Analysis

  • max time kernel
    13s
  • max time network
    151s
  • platform
    android-9_x86
  • resource
    android-x86-arm-20240910-en
  • resource tags

    arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
  • submitted
    24-09-2024 02:38

General

  • Target

    2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc.apk

  • Size

    3.6MB

  • MD5

    39fa2c58237de702fc3458251f358cab

  • SHA1

    16e4e5003046f5d07a0fb1eff0dad56d9ce53be3

  • SHA256

    2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc

  • SHA512

    023b77900582d0b6629d587f7411ce5153124cd3870b9533cf9afc5304b874e4353d8dabb7adf8a199768992123e707bc6a87ee682463c3bdccecc8a060e7126

  • SSDEEP

    98304:kyHTjmHgJcyw+WoeX89z6Odp/9hBbW+te6lXhAyHmz:k+jmKcyPsXMl9jS+oSc

Malware Config

Extracted

Family

truthspy

C2

http://protocol-a100.phoneparental.com/protocols

Signatures

Processes

  • com.systemservice
    1⤵
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Acquires the wake lock
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:4362

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events

    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

    Filesize

    512B

    MD5

    f100146bd644e73ba7389ced848f4d02

    SHA1

    519966706aa5aa41a0f716f16d7fdd8694d86911

    SHA256

    1b4bb17d07b0edc80d60a3bbce0126f0573c4bb102563c815e2448196b0ef239

    SHA512

    e85b8b9ab87c398b666bfd6849162393683ec9d2458978c20961bdd55b7d616316bb62360f8968298007fd1386e23823fc875b8783664802541499555bc802d0

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events-shm

    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events-wal

    Filesize

    68KB

    MD5

    5b12b0b03c4ddcf866b94bb241995a9c

    SHA1

    89ceebb69a018d8deb16df7a38bd44b00af41b5b

    SHA256

    47c52027170d2c4223e658f32e66462fd37fc7f464e107042161c7f6c631e861

    SHA512

    61b44f3c80268a858890ef936726ecb6fe98881c8f0fd64a796ddb75234872f78e2d42cafe0d5a29ff7f0bca18004d27b2cdc3ec3a1296a9789a623b92901c60

  • /data/data/com.systemservice/databases/core.db

    Filesize

    36KB

    MD5

    045489a0639eee27bca52f48828cd93d

    SHA1

    436e7966e7c019273c44faa4d8c5709b816dfda3

    SHA256

    0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

    SHA512

    c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    7237409e0640cfab7bdbd429bf821a3b

    SHA1

    4c3da934842f8d4835dfe2a9c275a300e5123309

    SHA256

    5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

    SHA512

    c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    55bcd38a8d78ab8af4cfb5f69551f8ec

    SHA1

    dbae7a804c8c4f67a2f16f65677978a67326a8cc

    SHA256

    62db997b131a62776af2a9c72c78411bcbd0eeebe003a8f72f36773cede00336

    SHA512

    5200af671b4a15899ee04bc4016246a5eb8318663894d4ed1f1d4210f467c2d2c7f3c6aec6ed35c18a8629d7ab985e834a4f58c3a0d45a02f58242d52d91c52f

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    46a05ac4608024f70b82b00ece244bba

    SHA1

    1a1bd107b5eba587e9d80d6fd3bc57d6fad2c499

    SHA256

    207eeb20c8b23c1803d9d5a0637af1541ab5e5baa9daf38ac962d2a303058942

    SHA512

    1cb66cf2ba04b0a34bf1f5858da07b2809336ee42c5c35bebc78364f43a5fb9df616deac4676d1a11f3ad86a1199e7b71a6564d14c26af1381f4f86f1191b185

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    5d7988fbd8698b3365737f97a263343c

    SHA1

    fb86e86851fbf556c86a23b30b3aa3fc74fe39ca

    SHA256

    206569ade6290cc97613c25769f8283166c2e5b3bc8745455e6f606e294c566d

    SHA512

    6d042f2ab240388ab8e58fe827c72bf8dd46f605c8c597711e2079fc56e0f2f59e8df6f8990687ff6996cb0e39c833f77a222f79e1c2d59f5c2a7bd6d1c8be5c

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    21eb8a3e4f281161e139b2482a9e4bb2

    SHA1

    6902a3419d4eb7f62f9a46930c6cd23c28cf909a

    SHA256

    b2ba94b9d035745f6f522fd0dcf711a81dea09e0e471f38f85c34dbb5d6791fc

    SHA512

    348eb256112c05d1905b83da7b94eac5fbaaaec98b86fe5f6b6c5c235eff874e1c2ebedeaec80d4f56b95adb7282360931f78eba4173418cd19220dccb5f7ac9

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    835cfc7decf507cdc5e54f602e3f9699

    SHA1

    4a55d424cb32e766554672cb2d0b3804fc47552f

    SHA256

    29257dbf2b37d226ace65bd68d001398801235d93ed830a35435bd4bab4de852

    SHA512

    2ab470c2200d97b545693a4cdc661100e46b0299f3d3890773681bc5f22f29eeda6b6a83a5c627fa22119726f3ce78d40021362a3f018a4f3afb4a08476c253d

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    512B

    MD5

    de78eb7f7526ab10d9ef793bee6ecf68

    SHA1

    d761f75f907820d4395948fc97aba0c4e946902f

    SHA256

    02a979e646d3bc6239c2acb51ebe9d13a5482612e0041a15d0fd61a300c68eb9

    SHA512

    9fe581f25ace95ecad08dbddd9dc86e45616bda6253623c8a343c98835e509db48f5521792bb41171461615f1bc89638d993b92e05cd77656817e6f1e017d115

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-wal

    Filesize

    36KB

    MD5

    5f62d453986b0f37ca730df995ef65c2

    SHA1

    a0979485c67919f5e3ab21e69bfe2d1f94857ac5

    SHA256

    4c4ea2e607ff7967d808570bb1de2ecdfc0a5b1a7c64b534ffce3df7eb5a11bd

    SHA512

    7b762d539210b14722a6788ad1905fe9c9b09614cf7dfc4e464051853f5e86c6813c8da3fa057d2b425d3d110ed97aea41e142cbf4747f925e7ecaae2b45629f

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-wal

    Filesize

    4KB

    MD5

    f2c2bc9df2bc1139190a4d48c4dffeaf

    SHA1

    e16f6fe12b8b666c9715fefe89ca2cf89151ec89

    SHA256

    a0c4b499f01c1d0caaacd9962cadbf3988f9f5e6a2fb29b2bde5cc606e0038d6

    SHA512

    cd3dab88fe70e29e73c81ed23a113583eacc2d22be77cd28079d66e07533c5921a1516b2873137d10cafac6666736a0841351da4ea5269da270718bafd77cf2b

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-wal

    Filesize

    4KB

    MD5

    e0900649bee0ec563e5d6ee9f62a393b

    SHA1

    8bca5db9ccf052f7f02eaa2bef8f0d78607e6da0

    SHA256

    29d701cf7780a3bd290a9d959eba6d3364a7576ead6d3a2f536d9602b4c1bec2

    SHA512

    c28b28b9c2be7a8035f6aed15e9ac36aa5995b6bd8b6a047a2a40323a762af467a23f5deac0613901799d456ba9f86e23292f7fdf696b6d8db0b4fb435489ae9

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-wal

    Filesize

    4KB

    MD5

    f270d84c3fc89e38e51091d52a4de699

    SHA1

    d14d6f7f86a96dc73d3f57e5da070cafc09e809a

    SHA256

    707097fb46e3848091a6ee03018c35a981cea9441036a04f12e22a3a5397844b

    SHA512

    10d496c80010513b41f5d56d18b3e60adf113d822d124a8e5fe9838d5e8828fea96c2da079278957413b3ddfa5efb0f20643fa4f36b4e2f2796012fdb4e4de61

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-wal

    Filesize

    4KB

    MD5

    e1ab1a08ff49ba82de5caa5077ed487e

    SHA1

    3066b08aebaf4fbbc3b41fde61b488ccbc40a97a

    SHA256

    219375d6799c0756e3fff02d14aad01a562a2cf3705ce1af04f240572de74d21

    SHA512

    784fb7d9497927b534155da2fe15966058f1bbf66c669c86bf3a852dcd5792f983bdb557b18443a95a0cdf210d3adbb3022274bca8adacd148a4bcf21550c734

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-wal

    Filesize

    4KB

    MD5

    1c98d6b65d17b1ef16801f79d2c0272b

    SHA1

    b8fc4c6b27078728fdfef45b3e139d56525dd35c

    SHA256

    a19213feb06b8a033681f486da8c9fda793584dcc04f0e4f53e55d502da1b539

    SHA512

    b891a5c2517c3504271dfff346e6ad0cb36a2bbaf8e3fa1a651a2075aff1ed9cd0f7fbc39e6dcd3d497f2fb9b5ff0794508d579f17f011b7b20f072084a9fe94

  • /data/data/com.systemservice/files/PersistedInstallation3184291044718280486tmp

    Filesize

    554B

    MD5

    05cd3a5201e3678d2b27132c6485f5a8

    SHA1

    9d3859e29595651d416891eeaa20af27c3494fed

    SHA256

    0cedd42186161ae5c1fd8bb3c43ba8c43b6761963ac68ac3c8ee6f793e245573

    SHA512

    5fdbcc44d6e649b7e22f01f21e78fcfc409ecc47521594afaf470595e90f9f6b7831df73992706d47d8ee21504efb8b16c4dc9f7ae654050d6f2117c3deaed8e

  • /data/data/com.systemservice/files/PersistedInstallation8143304101346151667tmp

    Filesize

    90B

    MD5

    c2320631b8ddfc5efa903de331c18cce

    SHA1

    bcf41cb4255b14e054803d06975ed81a7c119bbb

    SHA256

    5720624a1d79af78f47d9dc73d58d65cdcd0a00cb2165515ff5a2569ca83c6af

    SHA512

    8311d9f026b921034ecb55b13c77ed35468f7b34054aa0a177e69869910e286742db86989db611f0f359317fb05cd68e54aab04b513b0a96b763a2765034879f

  • /data/data/com.systemservice/log/log4j.txt

    Filesize

    6KB

    MD5

    d5f894f11f00b3e61a54625308cceac6

    SHA1

    a2f94699a6acc6e4411d02c4084ca461faa8ef02

    SHA256

    fe8e963dce82a5f3e0aafb9ee2bfbcc5ca339b25c9a3180e645e9d12c1ebe563

    SHA512

    30ad35126e72443799e78d29d2595258fcfcfbb32aa42f01636fecee348ff4b3f19e7e62b5ca80cf5951d7140c8577fc429f9fbbb0f331d812d907c43407e9d8