Analysis

  • max time kernel
    16s
  • max time network
    156s
  • platform
    android_x64
  • resource
    android-x64-20240624-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
  • submitted
    22-09-2024 01:16

General

  • Target

    5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb.apk

  • Size

    3.6MB

  • MD5

    d836feab9d4bf3c6cf086bdc14724c8b

  • SHA1

    c837cf7b181679a0081165e5fe4aa0eb94f748f8

  • SHA256

    5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb

  • SHA512

    8c7801c5f1d8dfda39e0c65bdbea83feb8f217b41b69a245d01dd9e983a6a357c8b0b2be79123bed07e638655fc66ef3a093cc01be68c696ecfea5ab6c692dad

  • SSDEEP

    98304:5s13ZL3Vf6JqeomaMDmQZ75ub8GoRJ6Odp/9hBbW+te6lXhAyHzwI:eTLVf6JumaMiQVWovl9jS+oS4I

Malware Config

Extracted

Family

truthspy

C2

http://protocol-a100.phoneparental.com/protocols

Signatures

Processes

  • com.systemservice
    1⤵
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:4980

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events

    Filesize

    56KB

    MD5

    3b12a44342639e1cb1a18851e3cd77b6

    SHA1

    e3cd96d4abb939025bec961ac2bdc964f18e2448

    SHA256

    2c5f0237e7803a19c06ac9f8e0276d4e352f5dcb57af19f13120533465d1319b

    SHA512

    18c463c659f828b5383ce3bddf1b4dfb074467511d364e131bafc1fa7600b88f3823b58437c011c3982e70fd64870bcaabe20e6fc4d684c2f20c649959e10286

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

    Filesize

    512B

    MD5

    d8295530b30652f6f01751df21f9b758

    SHA1

    f02ed45f31570713798aea033faff3bc483cffa7

    SHA256

    68f68aca1532b77dbf749bbb8cd512afdebd495a45d56e990f4bce3907ff222f

    SHA512

    36ada4e1d98f6bbce861113a1feea9581db4141728d41d9ec8d6fa5c2128751f6e6977d9f448c9c4ddf6bd20cdc0237ab3d153fcbb5042c87e0c6914fc58bc86

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

    Filesize

    8KB

    MD5

    11f8490681c56c450f7c7de6021935ff

    SHA1

    f36e95343b158041492624d3832685e4eda6fef4

    SHA256

    ca4e98ddcda6f5c4574da777d0d36d7132f77162b1077741b66960954e47619b

    SHA512

    9376d94bf0f3e743698cc2a37f9ebc49dc19c6582d00b1bdbd8c9b27971f2eb25b18ee0888f2f1f4071d82073d4e69f0a5432b4cb52a68981cbebc0f6a46ef84

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

    Filesize

    8KB

    MD5

    11fe926836edcab859b4b7eea49b238b

    SHA1

    298317e383a96c45166cfb50badf9620c1c54742

    SHA256

    b194d2fd363e004c48ab1a963bffa287ad92ea854f11b09b58662a35ddec1775

    SHA512

    43f72c69d9b33e079f8498b6adbd67bd0a622c7814da769b1d734f71668ee3d4ec1723f8d5bb6d0cfce8383e929470a3b1c8fab4160dcdb4695322c8b3624456

  • /data/data/com.systemservice/databases/core.db

    Filesize

    36KB

    MD5

    045489a0639eee27bca52f48828cd93d

    SHA1

    436e7966e7c019273c44faa4d8c5709b816dfda3

    SHA256

    0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

    SHA512

    c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    eb52a90bb70b76e946b62f50b6f7fb85

    SHA1

    42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0

    SHA256

    48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4

    SHA512

    b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    f10614c38cc3d27d83f69d7d47ce2658

    SHA1

    f77e47aca9653d970676921d40782248f9a5c474

    SHA256

    cae61094bd5ebf81017cedac12c0a262f6ed41cb4d4194690ec77ccc73486330

    SHA512

    7206d75906f1c9eb675f6615aeec3a79df0c92cd450432909d84e7dc4494f8a21e5ec258066db398b0f806dd11636bb1c73385a3221ed8239c38d73b7a0fadfe

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    81cd5e92d110b2a63073c047555b7c6c

    SHA1

    26444bbbebff0e39bf1a0114da4fa85f7604f06b

    SHA256

    29b3907af142d6ffdbf4b1413c2e2ff8504901e167630656b797a27b930589c1

    SHA512

    abf04e79bb24e594b5132bca8f7b1627a473c930258f51de6aa9bcb4e99b60213708e4253df9cfa5f05f693dce24d85792eeec3495f8c78058884f1a0f329b73

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    0ff18807b8936395da47be4540d4168f

    SHA1

    2595d574e9d0de9db208b7056578a233e2e30d72

    SHA256

    e75f64c14e9d7aa20b0da2a548e174433e11da9a0318f4758666f80c82f3ba1d

    SHA512

    9a13176792c5f9ddc1cf3125113ed7d0a7828677702aa19637db3297be3343b294eaeff852b73b95919ef006ae90d34aee1db7485557e28cf7468d8a249ac095

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    dd5f49b683914a412e042acc177814a4

    SHA1

    4d383d4449e4daca09f319cc52fd5986a58a52fe

    SHA256

    00f1740de7ce96c7b422c0db54b368e57cb57c94fe5841d5bd838739c3a32d36

    SHA512

    66933c83acebbec65a5001ebcb1da00db8f2561a5f5d854bd3c99c298b751b1d02531889fcc0bbed2baa599503a9f5569dbf7d7612a2614838d6e2c09e7b603c

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    f871ff700510a56a54fdd56bc41b7541

    SHA1

    481548c8bc3254a00f497140278597b915460c48

    SHA256

    ab18f3bb605f3cbedaffc75b2d5a03fe21ab82179d268331ea907bdcd32c23fa

    SHA512

    12e3d348199566e137f02b63e4c8b4c722aa086128c0f1cea883d512075b8573d40d889d2b4452d9e3d9c02f523716da9775d93750c242a1a2d9e62f50f60fc5

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    512B

    MD5

    00793c649b4e9b5f2fd6b0598a759bb5

    SHA1

    b2f4d7aeb88ab134030bdaca217097dafa58e3e9

    SHA256

    1bc58fb4e2c300b1fc607a3daaa8b138f6b2bf574a0949d8da8cd57cf673b421

    SHA512

    51a84edce4499d9a1d0b44e0c283bf709d104a6ab21d58592de24286d28c33ded839d5a82e166a549eeb7a9f760af927cf452b9e86774062390456fab4f7823a

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    c886c2164eba2411209a66e3ce16a472

    SHA1

    7d7b7f59b1ab339f3313ff876dc05b786554a694

    SHA256

    6e72403c8368b79cb7c8c6a0b39419d909bb5b59f1696960a587c6c392fc6df6

    SHA512

    cd4450365cb906edb013cb1cb8d93c372bbdd65ec1f15b71f8471b0c30949504a2b71d79f2e9230a02ee0aa3ae8caeba3bc2a8a02ea4d5fd40ea853ced99aed9

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    4KB

    MD5

    993c72942f26137218dc0870f4d68852

    SHA1

    9ee1237da6097426c7558f626eec3eec2147fbae

    SHA256

    1e07b386254b2c53e2a941a3ec0440ba876c77844329db96e4d8618be7399871

    SHA512

    2bd4db65e1c1e56386042a6117199b63b68ca6ba88b8880b81fc84aecf0f73b746a81543d93f456c7cb34133f1b940c0cc9b981f86e2ee323cc5cca5ba635763

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    2274e8c3fc5cb6f56ab7fcee51589001

    SHA1

    efa80823f47b39bf31b10bb44da3042ce78c4723

    SHA256

    88fa0b922c336fdb92ba5c6bab944a03f0faa14148573717e41cf993c7e79172

    SHA512

    84c30b490028a18fc82a305712e04844c98573af645050fb53027593e54452d985f1f77855c6bb62023d631fa0ec01fd847b571bb94012481da59bac5596587a

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    5c3c8040549c2e8d1f7c42f5a14bc5df

    SHA1

    6fa1e01be44e7dc119b585b7055ab9d8a77784ee

    SHA256

    b512b7f61bedeb9734f921df29e1224e92f04fbcdc93cb406ded0d40393e854b

    SHA512

    432c5fb9a3beca4a5d7bcb5e78b5d36026816cd1670d90c05c3f422f1592f42e60adee67fde0a1f2277e15ed6385aef0ea0f134de6bc9d8619cdf9ab2ac8b465

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    fb027f4567b6699a7b9a1a48f190ba19

    SHA1

    e17cd7b033099f654c2ad1ee13606331f562c578

    SHA256

    7cfcc9b9bb8aeab2998c8bb8fe522151587e17851786cf6ccc89628ef3cc65e4

    SHA512

    fa44ca0b6fcdca419dc8d66c5fd93d1737e31bfbdc759af97496e5d1190f502e7269145d611a1b1d27f08ae34c9309836c44f06d9345c82304fd93087f2ce3ae

  • /data/data/com.systemservice/files/PersistedInstallation1469473774293063530tmp

    Filesize

    553B

    MD5

    695dc93f763721409256a495ba4c4b5b

    SHA1

    d887a7b02c26cbcefbaa4cb590d8fe08b9b9c357

    SHA256

    0a50fefa8d8282dd40a221af15638174ba2c10ad922563154f8b09b4c1186906

    SHA512

    05b84fb6ecafc178567405c26d24b4988230429a89bb364fd57e85b3304e8637c54e2b9c5ead07c36e3371f23c59a64e2fa46b8227f87430ff07d6f579676a2e

  • /data/data/com.systemservice/files/PersistedInstallation7538357803483140907tmp

    Filesize

    90B

    MD5

    c048aae9e271903464105dbc53bcb271

    SHA1

    cbfd0fdd459aea4affe6ab7f6453ca3f16fb1321

    SHA256

    0dc2627d1440d2e0f0e461db5320dd0c5acf193510c95fc5859eaf87b078e9c6

    SHA512

    4c6fb7b1a9377b90a4f3d74dd46c36f668530bc9867211e8bcb3515993506c34876e8353d71fca109dff26cd9f53cafe2785a5bc34b94f1d1b2f820988d36448

  • /data/data/com.systemservice/log/log4j.txt

    Filesize

    3KB

    MD5

    0b8aa7409df117a5207b1c418c19cfd9

    SHA1

    c17060f87af06a21d290fba33641eea5b9a754da

    SHA256

    80fe168c856f9a83edce84f54dbbc0080b97aba6e588b6da3896d5ad602529a6

    SHA512

    e62bd308990c7b511f7e89b87fe474982017a3b33274caf9546ccf26235d9182eb143cfaf8e842588aed35cba3600fdc2e0de3a1a85e1b29dc48f2bb33f43ad8