Analysis
-
max time kernel
15s -
max time network
132s -
platform
android_x64 -
resource
android-33-x64-arm64-20240611.1-en -
resource tags
androidarch:arm64arch:x64image:android-33-x64-arm64-20240611.1-enlocale:en-usos:android-13-x64system -
submitted
21-06-2024 10:11
Behavioral task
behavioral1
Sample
eeac062c8c9149a6739371238b857f18fb8a61c146443a972d1eb201d504216c.apk
Resource
android-x86-arm-20240611.1-en
General
-
Target
eeac062c8c9149a6739371238b857f18fb8a61c146443a972d1eb201d504216c.apk
-
Size
3.2MB
-
MD5
f2b9ffb8bb4684754a7e1eb02f1added
-
SHA1
b3d4a329b035a97c21f09698eb20e3db732aed82
-
SHA256
eeac062c8c9149a6739371238b857f18fb8a61c146443a972d1eb201d504216c
-
SHA512
37ca4bedd0054ab5233b441861e9c30f128238e75849ef744195d92e5c0a8f5da6db633c95b05397a978d0f7bdb31be4c2cfbf696687a3e968dc5cef17043345
-
SSDEEP
98304:F1yqxOabNLn7Rk3H0bbamJL4F/E+roUWwvlL1K:zLwyNLVcCJk6+rotsl4
Malware Config
Extracted
truthspy
http://protocol-a748.thetruthspy.com/protocols
Signatures
-
Truthspy
Truthspy is an Android stalkerware.
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
ioc Process /system/app/Superuser.apk com.ClashRoyale /system/xbin/su com.ClashRoyale -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.ClashRoyale -
Checks the presence of a debugger
-
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo com.ClashRoyale
Processes
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
27KB
MD5c7b5801f4970b944a556dda8d75097f6
SHA1ab62d5c3d60940ac286f019fecd21f822af864f2
SHA256cc9e08d0728cef73f1f391fc1486845d285b6a14d778ef14c0ac2401e6b3fde0
SHA5126ac93f5393ce957d0be7de34145f433285f6ee37f6037f174f4532502da62218dddfc0e32883bf94830b4c79f63aa16cf10b3fa7b6eb4187b72f7703b6e0f0c1
-
Filesize
16KB
MD538465d149db75d37b65d5356c87a579f
SHA1982b1e6da0a3d8308b89569988586e5ca20712f3
SHA25680abe58de790ce79bb55bea31c0efe3a72261c20acfab15b8a35b2908d9cb09c
SHA5128b6cabe634614ee8bf7362103167e4ade05ebe107c0be2a8a0555ac8556c4dd6d67e31fa200b11b1ab63141b6406f9e5a932a03be77e38fa1a776629a23ed312
-
Filesize
16KB
MD5fcb48194df764929b51206395704c85c
SHA13ba3f3db81117d6a544ec3cb60b5f8a5b0e5acae
SHA256a4efd28b7061a8ea5f842995a89019247b1264c7f3083c6885f91b9c436a3835
SHA5127501b6e6cea359cc3b3a2fa6754c500ef17b887b619f1fbcce7a8b1a9e593594c02b2d028b7973d7a6349bbc407baee6b2c4446f8b96d0e6bfb094b66bad22c1
-
Filesize
16KB
MD5adfba2f9d21d92dce304c9f324d7b190
SHA1ddb19714a9455bdbf31fb31471f1b0b8076c67a7
SHA256e3f35835d12a713c3fe62d56fd1226899813ca1382219b1b6047cc69b4e93081
SHA51227bcf50a853c803affd1429319e9b3f415366fef2f207f9767e7997f9d4a45201f1559c3743cfa4a8a317b849e20283d52986049287fceb0c181c8a932aaed73
-
Filesize
16KB
MD5559e314391175620087c8c9d283376e4
SHA1bf8c2cc3eb0b5c64238da9b189870b21a6119006
SHA256eecaf91d2597be7d58167c0e9d97a6b86910b90eb5c365224060a9a73d02ab88
SHA512a8f1540aa1d3039c5f6818ea35d115bb4efa737ab14c01ebc20c492d576e09834d1c4fc8929232fad42739e2437c9f841f7978ab8362a0d5d4a51b67e8fcd061
-
Filesize
512B
MD55bf93f284b4cf5dc0abeee5417b2731c
SHA1a3757b10e0bec40dc83681a2bacf4e4756ed6f86
SHA25658bcb0b8ce3586c39c7b67cea564c07b952765bf0bed0bce4ccfd391705acb03
SHA512c9d4f5a78cd4f13859dc8d2baa813553a086df94c2784c4ba3d4a7a6f963ae9d7c9f43c2cc4452535c7863bbaca83fc4cf2351587e31eefa9a07a7e0b3c164ce
-
Filesize
8KB
MD5246263bf99b862e47948538eac79844f
SHA1f98b4cdfbf345c21021e9b3024eddb12beec7ab4
SHA25629beb53218d7b8ade9156447cb86f4e41a571f6865bb69259c05bbea0bf44190
SHA512a19062b812a4e9aacea5befa56d50c07a722b33cd04f4bc82ba46f0db2a70d3b74ff0ae37bc1d7d76eac307099741a0a28f95f1450dfd8d89be38c62011a34fc
-
Filesize
4KB
MD5531998becb749a91b680161ab11f5f07
SHA14d7c82d8974d87484bb2bd1eeb7d04740bde0256
SHA25652e932fcfa1bf32f948d2ff33cd8f65f14a2b68cea339576b7c2af8b88875236
SHA512a86137399bbee58b5324576dae3aa0764747f0ba8534b037d01eceb5eb66261da56fb89281a263a82f5fdbde420a6970868509b8210f204317328ecefbd33497
-
Filesize
8KB
MD5a29b156aeaafdfa2f2e211fecc8c740e
SHA181e530e13d1725a5e02e6d06bbf599a2dc1ee2dc
SHA256a8682a0d3c54bac3f88bd2a3d4683f5572569730c119566d258ad7ea93b15c0a
SHA512ae0199ea3668178428d72e65c90926b25141ccef13181815ccef7324479af2ef325f0e283b4f87a7c7c29e19eb5f5ef5ad34a8519f474d9f5ccf1376bead2d1c
-
Filesize
8KB
MD51ea1ef002d6c96ce68cbe78e72f44a2e
SHA1933ca6c3c42fcdc171ff9fc0910a9473dd262185
SHA256c6569bedeab18ccabc72df1c82cdf6a10533c26afd2fe9985e29345c47566b95
SHA512f7e7bf6c8a02947ddefc9f1dcbc00a0e437115c6d96bee3ddc3002fcf6231a886444522ba154b09a1e7bbf0c22732a4cfa2117003e2864fe2a6a6aef32c09166
-
Filesize
8KB
MD50ac757b5278983347eb5e99f8fe5416b
SHA16f51f96b50d9a80efe8ceafbda0cb3b11e180163
SHA2560ab7a56576f370e37d865936915092b5c5f71a1b10cb040ec6dc6abf70be89ce
SHA512725fcf7ce444d664474582f170dcc438376c42bbcc1309d38d85d3aa248ae4d76ac9a0586c7102aac4284d16d82c1d678b0e1c281df0854eca1b4a496e5f5d64
-
/data/user/0/com.ClashRoyale/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66755236032F-0001-10CB-490B3A762127BeginSession.cls_temp
Filesize77B
MD5f133f98979e54a8428895d88b2fa30ee
SHA1f4fe75f4939eedcf1002bcf709e7ccebd9892bde
SHA256eb62763d72f24d4cc48413d14918c8a6a02b277b90199702e4e9db3d7d733b5c
SHA51241b3f784786b2d5a9540962c16430de55891954bd7bf6b210864c73db8618398090d7223c50d9fedd3a2ba861854b447c9aacc8c279ed7f578b79460396a6dc7
-
/data/user/0/com.ClashRoyale/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66755236032F-0001-10CB-490B3A762127BeginSession.json
Filesize132B
MD529766fcbd53f397700e333fb910c3ab2
SHA1befe890f37cfd0a374c0ec61f71ba05d40191200
SHA256bea842a95a75c8b5e38b3ea6b0572fad86cc4f41b57df8208c98944b7cf076c4
SHA5128391005f9ba8cbad156d432c5631863f414a5190d9af627a1b6f30e3e7d159de86979293f1a7d611f2af0c4b633a159be23d36280c419b441390966e60fe70e8
-
/data/user/0/com.ClashRoyale/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66755236032F-0001-10CB-490B3A762127SessionApp.cls_temp
Filesize107B
MD52a6be2938f05473046cb48183e65fe5c
SHA11a99f72523e972f5bc9c049bd035b6ed1fb066e7
SHA2564b7c8efe6c4400b071fbe95e2b74002c871cc38e7177b46f0af80e2156c9bb0d
SHA512e772c1326b40347b9b5597cf4f244385311a26ebec50b3499637d84a23f3d95e5371a9872ebf46b9f8372f11bdbd291d36cfcef7f6f28b19e1a231b23f7feedd
-
/data/user/0/com.ClashRoyale/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66755236032F-0001-10CB-490B3A762127SessionApp.json
Filesize221B
MD50b1d51935162e7f7fcb5c463e5e7f8de
SHA1c1e01a2b8a9b2e07494c9d44e0e4a4b3d07db1f7
SHA25680146b5805041e407470e27cc8bef7529a7d5addfea7005de276591261fea411
SHA512b51d96b0e03d7c560f2b19507b3270317122163c0fa173ed56ab0f015a5a6c63e751ac403737d67d8f3c17ed9802d63b75b9ab03f942823f45c399577e52b45e
-
/data/user/0/com.ClashRoyale/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66755236032F-0001-10CB-490B3A762127SessionDevice.cls_temp
Filesize48B
MD5565c6ee401c88ff45333d76d9a45b41e
SHA166d1d4970e2504ca80eeb12108deaee208d7beb5
SHA25674d24661d5bbd395690ee059fb9886184ae12d3ac9306b805c0a106c9ba97ca1
SHA51279430461bfe8d08f8f92882daaf59251a7ba36dd47c2020bc8b471b7d07170aba1da9de935a8074c38a1aacc7fa898bda74814365be1a4c570bb88dd37ca3d6a
-
/data/user/0/com.ClashRoyale/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66755236032F-0001-10CB-490B3A762127SessionDevice.json
Filesize202B
MD53b855c2aeedd2347557407dc5d040666
SHA1d2eba16bc0716f883fb909e25d1ab703d8b09cb8
SHA2565c91c7d30954436b9f87b94a81d08e908d02acb9c056e05d2a407cb208821c96
SHA5129444968c4d23fa46c8e272aece3ff42804f2f2d1c0297486be3898827dd7612c24574a31a5f96b834414e16f37c1d6a198c59bf1a672f652081b4afa3e2eaaff
-
/data/user/0/com.ClashRoyale/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66755236032F-0001-10CB-490B3A762127SessionOS.cls_temp
Filesize15B
MD5f8b3ebea29c91d82f009e5a9c6d11060
SHA199d88c4b39d9143084e777b93d9692a59a3d087d
SHA256b7869422f5dcf3f24ae91560cec05ebb39852ed45baf3a31176f9b90de87aafe
SHA5126f89bfe6bc1c0a68bca73ef92c53e1a308fd63f2228a25a6e34d117fc5cd253209eed56fe08f51d5643343a152acfdbfbb1c5dcea224e2750aed46074af369de
-
/data/user/0/com.ClashRoyale/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66755236032F-0001-10CB-490B3A762127SessionOS.json
Filesize56B
MD587e2b9d6edc06545b88235933e703881
SHA1b29448a47c87bfe3a59286e3cf4e02eb72581a7e
SHA25677b886b74dd48e22effd172c38ee914ced97247f4516c319f09cb8c9ebce4c7a
SHA512ccccd682e14a485c8c8d13ca0105d196d00fe02bed941d939154a199c14e741eac6522f378f509ed14a52efd38e479930ae223f6f317a35b0787d82e553db3a6
-
/data/user/0/com.ClashRoyale/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap
Filesize825B
MD523cfd362e4b574405d872c031bb3cb2d
SHA17596d702f9d54062049240717ec28faedbefe721
SHA256107095fb0a8918baab87f0a7afa1999c441726719c6902ff8c7cde6218af11ca
SHA512d1960820c1183c5dd018cebc4cad54d2e21a6f534ed87d5961347e1582a846532ad56805c0cf1595305dcfb649915136c03867a3d94e22ae687da21fc01192c3
-
/data/user/0/com.ClashRoyale/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap
Filesize395B
MD58aaa8ec37f75d9b062986c6b3b3fc599
SHA1ba9d7b5a043421279a9b7b0fe258c183e5c2f9c3
SHA2560d49357e4d29d9a21d3abef5290802616b7f1f22d07d9c16cf2393c8f852d5f0
SHA512143d52c9e206330588d6ce7f5c9a0f2ec914c4c7f7fd407f738fdd3a8c902ccdb62d8667085b21a6f1ff63518f6c2eb591cae8f5302868df605cc314469491f5
-
/data/user/0/com.ClashRoyale/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp
Filesize16B
MD5c33583fae4e0b61cde1c5b9227963237
SHA1fe2ebe4d27469af1460f7e852031a04208ef629b
SHA25635c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e
-
/data/user/0/com.ClashRoyale/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_e57c76b7-e27c-44dd-a66a-cefbecf1eec1_1718964792194.tap
Filesize320B
MD514834d116d591a523e105fd8187f42fe
SHA183e18a0c6014560b8678d79757afc1c571d9b4f1
SHA2562e6893b6d3b798889db9a0e49c4dc099382e1c0a7a636b5c347a3d56b6451ffe
SHA512c79829842fe79b548d69dfaf655bcc9e24eb92d35becea8f93f25adb704bbbd5cda0eaa35390c7d0678ed1b1580d6e42a78a67c8b91c07ccec13a204a28537f9