Analysis

  • max time kernel
    47s
  • max time network
    134s
  • platform
    android_x64
  • resource
    android-x64-20240624-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
  • submitted
    10-08-2024 11:20

General

  • Target

    Application.apk

  • Size

    6.2MB

  • MD5

    d61568a1d7d387b947d82a52c0aa3dd8

  • SHA1

    1a14fea48bae04f4670f14e8259a58d7a7ef4032

  • SHA256

    4332c47f1f127b151349ebac341f9d9d479b57576016fe8607edf1516858e695

  • SHA512

    cd1d8578495042fd3cff37000b26a42482f3a8d4d1eec6cd2203a80f34928759deb3b0356922794e08fe0db7c29e1eb07f18d45847907e902ca479647fa6ca8a

  • SSDEEP

    196608:H5I3DTeTyIuGp83WXC/YGJYSvkgdQ+31T4obkajQaqnbK6:H63/euGW+CwGvrlTl2aMbf

Malware Config

Signatures

Processes

  • com.spy.ir
    1⤵
    • Obtains sensitive information copied to the device clipboard
    • Acquires the wake lock
    • Queries information about active data network
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks memory information
    PID:5003

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.spy.ir/cache/~test.test

    Filesize

    4B

    MD5

    098f6bcd4621d373cade4e832627b4f6

    SHA1

    a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

    SHA256

    9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08

    SHA512

    ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

  • /data/data/com.spy.ir/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    60d2dec52efafe00774a6d605b3058e9

    SHA1

    cd8dd69b70e93051b6a1690af688eb332b6acf0f

    SHA256

    146aea9943c6b7eceddadac6c0b04022aed798b37c9ba3d1dfb5281f465403e2

    SHA512

    d0550065fb205587359c665d5408f94be09009f286bbd543af14b0fbbd3f27da0ba32bdf985a75e78f5bb75f85256e4a13fca64f5f44c1e50db7bf13e3d90f73

  • /data/data/com.spy.ir/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    10336be88080de13308435ca7e746b18

    SHA1

    715a9973d15f75fe7a2ab26df9c9ce48a45b788c

    SHA256

    aa28c96c2dad757ba5201767f239f828778ba6da276bd0fdcff6df098ca7e4c2

    SHA512

    c31b2f024c8abbe9a48ad052cca62f565e3b08605225130667b9c0559b913ab4c342da063a802f4ca114338798368f91302d936479cea78eddeeca2e48cad86a

  • /data/data/com.spy.ir/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    c30cf27c46b5295854a22f8d10ffee4f

    SHA1

    0d4b1f55e06c112a8bd5435e3220c7bcac79008f

    SHA256

    5d3502ee8320f4f80dcf92586c8b743f0b3075ad403dca8950b69ad529e6976c

    SHA512

    b1504f71791a089a7938ee77a3d3266d3942c13fdc43163793bfd8b7ca823e74b08bb9d3e3ac1e6ff1f1fac04e5bebda16e726c2dbf52ac578a116d8ca9f268e

  • /data/data/com.spy.ir/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    671e0361527933f01cf6d3e82f5f1f6a

    SHA1

    261ff8d980b900caa463323888b504ce1f924adc

    SHA256

    506db02bb65551a528e528f0c7609e4b2b40f355c46bff2876069c8aa903d3a2

    SHA512

    da1264e02cceb1933222e62606a743534b8bf81cedf863a972ded729e8480e4bc7a99686062ecf98c86611927c30be40968a8a0c37f50cb763911cce08698b28

  • /data/data/com.spy.ir/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    adf6082723784327d7d1b34adf974e7d

    SHA1

    b1502f70eb881a1dfe41139cb719fefb877ee37c

    SHA256

    252defb835b04f4af7c59bde7bd119664e901928f1373171a287897e729cb2a9

    SHA512

    762f146c452e590e0e3015a080e9821b5488551b9cca7a212ceb11a853ddf6b1894c99d09ba20e6691f5078aaa8e17a6ed66dbbe541eaee152978fab6884e27b

  • /data/data/com.spy.ir/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    eb52a90bb70b76e946b62f50b6f7fb85

    SHA1

    42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0

    SHA256

    48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4

    SHA512

    b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

  • /data/data/com.spy.ir/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    47d80e60402789757d36668283835604

    SHA1

    fbc759165b8fdc7c7c8cee5773f7e2d00e2d9308

    SHA256

    9b00df38f825991622c4b82d6c34f6024309856f74eebf357262d32bada500e7

    SHA512

    5dc21b1361c4e68468bf9097bb2203fbe45ba91c4741c5f61c59ced0c2213a6d5449bfc196cef97b1057be46a7b052429b0bd1656a76deeb293548d022656069

  • /data/data/com.spy.ir/databases/google_app_measurement_local.db-journal

    Filesize

    4KB

    MD5

    877a9b3d2d27dceb0fdebfbf69d6d3bc

    SHA1

    3712df0e84ce7110deb2241fbee1260a6ea2e875

    SHA256

    45e40b9b2d8afd88e7082714ef3e62fdcd4dfd0578178b96563da32bc35efb4a

    SHA512

    8fe4211b80b5ea95e1a8dff3f0fa3dfea94cb15450ad1fa872a5bbafd1e48b9afc89b1de2a1b2a55bb614ea70ad8da77e445ed9511226da47eadbd804303dd11

  • /data/data/com.spy.ir/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    f6fbc7da7d8267578efa7bf759363358

    SHA1

    43b7299e6c02664dec7e1adcc7be996daeaf7cc5

    SHA256

    c29c774584d224026270eccae1185cd6e466817aed18d080b5259a604efbf22d

    SHA512

    9b04a5ec8da3f40dda9e52b839a8140723e79d7a6f7c6da8d1d46671e1f30b8098940e2c48bf18cbf09f5a99d0cd08899f48b86d48d106bf849a3fc4662750f0

  • /data/data/com.spy.ir/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    770b6c222d2bf7146936aa932e138291

    SHA1

    572675c326764e349e8fdf1323936da320a1af21

    SHA256

    a8978c60cc88bfdb2ce4031554bbb45dd4e4cc26f107da35123f079d13f89b7c

    SHA512

    f45e7f6d461d43843a3b479a7b0be0e6478fe6219b50c4a9794741fe791367528c77ae61e1f70ec1e86605916655a31ae69a25a1947b6989cd53bb53b4c331a8

  • /data/data/com.spy.ir/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    537357d14d91f4160273ba6d495dbd5c

    SHA1

    2d26604da0b643fa865900be2b6b95ca2ef436b1

    SHA256

    c8410167e7e982d72288c0aa89f9d0458ad7664b74bd6063f06c1c1b1dfd7f09

    SHA512

    9f6e80e0e55e73b8ae8e9566c804665627d9aeae347e4bd5b920f2cafeb8ca2f13285a341b81a76e965303beb2361a4b329fa410b1577e795057e872f97818bb

  • /data/data/com.spy.ir/databases/google_app_measurement_local.db-journal

    Filesize

    512B

    MD5

    a19474850010e31d324a8415ed3be049

    SHA1

    fa979686ae91f978bcea2f052b74fb85ba7d5aad

    SHA256

    dd0f75aafc923fc9211e65504e4112ab297fb72f701ec41e6f9f93f6e44ccdb7

    SHA512

    618fdf71532ebfe044a4eefe16cd2c6303f8cbab141a22737286c19b93173533a4877ec681b2accf833fec6018bbab9c64e9a547dfa9d19b1f893d1da98d100b

  • /data/data/com.spy.ir/files/PersistedInstallation4297975208692036960tmp

    Filesize

    569B

    MD5

    325353e4421855f9cfd13289b9a62758

    SHA1

    0450a1555b9d24c3d6473123b107fd3702805c5e

    SHA256

    6ae6b956674d423f0f786d91e51b12990c735a0bc5cf1ceb1ab3a7a73a20315b

    SHA512

    a3ef95af652bcf8e3768f61b2e1bbd2276e678ed10ce8dedd8bd5e63b2d25843315d2eba16079bb77e136716dce379abcad9735440be522edc5f5ab01a30d404

  • /data/data/com.spy.ir/files/PersistedInstallation7788074254588796009tmp

    Filesize

    90B

    MD5

    5a70b86ff473d64cf6931dec3350475e

    SHA1

    95dc389408713e3c91666fa1878770a944203307

    SHA256

    b70f69ef5d7c989eb8d4d38054ff39813f13eae2612c1469ce62f16bcf848504

    SHA512

    014dba383ab31b2f45394d1d5313f6d5e021a6f94e6c7e7a11eb41fce1629e2a95beaf1d914a709fb5632dad744c58f6bf16d9478a99a4d17214e83dff0541d6