Analysis

  • max time kernel
    18s
  • max time network
    156s
  • platform
    android_x64
  • resource
    android-x64-20240624-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
  • submitted
    01-10-2024 02:38

General

  • Target

    2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc.apk

  • Size

    3.6MB

  • MD5

    39fa2c58237de702fc3458251f358cab

  • SHA1

    16e4e5003046f5d07a0fb1eff0dad56d9ce53be3

  • SHA256

    2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc

  • SHA512

    023b77900582d0b6629d587f7411ce5153124cd3870b9533cf9afc5304b874e4353d8dabb7adf8a199768992123e707bc6a87ee682463c3bdccecc8a060e7126

  • SSDEEP

    98304:kyHTjmHgJcyw+WoeX89z6Odp/9hBbW+te6lXhAyHmz:k+jmKcyPsXMl9jS+oSc

Malware Config

Signatures

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
  • Acquires the wake lock 1 IoCs
  • Queries information about active data network 1 TTPs 1 IoCs
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

Processes

  • com.systemservice
    1⤵
    • Acquires the wake lock
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:4925

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events

    Filesize

    56KB

    MD5

    85e834c806a8fe291f1f4218dbfe52df

    SHA1

    4192812cb4585fcf934cbbb2d6fa26f54394dafb

    SHA256

    21afbba2d63652256e32775947d4911aa3fd557a9ca4e5c4c639526bc1e9a408

    SHA512

    0b499a96b5ee8b24576f8aa5092c6e43ee9a35543427b4b150db3437cf1c907e6367aadea60f9ebf5bfe90c1eef2492f3579737adf14be14879737ce201c2f2b

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

    Filesize

    512B

    MD5

    8e96f54f9997034336dfd86c48c6251e

    SHA1

    8eb593bad6054f345d1a72cc8cc1097969c7f825

    SHA256

    09cff1a927033ba6b6deaba3fa12e4cfe3197699d609a79ad3ab6a79867f5aea

    SHA512

    99c0377bb5d6affa1cb030ac1b6f5fc2003136887c636fda07e8652b0ee8c81d1e22bb5eacc7d75ca6841fa983de59623f195096ac8b991e05509d6a1bb71d9d

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

    Filesize

    8KB

    MD5

    839f0a9c9480663be6ffc23a18f860ab

    SHA1

    70cececf8d63ceb817f266032136c8284914d6eb

    SHA256

    77be22264601effcaaf83a889e6a43bdd5e0ee030ad28eab466ff46099e4cb25

    SHA512

    563a8bf89c7dd2e3170de2cc3137e86e60806eb40fe9dbd2f8bb1dc0cb273af592b470992ad6e5f90a4b96c4f262d217640eec88810d9cccfe3498789749dd6c

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

    Filesize

    8KB

    MD5

    6e9737c9c2bae3d54eace43b6973fa28

    SHA1

    6c33c22e6270d12c5c56479b822be0168c2b5c98

    SHA256

    3d88be7d62e710f4352f8f15c2c1b5f88b10f080638c1f636ed6ba2e0df602c0

    SHA512

    7a593854c1b73106ed276af3d5438f934315d865629bb62ded0b2906da35b40252df0a4b2ed7e9893e65d365a33cb12848fd977a5c0d2b753450790c251e4bc4

  • /data/data/com.systemservice/databases/core.db

    Filesize

    36KB

    MD5

    045489a0639eee27bca52f48828cd93d

    SHA1

    436e7966e7c019273c44faa4d8c5709b816dfda3

    SHA256

    0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

    SHA512

    c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    eb52a90bb70b76e946b62f50b6f7fb85

    SHA1

    42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0

    SHA256

    48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4

    SHA512

    b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    2a9b5f5e664762197e1832c1ef52c21e

    SHA1

    9df199e0b8a58f4e1fb7f41c4a1d824e11ebc935

    SHA256

    dbfc8e49a8f26ab4b38c3be2f71cf9582cbb4af1567b38bb787dc6c13155f61a

    SHA512

    ad9299208f69d4f64c0fc346370d1fa30426505b8dc5abd3c6ded44f2fe6f150e536137df38dba5a7e075915553f9fbfa7a1ab8ee86c07e3452bacdac5f54949

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    0d4bf09dcdffbdd4f525e3948bac163f

    SHA1

    2cc4b7d67c201839a5b9bd7afeed0bd27c5f82bd

    SHA256

    462c31957db54cace641520892bffce4d56a947bd37e081cc1ad865781a111fa

    SHA512

    4c6a5fe6e03dbc5fe203f373f44fdfa8c2cba7d2a8197e6eeaf0ea5de446a9131345e2b5d6af5d9b75df173e14a9a4cd05015ec75cb5c3eaef2368d531496245

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    8b7032a3b4b083f244db6dbaa1ac8b90

    SHA1

    dfef015c22c2a0e42cf68f58ef23a548d1fb6eda

    SHA256

    29d8183be954ba446e4d024beae69791f8e6eea9865795a01f6e1fca377525e7

    SHA512

    a5f1cb87382b06275a946779699f292fa4eeded8108726d57134768fbdc071c35d5938028cc4399a00a8da6a8ce774b4d84ae10d1c999b7c5f9cd625349fa84b

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    a753a8990ddd3fab1d431e959c176e70

    SHA1

    acc796e397b05af577f4cf955b9ced1b1db117ec

    SHA256

    db9ebd3620b4e21fe12fb8492c5c9b8efc3d8ca956d74e733aed3e252cca1892

    SHA512

    6ad9346ca4cbbe28f8f7c4ea5bcb9c0d5241b6053bbc8f87b84ebc1e614403815faf8632c55c814817a4f2332559eedd6007ae97455d7facac719767223a0266

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    f871ff700510a56a54fdd56bc41b7541

    SHA1

    481548c8bc3254a00f497140278597b915460c48

    SHA256

    ab18f3bb605f3cbedaffc75b2d5a03fe21ab82179d268331ea907bdcd32c23fa

    SHA512

    12e3d348199566e137f02b63e4c8b4c722aa086128c0f1cea883d512075b8573d40d889d2b4452d9e3d9c02f523716da9775d93750c242a1a2d9e62f50f60fc5

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    512B

    MD5

    4ac575b48be8d3c88df7b1da785384bd

    SHA1

    89fc24fed6b2c006756911396c0d69abd843dd2d

    SHA256

    82189a082bbea9085ab482549a17869536cc1390782e487713a8a8ed357d3ac8

    SHA512

    b7b93058b96fec572dd52d41d3b6af2af7e177587ebc10dbbadc63a1d8be92335845f1f765bd111d32462ce78266457c6da16162eef1053d207d74052a223a7a

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    ff1281ccc3bd12df3730ba47922a0c30

    SHA1

    d0874efe12131bf046ae1a79e52c65be68ccfb4c

    SHA256

    50af87c033d3dc6c77a512c1da8fb3f0e9dfc9bbaa6799e4098af6c305cc76a1

    SHA512

    5f084e9ab6ee5b52f31210f33e5275f50affff3516445dd3eb05dfdf91de91b4188d21fc0e2e069bb35fd9d6ddc21a7a69f15ca16dc66d009210ecbd5816f532

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    4KB

    MD5

    17cab7ff2abe03014e2a3a77891a3d85

    SHA1

    84b33b63d59a4a81164b3a9f4478068032cb91b4

    SHA256

    5b77243714d2ef81489185af923ad9fd65f04a9a42a40575423a1d32672a0051

    SHA512

    eacc608b26a01ab04d377a2634de91e81397183ea5d932a152c2f2cd481cb2168a89d5b8df2e934e1944c33a386a0700e8730deb81c3bb7261bc3576bba2ba9c

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    4c3ffa1da75f7a9111ce94b5fc1fc7ea

    SHA1

    be15d78dfda803def8492a7c663cc0b6665efda0

    SHA256

    f0e7e7c6b239d721fbefe1563aebd45bd42d5d2a710da45bab33da90d3564976

    SHA512

    9abd92d6f6f751d13ea6adf5c2aa751ae7c90c84c09b21ccb4507c352f94225f76d60069df73cc51a55c1c3252f998d0bad7f19e63cc5103beefced013378e34

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    56470a8af7d89d9af1670812bcabc505

    SHA1

    032cd5dd2c28b07667385eadb714c8b2f6f9de3c

    SHA256

    bf14272c11e53003b75d8b30a3f703ab8bba66dcde021b1003bbe88285e12372

    SHA512

    84fc666901a54654e4542b8e385790c56e25ad43a852f7264c9f59d7fe23dce0fe3caccb030b09ab86a61bd4d04871c41122bc129758a86dc0a9f8b863a3005b

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    f8d1415523102cec762ccb8ef33f0c74

    SHA1

    2bd707963cf8a5882859163f3d344a48971a6584

    SHA256

    58f286daa5a644db5c777b99524a2322431a5782bb0bd790606cd7386a9b15eb

    SHA512

    d62da7c8fa472cccb9913b8a39ac5912bab4cf59381ffdeae47715e78087861a4763ce97afc6298a0cd9f7244b98de2f690514e8514730ed416bb1436f5c557a

  • /data/data/com.systemservice/files/PersistedInstallation7796552331584628316tmp

    Filesize

    557B

    MD5

    1a46db438e78a5139ffae0e5fa1366a2

    SHA1

    a658826be6c2f41f9c376911842a99056d41129c

    SHA256

    6905c5319c96788ce26bb48a7ec65e24fa5d3433e05c11529662266ae5f67278

    SHA512

    33cfef997c0af10730a85fbd5e7094c5db898233adebab572f4556ec9ef645ad1ef5867ce7689256336197171c3e4eafec00149b7d1f17de7210bfd449dc52ac

  • /data/data/com.systemservice/files/PersistedInstallation8449023659495722294tmp

    Filesize

    90B

    MD5

    1d05fea6b0543bf62cb068abde220505

    SHA1

    30fce8b8d86beba088f9d2dcc62826fbb2f952c4

    SHA256

    ad0140c14f51eaa75b4e618632828fab625b7e603277df82e914b40bb7c8370f

    SHA512

    f1c3e6b57685e4408b5314c9295f2e24451b945733f3386ba478043a505a01af2def0daf3d55f00244bd03b836448b66f9a9268cc8995becf3091b4f87329122

  • /data/data/com.systemservice/log/log4j.txt

    Filesize

    3KB

    MD5

    8ee61f765504bb2cd646e781557d26e8

    SHA1

    d3a07ce09f34562fde506a1a1aa5043848f1502a

    SHA256

    036106e98f930eb71e071822a223f813389d45e684a7ad09e1e496f85910fb7f

    SHA512

    36b16a84a8ea6ac8606922696d26b7ddc11616ebd735f147b6593f358f9c0724e1ff9d282290bda2e76249001e917766e52a5650a7acc07bd2edd70cd5d0a5e9