Analysis

  • max time kernel
    16s
  • max time network
    156s
  • platform
    android_x64
  • resource
    android-x64-20240624-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
  • submitted
    28-09-2024 02:21

General

  • Target

    2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc.apk

  • Size

    3.6MB

  • MD5

    39fa2c58237de702fc3458251f358cab

  • SHA1

    16e4e5003046f5d07a0fb1eff0dad56d9ce53be3

  • SHA256

    2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc

  • SHA512

    023b77900582d0b6629d587f7411ce5153124cd3870b9533cf9afc5304b874e4353d8dabb7adf8a199768992123e707bc6a87ee682463c3bdccecc8a060e7126

  • SSDEEP

    98304:kyHTjmHgJcyw+WoeX89z6Odp/9hBbW+te6lXhAyHmz:k+jmKcyPsXMl9jS+oSc

Malware Config

Signatures

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
  • Acquires the wake lock 1 IoCs
  • Queries information about active data network 1 TTPs 1 IoCs
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

Processes

  • com.systemservice
    1⤵
    • Acquires the wake lock
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:4992

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events

    Filesize

    56KB

    MD5

    306b6df4fa9a571e4fe3df00e91a2533

    SHA1

    00cc783d056003da21f8d1293790e2c8bc4bf718

    SHA256

    32e4602d9fea6062df5655f7f608e59c7d772ffbdddd833bda862c0c602c6807

    SHA512

    0a9b15a7edf9144ba37d46c348d72f2cb82bfa2ceb9677acb3bf0c5d21dbceecfce9fa0ec2e7e555b6c2ded5242e3d70b5bc1bbbdbed5b8ea956ea91ef90cbf7

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

    Filesize

    512B

    MD5

    81f29826373f189f51e8e03431ed5c37

    SHA1

    2ea388c93e8c474992b00823fc1b8216ad48f473

    SHA256

    aabc5bbca0de641e1af4d6883b72e5df73396c8914ca3e718ebee18b71df7456

    SHA512

    08805654b2b1c5f69be64b793f9999c0d3c5be6db671e644ea97ee2060aab4e72f4e65256aaccc3184542f732c9e0a6b0b93ef85235ce5142a8862aa025e1438

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

    Filesize

    8KB

    MD5

    b4ed860bb10a14ea1b22f642eef126ac

    SHA1

    a6e0c29d1161f19b46a61aa84deddc5669756ddc

    SHA256

    f2e0598bd2e3a1eace0d24e295a011de915ec8e985f8bbe2dbec1360a3ad5f52

    SHA512

    da8fbc39ac2e37b0d9ddff2a7126c96b0323c8f98161c9759acccd75a740a1933745ed9ba5ddede343eb4e2aaadbd90d7e4813324d98b4ac96029e05033b4eb5

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

    Filesize

    8KB

    MD5

    aa0d54a8d68fa5a64ae193dec18183c8

    SHA1

    0a9811d8e166d8a291f25b15ee5f070d5637ba0c

    SHA256

    92d023fed94736d6fedd6980e4f86325c8aa0557f3e614ecacd52910d46d30d6

    SHA512

    9974f90efe9747d189f98fd28efbe5c2f5d50c1671f6912a98b4e265774ca829cd0d2a1d3fa1777abdb79f155c52fec426e3e15a7c53ea63d098e68b3fefe853

  • /data/data/com.systemservice/databases/core.db

    Filesize

    36KB

    MD5

    045489a0639eee27bca52f48828cd93d

    SHA1

    436e7966e7c019273c44faa4d8c5709b816dfda3

    SHA256

    0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

    SHA512

    c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    eb52a90bb70b76e946b62f50b6f7fb85

    SHA1

    42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0

    SHA256

    48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4

    SHA512

    b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    59379e253321ff383bd09a297bbc0348

    SHA1

    e20d94cba94568a0c4bc7e3fe07d3fc4b2770f34

    SHA256

    23a2145a44c204e01b4c69e5bdce1043d1fd82239e26def69df10e6c82548f1a

    SHA512

    bc0b7658794797fe9a7556291f487a7cf8a92abba470282387d3e9da42bfd202a3b4d02587f556d8069e57a9975945d79655852ce3318c9e061413e531a8edb3

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    7a4de70c80cabff843c209d0aeb13f2f

    SHA1

    bd89077b16eb8dc1b01fa1d33893fc65647720a9

    SHA256

    e8fbd79fa0e15bb8ae83639b787fffd688358d51fd0e00d365446838a3c5b3e9

    SHA512

    5f28859e21872f2ea0d9962919fb728eabe5717f2aee3bc5d8d8b905ed897f3f8dd3c8b4889cabe2a7985f4aeed0f61659ef1d85c702e4a6c0a29d3c7d4a61e1

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    ce52a05323c7f74513c8788fa5a91de6

    SHA1

    0ef47537ac5c523178d6c9c648fe1372f0394434

    SHA256

    03763b6c6df570f39f11780f4a7e6f540d2abb5ffb25ff94e5d1653fea414a44

    SHA512

    9d3f7e46b521a32600de258218a84ab214e66a616687de6924cc73aeee2290339a6f344869d35ed5d256f27f650172b3fd91ac201e69f4cfe255062ff142cf88

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    e5d8a7f23288e78e3d6a6d8f445892a7

    SHA1

    b1487bac5ce8051ce4af6a27da0ddf0914d85575

    SHA256

    598875c3b3d63dfb0ecdf7287dfd80f3e4395f128f3563e8d33ddb3f197108c4

    SHA512

    e33090cbd55c9b7e5720590ef48b46b33a646ad1c783c85b5e01561c94cd5adedbe787c4dfea724b1daf7ee3fe9b843204510a16ffe90314c2e83681ff78d0f7

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    f871ff700510a56a54fdd56bc41b7541

    SHA1

    481548c8bc3254a00f497140278597b915460c48

    SHA256

    ab18f3bb605f3cbedaffc75b2d5a03fe21ab82179d268331ea907bdcd32c23fa

    SHA512

    12e3d348199566e137f02b63e4c8b4c722aa086128c0f1cea883d512075b8573d40d889d2b4452d9e3d9c02f523716da9775d93750c242a1a2d9e62f50f60fc5

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    512B

    MD5

    78ab1b2ffb1190a8789c7909199f31f4

    SHA1

    ee6ec98c0e85a58d6939376f067605782533186d

    SHA256

    05f03ae99e8601f55a1f82bcbffa2fbb957240a24547e554079863b8385a5d5c

    SHA512

    e00a273ec1d2cb843f26783e0f89ca4769046d848bd69d226bef9532849717c55c3ec261d4ce4d785bfa65d259ac1d57fd48a24fd56063627ac10d4191ab7a1c

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    74219131d4ed050b4dc5f1c661f912c6

    SHA1

    04d882e09cda5071f4e272732f43b3c7ba5c86ae

    SHA256

    2be567a535dc09ecfc6a31786a7465d499160e55a1b3b07df590096afbf1d485

    SHA512

    68fb47e79dc368f667c7c408e61b78da36577ee6d46a74011691dd83afe3772ed7642973821477388c8201394000c4ce30d633edf1cde2c90e55ea47b5be77ed

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    4KB

    MD5

    ec63080943d4128198c7e6bf009ad455

    SHA1

    47d46220a7c29f6f1ead20ad10e2c8497f6198d7

    SHA256

    1651a2a564bad94014c595521255df3bf7a630ab0408f019dda018c4a2f88bbf

    SHA512

    67893b4bca71f28e776e8e540390cc23f0fe57e805fa7ef6cf2f3b097d4485ec29bd1bf11293f1fa8cb73e2fb4e27a9dfd1c5d7d5e4633745685ec9afb017a91

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    bc018b74944b678359f9bb20463dc577

    SHA1

    3db88b408d8485682af89ebf566258c1edb5d22c

    SHA256

    fd7bb2b38d7d9f591a02b82d6358aa46b7e36dbb9b82148eec66cc4477976a66

    SHA512

    71e5b60649fbca9cc71634528bbc02cff5ab085070603560f443e48c334e12ceb371ea409f5366829c30bd13cf3d6c9cfd35dae61ee539b3ba830c31a16ce652

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    d6c144425354ce822dea567ecd1f1f38

    SHA1

    2b0dd703feda07900bfe8d3ceaf44d03a96ed215

    SHA256

    95b7dec8ef442a5b90589dd3184e59b31b3d6c5ded6e4ab81a8a0a4ffb9745b6

    SHA512

    c6c89364e4db696126c9b5b844a8cc61843a70948f9e4db3eafdbdac899ce9a68fb7778b26327fefa95dbcf4d9a35b0893fd8a4d5f4169b1f1735fffee26dd53

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    2279f4fa4a94cf7bb1e91599c9caf9ee

    SHA1

    5b1cdf32120d9d5d7f3a0b1ce60301183a5b2141

    SHA256

    7866bb528fb494f6220dbc924d3a9c80c29d64412060f382fa7baf164b80fb3c

    SHA512

    998092aec08a53d3f92fe37963df91577fccc04c38dd8cfa5bb70da5440b699c77e16b3a39e78ecd5eeb3f5955080692f6402066de7177af41fdd7c577311ea7

  • /data/data/com.systemservice/files/PersistedInstallation3514750281963694555tmp

    Filesize

    90B

    MD5

    a8386d645100be71dc5d5a858878faf3

    SHA1

    a78bfd98a3df7a11a44ee0e91a1a6b78fe49fb35

    SHA256

    d02e85c61554bd3f3c19a27df955eb9df7b8a31b13e7c52ad078babd8e253a66

    SHA512

    cb7fb607f79e6698c06171554d0b55789360886eb6511f6053c72d31f5ab1f5ec4e28d5f034d13b3a682cd7c64d1b18026a1346154f61db2f2253d1912f175e5

  • /data/data/com.systemservice/files/PersistedInstallation4493107733651200051tmp

    Filesize

    557B

    MD5

    c76dcdb275ec7a95ad4313571f85f9de

    SHA1

    2257251417ceb7ea90e695fda897b59096b7e0bc

    SHA256

    3e88923b94a4d036f8cc23abc71004feb9e23d70052e263f89d5fa98ce625419

    SHA512

    3b49eb45741f5b10fac65d60a1b7f73cd798c1046e779121b1a619e72e66541a804cded581f99f24c2a2a36641757e6cbd6f9c28bad4a9aaaac11201cdb264d2

  • /data/data/com.systemservice/log/log4j.txt

    Filesize

    6KB

    MD5

    b73e6c12c349a15508b80d47ddd7f7fc

    SHA1

    8ae2af18097be64ec3dc39f0e0ce20c8f2a17b77

    SHA256

    97ab5111761ac46fd09eaf2bd3fef233ee00ab2aa20fca2f6a35ed98b406302e

    SHA512

    7d1ba8b3f60f42c4ac83ed6801be9e759e87a9df5a8f6bb36ea7b9218b7e0db9348fda261f43599bb8b4c873af67beaa3e7c6377f76bc8b796c985fe8c56099a