Analysis

  • max time kernel
    17s
  • max time network
    131s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    19-09-2024 02:17

General

  • Target

    .apk

  • Size

    3.6MB

  • MD5

    39fa2c58237de702fc3458251f358cab

  • SHA1

    16e4e5003046f5d07a0fb1eff0dad56d9ce53be3

  • SHA256

    2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc

  • SHA512

    023b77900582d0b6629d587f7411ce5153124cd3870b9533cf9afc5304b874e4353d8dabb7adf8a199768992123e707bc6a87ee682463c3bdccecc8a060e7126

  • SSDEEP

    98304:kyHTjmHgJcyw+WoeX89z6Odp/9hBbW+te6lXhAyHmz:k+jmKcyPsXMl9jS+oSc

Malware Config

Extracted

Family

truthspy

C2

http://protocol-a100.phoneparental.com/protocols

Signatures

Processes

  • com.systemservice
    1⤵
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Acquires the wake lock
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:4248

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events

    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

    Filesize

    512B

    MD5

    cef3ea597fd8e750515eb44db8e53953

    SHA1

    8cd93d2a30753dfe5ac8f026bc599f0e119bca15

    SHA256

    c852dae03c23a34a0b26bbea7b024211986873f17dd8ad20af58f8a62dec48fd

    SHA512

    3182a64c1a6f3ebe7767a0050d6c8ac61a070edc957ae47572babb512d98c427d210a0de6cd6742e771ca10b1ed06bac31444c98d8089c9cbf3a6fda35da6095

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events-shm

    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events-wal

    Filesize

    68KB

    MD5

    0ded20be52cf27c0713acfa6019485a1

    SHA1

    e2ca9749e28d76c3254cb2900be8f5cd490dc15b

    SHA256

    27a1b9e7b82e9de51dee163b778b58f06628f94f4db8b0710f06ba72190e67d6

    SHA512

    a90f8c4ea5eae471b60739dcba5698f9c86d44b1cf0bd4fcb0884e0aec9be330f005c42650af2006990137340f193dfecdb193ed6bd76d9c765a5cb6ea8c8767

  • /data/data/com.systemservice/databases/core.db

    Filesize

    36KB

    MD5

    045489a0639eee27bca52f48828cd93d

    SHA1

    436e7966e7c019273c44faa4d8c5709b816dfda3

    SHA256

    0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

    SHA512

    c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    7237409e0640cfab7bdbd429bf821a3b

    SHA1

    4c3da934842f8d4835dfe2a9c275a300e5123309

    SHA256

    5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

    SHA512

    c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    086d44064ee463e4000c1011b6cc965d

    SHA1

    5adb68efd37599e29ed6d05fb9aac4ebf0e5c503

    SHA256

    f2d3be8fafe235680cb3752b59074344d42af0b1da15787b95b1b296baf25070

    SHA512

    9462c685b42d51cb0899285f2e9370b2f5937ac7d7cd7e064458be97f1f84d68fd112119f1bc812d764ad968fa679fb0715651189942ca9304504a1a52c986eb

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    2615b5900ca793ce42f5f57e5f099500

    SHA1

    18ffb32326ca112071e4575fce8cff65b57d841a

    SHA256

    563baf9a94c37a2c0081f4873b5e0ef7820ecf0f069dc113983a5b5c7df1c791

    SHA512

    6adcaa27f291a648448ad0b0e55bb932a1736907e31aa99af4d4a559e76fe27b6c99dea5d9c9c7f68e4cf857dc6ede320dc5716de3b3f571362716fc8ee9b235

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    fb07915cfe3eae3d218fdfece9074cea

    SHA1

    607517b172ad10298880e86b6eb12f14dd5aec81

    SHA256

    326cab69a70d8a5457e5b1b2e5fe54f99b9dfaa16ba22eb4fd0da2077b393989

    SHA512

    a4f2470807c3e5638e06961410345f64e797fcb1cc68ab00608136289c0e14c054bec76e96e8af8b5c3648186a72fb6daf592199598f1c437c2a34c7fe60fea7

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    d7fe95f01cfd138ad970586b82a6aaae

    SHA1

    c925849cdc59805b66cb1bd88cf85fab58fdb8e7

    SHA256

    eb4131884526f0bc27406a07015b22ab8f622f147b2b6d214c6ee2a1214b3166

    SHA512

    e5b1207b0a0edb93aa40173ea8311aed4c74b1527128bc6d6285bd64ff46f2ec114caf312cd77c41ff08af732307e4100ee6dc597b2a685e46d1f466cc8833c0

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    835cfc7decf507cdc5e54f602e3f9699

    SHA1

    4a55d424cb32e766554672cb2d0b3804fc47552f

    SHA256

    29257dbf2b37d226ace65bd68d001398801235d93ed830a35435bd4bab4de852

    SHA512

    2ab470c2200d97b545693a4cdc661100e46b0299f3d3890773681bc5f22f29eeda6b6a83a5c627fa22119726f3ce78d40021362a3f018a4f3afb4a08476c253d

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    512B

    MD5

    10388b3cb2c94dca9d92e9b956b46eb5

    SHA1

    ec7e4aa5c79f9af7da5d6874c5511a145360e082

    SHA256

    a71719b7328a3398fedf2dc0c357fc08f8a0ff2be9dcc8dae5e059f6da199356

    SHA512

    5ba879ca265d31c811ec5261cf502c9bf4230b13c426451e21e92684033ac22c8b9b5cb64762fcd03220e288f84058fe24729b69b53974808b5998a37baf4d1a

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-wal

    Filesize

    36KB

    MD5

    1d0c19cc3d8d344df3228e57b0f9898a

    SHA1

    607e65fa61b55f2c598d9412e9cd59ae8b879a78

    SHA256

    2c852bd4c969a1a13846213ea48eec7eeab6748927a76072488e44dfd565a1c6

    SHA512

    8fc6f931b6cfd867a16a331a4ac7cf4cadc6e058e15c59a18908b3b03d6d2eaea67e3625782e939cf6041acae8892a6b5b866684f9cdf0ad96581196afe09aac

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-wal

    Filesize

    4KB

    MD5

    428f78f4292dd605bd3a55a2240bc6e9

    SHA1

    de0d6b41f919e934d7a12ae39f6ab12fd94e7ccb

    SHA256

    7fdd381fb65f167ccf5b50e558352758d3ecad747e427eacef7629ef3b370086

    SHA512

    7f1a0264ff959bb5124eba5f9f22d6e3c6b734b24052504f29149108bcf03d97fa1ec516b138a2b7a6ee412084734edfec36a92721a84fb1505bd6a0ae4096ee

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-wal

    Filesize

    4KB

    MD5

    0dbffb4c76de60663a948df7bdb98647

    SHA1

    0ea81f4fa0618b8dd07de7eac06580714850e347

    SHA256

    8b00080e91c2b16cbcd706ca6d1031d0c66bf2716aa1c6d23ae275d4ed71fae2

    SHA512

    c312e9ee3bb2952e4215552c614451086711b09d070de61367ddd2f644f41d62c830ebd79c82ca2dbab18602157309547972f9f461b36f842d07787a0b2b14e7

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-wal

    Filesize

    4KB

    MD5

    65626b7f34699a8d97facc2620495e02

    SHA1

    36f69c1a8c10ba4ef1b1bf8df6d8bf6f23eda0cc

    SHA256

    4f5ffaf61e308decf53b1e132ac640b694534a61a6293b08dd921f9fa6ce6006

    SHA512

    704acaefd65a21b5adb1022e43ebc3160790190453c6e4b04048e35f1e0d34d4c2f4ca1de8dee784f42c8b507e4a87f9ff7252877fbdb38c22ee600ce46ed782

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-wal

    Filesize

    4KB

    MD5

    5d05ba8e5036833185364aca8293175c

    SHA1

    e23ea709db8cc6f248ba6b2921b7c0eedfe8a3ac

    SHA256

    f3eeb37632ac48aa3bd97d4a6d09c15e3929a327f7fceb0e7543466f8716258a

    SHA512

    54002ce046e9f23b99905b9a79ab0ce5589e9c095042256caa37d904ea0a641bd0b4a0f19c814fa7014bd6322de475cda0001c247354180e9a95b316310d4fc6

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-wal

    Filesize

    4KB

    MD5

    d933ba2f66622bc4e03fa81e3cc33458

    SHA1

    fa5622729866b3396a12586cd5dad5248473a15d

    SHA256

    635bca146180a82425d289014f7242e729fd0f88b33d60ed3180916f0526fd3e

    SHA512

    c4a4d9d0751f50e05d9dec7c60bc5c94bfc72c62ef16dac58389781f856a818193b503fc132a013cb8000421bee5c2f47f5491f3202c0c5667d6232e9c7a52ac

  • /data/data/com.systemservice/files/PersistedInstallation2212433183680902762tmp

    Filesize

    90B

    MD5

    02ddb417be8f957114e39ce736a97b57

    SHA1

    0f613bf0df3fd5c48ef2674204e33834c83fd5fe

    SHA256

    471a2f04249f3760cfc6ae2a35f03857ea58fc8d3f1fc3ff4a0e62908e958c75

    SHA512

    309a13cbd25c12e502ec95927f9b817cd427f1552924d246f9a22ff547011996a8a1e69891a2633dce02bab2fb95274021556273647a09631d745dec1ce04b5e

  • /data/data/com.systemservice/files/PersistedInstallation3208745088158057866tmp

    Filesize

    554B

    MD5

    c153c3993fec0766ccce8c73ebeec016

    SHA1

    109ff4a494657ec23df155cbda28752b6781f1ea

    SHA256

    8a9883b8887b82b61835c26fc66717354a3a127d1b1665b33d68a5448ee00349

    SHA512

    fd4ded87ef11302529b0aaf2e2c4494a2882a0988f94441c680d24bb3f8bde06a294ed67440777416f7a3f7b72a84c6c1865a876d496928b961aa89124ce24e5

  • /data/data/com.systemservice/log/log4j.txt

    Filesize

    3KB

    MD5

    7d09b24961cd8065e402d24ec34f0332

    SHA1

    9d0009a3416d8e676c0999a337386bac894630f9

    SHA256

    a78c48656bec5ffdac3f15caa912374506504a5f9f68b8e99cd4f2f5e0284912

    SHA512

    f6954a0cb52452874e653d05070e6c653f3f493fc464fecea8fdf007f7cbcf1fe665857e91dd44ee225f7aa3aa958088478ce60ad776185d99d3c83e4730167a