Analysis
-
max time kernel
13s -
max time network
130s -
platform
android_x86 -
resource
android-x86-arm-20240611.1-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system -
submitted
21-06-2024 10:11
Behavioral task
behavioral1
Sample
eeac062c8c9149a6739371238b857f18fb8a61c146443a972d1eb201d504216c.apk
Resource
android-x86-arm-20240611.1-en
General
-
Target
eeac062c8c9149a6739371238b857f18fb8a61c146443a972d1eb201d504216c.apk
-
Size
3.2MB
-
MD5
f2b9ffb8bb4684754a7e1eb02f1added
-
SHA1
b3d4a329b035a97c21f09698eb20e3db732aed82
-
SHA256
eeac062c8c9149a6739371238b857f18fb8a61c146443a972d1eb201d504216c
-
SHA512
37ca4bedd0054ab5233b441861e9c30f128238e75849ef744195d92e5c0a8f5da6db633c95b05397a978d0f7bdb31be4c2cfbf696687a3e968dc5cef17043345
-
SSDEEP
98304:F1yqxOabNLn7Rk3H0bbamJL4F/E+roUWwvlL1K:zLwyNLVcCJk6+rotsl4
Malware Config
Extracted
truthspy
http://protocol-a748.thetruthspy.com/protocols
Signatures
-
Truthspy
Truthspy is an Android stalkerware.
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
ioc Process /system/app/Superuser.apk com.ClashRoyale /system/xbin/su com.ClashRoyale -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.ClashRoyale -
Checks the presence of a debugger
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.ClashRoyale -
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo com.ClashRoyale
Processes
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
27KB
MD5c7b5801f4970b944a556dda8d75097f6
SHA1ab62d5c3d60940ac286f019fecd21f822af864f2
SHA256cc9e08d0728cef73f1f391fc1486845d285b6a14d778ef14c0ac2401e6b3fde0
SHA5126ac93f5393ce957d0be7de34145f433285f6ee37f6037f174f4532502da62218dddfc0e32883bf94830b4c79f63aa16cf10b3fa7b6eb4187b72f7703b6e0f0c1
-
Filesize
16KB
MD541172d46ff8888be4cfc7da9dc7d75bd
SHA183758a810bc86c52f60c838acebb9bd0c541be19
SHA2567c27b82cb8af372763b0699274222450a8311bcf96cd8e876b717d4ead2a4c9c
SHA5126d2556fbd104bc18366276346a8fa3d36992b5a7e98b2dc43683912ab4322dfda0ddf76c43b20710f8b5a8018655e731e5a52b2e573fd62f0ba0767b868c3972
-
Filesize
16KB
MD57cfe1929e16de460e6313570ccaeae1d
SHA1de0c84342a720f7cdf97b32d347e3fb8efd1ad11
SHA25644a37818c41a8079cff114ad7f3e566d4342a9b49fe47c27e68d834e4e056a56
SHA512cc90f4c2b4241d7b95cf05a6c1e3fa0f114380586bfcd46a2664ac8ff3dead5b2964df8b51c0d32856bc69c32d6ea1fddaff00edddd0576e652408f56d1e0fe1
-
Filesize
16KB
MD517604722b38a929a26ad5e11b2d63f96
SHA1fe8b3740cb4bfcfc9fbbff598a09a2359c297b50
SHA256f2ab25b7bafbc9136b0dca18e487dcbacf820cef3d4c594cbaf591b10e76dc0e
SHA51209400746cac9006b13bc25a65209d4000b567ee8ad1829ad9f1b9e21b9c0794f7dfcfe8be3b23be203f066bb86a5c95bffc38df93e5c7d4f6fc6d09aa6c7852d
-
Filesize
512B
MD51b97e990ff61e17bfba65c798f2417f6
SHA1292cb0eea219fc745a7d905ddbf82acd48ad89d7
SHA256cc50617275558c488477e49cfd7be7b11d1912a3f63b927651c46ad18b005e7a
SHA512a6e0c286c09dda12dbae8654bed0334312d2a0e24806766ec6b323fdf2c7f46cc636dd5cf72891955e178ed3481610b0447ba107c9b840ab71f1d618a4d66e9a
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
36KB
MD550bf5bc4b27751e8bbb1ebe65b067d5e
SHA10f3528a704a9c9f2d83c40eb09b8482c618af1a1
SHA256a3afb8232b1498a595e87a0eb187a9e21a501d8bcce5c47556ad0fe0cdff059c
SHA512b7d2460882475f965281c066d9e43b40e807cbb2ce110d7293f0a710c95bb1a773bb5b66881036c0add03a123d8a5aae76655350a4d8f1ce500e4b20bc41f8eb
-
Filesize
4KB
MD502855fc2c34b07a6f073d8d307a3aef0
SHA13e5ef2870a9226471aafcc0095726c8345157457
SHA256a674717b41290feba49e6489ead50df776593be013b005266a8a468fb1ef8caa
SHA5128c8c833ce18313bd5ed5f518135223f231430e63ce417a1a7474c531b6502f5f8b87484d8b8528fe6355baa37ae8a5c49f6cf7d18d841e2c2afde04cd618e2f1
-
Filesize
4KB
MD587947dbb63877eb7aa4c6a11d34dc833
SHA1ab5b19b99564ead8bcbaede7fcfc5f85d20f41aa
SHA256a5e74e299eb909b72c3b872cb7f397c47a379b56268f2def6f539e53c95a6c5f
SHA512528a9dc080c85085d093e687aed17e2bf311ddd88bfed4b5b6ce88f0bd0380d8eba88f2a4fb64dec52ad351f8a8a4334e69f16bf5020eeabe8239ee0d3a284b0
-
Filesize
4KB
MD508b548a10aefc7b5da940a49e109366b
SHA1771da4a13a6212a6931e6966fc818b1f30fa219f
SHA2569fb9feaf366866f118b1d281cb76a8d0239c7b23712bc9ba31fda5c461c90dab
SHA512cf148f753c70c09cad7a25bf595f4b5a34e841c51cee905110307779908d2a9045a7700c13959a0890f19528915d3ea553429ee1070ad72119762fe2efeb8cd4
-
/data/data/com.ClashRoyale/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/667552EA0102-0001-10C6-4F99133A5F7DBeginSession.cls_temp
Filesize77B
MD5cd7e2029e57153522f7aa64b79b1c78a
SHA19caa76ec0e31e66f6f26f8bbc0d6d3bd8c5f658d
SHA256d539beb7d8971581095d2851038404d9f9772cedd8ae58dcafd0fb93fddbe87e
SHA512168ccafbc2190478ae6aa75177425008061bd3cd00f17e8c8df71c5fd02b02efd19635e9df881456d28bb9a3c5ce0e9cabb31559b991ae9d86c7ef1c564d5a53
-
/data/data/com.ClashRoyale/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/667552EA0102-0001-10C6-4F99133A5F7DBeginSession.json
Filesize132B
MD5ae7bb2dba35c9622595fcfabc9789651
SHA125abda6a45201e702153450459685e1cc1d31af8
SHA2568ad4cc19f3007f190b62d625e2fd0990b1217c977c1e941d0c26e9e371198c8d
SHA512362ba578300a4f430240fca2f036bbc9ef5cd214c41948315891b8239d8b4951db7d6269212c552f1abf249306dd4746a38d1051799a8ae57b2e22f240e79e1b
-
/data/data/com.ClashRoyale/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/667552EA0102-0001-10C6-4F99133A5F7DSessionApp.cls_temp
Filesize107B
MD5560e9b322b0aae87ce9b0edf9c5e4371
SHA1ad69d81572f95f2e4730582c42c657a3439a09b1
SHA2569e2eebc84afc60dc6848c78049a11a33048e0666205bfc61a05e8aa962fa7211
SHA512670e2740d3ac99415951e02a2282d95ba5ad70f731cc5b3f5ffbc394055f9fece1634001563f6d3ecaa7ce5a211c702eecf8bb63956c5dfae41e2c9948a563dc
-
/data/data/com.ClashRoyale/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/667552EA0102-0001-10C6-4F99133A5F7DSessionApp.json
Filesize221B
MD57cb5974b445819989236113ec4ddf388
SHA18f38326cdb5c36d1da7ab7e59276ba257d712c37
SHA256aa0c78f4b4fa5a8451845343c3c63a45e2917de87c6e2cfa8439f598158e515f
SHA512954696bbad2b70976e77ad3b5a485a1ccc4f36fe9f00d772414748191cd6649397f3138567a0bc858fecf74587eef69dc3334a12fdd7b4671eccaf8a3e9a859e
-
/data/data/com.ClashRoyale/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/667552EA0102-0001-10C6-4F99133A5F7DSessionDevice.cls_temp
Filesize48B
MD5cf9cb0612d588a1f71b63084cea67316
SHA13d035bb92fd3f8997160cf8025c40239af74d3ca
SHA2560d37c5a64baf86735501f9044eeb926b3d46548cdcf67c2cd1f773df36624ac9
SHA51270f000233e181e3b7c6fcf07aa04fdb570f970335837f8d1c4680a9f78af9f9e17c73a0a5646770f7a8787e338899edc4a5197b023865a4da894b1aca12bf600
-
/data/data/com.ClashRoyale/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/667552EA0102-0001-10C6-4F99133A5F7DSessionDevice.json
Filesize202B
MD575db92d50c80a89e068550028c62acec
SHA1d78ea55f5dc682e4da456d26383249f608fe894f
SHA2561dfc488309883b61beb3462567a9befeaf36bb475a07a7ecef2be60bedb4b5a2
SHA512dbb81daa5fab357f087dc295e7861444f945eb4c3883a09926b47312ce526bc069266a8a24b2a5b4921fb13e797696c5824195f0a79317e279ccf7855ca2ee13
-
/data/data/com.ClashRoyale/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/667552EA0102-0001-10C6-4F99133A5F7DSessionOS.cls_temp
Filesize14B
MD59b3d4522944ce6396563812bfdb92fa9
SHA16d2a6133c8f01938a48ccc77ef86ad8ca335c020
SHA256d32805d685a3f50caa7f1c0bd7c8804c4d937a866513289f60e3184f7a591ed9
SHA512091d87643712530bf9006135db42a5a50742bb5ca3026bcc5f2c1c17bf4fd984a8938d29263b0abde3d15cac196d2230902534e200b0b79485e3a1bd97d95727
-
/data/data/com.ClashRoyale/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/667552EA0102-0001-10C6-4F99133A5F7DSessionOS.json
Filesize54B
MD593023624eb8dff5c20050da136aaae0a
SHA1acfd1ffed752c28fb135ba83c0c6345ddf2f6995
SHA256968bcd7c4f1abed89a09cc0e6dadd238a81e8655e64196b39a86be49ceecd39c
SHA512bb25dfa144d3f0e17203936c503c5fedec5f9ca710e177f99e273010ba4a682199d4bda5684151d65f3cb1549f4611b3a645ce39646d3db9a1b2c17d6b160579
-
Filesize
393B
MD528947654755fc679a90f2510856c77e2
SHA1267bc73c3968222017512e8443e631d0f784b6ea
SHA2567ea45df7dd58571d43639b9b2d6f39a9fa7c06964d63729c9e25305d065e5a65
SHA512e17a2a98f94c1a22d3ecc3674acc8e040791d0a3e6e240ce7fd9eabf1d1d854dc26e82da2243f0933afacc76347b6568d7479bdbfc8e799ca0c376cebddbfdb6
-
Filesize
821B
MD5f13c2ea1df918cf7f2a55cb5d284fb35
SHA1446c7718022cd1eb33b25dbc8844cc8c8954cd69
SHA25643ec07daff8aaf830765525e341cbcf0913a9697eaf9226d4fffcc3e8100cd75
SHA512eb435d80871540a9e71287ebd3a6cc3fecabb1b0adfa90a53a3e7f043ce1859f009955283d8d082318d94f9f2d15494543c0344729b751775848a0621595c152
-
/data/data/com.ClashRoyale/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp
Filesize16B
MD5c33583fae4e0b61cde1c5b9227963237
SHA1fe2ebe4d27469af1460f7e852031a04208ef629b
SHA25635c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e
-
/data/data/com.ClashRoyale/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_d1ba3acf-ef6c-4401-a4b6-1e43eb369674_1718964971298.tap
Filesize317B
MD5dc445d496734f82d25ea779932d9e182
SHA11d04300a56bc27078cde8d9f0cf9f9dff9fd6813
SHA2564632940c4b0229826340ca5c0b67a70353ea09b66821c85c8cf0f8619cf011ee
SHA512b830da90ecc772cfc450b7f213de4af0a56348909a683be0cf32c8e35eaf6da38d8831ecd135822c798408b3403517357fa0132dd1154e196c7fed0aaa93fc40