Analysis

  • max time kernel
    15s
  • max time network
    132s
  • platform
    android_x64
  • resource
    android-33-x64-arm64-20240611.1-en
  • resource tags

    androidarch:arm64arch:x64image:android-33-x64-arm64-20240611.1-enlocale:en-usos:android-13-x64system
  • submitted
    21-06-2024 10:11

General

  • Target

    eeac062c8c9149a6739371238b857f18fb8a61c146443a972d1eb201d504216c.apk

  • Size

    3.2MB

  • MD5

    f2b9ffb8bb4684754a7e1eb02f1added

  • SHA1

    b3d4a329b035a97c21f09698eb20e3db732aed82

  • SHA256

    eeac062c8c9149a6739371238b857f18fb8a61c146443a972d1eb201d504216c

  • SHA512

    37ca4bedd0054ab5233b441861e9c30f128238e75849ef744195d92e5c0a8f5da6db633c95b05397a978d0f7bdb31be4c2cfbf696687a3e968dc5cef17043345

  • SSDEEP

    98304:F1yqxOabNLn7Rk3H0bbamJL4F/E+roUWwvlL1K:zLwyNLVcCJk6+rotsl4

Malware Config

Extracted

Family

truthspy

C2

http://protocol-a748.thetruthspy.com/protocols

Signatures

Processes

  • com.ClashRoyale
    1⤵
    • Checks if the Android device is rooted.
    • Acquires the wake lock
    • Checks memory information
    PID:4299

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.ClashRoyale/databases/core.db

    Filesize

    27KB

    MD5

    c7b5801f4970b944a556dda8d75097f6

    SHA1

    ab62d5c3d60940ac286f019fecd21f822af864f2

    SHA256

    cc9e08d0728cef73f1f391fc1486845d285b6a14d778ef14c0ac2401e6b3fde0

    SHA512

    6ac93f5393ce957d0be7de34145f433285f6ee37f6037f174f4532502da62218dddfc0e32883bf94830b4c79f63aa16cf10b3fa7b6eb4187b72f7703b6e0f0c1

  • /data/user/0/com.ClashRoyale/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    38465d149db75d37b65d5356c87a579f

    SHA1

    982b1e6da0a3d8308b89569988586e5ca20712f3

    SHA256

    80abe58de790ce79bb55bea31c0efe3a72261c20acfab15b8a35b2908d9cb09c

    SHA512

    8b6cabe634614ee8bf7362103167e4ade05ebe107c0be2a8a0555ac8556c4dd6d67e31fa200b11b1ab63141b6406f9e5a932a03be77e38fa1a776629a23ed312

  • /data/user/0/com.ClashRoyale/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    fcb48194df764929b51206395704c85c

    SHA1

    3ba3f3db81117d6a544ec3cb60b5f8a5b0e5acae

    SHA256

    a4efd28b7061a8ea5f842995a89019247b1264c7f3083c6885f91b9c436a3835

    SHA512

    7501b6e6cea359cc3b3a2fa6754c500ef17b887b619f1fbcce7a8b1a9e593594c02b2d028b7973d7a6349bbc407baee6b2c4446f8b96d0e6bfb094b66bad22c1

  • /data/user/0/com.ClashRoyale/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    adfba2f9d21d92dce304c9f324d7b190

    SHA1

    ddb19714a9455bdbf31fb31471f1b0b8076c67a7

    SHA256

    e3f35835d12a713c3fe62d56fd1226899813ca1382219b1b6047cc69b4e93081

    SHA512

    27bcf50a853c803affd1429319e9b3f415366fef2f207f9767e7997f9d4a45201f1559c3743cfa4a8a317b849e20283d52986049287fceb0c181c8a932aaed73

  • /data/user/0/com.ClashRoyale/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    559e314391175620087c8c9d283376e4

    SHA1

    bf8c2cc3eb0b5c64238da9b189870b21a6119006

    SHA256

    eecaf91d2597be7d58167c0e9d97a6b86910b90eb5c365224060a9a73d02ab88

    SHA512

    a8f1540aa1d3039c5f6818ea35d115bb4efa737ab14c01ebc20c492d576e09834d1c4fc8929232fad42739e2437c9f841f7978ab8362a0d5d4a51b67e8fcd061

  • /data/user/0/com.ClashRoyale/databases/google_app_measurement_local.db-journal

    Filesize

    512B

    MD5

    5bf93f284b4cf5dc0abeee5417b2731c

    SHA1

    a3757b10e0bec40dc83681a2bacf4e4756ed6f86

    SHA256

    58bcb0b8ce3586c39c7b67cea564c07b952765bf0bed0bce4ccfd391705acb03

    SHA512

    c9d4f5a78cd4f13859dc8d2baa813553a086df94c2784c4ba3d4a7a6f963ae9d7c9f43c2cc4452535c7863bbaca83fc4cf2351587e31eefa9a07a7e0b3c164ce

  • /data/user/0/com.ClashRoyale/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    246263bf99b862e47948538eac79844f

    SHA1

    f98b4cdfbf345c21021e9b3024eddb12beec7ab4

    SHA256

    29beb53218d7b8ade9156447cb86f4e41a571f6865bb69259c05bbea0bf44190

    SHA512

    a19062b812a4e9aacea5befa56d50c07a722b33cd04f4bc82ba46f0db2a70d3b74ff0ae37bc1d7d76eac307099741a0a28f95f1450dfd8d89be38c62011a34fc

  • /data/user/0/com.ClashRoyale/databases/google_app_measurement_local.db-journal

    Filesize

    4KB

    MD5

    531998becb749a91b680161ab11f5f07

    SHA1

    4d7c82d8974d87484bb2bd1eeb7d04740bde0256

    SHA256

    52e932fcfa1bf32f948d2ff33cd8f65f14a2b68cea339576b7c2af8b88875236

    SHA512

    a86137399bbee58b5324576dae3aa0764747f0ba8534b037d01eceb5eb66261da56fb89281a263a82f5fdbde420a6970868509b8210f204317328ecefbd33497

  • /data/user/0/com.ClashRoyale/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    a29b156aeaafdfa2f2e211fecc8c740e

    SHA1

    81e530e13d1725a5e02e6d06bbf599a2dc1ee2dc

    SHA256

    a8682a0d3c54bac3f88bd2a3d4683f5572569730c119566d258ad7ea93b15c0a

    SHA512

    ae0199ea3668178428d72e65c90926b25141ccef13181815ccef7324479af2ef325f0e283b4f87a7c7c29e19eb5f5ef5ad34a8519f474d9f5ccf1376bead2d1c

  • /data/user/0/com.ClashRoyale/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    1ea1ef002d6c96ce68cbe78e72f44a2e

    SHA1

    933ca6c3c42fcdc171ff9fc0910a9473dd262185

    SHA256

    c6569bedeab18ccabc72df1c82cdf6a10533c26afd2fe9985e29345c47566b95

    SHA512

    f7e7bf6c8a02947ddefc9f1dcbc00a0e437115c6d96bee3ddc3002fcf6231a886444522ba154b09a1e7bbf0c22732a4cfa2117003e2864fe2a6a6aef32c09166

  • /data/user/0/com.ClashRoyale/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    0ac757b5278983347eb5e99f8fe5416b

    SHA1

    6f51f96b50d9a80efe8ceafbda0cb3b11e180163

    SHA256

    0ab7a56576f370e37d865936915092b5c5f71a1b10cb040ec6dc6abf70be89ce

    SHA512

    725fcf7ce444d664474582f170dcc438376c42bbcc1309d38d85d3aa248ae4d76ac9a0586c7102aac4284d16d82c1d678b0e1c281df0854eca1b4a496e5f5d64

  • /data/user/0/com.ClashRoyale/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66755236032F-0001-10CB-490B3A762127BeginSession.cls_temp

    Filesize

    77B

    MD5

    f133f98979e54a8428895d88b2fa30ee

    SHA1

    f4fe75f4939eedcf1002bcf709e7ccebd9892bde

    SHA256

    eb62763d72f24d4cc48413d14918c8a6a02b277b90199702e4e9db3d7d733b5c

    SHA512

    41b3f784786b2d5a9540962c16430de55891954bd7bf6b210864c73db8618398090d7223c50d9fedd3a2ba861854b447c9aacc8c279ed7f578b79460396a6dc7

  • /data/user/0/com.ClashRoyale/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66755236032F-0001-10CB-490B3A762127BeginSession.json

    Filesize

    132B

    MD5

    29766fcbd53f397700e333fb910c3ab2

    SHA1

    befe890f37cfd0a374c0ec61f71ba05d40191200

    SHA256

    bea842a95a75c8b5e38b3ea6b0572fad86cc4f41b57df8208c98944b7cf076c4

    SHA512

    8391005f9ba8cbad156d432c5631863f414a5190d9af627a1b6f30e3e7d159de86979293f1a7d611f2af0c4b633a159be23d36280c419b441390966e60fe70e8

  • /data/user/0/com.ClashRoyale/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66755236032F-0001-10CB-490B3A762127SessionApp.cls_temp

    Filesize

    107B

    MD5

    2a6be2938f05473046cb48183e65fe5c

    SHA1

    1a99f72523e972f5bc9c049bd035b6ed1fb066e7

    SHA256

    4b7c8efe6c4400b071fbe95e2b74002c871cc38e7177b46f0af80e2156c9bb0d

    SHA512

    e772c1326b40347b9b5597cf4f244385311a26ebec50b3499637d84a23f3d95e5371a9872ebf46b9f8372f11bdbd291d36cfcef7f6f28b19e1a231b23f7feedd

  • /data/user/0/com.ClashRoyale/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66755236032F-0001-10CB-490B3A762127SessionApp.json

    Filesize

    221B

    MD5

    0b1d51935162e7f7fcb5c463e5e7f8de

    SHA1

    c1e01a2b8a9b2e07494c9d44e0e4a4b3d07db1f7

    SHA256

    80146b5805041e407470e27cc8bef7529a7d5addfea7005de276591261fea411

    SHA512

    b51d96b0e03d7c560f2b19507b3270317122163c0fa173ed56ab0f015a5a6c63e751ac403737d67d8f3c17ed9802d63b75b9ab03f942823f45c399577e52b45e

  • /data/user/0/com.ClashRoyale/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66755236032F-0001-10CB-490B3A762127SessionDevice.cls_temp

    Filesize

    48B

    MD5

    565c6ee401c88ff45333d76d9a45b41e

    SHA1

    66d1d4970e2504ca80eeb12108deaee208d7beb5

    SHA256

    74d24661d5bbd395690ee059fb9886184ae12d3ac9306b805c0a106c9ba97ca1

    SHA512

    79430461bfe8d08f8f92882daaf59251a7ba36dd47c2020bc8b471b7d07170aba1da9de935a8074c38a1aacc7fa898bda74814365be1a4c570bb88dd37ca3d6a

  • /data/user/0/com.ClashRoyale/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66755236032F-0001-10CB-490B3A762127SessionDevice.json

    Filesize

    202B

    MD5

    3b855c2aeedd2347557407dc5d040666

    SHA1

    d2eba16bc0716f883fb909e25d1ab703d8b09cb8

    SHA256

    5c91c7d30954436b9f87b94a81d08e908d02acb9c056e05d2a407cb208821c96

    SHA512

    9444968c4d23fa46c8e272aece3ff42804f2f2d1c0297486be3898827dd7612c24574a31a5f96b834414e16f37c1d6a198c59bf1a672f652081b4afa3e2eaaff

  • /data/user/0/com.ClashRoyale/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66755236032F-0001-10CB-490B3A762127SessionOS.cls_temp

    Filesize

    15B

    MD5

    f8b3ebea29c91d82f009e5a9c6d11060

    SHA1

    99d88c4b39d9143084e777b93d9692a59a3d087d

    SHA256

    b7869422f5dcf3f24ae91560cec05ebb39852ed45baf3a31176f9b90de87aafe

    SHA512

    6f89bfe6bc1c0a68bca73ef92c53e1a308fd63f2228a25a6e34d117fc5cd253209eed56fe08f51d5643343a152acfdbfbb1c5dcea224e2750aed46074af369de

  • /data/user/0/com.ClashRoyale/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66755236032F-0001-10CB-490B3A762127SessionOS.json

    Filesize

    56B

    MD5

    87e2b9d6edc06545b88235933e703881

    SHA1

    b29448a47c87bfe3a59286e3cf4e02eb72581a7e

    SHA256

    77b886b74dd48e22effd172c38ee914ced97247f4516c319f09cb8c9ebce4c7a

    SHA512

    ccccd682e14a485c8c8d13ca0105d196d00fe02bed941d939154a199c14e741eac6522f378f509ed14a52efd38e479930ae223f6f317a35b0787d82e553db3a6

  • /data/user/0/com.ClashRoyale/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

    Filesize

    825B

    MD5

    23cfd362e4b574405d872c031bb3cb2d

    SHA1

    7596d702f9d54062049240717ec28faedbefe721

    SHA256

    107095fb0a8918baab87f0a7afa1999c441726719c6902ff8c7cde6218af11ca

    SHA512

    d1960820c1183c5dd018cebc4cad54d2e21a6f534ed87d5961347e1582a846532ad56805c0cf1595305dcfb649915136c03867a3d94e22ae687da21fc01192c3

  • /data/user/0/com.ClashRoyale/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

    Filesize

    395B

    MD5

    8aaa8ec37f75d9b062986c6b3b3fc599

    SHA1

    ba9d7b5a043421279a9b7b0fe258c183e5c2f9c3

    SHA256

    0d49357e4d29d9a21d3abef5290802616b7f1f22d07d9c16cf2393c8f852d5f0

    SHA512

    143d52c9e206330588d6ce7f5c9a0f2ec914c4c7f7fd407f738fdd3a8c902ccdb62d8667085b21a6f1ff63518f6c2eb591cae8f5302868df605cc314469491f5

  • /data/user/0/com.ClashRoyale/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp

    Filesize

    16B

    MD5

    c33583fae4e0b61cde1c5b9227963237

    SHA1

    fe2ebe4d27469af1460f7e852031a04208ef629b

    SHA256

    35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

    SHA512

    fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

  • /data/user/0/com.ClashRoyale/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_e57c76b7-e27c-44dd-a66a-cefbecf1eec1_1718964792194.tap

    Filesize

    320B

    MD5

    14834d116d591a523e105fd8187f42fe

    SHA1

    83e18a0c6014560b8678d79757afc1c571d9b4f1

    SHA256

    2e6893b6d3b798889db9a0e49c4dc099382e1c0a7a636b5c347a3d56b6451ffe

    SHA512

    c79829842fe79b548d69dfaf655bcc9e24eb92d35becea8f93f25adb704bbbd5cda0eaa35390c7d0678ed1b1580d6e42a78a67c8b91c07ccec13a204a28537f9