Analysis

  • max time kernel
    17s
  • max time network
    155s
  • platform
    android_x64
  • resource
    android-x64-20240624-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
  • submitted
    25-09-2024 02:29

General

  • Target

    5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb.apk

  • Size

    3.6MB

  • MD5

    d836feab9d4bf3c6cf086bdc14724c8b

  • SHA1

    c837cf7b181679a0081165e5fe4aa0eb94f748f8

  • SHA256

    5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb

  • SHA512

    8c7801c5f1d8dfda39e0c65bdbea83feb8f217b41b69a245d01dd9e983a6a357c8b0b2be79123bed07e638655fc66ef3a093cc01be68c696ecfea5ab6c692dad

  • SSDEEP

    98304:5s13ZL3Vf6JqeomaMDmQZ75ub8GoRJ6Odp/9hBbW+te6lXhAyHzwI:eTLVf6JumaMiQVWovl9jS+oS4I

Malware Config

Signatures

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
  • Acquires the wake lock 1 IoCs
  • Queries information about active data network 1 TTPs 1 IoCs
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

Processes

  • com.systemservice
    1⤵
    • Acquires the wake lock
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:5060

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events

    Filesize

    56KB

    MD5

    8da3729b4b213aa8462843dfc2fe2b3e

    SHA1

    c9ab46d1f118bb0bb62a87f523744e61f65a54fd

    SHA256

    36be5d3c7527d87b9b660ab7807e24a3c96ba9dec6d05269746d9ab2da49df6d

    SHA512

    486d1e7a5fa3af7e4b1a5d1ae5c92dbb0a53cf968595765efcd62f66d759704162eefdf93eb1ea63f2aee8fc4eeb7ba8d2e7275129a02eead76168f058f65735

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

    Filesize

    512B

    MD5

    80d5f00b393800c79d615758ce439cd4

    SHA1

    eacba63a06e8722eab958505c5a799f3ced2305d

    SHA256

    9948238066ab4cacd18e36196995e6e2dfa5b27ae8ed619772104ac4da71bbaf

    SHA512

    adfb72d6fe5c1f223582a5629df318ae9dabfaba1453b26f06e4c9eb9e36b5f32e9dc9b82dbb0b212d04cc5fe85175ff99a532b3dd0825acba54c96dd5a9bd32

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

    Filesize

    8KB

    MD5

    37a383914504217b6aa952818edd1cec

    SHA1

    dbb7983609d7511eb73699e535d9347ee5e524b0

    SHA256

    b094a5d744319d0552f5ecdb960604f51376e7d8c5eab98df8a6732fb1b853bc

    SHA512

    be215906ba31608b50b938d69bf95d76b1b65c5327126e5af145b8cbdcf27e894656361949be9426f3aa59cee9d6798c88fd201e9bd211338fffee6a39278f0e

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

    Filesize

    8KB

    MD5

    1554cb9da5bdd246641fd66c2f273f65

    SHA1

    46e532cad76b0255a0a8b71cb79589943705af27

    SHA256

    d8e68c4428ef91563251ada77996d5f525c337c4b3cb68e7a976602fe2ae0b80

    SHA512

    98a1a3a96fc867bbd0150d9a2048769c206d377dc4619d6e41fca7e6d59a1e60d2b560204ef31ff95196c1e7d713b1dd0286c00b130bca7009b03987bcf5f673

  • /data/data/com.systemservice/databases/core.db

    Filesize

    36KB

    MD5

    045489a0639eee27bca52f48828cd93d

    SHA1

    436e7966e7c019273c44faa4d8c5709b816dfda3

    SHA256

    0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

    SHA512

    c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    eb52a90bb70b76e946b62f50b6f7fb85

    SHA1

    42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0

    SHA256

    48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4

    SHA512

    b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    a42fceeddab6ce48841072ca2487e017

    SHA1

    cd0f011883699a515897a99d4d4f11fcdc8e7b6b

    SHA256

    dc272473d216686ba672e7b055170b1f5d067f53264c478ba0ce9c301972df2d

    SHA512

    3af15e4932e6add0ed4a7e174df600add687daaefb4b9ac3b6d9d6634ae0f16a674c7f01d746b69b3ba39bfc05ff4d8df1eb3c815a91880d0a61a63e32350295

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    355be8b3cf38abc706f894fb0a582b53

    SHA1

    687e0f9b57ff66abc2f8ceec1679239acb38d58d

    SHA256

    645d10d5abb30bef64902a9e08d0efb5f09785b74b0b24d7cc48ca290fa354c0

    SHA512

    77bd6f20a2d1f9fe7a742ff815ea557edb57a1e5419f9a0df27fca761067c21a049f0daed219671e2ea881e220e3d9c583d7814aec4976acb08cd24a60efdbc6

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    dee5b89f375cf099198a08a4ae4e7499

    SHA1

    7ab4ab33db13fd32ea8c1084fcaf8a660c68925e

    SHA256

    4eaa704db47b1551d26291dc789dca77d47286e4a51f98f4a1f1f75302c3d0b9

    SHA512

    4d0fbb1a5740319bb3042bb19141695e6d81d65b591b5274e28e97c314b626b34e33ef0053859b2aaac6e920355157dbaabf9e7c21d6ed060c785c55f4b673c1

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    1fb548d694b43c3a79eb8703c879c7fd

    SHA1

    c4e6a6d6f71034f6995053cbadb335e16ac56030

    SHA256

    51d0145ea7841418e535b8b75ea431b7f41d01797cd10ecab650115b0cc9c3f6

    SHA512

    2a5a3f0b8311f598d70954fce762f7f463ce8f7878edfb55889f6abb940e91cb98a5f8519f58a05b5f3cb666d491a2d070c6d56a0abfe91f5c75032288b81b14

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    f871ff700510a56a54fdd56bc41b7541

    SHA1

    481548c8bc3254a00f497140278597b915460c48

    SHA256

    ab18f3bb605f3cbedaffc75b2d5a03fe21ab82179d268331ea907bdcd32c23fa

    SHA512

    12e3d348199566e137f02b63e4c8b4c722aa086128c0f1cea883d512075b8573d40d889d2b4452d9e3d9c02f523716da9775d93750c242a1a2d9e62f50f60fc5

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    512B

    MD5

    4f38d95bfa6c9bbf6b302465d89c2cbc

    SHA1

    e06735bd58dd5c49352de54e2ce15e5daa925fbb

    SHA256

    76e10ddfd07898e3bf411cb28d4fa9ae2f882d369cff6cb5c3f7a2e3106370ad

    SHA512

    84fbe767b2767819d355d712e609cac3cc04f8639db3363f290d193d80d0a1f6716de19ed8b3ff6daa3836f3d16d58808d57bb47b7c546e015e7b6c8745bf102

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    616dfad7223fee1ac725002b1931c56a

    SHA1

    f65efd0e4d8a1f2b53a4fb2b4c3a09f0261ad1b2

    SHA256

    9f6749780b94477319af4e4ac4cf622b486d4288c11804dcc1b31af069d962fb

    SHA512

    c2ae8f5a785b755f7844a0b18618f619b8a8ec21b629ee09f94492e6ad206a558dbae443332b6584aba9d805803b617e412cb4c37e465f13af7cc4b2237cbbef

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    4KB

    MD5

    0336be35cab5a690620bfc0a2855df79

    SHA1

    259c30d1d8d3b295483b8b81deff62d4fc5b3b5e

    SHA256

    7367de2ddff0794f219c777bfb178557462ba7065a3783b56715b34e78db6f2e

    SHA512

    5c4ec31cba19a23d329ca7f138a8b2f0ed6b6e8da5748ae867cb96239688fa41b84e59eb15972cc84de921cc9cc59c26c890462336c1a0f6331c5506d68f2bbc

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    72a886188ce3370416fb8fb13f7949b0

    SHA1

    994eb08717c560d785eb369240bfa47073113db6

    SHA256

    245ac6761877d8c00c49895a1d74897c721194bbef80d6615badd09bd41473c4

    SHA512

    d2e6fb895fab9cc49b83a6bf70afac40fdca424c3faee01958908759e778f1e5403dad5221e835963ccc74fd80f32f43073a22a56d6f87b08a082cb77936574c

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    95668be3e674d22da94a74a165810bee

    SHA1

    7812dba00ba1504943745eaea94f134f2facd9f6

    SHA256

    95a85fb2481ab7bb7d301b35e556d7ad65c15fc484bc1d5ebd22b63ddc3d51fc

    SHA512

    183b3ece5380cdac84aa006ef13c9e0a4fca8fdde02c4adb1c0b090ef69fba032bdee1a912e40df1e2aa4ada26b5073502ef098c47a0121b19228da562f0916d

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    901546c28e8eddcc8c0a339361ef9997

    SHA1

    cdf38d7173a4f1c2b59080646c84f850f7699aca

    SHA256

    ef718d4cdc4331ef0e966f26658e82e5473078fefd5537e38672e390c1030fac

    SHA512

    fd3e1f2006024f9d285837ba825529e0a0023574614858fdf845a3c4c85f48b5afbf0ce15ffd39871640a38ad1c1db71172a53c072f9a32b453d13a2c99da8e5

  • /data/data/com.systemservice/files/PersistedInstallation7890023985871393319tmp

    Filesize

    90B

    MD5

    b6c93258912f90c9ec541b000c01e79c

    SHA1

    513cc8a4e2808e098af1560019e141bf8ebeded3

    SHA256

    10dbb33ace2fc634b4c68c1e8ee4301ced88d89b36ed5e29c8bf14e5698703b5

    SHA512

    5a121e1b203fdd0fb334092e8cc2822adf4917303b36cbc84bff69a96d9273d4eb1b6225d894a9b10fcc9b5321047d8db5239f61ed02a07155fb8d1861b17457

  • /data/data/com.systemservice/files/PersistedInstallation8270246414147600520tmp

    Filesize

    556B

    MD5

    8928a23cff887e832dfc8a2576a7fc59

    SHA1

    1578d2b76b747cd97afae50a050f52e113db60e3

    SHA256

    c87e2496f31e5eeca812837a53b192e9716980a9aaf498e7ebb1358b5b7bc7b3

    SHA512

    becd5df048d87f1424d2e5cfa9c82c5d0c1d799c9916b0d572eb291d84e28641311d7d9cf8104beb9553736be7edf6fd005043b000cd70acc502f002b9632edd

  • /data/data/com.systemservice/log/log4j.txt

    Filesize

    6KB

    MD5

    05022337b15da1e9ab60ec1d99fb3390

    SHA1

    336613a07ae08a7c5243ddc0407f02eecf87e86b

    SHA256

    c38d85a16a2b215c9c54a6416cbcbc90fa92a6d42c49b62254ead5bad27308dc

    SHA512

    8e3ce43f30673671f514f84304cb57f0039752dcfc21988e95ee68b1ec4e6d671e91da402e4826e3d22cd98b7b926493ce0406a1b8be8503b3ca7a615667c504