44cd742ef87d463c3f84f424263dae21306b207631864b383e8e94f8ded92b46

Analysis

max time kernel
89s
max time network
130s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
18/05/2024, 09:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Truecaller.apk
Size

80.9MB
MD5

1581203a4990bef028f82dda1d02e8ab
SHA1

586c5859f8f9730269314b63ecb3cd52f94b08a2
SHA256

44cd742ef87d463c3f84f424263dae21306b207631864b383e8e94f8ded92b46
SHA512

468de490dce3fb0280e1eff8a5714bd2c44a37f59364c13651217665e824e2fc3dfaf677d9a174ab2100e25b25037bfb5d8608428681b94ecb00a2c63b407cb9
SSDEEP

1572864:gzOGgMhjFX9rl1ZIqaUQyR0bu7/APL8vjbkVxVcOP1:63TFtrpI2QyKQ/eQjbmVcs

Score

8^/10

collection credential_access discovery evasion execution impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	com.truecaller
/system/xbin/su	com.truecaller

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.truecaller

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.truecaller

Queries account information for other applications stored on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect account information stored on the device.

collection

Stored Application Data

T1409

description	ioc	Process
Framework service call	android.accounts.IAccountManager.getAccountsAsUser	com.truecaller

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.truecaller

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.truecaller

Reads the content of the call log. 1 TTPs 1 IoCs

collection

Call Log

T1636.002

description	ioc	Process
URI accessed for read	content://call_log/calls	com.truecaller

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.truecaller

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.truecaller

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.truecaller

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.truecaller

Checks the presence of a debugger
evasion

com.truecaller
1⤵
- Checks if the Android device is rooted.
- Checks memory information
- Obtains sensitive information copied to the device clipboard
- Queries account information for other applications stored on the device
- Queries information about running processes on the device
- Queries the mobile country code (MCC)
- Reads the content of the call log.
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
- Schedules tasks to execute at a specified time
PID:4430

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Protected User Data

T1636

Call Log

T1636.002

Stored Application Data

T1409

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.truecaller/databases/analytics.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.truecaller/databases/analytics.db-journal

Filesize
512B

MD5
89c79563f6537e619115e5dcdad8c889

SHA1
f62df6209c0be95b50895526d189efeab6a8ab0f

SHA256
755d510a3252156e3deda4670cc627401f4275a40a643a3c5187affc6f07a977

SHA512
048f992244819678bfb9fc953637c52ea2cb6d0454cb7a809385bc168f122d8c0f687111693b9ce498ccf1cae58002079905bc77ac8c56e90ac810a858c2266d

Download Submit
/data/data/com.truecaller/databases/analytics.db-wal

Filesize
16KB

MD5
9918a5807d9167371433f0349c3be2ca

SHA1
c0dccb7b8388eb5ebf9364b2b4838ccb575b870e

SHA256
4a1e285d971db20c78001abfb6f1900f252ba752b7bdfa00d77a4968bc5ec614

SHA512
415756b7ed9ba9428506b8686e1c847150aa1a0ac0d93d598b6fc3a2d136fcf532bacbfe6693018a4a0989b5c19b3c13dd85efd10b9f28c9e68fee90e323fdc5

Download Submit
/data/data/com.truecaller/databases/analytics.db-wal

Filesize
36KB

MD5
1267fb59f55412136522322e82a56d87

SHA1
f752a0f8ada2611352d422834218fcaa740dbc3b

SHA256
1dad5b146ea6fe207d5f4349b5ec0c4e5e100757b43da741658ce381d1fdaebe

SHA512
d38442b36fc662a8acdbf731bda69ead0b832dabff43a15df036796e710cc0a0a2d14a21e73d1fb39ebc956c4742c94c47d69fb94dbc54ac05f49c6915148634

Download Submit
/data/data/com.truecaller/databases/analytics.db-wal

Filesize
52KB

MD5
3e04cee43d815edfd26f44d451f4033a

SHA1
b09621409df01c385d840ee2843484a1d246e299

SHA256
1ef5f777a27eb3850a64220c6e0ad8704fb37ef2dc3897cd46559e4c7b7a631c

SHA512
eef9eaac475e5cadd9e54ac30de080eccc61c55313086ce1829897d405246fb759032a4b020d0a1b221612045422adc196e506ca0454a982e756f63a34c701f7

Download Submit
/data/data/com.truecaller/databases/com.google.android.datatransport.events

Filesize
60KB

MD5
57d0a984a8f55e2af5a87abc807140af

SHA1
8a7f3553a91e3a42088eee634afecf019b324886

SHA256
8f61a055bf2cae58cbf6226e677b3de7c8896a70eb3be2381fb0b4c7505f49e1

SHA512
6a8e27b487a23547b486af51b9f9414fdfae9612e3720374251c7abb81afa074e31b19c436165fb8ac216f49990b7268adaae25a2fae7b060947a863026edc44

Download Submit
/data/data/com.truecaller/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
d7b7aedee0111c32f0422cce09c89957

SHA1
267491c4bbf8ac2a2e20d9029b4fc50f34375595

SHA256
52b35010597cb843752b64e9a4ce391c304e01867e5eeb99ee7df0b8810101c1

SHA512
679156369c9677c2c124adf82b60b043c8c72827a120d037558e3453c73ce41b6627eed62eec2158fcd8aa1ff8e054312343850e2bdf9ed41d00590a1f237851

Download Submit
/data/data/com.truecaller/databases/com.google.android.datatransport.events-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.truecaller/databases/com.google.android.datatransport.events-wal

Filesize
410KB

MD5
cf1c7cbc398577bec53c91be34e61443

SHA1
bf7675b034a1a706f153772f99abdb3fc0f82292

SHA256
c7fbcc0d1201bedbb233dccd213b5204c1acae6727a8f4b66b9b46de22858c60

SHA512
4690f86712e49a060200a2c14deffee1fc01021dfe379e904af08b5d0286ca2ccce13e290480c2f5825bc0f843a3de14c801dc7251a4bf9eda67f558b88e3cae

Download Submit
/data/data/com.truecaller/databases/tc.db

Filesize
452KB

MD5
8bf9fe33d242df6927e3aa41c26e0bfd

SHA1
dd67aedc93ca69db9e47c7a5bdea34045a59c54b

SHA256
aa277f4da1da4a3b2a56bb399d433f4c6d839df2e3fe1ddd2cd900aa57487e52

SHA512
c32828759c5918766f5a86843d8951a5d27d03a72f37113b40905776046d148342496f15a368a8277efc7147d467be7694284f9bc288d77626598da92ed2afc8

Download Submit
/data/data/com.truecaller/databases/tc.db-journal

Filesize
512B

MD5
76fe40f5a4d2ed64b8a8468e29672235

SHA1
cac1b347431856c57f3fdecfb71baad08709a7f3

SHA256
6e113b598a0ead0b0068a25fa16e2121eeeeffe111aa25a6e54a038b845ed6e4

SHA512
cb4b1d190219eb4858b242912a0a09c94e9d9ac549bd508170f68faf070609d673c9c519bd595ade63cf773a2e8badcf533dd2e6889f56cb5a56af2f22092c45

Download Submit
/data/data/com.truecaller/databases/tc.db-wal

Filesize
466KB

MD5
5342f63bc8e80a93c210b1e165924acf

SHA1
4f53645f3affe062592fc620fb799e03792b2c7a

SHA256
7a8343bacefc4238d44946b694d251c18eea5ed66d9226d91e9a30ee3e1c3da2

SHA512
066dcf5152b0608eaef5de4b2ee4860e604a2d280bb1ebc1cf9536c5030b2f5daa8a6d3350f3c7d938988158a730217ab3adc8823f23c496e67c7468c8e89820

Download Submit
/data/data/com.truecaller/databases/truecaller.data.Notifications.s3db

Filesize
32KB

MD5
eccaf6798283ab7ad86e1fb4b551af68

SHA1
309336908a99bf9f83513c2eeb0e50746cfa9586

SHA256
bd4fd668cb04b93aa49c7f4158b8239b1a50e7ba42f6e06c9da358feef36c46a

SHA512
14cd055f5fefb534e05f7309748d42450cc0745d3b28050086fbd571f8e6a7999ffc744bbc10549af884fe54afb3fd8cd146626398780a5ff5c1499216dbe166

Download Submit
/data/data/com.truecaller/databases/truecaller.data.Notifications.s3db-journal

Filesize
512B

MD5
fec733bb8f1016f5935a06cb04441e91

SHA1
f37352d507dccfbd703c34d13c55b247b402b62b

SHA256
0ef962bc8d6fb59f255a5b4b1c966bb68d31a0e52d6817d5a02d76b061e7ae3e

SHA512
d301ad25a8b10c162f25669e56b7e1750a73aa0214e0c741169956a668b061ba97c0b962c7c688f5bd7ae63fa22d57fb8a3938fa4281782c7488b1ae4dc08433

Download Submit
/data/data/com.truecaller/databases/truecaller.data.Notifications.s3db-wal

Filesize
44KB

MD5
0e2c7f52dd81f0e5cf4e8f7617524c3b

SHA1
8e77aae0cfbc03387a41036ce2b3a00da43fb1cd

SHA256
942d29a733b31424e09f05ffb5da49fcf642a4996c8ca8dd9dff22d1bc975ec3

SHA512
6e30324a5eea93000175f31cd8892716c88ebd19c8fb25d6d1eff88801746b1e301b6c3f2283fa09ad48f5199479f4fc4c9fe95a8171a0555cb1b7e1bb69df46

Download Submit
/data/data/com.truecaller/files/.com.google.firebase.crashlytics/664870E700B50001114E2466CCF79C87keys.meta

Filesize
17B

MD5
328e0e1fad82abfe205b19a36153dc2f

SHA1
e228898ef0eb8a2740d86d07920633d4d6b2fa19

SHA256
114a6e8f5c43bea09a4a73b24b44b030440a6f3be212bbe943becdb363f15e29

SHA512
6b38ad8681bead6a5a58db08ffdf916e0eb6cb51c3f94fb2451a272e433aaf90dcfb5db8f15a1ee6458690e29faa3a4de65b1a427b45d364afdd45bc3ef15d58

Download Submit
/data/data/com.truecaller/files/.com.google.firebase.crashlytics/664870E700B50001114E2466CCF79C87keys.meta

Filesize
41B

MD5
486ad34af72205ef84d45cfa8d9c070f

SHA1
db6a64fed03b31a63eabeb6f1630a0ad7c1f4ca3

SHA256
501f0562ae0e51785ada163df3e231c5695ea36d355dd752daaf1834d738bbbd

SHA512
5149892ef31bca7e9bfb44cef5e4bf8d4e26264d5e98352be9d40f82eb9b9a1c618f6153eaddb8bcbf4424b831958d1232120b8288044cfe9064dfad05112108

Download Submit
/data/data/com.truecaller/files/.com.google.firebase.crashlytics/664870E700B50001114E2466CCF79C87keys.meta

Filesize
81B

MD5
f15fe7b407660e4787ba4a495f7cee61

SHA1
ac568d0a78cee9d6a1f467693c2603671ce00ab9

SHA256
6fc300797727d42392aec36040ecf65bf4f6b7ce7f415d74ec8fe7139a22c705

SHA512
de9caa508d0d7b4a0f631159e4e692d01ddee8b46e75ccc38a16d93fd8cd2cb02f4585312ca95fa940183553a88ee356808b639672d0a7e3a7760a37d35b7dd7

Download Submit
/data/data/com.truecaller/files/.com.google.firebase.crashlytics/664870E700B50001114E2466CCF79C87keys.meta

Filesize
132B

MD5
0919a9d075e5151a2f341d5f290bead9

SHA1
a4aba3b2b6f998c72c85623b722684a001f4b2ff

SHA256
bde2d36d633201d3fbf128622c9a6ad0beeed698de32cecd4fa2fbc42453f80e

SHA512
ec929c533013ad6c86f9844679632db7347e4ff6d9dbd138be1797c0ef0b30b96a78d55964d9561c744bc6c5d156c3f71d3c2e2dc5aab02fe7988ebab4e43f71

Download Submit
/data/data/com.truecaller/files/.com.google.firebase.crashlytics/664870E700B50001114E2466CCF79C87user.meta

Filesize
28B

MD5
095c05dcdf65bc7408414cd6f2fcbb69

SHA1
40c24b2e5bbc8f9263205162f9f715e1eb5ed650

SHA256
3ff08f8b4ea68dfa203ed9b594e329826901a5c7ccfc5bd5c424b10c7463ae2f

SHA512
935e00999257afa30196b77b6ed9438dfb6c8d772081593c87fa6792d3d142a738ca087383b51791e8b09963f746f5e83967b47b4035050c69c96499b2bf7cb6

Download Submit
/data/data/com.truecaller/files/.com.google.firebase.crashlytics/com.crashlytics.settings.json

Filesize
712B

MD5
5f2b28444bc62a487271702672fffff6

SHA1
242f13c49899f23f4211c03f673ce0a90c6e65a6

SHA256
afaa70ec6ebe9840d7f4882f7f0aca3539678ce93c3a8f0d441df51865b67d86

SHA512
668168a4b5dde952399c8b5e3968cff3dff8505de576be6cf2d87042e68eb5ac9486baf0c3432bc637377bdca25988cc868d5b42ad968aa60184eecd7acf26d9

Download Submit
/data/data/com.truecaller/files/.com.google.firebase.crashlytics/report-persistence/sessions/664870E700B50001114E2466CCF79C87/report

Filesize
744B

MD5
96a4e6deb6c40c76b5d0d5738d31c082

SHA1
a330fee94ec4f652edfcf96bd7f6100895ce12b8

SHA256
a40b287b03d3d72c13250189f190f638fbc6e0a086e53d292ad3638ca9e82db3

SHA512
c220cd3a0d7a2558339906fe06df2aeb8c0127b29288db4b9f573cfdabcaaa56c3fd2f08e6d2a0c89543382a1a29178b4204521cebaea4ef2d393eac18b41054

Download Submit
/data/data/com.truecaller/files/.com.google.firebase.crashlytics/report-persistence/sessions/664870E700B50001114E2466CCF79C87/user

Filesize
15B

MD5
480e332e729e426b8c4e020d64d00507

SHA1
650112f1cb1d43f696290759d406958c26902dbf

SHA256
79d7e1ec3324b308cbc60660282909ee276e779cd0892ec7e77934e1300620f3

SHA512
d1d8a3d629e4b31bd98c4c0895bd377cd880788f98ad08fcddca7303dc4df85f84c7a1d7c01e80e25bd21f687ee2a110a72c7c3ec061dd8fb95c4a89cdbfcbfd

Download Submit
/data/data/com.truecaller/files/PersistedInstallation3867891466918019455tmp

Filesize
114B

MD5
978a3bf0c7cff3c70aad88abf4a448fa

SHA1
8588d73cec0c75286f4bdc5f4f090537acf16a20

SHA256
2522870d651b1346ba0ebb835cca60673e9704dafc26627f026a277f09515ae9

SHA512
a0ead6a0ab804a9efb50b6ed22764cac88b2efa1b92c97e2a9ab99f3eb0b3350d4b2f6e89db6bbf9e9792ed2e5e3a363904550c0eea4e7b743913792a67ac954

Download Submit
/data/data/com.truecaller/files/PersistedInstallation3882997766022419010tmp

Filesize
90B

MD5
16440711c4484092b0894adeed3361f5

SHA1
ed36689a2924e750c4fa974d3c745711fcbc38a2

SHA256
62293cf737c1307addde2af4db8c72d08a2364be6197b11a6cbe54e4cbf08562

SHA512
4edd16e0d6965a5e370c5f47f5bc866b76b9709cf46f0bff349f8f6836deba386e22bc4e6a3d58df560a724b9d814e74f70f5f345c932d883fb743e9b8a48cae

Download Submit
/data/data/com.truecaller/files/countries.json

Filesize
13KB

MD5
49e1b2796ce3251a0559d30ba14a433e

SHA1
43a9ea668dbbfde60669b56199e88d0fa71478b2

SHA256
b897d42d08ae373d07961e4ea2e781340df5c5c473d967ea76121b6cba459dac

SHA512
0a05aebfce31e3bd876484684ae2363c40b35eaaa8360cf8fd42aa3027dcce9d7977713fbcd0d6d11b612d370c40bd8a79262a023750d0233fe24f77b82d8ac5

Download Submit
/data/data/com.truecaller/files/frc_1:22378802832:android:d040f8b97ff358e8_firebase_defaults.json

Filesize
7KB

MD5
4d15e1a6b3728f3021cee12eb4232827

SHA1
42ee22de495d6f9cae4801675846b6000b253310

SHA256
12e755fd2f24be5c18d3f4bca67800f38442d83145d8f8042666a16b8005b585

SHA512
9325a1aba0e43cf314bf73a7448232d4efdf89152f2abf0ba8850f4b5364028bcfcf282a5f1af63bf40403d8526bf59edd797466bb7897992bf313500d3de665

Download Submit
/data/data/com.truecaller/no_backup/androidx.work.workdb

Filesize
96KB

MD5
e44f4ddde54bf55c4f7378f43f53937d

SHA1
6b2a2bbadd23185dc65169d0f85a9d8120e10ef2

SHA256
984d8578412b6eb8a9847c9a503d7addb0c5c7cfb2333b734854c175599f0be2

SHA512
11559cc318229fb0d5c4889fb2e571cd5b97f85e200733df5bcf9d6e643effee8888e45e2aaea6f9a58b93d4cda552924e40e32773a0970d7ebee0fc135ff191

Download Submit
/data/data/com.truecaller/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
cca1c29cde6c01bb20636a6ccda1a27c

SHA1
01327437c6a0cd6e8ef85696205e34de11db79a3

SHA256
306ab9ef4f536c9df741ff0fde294492a21947b2e2c0efe956a181c917dba712

SHA512
3020d82a8e37d2f1061534dcb9c6f3d1a2b69c1c5ebc9a296f73921cf0669147de30d4503878d43c9e5b0639ee5a5d822e8f5898610e5197e60e4293ba26bb74

Download Submit
/data/data/com.truecaller/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
15148cda3d9817c22806a7d5b7769ac4

SHA1
da4e6ec418658ad76ba8f01536dfdc368ecfcbfe

SHA256
7ff0c5246b63f64cbb5303f624627cd92ef577020798fbdba26b113cd5711e05

SHA512
22147028a66e19acf009823204fc116ce4de193b65b1daa0d6441f239e8f4673a571a7cb70dc890e470c798a4545f9180f31823aa303ef73b4f9b2c6df444600

Download Submit
/data/data/com.truecaller/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
f915da23f363cfe8735a037cfaae62f2

SHA1
3eda5615ee471980815308c29e9aa8cdeeda45c0

SHA256
1c08268893307d908bd80b071178b304cae64a4ad630211d867fecc5da1fcf88

SHA512
3a2a86e66b78849aba6a5efd45122b6131c0ffb3db22855ecab3b0dc9fb7df90f33cbd135c6076a7c6522d7fda9db5df5f65d24e077969e5edfb77741fd1d943

Download Submit
/data/data/com.truecaller/no_backup/androidx.work.workdb-wal

Filesize
410KB

MD5
299d43c41da5764d592a2f18d5d2016a

SHA1
3b543f4aeec5ab6d8127a9c272768262d89abd37

SHA256
22f30f46e90295d9500524cef36fcd63b1d5b1aabd61ed01b40cc9768f5d93a1

SHA512
72aadf0587347849bbf5e33fd4c015133cf199e156f4b218752f86c0ae7da8be03ae970c5b6b3a1655a53101c57f3dd769bd3802a098e4a9943d318b7b8f4fc3

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads