Analysis

  • max time kernel
    17s
  • max time network
    131s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    22-09-2024 11:14

General

  • Target

    5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb.apk

  • Size

    3.6MB

  • MD5

    d836feab9d4bf3c6cf086bdc14724c8b

  • SHA1

    c837cf7b181679a0081165e5fe4aa0eb94f748f8

  • SHA256

    5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb

  • SHA512

    8c7801c5f1d8dfda39e0c65bdbea83feb8f217b41b69a245d01dd9e983a6a357c8b0b2be79123bed07e638655fc66ef3a093cc01be68c696ecfea5ab6c692dad

  • SSDEEP

    98304:5s13ZL3Vf6JqeomaMDmQZ75ub8GoRJ6Odp/9hBbW+te6lXhAyHzwI:eTLVf6JumaMiQVWovl9jS+oS4I

Malware Config

Extracted

Family

truthspy

C2

http://protocol-a100.phoneparental.com/protocols

Signatures

Processes

  • com.systemservice
    1⤵
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Acquires the wake lock
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:4261

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events

    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

    Filesize

    512B

    MD5

    f7b491ba235edcc12e289ee9788d1a5e

    SHA1

    cf63965b472b68033e8244f132e7d1f12ba1a9cf

    SHA256

    95d44bba22d7a64a9c348078d2f2b62a88d45a72a91a0fdb126a3ad741ffec09

    SHA512

    9c973f412fe7ac201f252ec71e0141483105e4c3a07e04e3053521a348648148a111976c7e7207c028f09204f574760ece381a12ce969151884bfafde4b1182d

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events-shm

    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events-wal

    Filesize

    68KB

    MD5

    654afccd31e0eba1f46e51e16cd400bd

    SHA1

    edfc6d7280747951a68dd55dfe9fb7162ae291f5

    SHA256

    75b53277dc9af1c7629baa8ab9fbc5e590e80785b59d231a359728c7270c9a03

    SHA512

    7d39f53bd5468753ba0d57defb9db2a0c7429f69516505127ca164ae7cf116a1ee1befefceb1aaaac5a16817c242c3c619644987d071788ac432319e5589f0b7

  • /data/data/com.systemservice/databases/core.db

    Filesize

    36KB

    MD5

    045489a0639eee27bca52f48828cd93d

    SHA1

    436e7966e7c019273c44faa4d8c5709b816dfda3

    SHA256

    0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

    SHA512

    c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    7237409e0640cfab7bdbd429bf821a3b

    SHA1

    4c3da934842f8d4835dfe2a9c275a300e5123309

    SHA256

    5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

    SHA512

    c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    85e240f4e1f3a7ea38cb5279496c79fb

    SHA1

    a33888a962ccee8f8afee2078ed67353cd01a93c

    SHA256

    edfc36a24cf00d2003576a374c21129c481eb3886ede7a650f453c6978033f97

    SHA512

    c5a42a35614d1b41bb2889e62b45e1579ce2cbb36988eedb9e32328cdabc0b2cc89c86c01550fefdf9c709d3e139bad4227dc6ab6c185a3fc3418701ea214564

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    7a68ee9859af3ccda8758b74df4756a8

    SHA1

    528bc92914b3c155030cbefb06d637e144cf41d3

    SHA256

    8f74b78cb09f82162d191e6da8bb08c2d9921ef7743ceb0278da68d1a129b432

    SHA512

    11615ceba6e97e0e89f316a3e20e8102eeb80476965e53aba125769759100a275b28b3950d3d95cfcebd897ae04370559cff034921696d620e6f6ef84a342c36

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    6fef21b1951c695b2e2d958a22ae32a6

    SHA1

    105b31bec14dfa2df6cf9fc95b7346b2d24ef1b7

    SHA256

    4e85864219b1a71fdb924dd66779c631068eebf41797469467527b39eb849c8f

    SHA512

    de5b67f66c9e9e57406886ea21a02aa01bcfdf1ff7b22ac079fae1d106ada92d7414cdcb0ca732c87e995b06dc8bfe9a12eb7b3c3335c086d00e9f18490678e6

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    f1832b5a5738ede303499c4e33ddf658

    SHA1

    6aa8777a1ee91d6b0c1bb2a85c86fee13461cba7

    SHA256

    8003ae7b1458baa0725ba16aaf7e7a3842b943c2fe5305be0f1f11670801dd6c

    SHA512

    0034936dbdbc370709d241d89e66086e714bbf80be3ff237635501adfa6056c531df069da0e7c2d3708a0111bbcee509020369b776757da0314bf211806a7c6b

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    835cfc7decf507cdc5e54f602e3f9699

    SHA1

    4a55d424cb32e766554672cb2d0b3804fc47552f

    SHA256

    29257dbf2b37d226ace65bd68d001398801235d93ed830a35435bd4bab4de852

    SHA512

    2ab470c2200d97b545693a4cdc661100e46b0299f3d3890773681bc5f22f29eeda6b6a83a5c627fa22119726f3ce78d40021362a3f018a4f3afb4a08476c253d

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    512B

    MD5

    079b06b85eb8f202ea25509393cec619

    SHA1

    e208a193843ed50510966162ce9070af1243ded2

    SHA256

    2bf0e4efab851151439f6e16f3825407dbd3ffa8f4fe7ae6922e6bd2e6789c4f

    SHA512

    9ffbf45ecd4f4db186c5e79da0227ccb8012496f393ed2845f15175cba5147d949d4985657fd593058c2b5b0234cce659281509df516c47bf5778a1d0fa5b794

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-wal

    Filesize

    36KB

    MD5

    2b2bb6e2a23d0dd08d2f29cfcb402934

    SHA1

    1665e5f8ce95fa502c532fce4ac5ff811dc570cb

    SHA256

    97a5866f15e93b50802949008f3a473e168b5cbe53d8f3e598ffd1e1c4206d64

    SHA512

    9ac8bfb6c3454f8d2ca611c739d0c675675354446c8ffe3c2953366ee4b6804c4d2170a97b03df94762ef2742a0f49772819f59c0275f4bfcc2021913175951e

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-wal

    Filesize

    4KB

    MD5

    ae96a2dd93bb4a12f889c6a875ea340c

    SHA1

    d7fce7fb22c20e62a2a9bfad66916fe3b38a33d2

    SHA256

    504c93c1c104dd4fa977b246b3796f16c550d588e8c16386304946302027859a

    SHA512

    d104ebe0527cd9bce38847704dc90399eaa28f43c512fe11e118f73dcc22090eb4b5f414b0d74465cd165b1c40088ba00498ae064740ddd239a088cfbceed700

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-wal

    Filesize

    4KB

    MD5

    a3bbb13507e9a572aba5c428df06d94c

    SHA1

    4bea640f6141e34924dd3b28af17b96f6b02dfe2

    SHA256

    5f30890b8ac7278545bf5869e3fc99912ce322496ba51f91068bbe4bc72f45f0

    SHA512

    969ddd7974263bade85ae2842be14d75c136c779318ba32200c8a2235b2bb0013d68dbf32c7bd192ae8c703247b6ac11d3095daa615386e19d718956e1b0eeab

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-wal

    Filesize

    4KB

    MD5

    ba387a30cf351ff6503c1816b89fb01c

    SHA1

    7cf8f16f7337043732db3f5e020b00915965d8e3

    SHA256

    eddff2af461221fe69395ef9aa716fbf30d326352c700ff155d1dd23f438f3a0

    SHA512

    d991ba2074d5465e5d9d27ae50fd4f20a551882b064cb19f7176f9de42af2ffb294975c7995d8a0813c1bdf6cb1a4cb23d2ee98d513b6d6d57fe8dd473e4ebf2

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-wal

    Filesize

    4KB

    MD5

    80bcf87727ccb5afa1f6e412ca927d56

    SHA1

    0de018d0e94cc9665c008cdf47e997791fa4d59f

    SHA256

    f72f3511da83b5a4f95b7185722ac33da312037db9207f7c06fa33652d240855

    SHA512

    124fb0b60ed13b51d4cb5d36235f24d68688650e311a10ff797078a7324c4b9683029deff6c7d316e7ed354cb6d6a1348c5d75043fb8d71bcfec14312c486492

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-wal

    Filesize

    4KB

    MD5

    63af7d59fd5e64e7222531ea72c34839

    SHA1

    508ac94cec5074d8ada876ca101092a9d1848938

    SHA256

    d362384403896406a14d287861a557d991d9ad94ef7d5de1fc105457865f9d8e

    SHA512

    a7c0992ed31c224e4ca2eefb97164fe78a740a5aeb975d5aa33b249a76d867737db08ac04bc4b025373cc6d22075ea258cb1cc2a5d451c5bafcf85a3678f0d68

  • /data/data/com.systemservice/files/PersistedInstallation1577783384715663804tmp

    Filesize

    90B

    MD5

    617bde07d07a788b15334b8ad1128d1a

    SHA1

    3d87638774e0c0ab36de5111f138227c3fd8a868

    SHA256

    b2089c96eb067863e6353e1731d8bcb85a27330c89d408a930ce798ee3721864

    SHA512

    b35332e855f7492bed24e3fffa17d744b0b9ee6666a9dd0c9fe60acf1d2ab4b78680a6aa2f60839c4d3a8d1e808f33baa3668a0e115c7246eeb5dcb98d33c931

  • /data/data/com.systemservice/files/PersistedInstallation6646778868200980383tmp

    Filesize

    555B

    MD5

    388d6d9efddf385de7047a955a52e839

    SHA1

    8a1872938d17e72c52c491168a3e86eda638bc1b

    SHA256

    4c97138011f7df0f6d42e8df48a5988860cc4486482599d4c585e30cac7be314

    SHA512

    f37df76c776313ea0f833a177a0e5ee658001a51ceb434cbd48f5685bb94cf9e69f28baecc4b6a113e5867d76f93efddda2f6c3e03f63cf3d6d3be760c8f19d1

  • /data/data/com.systemservice/log/log4j.txt

    Filesize

    3KB

    MD5

    136258f72ab737be97ce5764833b7db2

    SHA1

    ece0163a0497b591700da2f8bb8623c3d3713634

    SHA256

    8e1e9d55fafe98b27f2963ea95fee6c3d2e3c78206c33aefbc795f3dd23fa9f0

    SHA512

    8b18eeb07179705ed8bc9fe0c012548d77439fbd3cb1876c4872a8feee9ebee9435f4b74dd6f01c2bce1baabce046aa29c2960e3a06a61bed716f1c1121f5e33