Analysis

  • max time kernel
    151s
  • max time network
    163s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240624-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
  • submitted
    10-08-2024 11:20

General

  • Target

    Application.apk

  • Size

    6.2MB

  • MD5

    d61568a1d7d387b947d82a52c0aa3dd8

  • SHA1

    1a14fea48bae04f4670f14e8259a58d7a7ef4032

  • SHA256

    4332c47f1f127b151349ebac341f9d9d479b57576016fe8607edf1516858e695

  • SHA512

    cd1d8578495042fd3cff37000b26a42482f3a8d4d1eec6cd2203a80f34928759deb3b0356922794e08fe0db7c29e1eb07f18d45847907e902ca479647fa6ca8a

  • SSDEEP

    196608:H5I3DTeTyIuGp83WXC/YGJYSvkgdQ+31T4obkajQaqnbK6:H63/euGW+CwGvrlTl2aMbf

Malware Config

Signatures

Processes

  • com.spy.ir
    1⤵
    • Obtains sensitive information copied to the device clipboard
    • Acquires the wake lock
    • Queries information about active data network
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:4476

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.spy.ir/cache/2

    Filesize

    69B

    MD5

    d9222836d2d184c015c2cfcfa3b17b17

    SHA1

    4630a0a660e5e5090ef5bdfd99b9c2cf1016d859

    SHA256

    088837b3cf89691ac40001ec21049f94803e5e495bbfa428184da53f56752743

    SHA512

    47f91d206c5a1cffd594d01eadc406afde1982fc655953e642a45aeb59ef4897432136e7a02508887a9670c0a9ba3291b3fc473037d296f011f3d13caeb510e1

  • /data/data/com.spy.ir/cache/~test.test

    Filesize

    4B

    MD5

    098f6bcd4621d373cade4e832627b4f6

    SHA1

    a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

    SHA256

    9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08

    SHA512

    ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

  • /data/data/com.spy.ir/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    061b5e6d5afc63ff2d02e43079cb5018

    SHA1

    f1ad0b2a80100ddffa7fedd3a42a982a55c6a073

    SHA256

    5f1ea84f4f32cb6c8d2c1868cd6866af86d9d7e146c33c29a15e65e8cbef25b4

    SHA512

    1bc17f41c646470c5af292a70bb496360f325dfa05cd2a49a99c2ad3a4a0cd6e969a56cc1d2f2eac87d71456ea79acd4b797453b28396dd96ad6352f0475b598

  • /data/data/com.spy.ir/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    7ca9680ea467d6dfdf9f650e9f4c0a99

    SHA1

    22334ee0877ab2ac8ba80fda3ae76fedf6847020

    SHA256

    89463ea1a3ccbcdb326a827a9ed6bf23f537daad43821f32279a15d0c1cb98de

    SHA512

    707fd3229657b1b9567383a88c0cc0a23747503275ae8063e3da0761bac9c6055a52a5360cf27c531ba3ed8a22f4363aa7973cb3aee416caa5d27556f36a107c

  • /data/data/com.spy.ir/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    3942519825fdda61289c4a7038bd11fa

    SHA1

    e26b2d4c02e0c45be7fcd52ec949c41776a34821

    SHA256

    2beb5a3b0854ee5851ddafc6cf67700ecc424359481ca006f351e744bf57786c

    SHA512

    3c6f32b7a8b6979880e7b43f3b2a6d38441284fecfd80d1473cbc62d878566327a877aef41c48e425b965a8d110f3647cd1111e11caf92dc930e610f254a0737

  • /data/data/com.spy.ir/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    0ae6387f40db0c6c8084d74cf9aaef20

    SHA1

    86aa15beb0db4b4008cf69a2714d7f347f74e170

    SHA256

    15f041df67e56c179f69f5186fbd1137c6d52efd00c887600114f034be559366

    SHA512

    25be567869a5a7e7f9860938a67f504cc915b98294c555b4591089c3addfe0973b8c3b688c872c12adcff587cffeeb250c45ca321bda54edd46256a5567b938f

  • /data/data/com.spy.ir/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    de82e2c94d2718988804b035a46d17b1

    SHA1

    705f5ff19093ad209f2a666085d6ccaed3bf58a4

    SHA256

    29110e626f8f49171d14a819b34492d094120f21ed7a963007fe95439d771d39

    SHA512

    68f5f88e638e76cb5036dad6b320896f1735f64067ace152e0baea81e9ea0d153559f53bd5c608b397281369dafd14c5f5965f92f567dc89db157414a699023e

  • /data/data/com.spy.ir/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    d9cf75fdd1c2292d986f6c3d5d60f2c8

    SHA1

    07ecb1d3a26d952ae5fecf54f36699ab498510b1

    SHA256

    2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a

    SHA512

    442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

  • /data/data/com.spy.ir/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    2b3fc4b69b788619b3caa006f186be34

    SHA1

    03d33bedb79d485ec142b1950137b647e73f07fd

    SHA256

    b54f847a02b0830aec30c37600f6d19d7c8825274555072d4fa518699033fa7d

    SHA512

    dc87b4c0f3b061dd41ab8f74779fef4f62e49609d6410998715ed3567555a714361149f937329a87d87bdc1ec91a54a5e8d85afdbf051feaceba34d90b682255

  • /data/data/com.spy.ir/databases/google_app_measurement_local.db-journal

    Filesize

    4KB

    MD5

    fb4258c8be9f953206139429d82f426d

    SHA1

    9f94620405ca76defc8f169e16bb0918f3ea82ed

    SHA256

    345fbda941e3724e99ded5e197c1d2508627e9173d52f21ec0b3c7731809531b

    SHA512

    365c5213627de572118785d36bf7eba01b5f66eb5850f58cab04ee584949379f4d1f5dc868457ab751b6b780db7fd002dd548848fcda8101b566f7f5918793af

  • /data/data/com.spy.ir/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    b9c8e6743492004b0243cc3fb8d32a3f

    SHA1

    f9d9cdab893f3ead92d46262ca7ccec84da6d44b

    SHA256

    24b1ee2da8f1bc3a766bc7a9e0f04624e2a59812b29a735a8aaa621b1945c152

    SHA512

    60feb50b83a68d7d5593a582cf3e34e2ee3dcd9577544e0d2dcdd1f12e1f6403e8501aa4a133397fe1c4777705ad949d473212013236192d8cd45f6485e543b7

  • /data/data/com.spy.ir/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    3b3d2aa2b9fa9e56969b43ca8cb90e76

    SHA1

    7a0658cb2035050e5281481672a97755d9305792

    SHA256

    d125fa4d3349fad3d2c9dd1fdcbd68781eebf2ee60647c549b0937fd0060a41c

    SHA512

    a276669e9550c56ed06d53e662ae61f303b63e2a69d1cb20131a4ed4535e1e63a392624e495120a82b39d424ffcdd9d54c25d258f876f358fa30d69dd37fd474

  • /data/data/com.spy.ir/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    c05ffed8be9cd0f5d084cb01fbde5bef

    SHA1

    cedb2895bd2c0511b96d1818cb860fdb7321406a

    SHA256

    0b9822f1f3e4b36040b3ec359faa11c72f718126d1e47c8b796daeef432a17bb

    SHA512

    78b3f7c4a34be2606bdff296c1fbc110c2411eb1a75eb0ae549b066eb0db654f478388757f55f87d04ad928103cb3fa48111b8446c8f6c9330014506b8d355f9

  • /data/data/com.spy.ir/databases/google_app_measurement_local.db-journal

    Filesize

    512B

    MD5

    13ac4021e0547f322aa5427dc6443140

    SHA1

    d8026d315222c745c80d9734c4bb5e13c4cf5cb2

    SHA256

    f6459d99ca0aafbd56122c98838dbb570e6989341cbcd0e6ce5a508b2ddce177

    SHA512

    88cb4a8b3ea573e8d2bd088bb0447fbb00f55085f58e47d65ff9cfc4e508e5c60b218635c570df30e3d9d849e9dcba298cc42f8cb901a5e59352e56d1270efc7

  • /data/data/com.spy.ir/files/PersistedInstallation1146130870244242457tmp

    Filesize

    569B

    MD5

    40a0775b4df79acaad7453bd42c5a38f

    SHA1

    5e0d8cecfc9c63c48e4562483a1fcb5e64c273a7

    SHA256

    627369415d13e77d32df6ca5d218dd10f0c900d911444e63f9cfe8ebb1cfafe7

    SHA512

    f844c6cb5ef802ee1ae58636234f41eb7bb412459ab07f73cedc8fd47eb1a246b8cd846489aa9be2ae4b121d487233466195cca6e19819d630c9eeb47a4ee6a6

  • /data/data/com.spy.ir/files/PersistedInstallation1473933109089869550tmp

    Filesize

    90B

    MD5

    f0e836fce6a14be51c5897daea68aab5

    SHA1

    1a6ced2278598216de40a981fd333bec1c13fac1

    SHA256

    6a56eef26a7a816f5451c0da755bc1dba56e3358e23010ceffb5781ed85ee17a

    SHA512

    38f7ec73963bd7d4d0542ff885d44bc65e383d1ce315340a57c30367eacbb8b0914159538e2a47639635deaeae9717fede7e46cb46564df975884ecda128f3b0