Analysis

  • max time kernel
    17s
  • max time network
    132s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240624-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
  • submitted
    21-09-2024 10:47

General

  • Target

    2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc.apk

  • Size

    3.6MB

  • MD5

    39fa2c58237de702fc3458251f358cab

  • SHA1

    16e4e5003046f5d07a0fb1eff0dad56d9ce53be3

  • SHA256

    2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc

  • SHA512

    023b77900582d0b6629d587f7411ce5153124cd3870b9533cf9afc5304b874e4353d8dabb7adf8a199768992123e707bc6a87ee682463c3bdccecc8a060e7126

  • SSDEEP

    98304:kyHTjmHgJcyw+WoeX89z6Odp/9hBbW+te6lXhAyHmz:k+jmKcyPsXMl9jS+oSc

Malware Config

Extracted

Family

truthspy

C2

http://protocol-a100.phoneparental.com/protocols

Signatures

Processes

  • com.systemservice
    1⤵
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Queries information about active data network
    PID:4479

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events

    Filesize

    56KB

    MD5

    0b035973dad41590602f6e350241e385

    SHA1

    a8af8171aab94aa6f27d676fb83f98df04c1c15b

    SHA256

    00f22b9bb9b53bb27ad03e40c30dfe6d1d6a016a619649482654df681cd6977c

    SHA512

    294a820e619294840be1fc66d8af06646b42ca2de4c131311571b6f27b36e20ad266444df082692a84aff03a50b04af50b40d467cb861d11e39606fb9d4f53c2

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

    Filesize

    512B

    MD5

    40b4f8f8d0dfc00fb737cd66a833f7de

    SHA1

    d93894ba1d18d5f31abde223535234119bb340ef

    SHA256

    5a9a12531f5b08801558b46d7ccb4f008b5012a2f3e24809483560b52c3bb8bb

    SHA512

    5e217698558efd51b4c38e19cc9d6c9d9d5d5d0cc62efddeca6f045a29bd31d1298eef18f6919d84434d7cbde0a7b76bf928c08a7c70e63de44ad699fcf4e4ae

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

    Filesize

    8KB

    MD5

    1d5f4c5f3e8ce269b3d6b58b2cacd880

    SHA1

    fc00917d231adfa1f3b314a497fa0e348d185cd3

    SHA256

    bca7832372fec510cec295e1ad4d1fce86843f652d1da952da5c1fe506bfd21b

    SHA512

    8bae5455fff920ab35bff6483c2a1b2849e7536561cf98c7deb1b9e1e16679b6fda2340a908fd4b9196cbdba5a5c3592f70020fb982a7f255b518fa2145dca3e

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

    Filesize

    8KB

    MD5

    57b91b8d8d37ebd30a13db19a5c4a959

    SHA1

    cce324bfde9b3de677bd7a3d360300f311704978

    SHA256

    f1418e1a352072828683cc892417a573256975d5255bd64c512ccfa262f3861c

    SHA512

    ab388ce3671baa4b0f921339fa5214f712c0160459ceeda227a956247762244321242c9161df0b013d970e2aa1c5d41ec43a86a673cbfd7febd3e8a114c45f9e

  • /data/data/com.systemservice/databases/core.db

    Filesize

    36KB

    MD5

    045489a0639eee27bca52f48828cd93d

    SHA1

    436e7966e7c019273c44faa4d8c5709b816dfda3

    SHA256

    0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

    SHA512

    c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    d9cf75fdd1c2292d986f6c3d5d60f2c8

    SHA1

    07ecb1d3a26d952ae5fecf54f36699ab498510b1

    SHA256

    2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a

    SHA512

    442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    be09528175f6611a1ca390b593347221

    SHA1

    8d797ae26dbc6efcbe9ae913016cf4810353f02a

    SHA256

    c3d518b485ee242cc71e5006c75c80fdb7adcb80999a79ef2eeed5d61a092ed5

    SHA512

    0de7a4703128275bb166e9fdf57d8ea59faa246f55b8732b2a2bc133c4a0af8122daad2de318c0a345a227cd9ee684381f96236e29ecdee540518c64c19ebd2e

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    7c7b4acc8fea51d4b43483018744e4e9

    SHA1

    0c7ed9db7692b2ce09059cdba06266604b1e4a0b

    SHA256

    c2b4fb2f00a53bd7d3a15e067e94f3d03d968379f50541d9331818c7a330b393

    SHA512

    917f7b465a14983936bc94ae49f13ad0cadbba807bfa28456ca81d031c1b6f792a06c9831145cd1b4ea98ae8b7e735666b54902fba7d45927cf321b124ae0aa3

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    f8c09a63361abd1336fd4075a7817a0d

    SHA1

    dfbbf928dfac2f96d272b433eca2984671c423e5

    SHA256

    7e2551df3119fcfdd18e65a4612d6faaf8b75726329252421ac8b02ae87e4ddb

    SHA512

    1772d53f64bdf68cf49b7b6e816831b77e3c17584c869b09c4c015b0a8c1af86796ec06374dea4da1acec961f1db684cbdb0c71f387660dd7b27b8cee4e7fa43

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    3398acae0c52a2e323781150fa80f91c

    SHA1

    2697ab8864c8c850fd38deeb9108e80bbe1286fb

    SHA256

    6855265e5b3ec851e21a0f849aae1226d84d5c2487594cb9c7cda67acaadfea6

    SHA512

    f1a2b5db4ed53ea874ae6585175e17a00896068720b05bfefddcf36deccf97b9209a27b0c017869f96c3f2ad48746053088644d10ea99e86ae6ad1a52f645a0e

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    2238195eab25764b61f2d26ef6a720af

    SHA1

    d366efd0cc079f0f87d23c630ec8d99f90541731

    SHA256

    599d63ed390f7e8e81d82b379c9a733ffbf454bfa5843bd0c909737c8d40dfef

    SHA512

    478111185428119bc92f0ffa3b6d88a7c644108c4b1d9b14a53bea1d74278bc78e67752e41d464dd81e3d600de8b7a723d0c7fa0ce920250ffd26977f9fa3470

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    512B

    MD5

    dd1b189489c2e649dde1535ac5eca95e

    SHA1

    ffab69a65d24e83ca6a62298f23cec581bef1dd6

    SHA256

    ff540e5a1d5042b92b7540c0f849358f43a7a09ccccf260f66229824f273c718

    SHA512

    75770239708f1e1a000805e4bbfc5bc58339a0ea56976561c02c36973e4f48623b57c759bc6b509b73f24fdec0d3ff4dc93d52bbb440a21bb7d951ad0c62ff53

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    583de9d9666e73d31bf6d01446143171

    SHA1

    21c255ba58226be4df0e25956fc04981840b85e7

    SHA256

    aed4a65cca33d92ebce34a38bb63747b8b7bfd2a9848a55670135b7dc93033d8

    SHA512

    6dc2ada028725b153c67e5c3e2318cd4db7eaa0723fb2bba36c50340cb1b83fe600723bcb69f239e8c7d47d7b11bb0c5c091089e445d4bb0cb6cc9e81cd938e2

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    4KB

    MD5

    c39d025e38996a4dc6dfeb979f64ae6f

    SHA1

    c27f236a0d6150da36a7c6f6943cfbedc8cd5f6b

    SHA256

    4ec2d4e5107f82c543b6846b327f6443d646f857667cd11d0a6f61ce35f247e9

    SHA512

    08d48b5c105ff582b7df27ddb62871fcc0c7e6953a89712ad473c93cb18a930cb7fd4dbc494dc8a565b9b19bd8a6b94d14209b798a29bda5cefd0fff1d17ea67

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    9022fb5a3355e2d4c9ea6c2029099956

    SHA1

    ef1bf90c903f24acae13b5b9dc887d23fd316c97

    SHA256

    5996a4ecf29b3a0ef062ea5c96627e8c0d90b005514ac11cfef84ce8e1b82ec8

    SHA512

    69994702b9c8877dfd5f7156341e62f92985d210532f0312e920dc13d67888ea83bf6eb445a46c8130e31b166cd87c5f6037077fc48685f4bccef54da2aeda8d

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    dbb7a4898ff8b2a4386f72c4e34af603

    SHA1

    7bdfb5e410a45d4145a43d6607e60fac5cb513e7

    SHA256

    8299737d884c9ac60b17057f2d5f1a4526fdbef64e1cdae02a9f71f83c2a89fe

    SHA512

    db0912e97dac89e6f1750653d83709008787b9bf7f3587fa250f71d1e1625a8d2dec1d47e131979093df1919dfa2d9d1a7cc11356b5f0f90313173b8e5722dc1

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    355307a60d02584c969bcc6fabb13283

    SHA1

    be6e139a4a574fde15775796e16c93d2d628edd4

    SHA256

    b5019383f5815f71a1131b71adba93276d88fa8720dbb176b7780aa3a47b6ba1

    SHA512

    34544e6ad0684ee7d3e8e1ca6e20ce9d8660efb72c635b99922933bfdcea1ff5ff7ae17cdb879900629abdef624555a6b4f0a998d28d4c702295681b7c1c3e65

  • /data/data/com.systemservice/files/PersistedInstallation1471690476924546040tmp

    Filesize

    90B

    MD5

    3f73009824a52a859fc69eca855d60fc

    SHA1

    bf1b8af2a4c5ed52d02d5867af93366e5264b537

    SHA256

    253f8aef782f0406dba37ba2a88790260e75dac70454c354cfe513d65f7da7d2

    SHA512

    e32b93a3e1273f6ff6f30ea42da883356f6df51bde9641a8103dd01429a4ed1ab36ced02fe99a04dac7b57901f1ddb105e9967dd77e63a1f0a76690baf75e31c

  • /data/data/com.systemservice/files/PersistedInstallation8434791256653010960tmp

    Filesize

    557B

    MD5

    d566cdb135d88a9b83431089c89289a3

    SHA1

    2d8f3d76b60418f24ac056ccddf79fbf3a697b42

    SHA256

    6107b429ba28b582f2eb95d3a8a9adf1b87735376f34486a171f4f3c08eaeda2

    SHA512

    c3d0f5d94a0436e1147bca4f51b923880f0ebb8681849b62e6894f31e024caf1ae3f66c9e06d746d13d788c3fb411367ecf647d6bf623bb4bb5a6b46760d15aa

  • /data/data/com.systemservice/log/log4j.txt

    Filesize

    3KB

    MD5

    b8e5555bebbafc0c057db0ee401d7495

    SHA1

    80087f5678ed5a01a2f5cb0befda92fd4969c3b0

    SHA256

    a4001bce5e901da3baeb92b947f532da47880d409762821e5e27f9f1651d536f

    SHA512

    c7d65007d2e658ec5a66ea3ce9f596ea0dae40e07c6f723ac390465b7e3885154e49c3aec906be6ef337cb3e657303e05bc78f1ca66effd97bd2f3cf53644daf