Analysis

  • max time kernel
    17s
  • max time network
    130s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    30-09-2024 02:29

General

  • Target

    2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc.apk

  • Size

    3.6MB

  • MD5

    39fa2c58237de702fc3458251f358cab

  • SHA1

    16e4e5003046f5d07a0fb1eff0dad56d9ce53be3

  • SHA256

    2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc

  • SHA512

    023b77900582d0b6629d587f7411ce5153124cd3870b9533cf9afc5304b874e4353d8dabb7adf8a199768992123e707bc6a87ee682463c3bdccecc8a060e7126

  • SSDEEP

    98304:kyHTjmHgJcyw+WoeX89z6Odp/9hBbW+te6lXhAyHmz:k+jmKcyPsXMl9jS+oSc

Malware Config

Extracted

Family

truthspy

C2

http://protocol-a100.phoneparental.com/protocols

Signatures

Processes

  • com.systemservice
    1⤵
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Acquires the wake lock
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:4263

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events

    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

    Filesize

    512B

    MD5

    12ddde802dd0c9aba4ba9cef1db5ec5c

    SHA1

    32dbdd70b20650dcb6e0466eec4c87c65cdc6fc9

    SHA256

    2642c05d1f5ea7df439d1d6dc0dd6602c37f3a2bff579eeca8ce0d87bfa36894

    SHA512

    2167191a9b543df802d9769d162fc10e1c9ed240393319305055d362538e34275a8e3ddba8c06e3a28bdce9a615bb41d44c791a471af936368cdc1e179767ccb

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events-shm

    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events-wal

    Filesize

    68KB

    MD5

    f15fd059fa7b65c9ac3363a386e3bfad

    SHA1

    ededb4ef452aca4b7f6d69f789c6c94e4ebc6445

    SHA256

    c627d6062de3656f50008da6fb5541f432452f316cceaf8d2d5ca2312fb702d7

    SHA512

    e51560fc52090d4cd1c604fda7a5aeebc22ea541a9073302dd2710c62d3a23f56ea8e7c8edd63c221ce295b135358f3f96c65b6cb58a62d0526c62b4c0fcd06a

  • /data/data/com.systemservice/databases/core.db

    Filesize

    36KB

    MD5

    045489a0639eee27bca52f48828cd93d

    SHA1

    436e7966e7c019273c44faa4d8c5709b816dfda3

    SHA256

    0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

    SHA512

    c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    7237409e0640cfab7bdbd429bf821a3b

    SHA1

    4c3da934842f8d4835dfe2a9c275a300e5123309

    SHA256

    5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

    SHA512

    c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    dc72ed57ad6f6526bd1083d92979a705

    SHA1

    594fe14264e8922c7bb84d8900894d398b2e1459

    SHA256

    77ea8025e8efff611eb8c34d556b8997c0072cd82fa7f484938cb3d233df3921

    SHA512

    cbe83219f8ed1c993f233d3a9c55692fd4838e9310c7e1cc55842566b0df89de1ef622149a29da032247ebd1985a85c08b00ce76f321b23b699bea0f05171ab5

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    d726ee7abd2e6f76c5bb88d83b8fdbf6

    SHA1

    9d0d416ed24a12e12f220cc587cba9b883f61224

    SHA256

    a51a9eb0d2e5ab0706c0daeb0baf91ab863ce8eaa6a4189c340c8d5d9b99aa2c

    SHA512

    ed67f872ac7205deb162ac096b0b7981993d07ddd5339a5d81265740f8a51ae9fc6670216dac11817504dafe70b1c9c31978c3a1c35969c1f1f1aa44a04497f7

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    8a003e231889ea951fd9f393e110ad13

    SHA1

    1d22662d0b8657582df3adb4971dcdbcae921c4e

    SHA256

    ac9a0df5726df11f8ea261e89455b403ec59e7f647e33444a37a2329620af1c3

    SHA512

    5eb02d56df2c814c4344f6a552069a36a2c724724cb4e343985e4e8c48ab5d253d24b02e85de63a6233401fda487f2781c72afa0ec21808752e7bdd26bb86d40

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    e52a0907289e7f5e122c040ddafda8b8

    SHA1

    e4f33c97afc1d36dae5bb0eeb997dd60f648b630

    SHA256

    15b2dfd5e9259714345e9c167bb74683079d672c49ec2e158c858c89278bbe5a

    SHA512

    0ef0c7445538553dbf263aa97b7dca5961814577fe8ba5c6076fc3392f760d6d0cfb5bdffb7f92d575edcbc78bd0799706c65c4ba42f53640e064e85ede57c7f

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    835cfc7decf507cdc5e54f602e3f9699

    SHA1

    4a55d424cb32e766554672cb2d0b3804fc47552f

    SHA256

    29257dbf2b37d226ace65bd68d001398801235d93ed830a35435bd4bab4de852

    SHA512

    2ab470c2200d97b545693a4cdc661100e46b0299f3d3890773681bc5f22f29eeda6b6a83a5c627fa22119726f3ce78d40021362a3f018a4f3afb4a08476c253d

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    512B

    MD5

    775841285945fba26b551f3bf8d4c463

    SHA1

    420470fcf5da73f81661967999fb9a5feb8cd1cf

    SHA256

    6805139cfa65d15e656d9af088229c742b59c43c823e8928d9d4f62b16da2583

    SHA512

    958a564cec4d2e02e201cf66581f0bd872e8d4b014eb75bb83ab3c8b21f63b09d83ec427a28b2a5c63a183ac5932eda00157459172a1c4164da57c9420bcdbb9

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-wal

    Filesize

    36KB

    MD5

    f8c47b279b1649c6ac67608474d85a75

    SHA1

    df7fa6aa5c653a972a0a238e415eb5978780677b

    SHA256

    2fae9641b69c5be4d8fb553d477dffc279972c2be2adbbd2bc5d48a1fc6579d3

    SHA512

    037ff48be95cf063b02d36852a9b01ac17e03dfd729bd0e68a9557ecce8b5185649cd751911b80a74c2866f5e331bf260e577874c60f3c0c5d6542bd492b58bb

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-wal

    Filesize

    4KB

    MD5

    0a2e615ccefced666d010bc8393d6bff

    SHA1

    035e2850aa067ee50540b7a8fd37dd337512082b

    SHA256

    6f64401032c781172b4472581a58e1dacdbb4efcaa92441f324ca5c5679d6872

    SHA512

    f4c634c0b5a17e443c35172434741d2f3e60c1586cad0b065c16b7bc2bd79d29808b7397208c0b50565c64717e8d434ab841be43384dbffdac0c27333a515c17

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-wal

    Filesize

    4KB

    MD5

    e8b302abd6a14ce77f47b689100275d2

    SHA1

    44391815154f0274a791c19949a08bbd44d2c304

    SHA256

    2670ff841eadda9e1a50d1c126745ad2eebc759e9614818bdcc6d9ce8db42197

    SHA512

    c8d4e4d76a76f94ceb0475033bf2b3c30c3aee98f69c2c0f2929884ed11552f5879a192e3aa06c50f5052f60e141ae008bd11e2c15760b927c927b2030289170

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-wal

    Filesize

    4KB

    MD5

    57dd45554b315f39448bb2aeef4a3ca0

    SHA1

    7a8b2813b0ce72ec45b8d80d575ab0cdc4fbcb01

    SHA256

    839405ee527222c35ef458c64eb9a55ef2a05cb7bb3f87d3f0ba74e462c9edd4

    SHA512

    3c6d2462eec2221c109e7b4cea62b702db48d5143e96dd12cceb131644a5d8bcb4630220080000476d0395b658a20a36bcf4163beb4b9d10deefc9d0e3032f9a

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-wal

    Filesize

    4KB

    MD5

    4db964a005a8f07cefb876cf345c13fd

    SHA1

    7b7a991de010d9b20e2d6ef3faed2f58489b8a22

    SHA256

    ee2054078dee8bdf9d88b69a69ab528cfa15e27239ce6a84cb5f394aa9cd7126

    SHA512

    a80f7363bad69fbd5fcf4f2a1ee913635256ccd2a5cbc8e0f00e22405b095dcce095b0545ebdcff30a6b2a06a2b367d8695ec823e697ad0e4ad8b9da40c6212a

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-wal

    Filesize

    4KB

    MD5

    94771d884033ddfbfc48a6603db1e4cb

    SHA1

    dbf99e5d9ebc010c019a43ef2ff3327e4a2f3fa8

    SHA256

    7a51c528c784e3fc0006ba637f73e1fa32793152fcca0772accbc44b369b2475

    SHA512

    bde3e759ef4dc8f022126e8802c26ef8b52bcbb32a2a12f6e8782ada82053c7d137d4648eb42635189f23a51917a3924a4cc62ee2772b3b631d570e26b142248

  • /data/data/com.systemservice/files/PersistedInstallation7114504393088812120tmp

    Filesize

    557B

    MD5

    295777367b33b174540e0beba444a3e9

    SHA1

    41131381e7943629b46e7e7d0e7c621663cd0295

    SHA256

    d4b5b51368504f646a620c828732ca154d0c6e1b35fe58e2e076d78033aa8b5d

    SHA512

    30cfa605e83fa6121951d5b4b405403456c7369261d9753e493758b1eb749a3b689a62cdcb9b07971faeaafbf1bfb458943f3ceb12a30c2c005ba0520d48207c

  • /data/data/com.systemservice/files/PersistedInstallation8557866359329733263tmp

    Filesize

    90B

    MD5

    db1cd5747a944319f6a2bcf9bf47b8e6

    SHA1

    07ac2266a41f1536ceccfe93247e2ad50fbb3c0f

    SHA256

    571607bf4a25cee2c3ccf3c265c8a76db05a70ccb5aafbf1d18d3a8b0ab02352

    SHA512

    e4f3ec6d7d90ae146d57738990812be218ea908e3e057203fe5682a5d048d1d115b7bcc0758c3f7edcfc983e0432131f3e6f7c2f14e73ab0e90f573607a1c5b2

  • /data/data/com.systemservice/log/log4j.txt

    Filesize

    3KB

    MD5

    20a45ae23c3afe2aa0b8e4c6f3c87a6f

    SHA1

    c0c99b4b19aaa03273c82ba4d2b4408007cf6e3e

    SHA256

    1267cd7ce27ad466eea322163185800a8b19cbf8c93a0e80250989da2adc8dc5

    SHA512

    e58cb4e69bef1d542a7889a11b3bae58ef6b391bead7c78d2d7a1fc90e7f2f174e65d2c82102e80331f3532c7a6a119bcbc1230dba24b226341c7745d6900d01