Analysis

  • max time kernel
    20s
  • max time network
    134s
  • platform
    android_x64
  • resource
    android-33-x64-arm64-20240624-en
  • resource tags

    androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system
  • submitted
    26-09-2024 02:22

General

  • Target

    2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc.apk

  • Size

    3.6MB

  • MD5

    39fa2c58237de702fc3458251f358cab

  • SHA1

    16e4e5003046f5d07a0fb1eff0dad56d9ce53be3

  • SHA256

    2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc

  • SHA512

    023b77900582d0b6629d587f7411ce5153124cd3870b9533cf9afc5304b874e4353d8dabb7adf8a199768992123e707bc6a87ee682463c3bdccecc8a060e7126

  • SSDEEP

    98304:kyHTjmHgJcyw+WoeX89z6Odp/9hBbW+te6lXhAyHmz:k+jmKcyPsXMl9jS+oSc

Malware Config

Extracted

Family

truthspy

C2

http://protocol-a100.phoneparental.com/protocols

Signatures

Processes

  • com.systemservice
    1⤵
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Queries information about active data network
    PID:4353

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events

    Filesize

    56KB

    MD5

    830aacbee760d6c0c26d180143ee7066

    SHA1

    88aafe1da4e6528ac9c10e10d1f1b311206c9e0f

    SHA256

    8f9f862029dd63deac63c22d710f99cfadf4836d9d116a0ad09dc4e7d497dc94

    SHA512

    2d2144d940b2e791bb0ed92bb98dfb02bdbbe2c1d0e38b3cfdc905fb50a87264e1b832c4ed8ad866b319190a5266995bff13a08982264aeefc5239afdf063fff

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

    Filesize

    512B

    MD5

    611d411078413f29718af20db78a31b0

    SHA1

    de593916bc754bf8d804010e4fa897f399e1ea5c

    SHA256

    8b0e52f88b5ba9265dfc287fcf904040dd8963c8e54aa0bd08e28da13467eee9

    SHA512

    89e622b81c5abea4d2a44a42577d75801b6b48d7932d454af03027dff2e1e2cd8b28bd10b46cb4cdef98108acdff586c057b25f816a88b5499cde6ecf7dbc4ff

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

    Filesize

    8KB

    MD5

    8525898feea89ef2e34f99a6c4354b8f

    SHA1

    4fd5f3c64370ef7fec07d6a16b48eeb3488898e0

    SHA256

    7af2dc6602a2ab6c2388e58aec20eef4416d899531490bd113ad1fb1f807e984

    SHA512

    8a277a2ed0ed49cda94a85c78801b178b5be028e2ba9742c99c515363eb73167ee373683a4831258f695fede2fdea673c24323224485eb01cb774fa1d5bf6446

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

    Filesize

    8KB

    MD5

    639c5a1877023dbbacc3be16feaa3f60

    SHA1

    47fa5e893a3644ebbc737ee879c99bd6f98eba3d

    SHA256

    80bc9be633c16c21a688673a6b5d25eea5ed8ed1c37fc3a16ebf66ef91d3897f

    SHA512

    d17749547a6b3ea38b3dfe2026c88ef539312bd788385f4e2caa8ea0e636b651f8777f3d25ead78721d9aeab4280c1fbb364c1114826efd7f375996e77110f1a

  • /data/data/com.systemservice/databases/core.db

    Filesize

    36KB

    MD5

    045489a0639eee27bca52f48828cd93d

    SHA1

    436e7966e7c019273c44faa4d8c5709b816dfda3

    SHA256

    0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

    SHA512

    c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    62ad4a05cbdca7f47b3206b7dbda487f

    SHA1

    4f4044cef7b7b1e5c6184ed9025267fc92bf0cd3

    SHA256

    18b909096c7c61d51ab076ae8e562effb0d4ada28e2a4ecd0e6b88ef58f6b2a6

    SHA512

    0936531ed1b2b356a247123200739a43cfc765469ab47a424dcd6e3d1176092a212b0a28591d07f8c2d0cc9d2e0eeddfcea8dde314c2f9343783c61075b071a6

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    2a083a69524984c8ba77ae5949ae1117

    SHA1

    ad240cc7898e46d812f96b376b548545252e2b7b

    SHA256

    b56ad4a37adb7268a35a8bd4ec1e0e19aa1c689767bf262ed92cac3e90718863

    SHA512

    5fabf32e8377a0a4ce2dd6e9b7bf5356ee68e36f1688aa486b714d761a060fd84068c6a27d5de533ddb081c04464ab22f98de75e214fd45666275c2f13d8b8e2

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    f54e407644b29b1aa15e3f6b28dc41fd

    SHA1

    e12b182257c7087cf1d716c5ff8f147280e25d54

    SHA256

    a4e909a12c38f6bbce48de3dcb2a05f79c8793dbbf569d3aa32ac7c5218a2ccd

    SHA512

    0180f73d1d750f88d2862fb57af73ace1cb0c13a84bd6fc5b0d388956716c0c248f0182e5e89ad90ea51c8445d2f6e6a06a6071fd300a82de31d073f786dacf6

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    2ab04569ef06d07c13186a23fbdf00a8

    SHA1

    8d0b3076fc9c17449d82d06fa96d9a8758b3f432

    SHA256

    a10245fcfb6bfcd8b1a7af0f7c595129b9aa18e37277e8163ba197e76fa76b08

    SHA512

    afef4961a6b56fc139e5be602bd1e53f356c961657fb637b6ac8da0c0c2e1f265964eb72b1764b29824bffe95fe73eb6119af9599fde5851259db715b605a58b

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    a058fe2ca4327824e5b14d9ad3e5ea47

    SHA1

    a9c2a6fef99968e521d2c1e1869f949dfd8e24d2

    SHA256

    66545bbc3c9a34dbcc0ead13c96605b829617b644e7f8c8f5fa58a613bf7a8b4

    SHA512

    78bfde1d2ea20697571ad6194d84de39bab67a55095a5fa29e7e4ad30b64fb3292deca55e4b43b4cd0775f5f84e985e0d0b1d7485bfc79e053484c5aa351d400

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    e3f13c7d7678604e5b293f6672bc0ed1

    SHA1

    b16c998ac7ca1db79cd4983b207a292ac1d96e21

    SHA256

    486eb5bec4ec277ea7b334a0d0e431e5e62881d3462903e8294640edbe96b2e3

    SHA512

    b63bab85a373912587e78dfc9daf8b4168a223c7af08fb87de8140d66b9f35042052d2d25694e4ea7c9f2064107e5471318b6dcec39c4e3dc0aa352627fa09f4

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    512B

    MD5

    59eabbfab183832844a169e011f06279

    SHA1

    2a7a8e31bba7204e6f0d0ea9257e375ec233531a

    SHA256

    6d0dfeebcd2a94855270d756f087772b9c88e6cd6041dd056d818ae7def205e4

    SHA512

    6a01805cc7c94f9bf1be12a934f5a6c1c027d20331246508d8d0da718f9c2431c98b0447232170ca7e3218c89ea8889a38d3cdf9bca07045d4f62e65688acf4b

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    a9fc12c1de86a0614bf11d41c6707299

    SHA1

    16aab59be4dfc3d768b897755c027b21df98eb8e

    SHA256

    b5c46d47a97df838947ba74efdd4c92495a6109a55ed81c98be8310e185070c6

    SHA512

    8317b61acf5f42b639fa2f817b970be7b9f937fac1649113b8085974a5f1ecff79d3f51d6a51572dc755ee3c7262d25a67819aaed65503a3c34b9fb0596895a0

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    4KB

    MD5

    23d063044b6060e90257ba602b348066

    SHA1

    5b30954af0dfdb8d22725cf3a57b84fa2eacdcbf

    SHA256

    10241fac180dd5f8d55a2ea1e71b5310548747b959d5ebb77e4b8aa2785f249b

    SHA512

    8468d8544849df4e646bb249006f7a1c45fd335748f082ab0d7257100d9d13e5693b02ca8688acd4dc475e633fcd7e86fcd762deeb65d58a6711d72943d54a91

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    c761b5b98652d5572ba66509ebd4239b

    SHA1

    e1cf6cacce1ef4a8c6a7deb5bc80547e3526a47c

    SHA256

    8d87ed58e513f7e2f1a46fc8b46d78f04b5e8e721e7e9fbafc41c110c82326d8

    SHA512

    1961d8c8deec661add2b52c9d40a036b45b6968cbc0d2093c6a703bfb03c641d7a50102b9bfe9dd5a0d971447527ec6a006cd13015ebe0bffc0e4c1d9fe49a6e

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    ca2f9f5f56f2b6f7c97056538ac7f97e

    SHA1

    d21f7d5448a47d262aef47739d4844d3c92a0bea

    SHA256

    e5fb297befb3c950ea7097d232bb461fc0f79505f9e68d983fb53b88b0585e44

    SHA512

    2d9bdca150d7492d29f1200ac265d8baeff93b373993674df6869367ea3d613fa63e3301f43e876aa0961fa861092848bdd58524e3f9f3db32c0d93fd0c0a2ab

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    4319cd7d8ea3b8637de57b529884802c

    SHA1

    7047da2495471dfedac06c220d40a9a061701271

    SHA256

    7891dbf5b1dea71c8e64c16c3bcb31e6e6580e7cf3a346f3a0b61fe459be2af7

    SHA512

    5dcd03b058708891ee6848c14bc3f567eedcca30d2b6b5e921d0f98606dfd591297cf7645588c58ed2df7978aeafa6e8c7a374854f02a9e4461f65a01188bad0

  • /data/data/com.systemservice/files/PersistedInstallation7011336983157241431tmp

    Filesize

    556B

    MD5

    cad2cfed552fee70ef4f4053e8b1d884

    SHA1

    d197d962ee6a3d4b35dea34b69b05969caf235f6

    SHA256

    fea72f6cc69c575795030865bc9301ac778065d04c3fd3e3305f91b5cee8f460

    SHA512

    acfd9778b9f5e076eaa9d1a116b22b8d17d458a42275a97f1bf291b5167149a7509469317405e638b684d461785e791a0d07495fe4a1034fe78933c8a2799781

  • /data/data/com.systemservice/files/PersistedInstallation9076657788836880572tmp

    Filesize

    90B

    MD5

    675d8aedd4e660d50b2eafc754717b39

    SHA1

    2677f1948183b8a5576f0e2992adb45c16b1cb53

    SHA256

    891bee56bb15b9ff10ced52d834880c1975ce5343037d7bec71dc5e19b77619f

    SHA512

    3db980620452235c0fb34d3eb974a625c75813325ec9305e5260b11c429d7247e712c418dc35a6345284404058101872ba7a946f3a986015d3d85bd81f1a165c

  • /data/data/com.systemservice/log/log4j.txt

    Filesize

    3KB

    MD5

    d077a2665dde71d6d21c59d1c49d1438

    SHA1

    3f383f5a9d05f8c4fab2179231830631c93397b9

    SHA256

    43580f06a67964128a44561fbcb51aa14963b2e41b06d14aa91af1845de90bde

    SHA512

    ebcabc7c4216cf821456c8c298396d33baf342be9b73ac0e974d2e8ea9ae27d6950625c1fb92a295d542d5034c9e879a69c431cde2c53d8b8436455141c27abc