Analysis

  • max time kernel
    52s
  • max time network
    133s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    10-08-2024 11:20

General

  • Target

    Application.apk

  • Size

    6.2MB

  • MD5

    d61568a1d7d387b947d82a52c0aa3dd8

  • SHA1

    1a14fea48bae04f4670f14e8259a58d7a7ef4032

  • SHA256

    4332c47f1f127b151349ebac341f9d9d479b57576016fe8607edf1516858e695

  • SHA512

    cd1d8578495042fd3cff37000b26a42482f3a8d4d1eec6cd2203a80f34928759deb3b0356922794e08fe0db7c29e1eb07f18d45847907e902ca479647fa6ca8a

  • SSDEEP

    196608:H5I3DTeTyIuGp83WXC/YGJYSvkgdQ+31T4obkajQaqnbK6:H63/euGW+CwGvrlTl2aMbf

Malware Config

Signatures

Processes

  • com.spy.ir
    1⤵
    • Acquires the wake lock
    • Queries information about active data network
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks memory information
    PID:4264

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.spy.ir/cache/~test.test

    Filesize

    4B

    MD5

    098f6bcd4621d373cade4e832627b4f6

    SHA1

    a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

    SHA256

    9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08

    SHA512

    ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

  • /data/data/com.spy.ir/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    f531f9590a9d607804aa924fad8b776a

    SHA1

    a6b862b98ccf6ac2686643b2d92be465a06b1e2c

    SHA256

    8abc19ba48f2c00386b3b800536ad13f02d1ab2dbd7e2767888bfc378889bb9c

    SHA512

    4e14656364df184a02b2990777ead899ad5f69e6ca005e551b2a0fae8e14cea429e5a98f20921d8a1698f033f5ee350f143ef3164ad42a5604b02039c154d9c0

  • /data/data/com.spy.ir/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    28ff4a242d2cbab70f03f416ed189ceb

    SHA1

    c9dc84be4b23911fb726ddaa8efcba298b10df77

    SHA256

    a81eae8efc70eb28b6714ce427f8c774bc684122ea3aa1f30d0fe706b153c518

    SHA512

    865708270cdc41ef87465bb460f3a6a295e93521ff2a3c7aa3428aae52a3070cd88afe780f2cc54ebbb3dc113b9554f3fa3b23cab4ba72c6df986ada1b17c6f4

  • /data/data/com.spy.ir/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    399003880bcb9731f55c036ad7e4bc00

    SHA1

    7fd59d7c3201ec18ead8e80723a1ba52b60d5357

    SHA256

    97188ba8dd15b834d4ead1996dca6e86f5289c5d7b70300c822fc4bbceaac6d1

    SHA512

    c639a732d65772f7eefc099670acd7e1c2f2654a240c54141307657aa710fd17b01ab589634c7d9597697b8cbd08fc5d5f0891e0991dbe05e3e5ca8d604a6cac

  • /data/data/com.spy.ir/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    32ddd72ac4dcd8fb872259780333dc81

    SHA1

    5dbaf8e8927e2d0020073437f96f93ec25e583ad

    SHA256

    79bc190189bc478c22842956af200b2c555bdcfc8ba7f28875352782691374a9

    SHA512

    9f59993a0800e535d9bfafc902ccf236fd8418c4ad3d25f5dc1aff6d5651ccb20056583419db39566422244b8686715429b5630f370a9aa6e8602652a9660043

  • /data/data/com.spy.ir/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    3e881d9a01ca707bed38018ac69f4518

    SHA1

    5820f9351d7cc8082de6e5686eb9f8fedf6fb830

    SHA256

    4a5bf9bfe9b032546f886dd5fe6717de78716734aaadab620c0444ed6df5151c

    SHA512

    8f0395c94b3a449f3c61e7117f400c7b8a12c23d3655be6772bce2c8aa0ec8d8be8000c5cd2c6e10b334ef54a4add5583717393c3239da80c334c45b8b392db8

  • /data/data/com.spy.ir/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    7237409e0640cfab7bdbd429bf821a3b

    SHA1

    4c3da934842f8d4835dfe2a9c275a300e5123309

    SHA256

    5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

    SHA512

    c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

  • /data/data/com.spy.ir/databases/google_app_measurement_local.db-journal

    Filesize

    512B

    MD5

    8ee1d754cea4bd38eb89c31c30fb5c2a

    SHA1

    4d81072955f10b6cfe710430982b0cc09ded9c91

    SHA256

    d1d12859787716f22d68a51c14345623488cfa41039b98bc37abeab7dd996ac9

    SHA512

    ab4684ed7cd6fc4832d50ca2d64be30bced37932d925b7737018188598ff16c7d683270adb40fe9440fbff2ba63506a95ddfa3bff02298e3b7b72ef523f73459

  • /data/data/com.spy.ir/databases/google_app_measurement_local.db-shm

    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

  • /data/data/com.spy.ir/databases/google_app_measurement_local.db-wal

    Filesize

    36KB

    MD5

    b0dd8b0b68db5d34afb3063560fb9823

    SHA1

    9a8a6406f79c016aaf11504ea141eb89c3c578b0

    SHA256

    991734557120e0a9f9b60d2f31c64be89c802da2f23e3f75b5bd96c47a4345da

    SHA512

    57cb8fdc956f5e380a7343f3a2da3be419f13ecab041bfa31c6f42339bd9beee45c0eb0984d1d7841beafe28b76a60d706194e5c274505eeb61db772eb2fc4aa

  • /data/data/com.spy.ir/databases/google_app_measurement_local.db-wal

    Filesize

    4KB

    MD5

    ae3ac44258636e5f9c7bb9a7ba26ed49

    SHA1

    c7ce1212226edeb30ea20ba8c8bd7f21504990c1

    SHA256

    7c40886e35630811f753f5cb8cdfcdbcbba2738a9fa48097fae8485e816fa9b6

    SHA512

    a9ffc00fdae9c4cf41906f01113fed452d595b497022a6f244a50646b312122f3f86a6b40c218aeb7f0b2f3915a476893a785ddbbc5918110bc29a9075c2afd5

  • /data/data/com.spy.ir/databases/google_app_measurement_local.db-wal

    Filesize

    4KB

    MD5

    e62b9e5313539679edce65aa4c61e47c

    SHA1

    29ed136b86382de0a03b167bb54ba1cd956d88f1

    SHA256

    1b8f26ae1cbbba910b3538139139c060cb4016ba68e0522855e0ce01ac39291d

    SHA512

    9576256634d5601fdc57a4dc81ccd9043a6171267967a02c944ad35d4c09c511dd43b4f460ba52fe31abbf797f6c1b487b757fe4f15d7a91ed55b7bcb56e5838

  • /data/data/com.spy.ir/databases/google_app_measurement_local.db-wal

    Filesize

    4KB

    MD5

    ba2a89176d6f64db4b433f58414961a4

    SHA1

    9a75921081f6364e4ab9a2e8313d7efb228730b7

    SHA256

    5ec1b5a84b71b15c2cb9932bc117db2bb5f41e8446a4984759c7be5ce81abdce

    SHA512

    e517f611e7c24cd3143dd8fbca72222ad3e6a33fc38090655d68ad424c12020864674223b19c58d39451400b7816c237dba704f418cbe191f452f3d488b5c495

  • /data/data/com.spy.ir/databases/google_app_measurement_local.db-wal

    Filesize

    4KB

    MD5

    9ab9567d762057520e2dbcb2a00c3ef4

    SHA1

    5a67bfaa82240cf3cbf7dbf1e6a7b140455217bb

    SHA256

    1b50f78666c9afb8be33c2b557240e0585259b3e6b7a6988da39afd6e2fbfebe

    SHA512

    de4fc37983a792c42d73fdb03401ea30d85cc04ab09a1a6c9ea9c39fe24d855293f21cf11c20bc9e90b06c5bc031f9aca1ed41c7421c2c9f11c5dce1c9d3622e

  • /data/data/com.spy.ir/databases/google_app_measurement_local.db-wal

    Filesize

    4KB

    MD5

    6c0395f783af739bfb8b24598c6fafae

    SHA1

    68a1d6bc3b08621ceb8af6268966e9e591f69d80

    SHA256

    1fe79984fcb538100cc3bfbb2dd0951f79b1f8781f26726442d9108da68a952f

    SHA512

    bbaa05b46a214a12111adf727f8abdb10b4935ad96d0282c8c35d7c830b610a56b1911aa81c6872ce9c0c9306e707399a5fe0b698ce24c97235c14c3186a6157

  • /data/data/com.spy.ir/files/PersistedInstallation5649760031601696500tmp

    Filesize

    90B

    MD5

    3c2ac2a3eb19775a2c9be4cc5150a73f

    SHA1

    dc63c1b6466eb5115da8624fea9c4b7d111eb47e

    SHA256

    e5be3a1be4c4c9dd07da696f6cc0031df460e7a1397079b68b0a6485c9864f1c

    SHA512

    9787077bddae5490167a2e816cdf14217f7eaf68d23cc500b8f3036618041b861a7071c28756bc620a3b126b646b28ae8ecd0be98d1c1c9898f1ed90586bd9eb

  • /data/data/com.spy.ir/files/PersistedInstallation6946260095985396968tmp

    Filesize

    570B

    MD5

    bfd325aeca3a919396747b7a4b502880

    SHA1

    81ffe57919895208618f47bc35971f8885ebbf00

    SHA256

    7828e932a4c4b69bb55a4f59a8e747a6cef0ec943439a4d8c44cf3bb646746f8

    SHA512

    a584930e852fdaeb58b120b80640ae926a4787969b9273623a4a9e60d4e3b5f4bd93b9a3634c6df94cdb29416d0cb0abb020519c128bc679895841f1792fa074