Analysis

  • max time kernel
    19s
  • max time network
    152s
  • platform
    android-13_x64
  • resource
    android-33-x64-arm64-20240910-en
  • resource tags

    arch:arm64arch:x64arch:x86image:android-33-x64-arm64-20240910-enlocale:en-usos:android-13-x64system
  • submitted
    24-09-2024 02:39

General

  • Target

    5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb.apk

  • Size

    3.6MB

  • MD5

    d836feab9d4bf3c6cf086bdc14724c8b

  • SHA1

    c837cf7b181679a0081165e5fe4aa0eb94f748f8

  • SHA256

    5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb

  • SHA512

    8c7801c5f1d8dfda39e0c65bdbea83feb8f217b41b69a245d01dd9e983a6a357c8b0b2be79123bed07e638655fc66ef3a093cc01be68c696ecfea5ab6c692dad

  • SSDEEP

    98304:5s13ZL3Vf6JqeomaMDmQZ75ub8GoRJ6Odp/9hBbW+te6lXhAyHzwI:eTLVf6JumaMiQVWovl9jS+oS4I

Malware Config

Extracted

Family

truthspy

C2

http://protocol-a100.phoneparental.com/protocols

Signatures

Processes

  • com.systemservice
    1⤵
    • Acquires the wake lock
    • Queries information about active data network
    PID:4497

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events

    Filesize

    56KB

    MD5

    20fbb1ee4b54e7580f3419b766b3e5c9

    SHA1

    b8df2540fe9da75f5bfca02b113adedc67d2caa0

    SHA256

    17c1dea8b7df29f547d388edc0b1f2c194e3bfdfb34ef84c4fca5e4f73fa0c39

    SHA512

    193f3b5f4b0033cf06d0c57bb0e182f50a8c56c883c7a17d0af6a5892848e635b6b21362a70f8db9db944972bae1952d1aaba5876e7a0ef2949e792b9cd30f5c

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

    Filesize

    512B

    MD5

    cf5cb71781327d7daeffa7466460abd3

    SHA1

    57f3f7f1de994d3181ce0c2401443469a57b923a

    SHA256

    5212a35e9963c5529413d517f1c8323f7cd601f207ae02137d312d29e95ea1bc

    SHA512

    4ab4aff135ebe28026fb382f7f82e6360ab20e3c1896eb366082df6b0c996cabeccc926ee7de86c1e96f6b84d9cea64ae9d8a502debaf3a6b27ee91e59416cef

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

    Filesize

    8KB

    MD5

    094e091a7393a79f9bc2efe9c9c6beaa

    SHA1

    909c8fa08199fe25f9d1d5470cbe5a1ee0ac7beb

    SHA256

    c1b23e7ae2e0adebd88d1fdd3336e22cb59fdc1eb81ceb419e6ef8f1cbabbf18

    SHA512

    c84a17729be43821e514cafc09c643309a36e07fdaaac375dc75695c25c21f65bc3b93975513046afb7f6fec40a23ecb954141eba1aa2b37e211d6ee274a0692

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

    Filesize

    8KB

    MD5

    185bf9c1ef921f42df0c33e3a16f3764

    SHA1

    3a2fe65e7acea628ca09bbe1c29e79e1edb36dfe

    SHA256

    dc9f4a976d94d1eba83175aaf50e6017f7826290212ae96ea5c91416d48b8b0a

    SHA512

    f60f1cab2cee035842ce3c65390dda066112945c7516a91d2fda45f0c431e26f7e4bca57d649fa0cdd0e5e44ac33d47b001c23efc3273a3818bc3c32fad5ec12

  • /data/data/com.systemservice/databases/core.db

    Filesize

    36KB

    MD5

    045489a0639eee27bca52f48828cd93d

    SHA1

    436e7966e7c019273c44faa4d8c5709b816dfda3

    SHA256

    0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

    SHA512

    c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    62ad4a05cbdca7f47b3206b7dbda487f

    SHA1

    4f4044cef7b7b1e5c6184ed9025267fc92bf0cd3

    SHA256

    18b909096c7c61d51ab076ae8e562effb0d4ada28e2a4ecd0e6b88ef58f6b2a6

    SHA512

    0936531ed1b2b356a247123200739a43cfc765469ab47a424dcd6e3d1176092a212b0a28591d07f8c2d0cc9d2e0eeddfcea8dde314c2f9343783c61075b071a6

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    0a7c874d4fc8c8a00345c8ac8502d448

    SHA1

    e50bf02eaff8fdb8d5a8195ce87757ba09096538

    SHA256

    bc1130f1769ee06e6161e652df8857c6ea2901c0f59b0b98ace81a9002740882

    SHA512

    8f85950bfdae7452d03c0a7a2caeec4636c1fc605a733f147b9290c7f786a344fbfa45143531410c84eecbdaf8b076c9658a1f879685b6304814e985fdbd54f9

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    1699739ceb5be95194a0042b513909a1

    SHA1

    1b39567f673dc8b5b65cc2a2c6f7a6109421734a

    SHA256

    b77495452422782b38223f82f6a1b310ca8d7ff22ef91b638a7f95b43702b2fa

    SHA512

    d29bd97c76dd9f9d00376fc63ee3a5b79dcfa3e9151b47f3dd94a89ec2448c0c6863e8d1c139274041985e04e743b273905fb622681fdf72b8d13ffb399405c0

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    56256db3c94143d1a8089926953cdcdf

    SHA1

    4e17ec0f2301e5639073c9ac4cf2062cb6eaf65f

    SHA256

    77f4eb9e43e98128d949c7f7cb6b1721fb5b5388da828a8a7d85264862bfee9f

    SHA512

    dc373dff0ec9b5752b4f1776aee1988f94928f763362abed5838bf36bf21823f98aee0413e3c61595df16cbeb7391a2b17ab5054e6afbfea398a08c88f937214

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    22ae8d5afac026d612f8e6ac58511049

    SHA1

    22c23adc1e7bf1c5b014215c28ff54d2548b4ebd

    SHA256

    c424b9d260d9f9f0c3bb0047359fcb9a318543069eba2ca7676e5ee704323c87

    SHA512

    649cf1be760c183c292989a6e31db233b81263ff9002fc12cac183f544665566e54aa3146ec96b80e7cbe7d27b126475eea51000d6c4dce9cecf486a60185d44

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    e3f13c7d7678604e5b293f6672bc0ed1

    SHA1

    b16c998ac7ca1db79cd4983b207a292ac1d96e21

    SHA256

    486eb5bec4ec277ea7b334a0d0e431e5e62881d3462903e8294640edbe96b2e3

    SHA512

    b63bab85a373912587e78dfc9daf8b4168a223c7af08fb87de8140d66b9f35042052d2d25694e4ea7c9f2064107e5471318b6dcec39c4e3dc0aa352627fa09f4

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    512B

    MD5

    e1847ff3779cad7f7fb7436fec4916ac

    SHA1

    c0b208c216ff52cd86eee15b2eb2dd143f969548

    SHA256

    d710ef9f8e92a578d837103e15bf9ef9642567f0b9019da96363fb9cd387b40b

    SHA512

    579bad681407d4f17ba9d7052e341ee630f7c2951040f687a21b657a67d19a98623deb6df3c607cc28b3a1615291606e6882e6c25730554ec4ed02c83d92ed58

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    dc9e5fec9aa8f99ddb79f44d819864ac

    SHA1

    0d6e1c015c1d293b961310fdc676ad4d1983b71b

    SHA256

    47d404991ffa7d62cb5b47884558b5e8acc7c61f8a40e85d48fd171a2473b238

    SHA512

    2d50ac1228a074e77bd9ee74cce6c3e2546a37b3e9c6c24a68b132e3cf71de8e9582ee3ecf2f19793ee6a5999915c83a406750da757a31549d822baf8825daab

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    4KB

    MD5

    69e8dc398a44f51b7b2b1264463f3e58

    SHA1

    5e6101088e7bb54c47514d041487ece8e622a570

    SHA256

    f7ac82c49b1682258b59614acafb2f92b83a807dd7fb8401c2f4bc534ce0ea13

    SHA512

    b0548af0834e40bf911fad30839128f840455a8b8f625712e8ab5f95083df007ea4452d3108927790ecc59ce29e49250d711defe5b435f155916a61f123bd91c

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    42579ef216802c9fce0a85d116e90851

    SHA1

    b20989dd5fa19fbb1ff7ee3cba5fa4a0e2045bf0

    SHA256

    84a75d60e6b711b3162e63a046f4408e00c4ac9602421a014ead826ce091dc38

    SHA512

    6701ed7ba085bd6d0d290d1b80c3a58497d4e9a8787bfea47c18aabe0911f246708572cbcbac861573ecb04a5c72a23e84c8a2a6eeace3220b0c653d0273566d

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    25820d58517fdba01203fe4789276377

    SHA1

    9b15fd4bea43ed978b8e4d4c72a580d1a576f70c

    SHA256

    8b8d205e25124e66e8deb49f764ec11087fc24d3ec62a48889239f2b5c7de5ab

    SHA512

    887ce6e08b0f708a8371151af15e9a3c620df886a61fac8e2f11f3de6e91885577b2fe336c99b05392ade3a8c288e4925a20f1e09d86a676de051d35f6bb3219

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    a44944dad396282e026f8488b93c5ee0

    SHA1

    afb779d0cc638d3d03dce6722fc8b0ab7bfbc241

    SHA256

    135382bad59a8917d002f2da8819bb39bd803da076a508a2527a9a5b7d097dea

    SHA512

    855add2d2221f07630299a7b5e5c6e58363b055aafde2d8d2611fb35895bbe063d32970b45782511b499938a78736f8f640e1e91891377d9bf07e2f53dd90c84

  • /data/data/com.systemservice/files/PersistedInstallation4762595498903653642tmp

    Filesize

    90B

    MD5

    c58f926884951e95f88976a25ccdc52d

    SHA1

    1b65f58dc25595f03980bb0335934ca53366c195

    SHA256

    36b3a0ded474a609a8a259705dab0192dee78b9a7e86b4fbbda739800e5c37cd

    SHA512

    cc745e62c021d1e7cf79cf577afb7ba50963d6f001f186f9ea5655661bb9ded0fef671ca887ce635fc89676f9c4615c1b5f6f114590c8432e5dfb7a17fc6681b

  • /data/data/com.systemservice/files/PersistedInstallation5798838966742042489tmp

    Filesize

    556B

    MD5

    ed6153228da18f7d1bcb5f59617d52a3

    SHA1

    cedcc6b154d4a5e4b3e2216d7a2dcd60548920a8

    SHA256

    f7f2d464035da1c6defb97ef63772bd0eaaafec065f17a7de29205e7dc6a70a0

    SHA512

    5372e63ea991eee398675146f5fada1f9ec611f7a014662b83f7006a6c52e9480dff0b134f279647d8deae3046a41303a8fde3e0256471eb9fca051fcc82afad

  • /data/data/com.systemservice/log/log4j.txt

    Filesize

    3KB

    MD5

    8046e10865eb7e822fa43212917bce48

    SHA1

    3804110c0713654c2fc842264276ac8be9660a4c

    SHA256

    d444b226667fa9c65095363f097454fc8c0334222068e3ee457e32f63a676247

    SHA512

    8687a7cfc2c0fb618bdaea1167c5e30f4499122765fd8abb98721036599fe04433475995c6b89a900933a1126abae97248c2042ac0da298ad951582a4d5d284a