Analysis

  • max time kernel
    18s
  • max time network
    157s
  • platform
    android_x64
  • resource
    android-x64-20240624-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
  • submitted
    20-09-2024 01:13

General

  • Target

    2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc.apk

  • Size

    3.6MB

  • MD5

    39fa2c58237de702fc3458251f358cab

  • SHA1

    16e4e5003046f5d07a0fb1eff0dad56d9ce53be3

  • SHA256

    2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc

  • SHA512

    023b77900582d0b6629d587f7411ce5153124cd3870b9533cf9afc5304b874e4353d8dabb7adf8a199768992123e707bc6a87ee682463c3bdccecc8a060e7126

  • SSDEEP

    98304:kyHTjmHgJcyw+WoeX89z6Odp/9hBbW+te6lXhAyHmz:k+jmKcyPsXMl9jS+oSc

Malware Config

Signatures

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
  • Acquires the wake lock 1 IoCs
  • Queries information about active data network 1 TTPs 1 IoCs
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

Processes

  • com.systemservice
    1⤵
    • Acquires the wake lock
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:5041

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events

    Filesize

    56KB

    MD5

    b6890fc01e6f9a3e519ddf59f5ab4868

    SHA1

    e8bd383fb788475333b64cc195994e96a7e402c3

    SHA256

    af69e1327238134afff8ce574ce933cb21133f7a9ca30f5ec497975d8f72187f

    SHA512

    e81403781012f8fd803f7175dadc3bffd2435917aed7869118acc05d6372f75da781e85e0a2799cdc94b385beb5a2c06d9aeab9258c01c03b7567feffa8c0cc7

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

    Filesize

    512B

    MD5

    0ae783f48173d50ed820fb73335db336

    SHA1

    beb524fd125d7e7bc638377d02ee92337dfe3e5a

    SHA256

    cba5ba565e2e4879e7f8cdd7dba0296b3eafe0bf180a07476334af12140b4733

    SHA512

    a8b17a2e52def3eb6b3cac5922ed2bcfb380b36bfcc1f6998f01cece1d196eb0051d60182807069f83fff06fe386e9593a2f3be24996be5d307a781daecff219

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

    Filesize

    8KB

    MD5

    63fde5c1dcec276a5a119e123586a3d0

    SHA1

    4d65246cd203153c9a0fb987cad59fcc5da987ab

    SHA256

    732872849b04cb97845aaa363cffc3ab2213c1aeb643500ca095335a53b314ae

    SHA512

    bbe7334325b7032a1baaed9c264185f7f0a687c247586d0bc657f3133322e4f4f7f51aad0f49dab5210c563b576462ca9de293e89f65f4b434c43c140256d3cf

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

    Filesize

    8KB

    MD5

    8489996e64a018ac98e18f1a96595cca

    SHA1

    c283fd8b9f982e799610ed6123ce5ebaa6a1fb1c

    SHA256

    494197adbd42d21d4db19e26c48b60eb522705a6c1352b310c8398878c7ba53d

    SHA512

    20831ecec52a8d475d137f4c11ee56886a2388397d9c403bc620f610583084d183c72b2e973f7e725b576471ab0fe64541866ce4e6279c89d5b13d454ce42b5b

  • /data/data/com.systemservice/databases/core.db

    Filesize

    36KB

    MD5

    045489a0639eee27bca52f48828cd93d

    SHA1

    436e7966e7c019273c44faa4d8c5709b816dfda3

    SHA256

    0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

    SHA512

    c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    eb52a90bb70b76e946b62f50b6f7fb85

    SHA1

    42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0

    SHA256

    48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4

    SHA512

    b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    54726333772804c6436b5c38a21491e2

    SHA1

    61b67e0b283c2ce8bd006d5fcf219f8f9ce507d4

    SHA256

    5df52bae946df99f814ac7370e16e44ae936ccb20f52cd80f1566b5e35a21442

    SHA512

    97c640934bcb97ba6d1fcae3cb46f98a100afe74254525d60280da07a772e5c9a362dc72c36851779fd7b9d6e2576079b1ea6a1e37e49aa221f165dfe15227fd

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    a8a9c49785c85c0eaa6e0140d4f957a5

    SHA1

    613a6eeaba7d05dfa709f6b03c8e67277f36133b

    SHA256

    f4beee3deedc74748fef98c009ee0fab8dcd1d9f1ab52a1ffa9c9110825ab89d

    SHA512

    35adefbd707cd7b30f7a38e4fd0ae49a140e32068853a4e973388b33322cd2eb4bf46d4706f0c0cbe3445ef80ee2c7f14d2374cf72432098b6fad1997a7dce09

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    44084b1ba4cf23d71070a194d2606e53

    SHA1

    1ea02ffd609297eba76e5f8945adaadaf5b143da

    SHA256

    a113e53d9cd6ca59bcec0dfbbee26638fe073c705657746b8491cde1739d43c1

    SHA512

    45eb2053c52a5924084194daa72b9d3614daab8e37eeb7bf275cd17d5a4605375f4de175c427d524f422ece9617fa2ba144202d7789ec6b7d1ce5f9db3b0aea8

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    40132f982b5689a5efdd2694e6f7f991

    SHA1

    9e9eeee901a103c4dd97f414719a26746929a549

    SHA256

    6f767c03cd6ebe2f4e959cbe1eff7e97410c52a2a4c5e5f2990d02c30d64937e

    SHA512

    f950e91a5243be0b4adcd5ac45196ce67b3f27144bfb212799b18d3b3a7ef066a5a96e834f21af979c5faf0cec04d922288d8e96b13f105a3ad297ea14ffec11

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    f871ff700510a56a54fdd56bc41b7541

    SHA1

    481548c8bc3254a00f497140278597b915460c48

    SHA256

    ab18f3bb605f3cbedaffc75b2d5a03fe21ab82179d268331ea907bdcd32c23fa

    SHA512

    12e3d348199566e137f02b63e4c8b4c722aa086128c0f1cea883d512075b8573d40d889d2b4452d9e3d9c02f523716da9775d93750c242a1a2d9e62f50f60fc5

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    512B

    MD5

    4610ba4ac27a939bd25898789780350f

    SHA1

    ab9550c39c68a213b5ecffe922fd14917a0d5da8

    SHA256

    da572225e96a6f8db0328c01be5f536bd035f41320577338f7eef0e891c91c8e

    SHA512

    3dd9a21d94236575c79ab657308570ee8a01470c2ecd3de2d0e0afbbb61b93a815e2a29ac5a044a2c5d716e6bca3f73fe32d4b3669fa8d85837d648994446268

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    ffd0f68953b4bc1a91c57589e7fea811

    SHA1

    8de282498ebc279bb8c8b45306497986ced409d0

    SHA256

    20bdd8c5770732f6aa7bce0c4329ccc66539e4af150f123033be6569cebf7fc3

    SHA512

    2121a3b3f1325e468a62a8c8795aa793fe69e32a9aed52ae87b29595e7fe1be5d7f7601a665c0b95c7430152b0a0937bb2b738d04279d7a2c4569fa204dc03ee

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    4KB

    MD5

    3b724a5fd544229fa6254e0ebfbcbc7f

    SHA1

    4530aded2958a71fc39655fd63c53f566ed203ea

    SHA256

    a8eb56cdcf01097e213b2d721410108b2b299fb2ff0fbe8e906040a5273b1a21

    SHA512

    cbcce6e3a46e119de8f6a8a048eb975e994378fbddfaf1c1bc5d60b4d6e014344724a82c9653a92321f49c40a5746ed38e26792473125dfdf8ec1046344acf11

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    b50fc081dbe8698e758ba95325df0d2b

    SHA1

    0bc0a5b2d6fb9b042fb62f2f4d5f55c22c4b77d2

    SHA256

    f6de66f38ab45ce66877881f929b27b47d9b39da8e5623a70d68b7ac218bb6b7

    SHA512

    7ff81f8fcc1502ca3545d602b69e237a4eb563d4f74e80f597c6494bef88834116b115331286442c6f329ef65b877bc083479c6be7ed87374425f7622f4c771d

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    cbc53114a1ecb94ef230f9291db4329e

    SHA1

    19c7ee68bff78a04855595f150eae0bc51869b82

    SHA256

    49033c43f36f458956c8670084fedd6d8f1852390f3147f70c9e03fe1bfcb8a7

    SHA512

    272b2a5a8c2f183558f7acb6208e08e98d1173c122652f79cd1af52724e448151b1e36ed0fecf2bd008b2fd6a30711b57b579f74bb3b496cec7ca76a2ed8f436

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    bc19090fe24bd8602a2b029803d74154

    SHA1

    164f04b589620860af15b47af942b3d23344f298

    SHA256

    6e6f9d7f5e2a43a37a7dbeb09aefb5ea85c95f3b51b6722501a6e563cc90ba12

    SHA512

    7f3010fdcacd012965bd6faa270684203218cbffa416fc8666476d38aff32967c8598cbaf795150df951d67ff0ec17be86fb680749a8938a7a6b76f6d411d629

  • /data/data/com.systemservice/files/PersistedInstallation5490090392365297569tmp

    Filesize

    554B

    MD5

    7e51eb6b77b1e17f5480ce4d624b632e

    SHA1

    bdcb004ac4c5d1c85bbbd04edc425f35917d13cc

    SHA256

    16dee57390c1f10f9321be60029fe38c376ed8fdbf5a8d98978fa1b136eda107

    SHA512

    e789b9df30997758e5dc04061426e6c81f4e74754ddf0cf5439012e70ed3813eb5729c2aa6715b730101076748f2b5339269829880dd92f88af725d14acd66f8

  • /data/data/com.systemservice/files/PersistedInstallation602489338380142394tmp

    Filesize

    90B

    MD5

    03abe5a7d4cbffc5f99369a9939e5c13

    SHA1

    d775df0da4115476e1ac0d257cc3711a9db3f76e

    SHA256

    13bfbac54f34eaae7fb7901723ad3a1ec208d1b83811857223af2bcbf7971105

    SHA512

    b917f2e99c3135d253dc950f742c0c1329c99ae12438f3821ebc5027a0201096a038303636133cb844ee5ec3ac1ba7aaf78460114b2554639010dd2a68339bf7

  • /data/data/com.systemservice/log/log4j.txt

    Filesize

    6KB

    MD5

    2cf17042f27c1b8efe13be70d34eccac

    SHA1

    72b7e98e486da6eb12eadf2426274f70a2b77088

    SHA256

    e05d86ed110f79071f4e0647d4143bdee13f9ff3a377201e84930d2e93413461

    SHA512

    a5e70336a65bf08de43c4445ecdef013750720216f9b6fd3b2bf4c4b862ab003ac2db00b6255bba9c8c304af8369419d0e340e6da387527bbf97eeafdd1f0259