Resubmissions

29-04-2024 16:39

240429-t5y2nsfc99 10

22-03-2024 02:09

240322-ck49hshb5z 8

Analysis

  • max time kernel
    77s
  • max time network
    86s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240221-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240221-enlocale:en-usos:android-11-x64system
  • submitted
    29-04-2024 16:39

General

  • Target

    .apk

  • Size

    3.6MB

  • MD5

    3b2bffa809e1332c8b77f91add1a7374

  • SHA1

    cf0489ae4122584fcc510ca1c6c93ba8c0405899

  • SHA256

    bff0087b9e9d47e64841c0fd32d89c521d1ff4065d695472c7c107ef620ac9ba

  • SHA512

    6a74cb476d094958b66b73501ccd961601d1bee0c2f86ef453ccde2dd9c2cf1c53437df8bfa6c1d64f212b27e6f8087b8d1d64ebda3d1582a6150513e2d98531

  • SSDEEP

    98304:88zYcEK7XH8yVw98Mbwb81jjrcz7dpN9hB/W+3e+NQGAytLu/:88nEK7XH8yOhjI99j++uG+/

Malware Config

Extracted

Family

truthspy

C2

http://protocol-a946.thetruthspy.com/protocols

Signatures

Processes

  • com.systemservice
    1⤵
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Checks if the internet connection is available
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    PID:4690

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events

    Filesize

    56KB

    MD5

    de1a102cb20c798bc39f3531c28e4826

    SHA1

    9fe39bcf567e0a71067554e335889e2c1ac759f5

    SHA256

    9d1aea702ea81adc5041861b2dab95fe64112c2ed6bfa43696bbd20d31fec378

    SHA512

    be9e8576eb238d1964a1d52db149e83f5666ad37bf265b44ffe7739209bd43ea501b800405221067e56a08ffb7c4ec5b426e2e3665a1ea58612307f20781288e

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

    Filesize

    512B

    MD5

    e1f066397bbefd23376d5f033b605628

    SHA1

    7623575cbeaacb55db72d3ac1a6379caacdec036

    SHA256

    6f8eb0042c70f7d03fcce16c286f054ed6bb13521d35a14d2095949fcfed27aa

    SHA512

    05c2e77b769accc32a9fdb8dc135640f51b6903df316840da18f629b03ba03612ab302a7024ac57a22048f7701491cbc723a0afc245a638e62c6de09b053834c

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

    Filesize

    8KB

    MD5

    5306ab51199f781591bc88b334322d92

    SHA1

    5e6604fe0fbf554a02125347f2100a9aae4ce72e

    SHA256

    cb494bfcab450a007f5360919887fa13c2b974a220bff4bd63c5fdd7aeef1853

    SHA512

    f7bd584b867d9d4788710fdc037bcdbebfaa326846889df20e988365fd8c1416c0089fbce192ccdf04e499a657c44e909dfb9cdc72c354cbe9f0a7debcd545b2

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

    Filesize

    8KB

    MD5

    6b034ae8767e26fa00d1ece17274fbc6

    SHA1

    8bd11a1fba45deb4e9624094201b116f3f73ee93

    SHA256

    4407926023540a4b6af7a75f529aa2c1e9fc2f723a378ca16db6eb7a544f91c8

    SHA512

    216dd8271bc115a4111b891743b80921e614221a7d0a5bc2e9b32410a775018733f1f01e79cc448b9e736e7667c020744c1906dbd92b1f24972b349cd9eccd73

  • /data/data/com.systemservice/databases/core.db

    Filesize

    36KB

    MD5

    045489a0639eee27bca52f48828cd93d

    SHA1

    436e7966e7c019273c44faa4d8c5709b816dfda3

    SHA256

    0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

    SHA512

    c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    d9cf75fdd1c2292d986f6c3d5d60f2c8

    SHA1

    07ecb1d3a26d952ae5fecf54f36699ab498510b1

    SHA256

    2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a

    SHA512

    442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    4fc610f5c17a4cf51ca192f9d95a49ae

    SHA1

    0f5c63c5a6acd5898918db7921eba9158b9b70d7

    SHA256

    ead7575e8b716cae73f8c811f857c01dfed3c7aa77e0685492c93c5df5ef51a7

    SHA512

    e9a5b87941ae7c79b8cd7826fcbd2f284fd4547b54509df0ca236b62678df7382e8c5211ed68c62ee8b2f2a1ee04d3519872a19c20a67e679a19a640fc530cb4

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    267088e6a3ea83ccbb892fc468a1e50d

    SHA1

    c0993384d1d2f7578aacae5984f45cb17e117216

    SHA256

    bf1bde7dc650fae21c18bd6b591fc94c62d1197821e93116d8af2b56c110072b

    SHA512

    dd249c35b6a67bfc3cbba57b8162b3c9052f2aa1f482e445d3f5ab2adb0c788e4bec4358641e5ecdd8f30c297b5a37d32288b702633e0457b763f5c08e39f880

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    fd96bb45ef7bf7c56462a5e28642879c

    SHA1

    6443101bd51d0d93ee77daa5b0a454a6ea7a37dc

    SHA256

    0a147547b00cf855cd2c6553be063e2e17c622211e722405d5fd1cffaf62cb9f

    SHA512

    4d82e56d03375bd2b9ce02d7391ae951145770a43b7cb54fe8332bdf699ec3d2616e69f8752106553bb942a0ef0ee72942a522cddef9d6886b5848b897fa4999

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    10c56a7fe60662493ef6e2eb0eb9deab

    SHA1

    9d7cc164dd61d36dd28c2f30df9db8dfd3da6aca

    SHA256

    2eebaffb7205dec7000fdb2e0961c179b41ac8d188cb9a4d9c1e8d661cdef48d

    SHA512

    f83e193fa9ba9498ed5e95879a98c91ae289bf60d274822e07fccd3f34d0d1edd95f03201908ae264f009088393a826f5c78301840dc1ab67f3573a71cf57faa

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    30ba120600d5f0108fd3dc7caf631a97

    SHA1

    944b9a3dd7113390eff78921bbb37dfae4f7f75a

    SHA256

    5d7765de1be467dbc3d2c25437599a1ac41a176be6b4ce9f97180f7d3d524d29

    SHA512

    786094e5f1faf32413e25077778bf1d7a354118ac33b706185ef1457d7f06c8c13e33e328727192216b2abd95a599f4fd023232cc1e15710fe5b8ced85663a4e

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    512B

    MD5

    8ea9bed27ca5c6b86e6c374cca10b66c

    SHA1

    70f73fb4e4cfd8fcf5321fbcb6c8edb9f5b28f5a

    SHA256

    274445521875831f8434178de00df217314516b168f2bb684116600cf997259a

    SHA512

    7da218a617a538295dc5a920be61717286f660916b227b2c5b87c010211f11d124b1d86981f5b385fab7924621e31c33d9d4db7a79702e057cda6fc2492d10f5

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    d0e23e06b7f5bb020a5b1eb82355735d

    SHA1

    3ca1a0d8c1fac45ee3fe70ec0609ed023fa01303

    SHA256

    261af4314079d49e1ddc528740ce0cfe1190a2e424ae0bd44d184b4f5400f26a

    SHA512

    da835d17e4da6ad2392e4216d400fc907ae983939a61909ce3b16d88a2c21f7b9a2883e2e749fb1427b79a0e46c3d507aeb0d1edff3b4f9b8a7dbe6c513d1d62

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    4KB

    MD5

    9a3097a467b2de7447788cd16d16cf51

    SHA1

    c2e19eb43db61f1cbaf6a6a54427645c654c65f5

    SHA256

    ccf3d252e9fb999a6b5e062bf25f51023a9d3b165599ac3006c4d757b2a73f5f

    SHA512

    93c0aa57c948b65225f940f344abc677c8c4170e0f2d5dc03930de68d1d66d0ae8d062ea000d0765086b9f8212bf957e8af63134d5675b2494480432b199819a

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    1f3f8704137a5fa23b6fe78e0e8bc3db

    SHA1

    f900cab1b0b6e5c4c7550302289831c4b971df8f

    SHA256

    f46691fd73d93a063364aaecd600337ac0ca3da63b3cfe9fc45bc9a1d0836a9e

    SHA512

    1a1950be654aee553e85562ec71f31a96dccba8fe7e740a93898ceceba6e66fbf199ab717d1786a581a24ee179868f99e70c50913a382a071055cd1c8cd1a3fc

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    041fc66f5d9d6d807e68567fcd888650

    SHA1

    20fd74123ab3174f2dcdd242b06a29172bee8d40

    SHA256

    ec5536a0ee4b578d595ee4e12f23b1f5f2e0fdc4f337777d743a2047accd1484

    SHA512

    6dc0966ebb1b6cef0d57738b71e27201165e21c3d96debc62b2ac89d7fcf838aac1229615981152f5fd40bf2ad5762db31d95c6bd2913d0a935718d1958a97e6

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    b9c5e4c7db7b09a94e297c099959e77d

    SHA1

    cd1634e07f6a50130ca6e0e8f8b06b48c383ddf1

    SHA256

    9476c1b67ab9a217dbe313df2e7ab121fee566990e5b165ad6435d0ef683ff87

    SHA512

    506228e200dfd41dc0ea3a82703751c5f3e242ef3e9a82499a0cddbd5c55a25aa9314bc77b4dee70dcd867b6744ea5f7579edf5aa6cfebbafb024bb328501b0d

  • /data/data/com.systemservice/files/PersistedInstallation2291902860463494881tmp

    Filesize

    90B

    MD5

    3d71b89cd9e427f4e8ed88b9ec1bdd64

    SHA1

    77a23dc9896cda008c3ad8a448c1e6f312fe89f8

    SHA256

    1906e012b549cddfe1ab44d2cb35e08ec11fa5e0f6a1aea55f0c5bface6d8630

    SHA512

    186e559ce7387d618bd4d07ea17be01bdcbf9af7fa75079054bb92eede9ca883d9bc3911de0ffdfaf9c5a8f767c8429a01e515614eb76657f1d584db274f3cfa

  • /data/data/com.systemservice/files/PersistedInstallation5643118108999980148tmp

    Filesize

    557B

    MD5

    1487a3f282e1f6999183b04e7bc8b08d

    SHA1

    975c111853babc257bb2710b801b75f3b463af73

    SHA256

    3a7269a84bce7ba6b151fa82653b68b5554d2466f3b312020fe590089528889a

    SHA512

    889e392a3af5f8c2c3eba346c886ed5b6fe8e165d2407cb450a993497087f0fb8c9b3d8fe82de7f55effbb886c07ddea642b52f791516691ece80cdaf06e03c0

  • /data/data/com.systemservice/log/log4j.txt

    Filesize

    12KB

    MD5

    2e8a654ba540a1c52a3969277ba1b43e

    SHA1

    19eacfda6c9b6b264d631f78bad3cd2a45a5a6fb

    SHA256

    fcd8a4f06cba188ceff2c4cf458d0fb0852347a709f1319cb2741b1b19219666

    SHA512

    1ec4a1ffc5a6e9863adf99f461593443090b9a121024c4a1f6802c99841e219927e26868794dbb7ae636125554c238f707ab85755d9fc56f8dd6f122e7a1eeac