Analysis

  • max time kernel
    16s
  • max time network
    153s
  • platform
    android_x64
  • resource
    android-x64-20240624-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
  • submitted
    23-09-2024 02:26

General

  • Target

    5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb.apk

  • Size

    3.6MB

  • MD5

    d836feab9d4bf3c6cf086bdc14724c8b

  • SHA1

    c837cf7b181679a0081165e5fe4aa0eb94f748f8

  • SHA256

    5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb

  • SHA512

    8c7801c5f1d8dfda39e0c65bdbea83feb8f217b41b69a245d01dd9e983a6a357c8b0b2be79123bed07e638655fc66ef3a093cc01be68c696ecfea5ab6c692dad

  • SSDEEP

    98304:5s13ZL3Vf6JqeomaMDmQZ75ub8GoRJ6Odp/9hBbW+te6lXhAyHzwI:eTLVf6JumaMiQVWovl9jS+oS4I

Malware Config

Signatures

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
  • Acquires the wake lock 1 IoCs
  • Queries information about active data network 1 TTPs 1 IoCs
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

Processes

  • com.systemservice
    1⤵
    • Acquires the wake lock
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:5049

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events

    Filesize

    56KB

    MD5

    917f443afb0942442b4a4a4abea1b39e

    SHA1

    8025964d78dbf6ed85e9089eaefff7d2d7f90b18

    SHA256

    bda4d9f9e351414b2d482338f291bbd96a66c306824af5511ea235901748f7e8

    SHA512

    0b1a411027d115bad83274c9b253387077c845d57c8bec6d247cfda412b50c8ae9226042c75be57fb4fdc7e928adb60c11f124ac6880df03ca760f88e4751500

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

    Filesize

    512B

    MD5

    d6b0ad76e321945cad9d10100d3f949a

    SHA1

    2efc06821f2be0a17d359bf002c3540e76741032

    SHA256

    fe3b899b94326b9b54b466c76948d5dc5faaf5042d4bfabb42fcd5aa2cbab22f

    SHA512

    120780c909ca931cbb3a3671c0f2f93bb53b242a59a83ae23369c5bb9ac2d0a1d597794387d71c6f8eb667d747b511f49e46eb741a55fe01fd39ff54778c6340

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

    Filesize

    8KB

    MD5

    0e5c45bdfff9eaeb1620643cab17104c

    SHA1

    4ba8e3c287576b97006d5fb1c0d9254da9568fee

    SHA256

    f1554143ce225c15daa5496577fb4f1bca562b7b6ce092acb7ab5efbe9712479

    SHA512

    43035a8795c2c1ef01ba95f4ea8bea80ac06c9cd6afb544da2127a487fc23efa52674cece96dc1c578f15d78120e5eba41e681b6d49cb328be015ca86d9e7e39

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

    Filesize

    8KB

    MD5

    799d26a0f5593276920ebb660d9cde39

    SHA1

    9225ca94c5459f7aed985d815e5892d9abf816e1

    SHA256

    7cecdfd8d12d3c2a6703170b919013015bab25db7885ac0470b1364f4e27e550

    SHA512

    8edec0f0ad546cb67e7f608da72eaa86bb0f35db6f814e6d2cba226a6c709a99a3df10919ad5bb9cc6c6fda24e6db952c68e7d001adedd3a0f1be8a94a80a40c

  • /data/data/com.systemservice/databases/core.db

    Filesize

    36KB

    MD5

    045489a0639eee27bca52f48828cd93d

    SHA1

    436e7966e7c019273c44faa4d8c5709b816dfda3

    SHA256

    0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

    SHA512

    c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    eb52a90bb70b76e946b62f50b6f7fb85

    SHA1

    42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0

    SHA256

    48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4

    SHA512

    b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    beb1c500133214538edf64d9265063d0

    SHA1

    553aba5f1de952d0fe00a44961df90a6c5c76763

    SHA256

    77a47fa3fad168df35f28acedf22dfa87338be2f705f62a2e6da391e1355d045

    SHA512

    f3a6bcfe0c38f4f0d99275748805d84c4264867f076ff78a9bedf4e15223dc3d9437cbb7dddbc7da0e16ec92b59728874d54a10951e343d7aceea8dc8d4d03f4

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    8ea3257812bae77d5364c5dea91f52a8

    SHA1

    4e202b56f3f99f0d394f5b25a05cc487a775e622

    SHA256

    9f62b7edc77d328de6f2e5e986cba6adbaadf758f04d153755e539c9e300a7a3

    SHA512

    e1da46267b93d0a936774b2b4fc5086b57d66255f0e7c72ef412fd59bbae029503dafe33c639bfc58defd1a4c09d22104b635e5b3e70a5de7732aa2ce93d70c9

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    22bcd4aa30acd19e009fc582697065ff

    SHA1

    33ac3a4f658197a797456ed446248accbfac8526

    SHA256

    d5147779b905c83bf03e7814ffd46990b644233f34503c9ed37bf326d57b3284

    SHA512

    6e57466c673632530521799b00fda39fb3a17a9758a80e64b781e71d86ec03cc8fd35e99e6a9371ee6c1d763434f3cafc7f0567f349df819726d200aa4af42f6

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    c02ddb3353748637fde864bd0bd95270

    SHA1

    f006083a46224745b4e8b2dbf92226de28aa6ecd

    SHA256

    a2af5accd277028553a2ccdcc2b6089aeea443a88c10520d36a8f63f52a92033

    SHA512

    5ff40e819504b9161d720e70c55fd258933b3b60b3087fc02535d9420d7e3379bb6359becd3f0c5abebec77fc2af4398e6eff92d09ea218635f3b9e6a7cc5087

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    f871ff700510a56a54fdd56bc41b7541

    SHA1

    481548c8bc3254a00f497140278597b915460c48

    SHA256

    ab18f3bb605f3cbedaffc75b2d5a03fe21ab82179d268331ea907bdcd32c23fa

    SHA512

    12e3d348199566e137f02b63e4c8b4c722aa086128c0f1cea883d512075b8573d40d889d2b4452d9e3d9c02f523716da9775d93750c242a1a2d9e62f50f60fc5

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    512B

    MD5

    019e5e6233cd1896cebbddb595cc7d1d

    SHA1

    a95dc2accf7a4a942bd1db6498a017cb5504a462

    SHA256

    1772f77ff1aad30b704fc34b5cdf76ad3ae4a3528953034e4f0ac99f43e307d5

    SHA512

    07187364b8cd8a5970c6c1014303047b72d35ca52550ff3a6000cef16b46e2837d047425ab0a5a72cb26a49abe7dee883dc99555b6c6be2733d78c9c9f70e89b

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    bf7c59df87d0424b45bae8990f20976a

    SHA1

    c6a6a9e40d3dc6fc58b665c1e8507645a4825f3e

    SHA256

    049d96536bc2b6b5eb497121f391fca25fcae6bcffde1bea8ec955eb6736e761

    SHA512

    37929960fad49fe1ddb93d0b8d976bb3b649e4919916ff332155783561e950f655b6b0ee63b5547f028882cfc070f756dc7dee5a20baea722f1708c126ad3f8a

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    4KB

    MD5

    24cba4c4c5013289ec72d7cfebbddc53

    SHA1

    6c695644f02be81f9f7a0315b1ba0cd8e98a661b

    SHA256

    1f30bed0cd67483488713c888126a6cfaec4ef37c7337faba81e6fff13bc29bc

    SHA512

    ea71ea8c94afc393172a6b7010d933b3c3787f1f5a48e89d4c13bfc2055b4c09a406aaae99be835faa3e22d9ec95af71278a033aed8f698b64036c6ca7337c2f

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    b527f22fdad2583b815910a7212e3ef5

    SHA1

    c7817bc9c2c0e5eda4f5a30ffbc4fa10ef36d30c

    SHA256

    36b28657045b06298d904a9614a25597447ce9653eb9ac83e8b979013ee79662

    SHA512

    665e5983ab140f48f31315d42c27a556ccba3ab943ea81b5833ec9d8350f5001b80d845c1cad40a5a17853d991d05ec1002148f39ab19214c0918f66df28d772

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    364767ee35aed979ad08d3c5cb85e291

    SHA1

    0b0430bede5990857aae26bd0b8c9db8e0d0b4fc

    SHA256

    c920fdaf4e89db785b4a5c9520ffeba49d28ecd20f42b27ea79c3e808d2ac130

    SHA512

    3cdbf9a62a2eaafeccc7cf7ee25e8d75f1666b595cfda0daf148aa0ee2bba769283cfaea5887a3d1b5859f44526ad900d76270d9738c96946b5757b5ec4be6c6

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    97103ab46abe452c9d1518b6e1562774

    SHA1

    ec84a0e5b0a1d4f4c99e3c72ad401a8e98706479

    SHA256

    8a01e5a68bd959f7aa7babe60a3eccc9871ef2cbc09b4a2138645e09325ffa5d

    SHA512

    b2520e3b3254f404fc90639517b978d293a5b24246c64e1e6b20743b0429e7a068c6a576731c40ab006caf1a67752ba99bc9f09c64aac4e25e7f91a1bc80cdbd

  • /data/data/com.systemservice/files/PersistedInstallation2714421439578877158tmp

    Filesize

    90B

    MD5

    4eda514ff7663e9fea3662e4112cf9ae

    SHA1

    dc4abb066ccdf5e659dfea4082a25ac39872ba2d

    SHA256

    6a744065bba24cf4936d5a7e284489561ec4943798a336a45d6ee27a84d37f6a

    SHA512

    f86b29276fafa450d8c700be61404935f72aba9e9d07baf482ea7cec0da7696ac51f72caa65e138495b01b0cab9baf9443f6d9c222ff93613a4bec1fb639f561

  • /data/data/com.systemservice/files/PersistedInstallation7546057655557791672tmp

    Filesize

    554B

    MD5

    4b18fd69e8d0158a71094dfe928d65e6

    SHA1

    6d7372612572987590a5fd27f9ab93e24151f052

    SHA256

    1f30b61de62d3fd20bc07975948852752ccc8ba586e03f9065451486a0d000b6

    SHA512

    61205bf011a2d2c9b4675dc00a377dbcc671736450c80b80413a3816c7b11c57adb7f1b115cd7a0bf38a9f912db121bf5fffb4cd0217a2bfa00de68b3e1aee34

  • /data/data/com.systemservice/log/log4j.txt

    Filesize

    3KB

    MD5

    0d497f3cef23c65a6a6451b983aa7c43

    SHA1

    037d36a677eaadc20f043972ef7c4536556ebd48

    SHA256

    aa10d22886bbb0a5021d6cc6f928a256bb3730c704513da643c47fbb47e7f189

    SHA512

    10eca36f36a2119bc3c4356a258202ca417c4e8b9ddde20183dfab6335c32885f5190561b06af1bf418d264b3968ac7a39797df96faa54c0bc3a03ce1549b2d4