Analysis

  • max time kernel
    13s
  • max time network
    130s
  • platform
    android_x86
  • resource
    android-x86-arm-20240611.1-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
  • submitted
    21-06-2024 10:11

General

  • Target

    eeac062c8c9149a6739371238b857f18fb8a61c146443a972d1eb201d504216c.apk

  • Size

    3.2MB

  • MD5

    f2b9ffb8bb4684754a7e1eb02f1added

  • SHA1

    b3d4a329b035a97c21f09698eb20e3db732aed82

  • SHA256

    eeac062c8c9149a6739371238b857f18fb8a61c146443a972d1eb201d504216c

  • SHA512

    37ca4bedd0054ab5233b441861e9c30f128238e75849ef744195d92e5c0a8f5da6db633c95b05397a978d0f7bdb31be4c2cfbf696687a3e968dc5cef17043345

  • SSDEEP

    98304:F1yqxOabNLn7Rk3H0bbamJL4F/E+roUWwvlL1K:zLwyNLVcCJk6+rotsl4

Malware Config

Extracted

Family

truthspy

C2

http://protocol-a748.thetruthspy.com/protocols

Signatures

Processes

  • com.ClashRoyale
    1⤵
    • Checks if the Android device is rooted.
    • Acquires the wake lock
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks memory information
    PID:4294

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.ClashRoyale/databases/core.db

    Filesize

    27KB

    MD5

    c7b5801f4970b944a556dda8d75097f6

    SHA1

    ab62d5c3d60940ac286f019fecd21f822af864f2

    SHA256

    cc9e08d0728cef73f1f391fc1486845d285b6a14d778ef14c0ac2401e6b3fde0

    SHA512

    6ac93f5393ce957d0be7de34145f433285f6ee37f6037f174f4532502da62218dddfc0e32883bf94830b4c79f63aa16cf10b3fa7b6eb4187b72f7703b6e0f0c1

  • /data/data/com.ClashRoyale/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    41172d46ff8888be4cfc7da9dc7d75bd

    SHA1

    83758a810bc86c52f60c838acebb9bd0c541be19

    SHA256

    7c27b82cb8af372763b0699274222450a8311bcf96cd8e876b717d4ead2a4c9c

    SHA512

    6d2556fbd104bc18366276346a8fa3d36992b5a7e98b2dc43683912ab4322dfda0ddf76c43b20710f8b5a8018655e731e5a52b2e573fd62f0ba0767b868c3972

  • /data/data/com.ClashRoyale/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    7cfe1929e16de460e6313570ccaeae1d

    SHA1

    de0c84342a720f7cdf97b32d347e3fb8efd1ad11

    SHA256

    44a37818c41a8079cff114ad7f3e566d4342a9b49fe47c27e68d834e4e056a56

    SHA512

    cc90f4c2b4241d7b95cf05a6c1e3fa0f114380586bfcd46a2664ac8ff3dead5b2964df8b51c0d32856bc69c32d6ea1fddaff00edddd0576e652408f56d1e0fe1

  • /data/data/com.ClashRoyale/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    17604722b38a929a26ad5e11b2d63f96

    SHA1

    fe8b3740cb4bfcfc9fbbff598a09a2359c297b50

    SHA256

    f2ab25b7bafbc9136b0dca18e487dcbacf820cef3d4c594cbaf591b10e76dc0e

    SHA512

    09400746cac9006b13bc25a65209d4000b567ee8ad1829ad9f1b9e21b9c0794f7dfcfe8be3b23be203f066bb86a5c95bffc38df93e5c7d4f6fc6d09aa6c7852d

  • /data/data/com.ClashRoyale/databases/google_app_measurement_local.db-journal

    Filesize

    512B

    MD5

    1b97e990ff61e17bfba65c798f2417f6

    SHA1

    292cb0eea219fc745a7d905ddbf82acd48ad89d7

    SHA256

    cc50617275558c488477e49cfd7be7b11d1912a3f63b927651c46ad18b005e7a

    SHA512

    a6e0c286c09dda12dbae8654bed0334312d2a0e24806766ec6b323fdf2c7f46cc636dd5cf72891955e178ed3481610b0447ba107c9b840ab71f1d618a4d66e9a

  • /data/data/com.ClashRoyale/databases/google_app_measurement_local.db-shm

    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

  • /data/data/com.ClashRoyale/databases/google_app_measurement_local.db-wal

    Filesize

    36KB

    MD5

    50bf5bc4b27751e8bbb1ebe65b067d5e

    SHA1

    0f3528a704a9c9f2d83c40eb09b8482c618af1a1

    SHA256

    a3afb8232b1498a595e87a0eb187a9e21a501d8bcce5c47556ad0fe0cdff059c

    SHA512

    b7d2460882475f965281c066d9e43b40e807cbb2ce110d7293f0a710c95bb1a773bb5b66881036c0add03a123d8a5aae76655350a4d8f1ce500e4b20bc41f8eb

  • /data/data/com.ClashRoyale/databases/google_app_measurement_local.db-wal

    Filesize

    4KB

    MD5

    02855fc2c34b07a6f073d8d307a3aef0

    SHA1

    3e5ef2870a9226471aafcc0095726c8345157457

    SHA256

    a674717b41290feba49e6489ead50df776593be013b005266a8a468fb1ef8caa

    SHA512

    8c8c833ce18313bd5ed5f518135223f231430e63ce417a1a7474c531b6502f5f8b87484d8b8528fe6355baa37ae8a5c49f6cf7d18d841e2c2afde04cd618e2f1

  • /data/data/com.ClashRoyale/databases/google_app_measurement_local.db-wal

    Filesize

    4KB

    MD5

    87947dbb63877eb7aa4c6a11d34dc833

    SHA1

    ab5b19b99564ead8bcbaede7fcfc5f85d20f41aa

    SHA256

    a5e74e299eb909b72c3b872cb7f397c47a379b56268f2def6f539e53c95a6c5f

    SHA512

    528a9dc080c85085d093e687aed17e2bf311ddd88bfed4b5b6ce88f0bd0380d8eba88f2a4fb64dec52ad351f8a8a4334e69f16bf5020eeabe8239ee0d3a284b0

  • /data/data/com.ClashRoyale/databases/google_app_measurement_local.db-wal

    Filesize

    4KB

    MD5

    08b548a10aefc7b5da940a49e109366b

    SHA1

    771da4a13a6212a6931e6966fc818b1f30fa219f

    SHA256

    9fb9feaf366866f118b1d281cb76a8d0239c7b23712bc9ba31fda5c461c90dab

    SHA512

    cf148f753c70c09cad7a25bf595f4b5a34e841c51cee905110307779908d2a9045a7700c13959a0890f19528915d3ea553429ee1070ad72119762fe2efeb8cd4

  • /data/data/com.ClashRoyale/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/667552EA0102-0001-10C6-4F99133A5F7DBeginSession.cls_temp

    Filesize

    77B

    MD5

    cd7e2029e57153522f7aa64b79b1c78a

    SHA1

    9caa76ec0e31e66f6f26f8bbc0d6d3bd8c5f658d

    SHA256

    d539beb7d8971581095d2851038404d9f9772cedd8ae58dcafd0fb93fddbe87e

    SHA512

    168ccafbc2190478ae6aa75177425008061bd3cd00f17e8c8df71c5fd02b02efd19635e9df881456d28bb9a3c5ce0e9cabb31559b991ae9d86c7ef1c564d5a53

  • /data/data/com.ClashRoyale/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/667552EA0102-0001-10C6-4F99133A5F7DBeginSession.json

    Filesize

    132B

    MD5

    ae7bb2dba35c9622595fcfabc9789651

    SHA1

    25abda6a45201e702153450459685e1cc1d31af8

    SHA256

    8ad4cc19f3007f190b62d625e2fd0990b1217c977c1e941d0c26e9e371198c8d

    SHA512

    362ba578300a4f430240fca2f036bbc9ef5cd214c41948315891b8239d8b4951db7d6269212c552f1abf249306dd4746a38d1051799a8ae57b2e22f240e79e1b

  • /data/data/com.ClashRoyale/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/667552EA0102-0001-10C6-4F99133A5F7DSessionApp.cls_temp

    Filesize

    107B

    MD5

    560e9b322b0aae87ce9b0edf9c5e4371

    SHA1

    ad69d81572f95f2e4730582c42c657a3439a09b1

    SHA256

    9e2eebc84afc60dc6848c78049a11a33048e0666205bfc61a05e8aa962fa7211

    SHA512

    670e2740d3ac99415951e02a2282d95ba5ad70f731cc5b3f5ffbc394055f9fece1634001563f6d3ecaa7ce5a211c702eecf8bb63956c5dfae41e2c9948a563dc

  • /data/data/com.ClashRoyale/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/667552EA0102-0001-10C6-4F99133A5F7DSessionApp.json

    Filesize

    221B

    MD5

    7cb5974b445819989236113ec4ddf388

    SHA1

    8f38326cdb5c36d1da7ab7e59276ba257d712c37

    SHA256

    aa0c78f4b4fa5a8451845343c3c63a45e2917de87c6e2cfa8439f598158e515f

    SHA512

    954696bbad2b70976e77ad3b5a485a1ccc4f36fe9f00d772414748191cd6649397f3138567a0bc858fecf74587eef69dc3334a12fdd7b4671eccaf8a3e9a859e

  • /data/data/com.ClashRoyale/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/667552EA0102-0001-10C6-4F99133A5F7DSessionDevice.cls_temp

    Filesize

    48B

    MD5

    cf9cb0612d588a1f71b63084cea67316

    SHA1

    3d035bb92fd3f8997160cf8025c40239af74d3ca

    SHA256

    0d37c5a64baf86735501f9044eeb926b3d46548cdcf67c2cd1f773df36624ac9

    SHA512

    70f000233e181e3b7c6fcf07aa04fdb570f970335837f8d1c4680a9f78af9f9e17c73a0a5646770f7a8787e338899edc4a5197b023865a4da894b1aca12bf600

  • /data/data/com.ClashRoyale/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/667552EA0102-0001-10C6-4F99133A5F7DSessionDevice.json

    Filesize

    202B

    MD5

    75db92d50c80a89e068550028c62acec

    SHA1

    d78ea55f5dc682e4da456d26383249f608fe894f

    SHA256

    1dfc488309883b61beb3462567a9befeaf36bb475a07a7ecef2be60bedb4b5a2

    SHA512

    dbb81daa5fab357f087dc295e7861444f945eb4c3883a09926b47312ce526bc069266a8a24b2a5b4921fb13e797696c5824195f0a79317e279ccf7855ca2ee13

  • /data/data/com.ClashRoyale/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/667552EA0102-0001-10C6-4F99133A5F7DSessionOS.cls_temp

    Filesize

    14B

    MD5

    9b3d4522944ce6396563812bfdb92fa9

    SHA1

    6d2a6133c8f01938a48ccc77ef86ad8ca335c020

    SHA256

    d32805d685a3f50caa7f1c0bd7c8804c4d937a866513289f60e3184f7a591ed9

    SHA512

    091d87643712530bf9006135db42a5a50742bb5ca3026bcc5f2c1c17bf4fd984a8938d29263b0abde3d15cac196d2230902534e200b0b79485e3a1bd97d95727

  • /data/data/com.ClashRoyale/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/667552EA0102-0001-10C6-4F99133A5F7DSessionOS.json

    Filesize

    54B

    MD5

    93023624eb8dff5c20050da136aaae0a

    SHA1

    acfd1ffed752c28fb135ba83c0c6345ddf2f6995

    SHA256

    968bcd7c4f1abed89a09cc0e6dadd238a81e8655e64196b39a86be49ceecd39c

    SHA512

    bb25dfa144d3f0e17203936c503c5fedec5f9ca710e177f99e273010ba4a682199d4bda5684151d65f3cb1549f4611b3a645ce39646d3db9a1b2c17d6b160579

  • /data/data/com.ClashRoyale/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

    Filesize

    393B

    MD5

    28947654755fc679a90f2510856c77e2

    SHA1

    267bc73c3968222017512e8443e631d0f784b6ea

    SHA256

    7ea45df7dd58571d43639b9b2d6f39a9fa7c06964d63729c9e25305d065e5a65

    SHA512

    e17a2a98f94c1a22d3ecc3674acc8e040791d0a3e6e240ce7fd9eabf1d1d854dc26e82da2243f0933afacc76347b6568d7479bdbfc8e799ca0c376cebddbfdb6

  • /data/data/com.ClashRoyale/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

    Filesize

    821B

    MD5

    f13c2ea1df918cf7f2a55cb5d284fb35

    SHA1

    446c7718022cd1eb33b25dbc8844cc8c8954cd69

    SHA256

    43ec07daff8aaf830765525e341cbcf0913a9697eaf9226d4fffcc3e8100cd75

    SHA512

    eb435d80871540a9e71287ebd3a6cc3fecabb1b0adfa90a53a3e7f043ce1859f009955283d8d082318d94f9f2d15494543c0344729b751775848a0621595c152

  • /data/data/com.ClashRoyale/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp

    Filesize

    16B

    MD5

    c33583fae4e0b61cde1c5b9227963237

    SHA1

    fe2ebe4d27469af1460f7e852031a04208ef629b

    SHA256

    35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

    SHA512

    fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

  • /data/data/com.ClashRoyale/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_d1ba3acf-ef6c-4401-a4b6-1e43eb369674_1718964971298.tap

    Filesize

    317B

    MD5

    dc445d496734f82d25ea779932d9e182

    SHA1

    1d04300a56bc27078cde8d9f0cf9f9dff9fd6813

    SHA256

    4632940c4b0229826340ca5c0b67a70353ea09b66821c85c8cf0f8619cf011ee

    SHA512

    b830da90ecc772cfc450b7f213de4af0a56348909a683be0cf32c8e35eaf6da38d8831ecd135822c798408b3403517357fa0132dd1154e196c7fed0aaa93fc40