25a4f7414bcfdc947d00beec23d851c60253ad440e49d4d0c5d84b77db17384fb8fffc7557dd020cd01cfc602c2302bf754cf4