Analysis

  • max time kernel
    16s
  • max time network
    132s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240624-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
  • submitted
    01-10-2024 02:39

General

  • Target

    5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb.apk

  • Size

    3.6MB

  • MD5

    d836feab9d4bf3c6cf086bdc14724c8b

  • SHA1

    c837cf7b181679a0081165e5fe4aa0eb94f748f8

  • SHA256

    5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb

  • SHA512

    8c7801c5f1d8dfda39e0c65bdbea83feb8f217b41b69a245d01dd9e983a6a357c8b0b2be79123bed07e638655fc66ef3a093cc01be68c696ecfea5ab6c692dad

  • SSDEEP

    98304:5s13ZL3Vf6JqeomaMDmQZ75ub8GoRJ6Odp/9hBbW+te6lXhAyHzwI:eTLVf6JumaMiQVWovl9jS+oS4I

Malware Config

Extracted

Family

truthspy

C2

http://protocol-a100.phoneparental.com/protocols

Signatures

Processes

  • com.systemservice
    1⤵
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Queries information about active data network
    PID:4624

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events

    Filesize

    56KB

    MD5

    3382c0278e31970e65e7e810e3f927bb

    SHA1

    4234803644bf13e0c7e191e9b056031092bff50b

    SHA256

    6293f9c71feb054252bcdb2f5381860408ab4f0b4b6da21fe0d2b2da27d12bb0

    SHA512

    f1cb3aa3d41a8860261f03c290fb464d9d72e21dbd2e6379ed251340ff168d03a27c17c58febcf58a84ddc92da73f94bbaa5c3f0d21f64f874250b4ede4bf95a

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

    Filesize

    512B

    MD5

    61b1a7aa72237959ce6286ad10bd9123

    SHA1

    34cb79378bb53d515fbf84d857238f668a7ef123

    SHA256

    9e0154cfc419d71ff0afa69778d5cbdb2d86fe0f1999c09c679155ee5ac4f4b5

    SHA512

    5e9d417923132c0125eb0131e7c8034192b64a7341ba1109e48fccd8cdaa2e7d67d28b7cce4297c49316b08511fca37743ea618538697624d875c1bf499b5b7c

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

    Filesize

    8KB

    MD5

    3291a9cc8b1f67dc54dcd1a7b421fe00

    SHA1

    0796edd0bc7c129ff4175643abec4c1610eee67c

    SHA256

    e0efbacbab4aeea285596de42e9b4e3613cb93cc3af35106b6d713d4075f49eb

    SHA512

    8205a4d5c3865d338bf28f7d26908b7d6d6ae890cf76bfc1a337560a6a92aff96028d11dc15fd7113b4003c1b9c5a883bdf2299550c021304acdb12b0625deb2

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

    Filesize

    8KB

    MD5

    d95d573c27896836acafe1c1f0f4b81c

    SHA1

    3fa4931bf585f89b3041dae5c01cac678845b46f

    SHA256

    b5010566da59a8a31d0b8a37ec1e9c7a689bbcf37f14197efa41e9fd39b149b1

    SHA512

    df4cd940ad76dff75d79ae95df5e147cdccd4d5ffb2ce64bad9f14b5789e06b061ed6023483a6236a9a5610da022518fbf12d184b902f727cab73baf2eb1502e

  • /data/data/com.systemservice/databases/core.db

    Filesize

    36KB

    MD5

    045489a0639eee27bca52f48828cd93d

    SHA1

    436e7966e7c019273c44faa4d8c5709b816dfda3

    SHA256

    0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

    SHA512

    c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    d9cf75fdd1c2292d986f6c3d5d60f2c8

    SHA1

    07ecb1d3a26d952ae5fecf54f36699ab498510b1

    SHA256

    2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a

    SHA512

    442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    2e42a30e31a8448cdb19307559974a39

    SHA1

    e221d4f6e680f605bd64edb5ed973c80dd3d1d43

    SHA256

    31ad04fc712768166dedda6f2f8153600dbacec36614c98a6d15b6d8973aaf7e

    SHA512

    21571bc13dd2a29eac42007d7e972a20afea1ac22f6e88486b1684a02221982cca95827b042d301237df18d0ab7b83c583ff76e04813a84329f9d2b2252af78a

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    983f7543bd14500ed88811db6f416745

    SHA1

    f68f9fad529def44f7fb4dba14ec3aa53f79035a

    SHA256

    45b122ed6ede5ecc0b65699c93406fc295a21c9faddbb6fb16b1b84c634840c4

    SHA512

    d8accd8655c35a6c5efa1ccd9fcc7d19c534bb64a553ac031079bbb2ba1c9f10bdcea5474b62b45f91757a7893f5ea574ac6d1dae428277eaddb6d7242b751d5

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    55e53d459c4f40e89c04704f684e1caa

    SHA1

    68dc15f75e3db75185f6a606a47da7342ef9926b

    SHA256

    0ca33963ec99eed7790ffed828f91fc4d93cc04bc1d8e1ee5635af1a1b653611

    SHA512

    87be3893c59d373cb802a89fe9d5c4ed7cdb4957b474a8159a5ff33b38fb269acaa006c0cf94c162c59aca122794cb860fe42551f827841be14570e4195ebbc4

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    3797e739888c14df40a1b46accfb2404

    SHA1

    d87ecf484398258af74ebadcce87e71fdbed7e23

    SHA256

    862d8e16db9b200e1206b67ee434a8099c74c420ef07c67073c98cb2c48ebd06

    SHA512

    742a89f18ffe6b77315eb73b593825564d84b07560d613f27be4cf34f1000fa5f7cdb7c6482920f5b37a20ef0b3b1a794f0e18711d8cf7d2e634e58900ffb9a0

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    2238195eab25764b61f2d26ef6a720af

    SHA1

    d366efd0cc079f0f87d23c630ec8d99f90541731

    SHA256

    599d63ed390f7e8e81d82b379c9a733ffbf454bfa5843bd0c909737c8d40dfef

    SHA512

    478111185428119bc92f0ffa3b6d88a7c644108c4b1d9b14a53bea1d74278bc78e67752e41d464dd81e3d600de8b7a723d0c7fa0ce920250ffd26977f9fa3470

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    512B

    MD5

    2648c144903f35dfa288b32ffe55174e

    SHA1

    0f55de48a9196192f3f9a2a32c84af24b934ac45

    SHA256

    b7e4516cc51c1f19ea8b6261db0ddda8b1bafd91020383a845ff7444a66008f9

    SHA512

    139847564abbb77113a3d4ad22adcf5a4bee286ea8761910497b478264878d6d9663bfd13f378e6f3a2c1702c24afefdc44806757e18c768604b93f3b751e945

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    b530a8711aadecc1a01117cba1717645

    SHA1

    a6f814eedc159ddeb2df8bfbb53738244e40fd78

    SHA256

    e11523361d1b8f8fd46e8b2a7f79900016d33bccdaa308e1d732f7c31acf7c8f

    SHA512

    ce87247e5c3cdfe374a2b1711c548083f7bed2d74bd3364f9b55c0943a58429fee42c33c202d73795ba8087b326c54a3dcd09a9d681009092e9f90316c1c133a

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    4KB

    MD5

    2ced9d9f4c4024951661ba01b9540d7e

    SHA1

    a678ef428f639d255c194b4a3aaeb2066e177e38

    SHA256

    9545818bcfae35ca484c54bf352d278e58269e4425db8e57fc531b291a827819

    SHA512

    999c0877a222bf485d5e802c162ca396d115a1f5e8d9e0b85a67a4e1ba1f98ea6f594ec77088361662d8e71969457f4b6fb05063622439710077758e6e6f6915

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    067f668cb5d0e2104cbf24d4eb5ecebc

    SHA1

    86fd73365e08e9644c9b739beb96d2921ff75ab0

    SHA256

    9fb3121885700f1145df57be228b3b9e2a051186789a4685906f38c68121c5a4

    SHA512

    742d3f1ba6fab69344bd20c2b1f29e50ce221b94f66ed7ef0d30473c955eb3cb9dc863e7e84272a850fbd82e2ba1e8d8d11ca6b04f9aee033b405e31df096699

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    3b092029f896f7e8da113ea129786c62

    SHA1

    5c3ac7f6f8ef30b908d1952e04dcbe0c57415ec1

    SHA256

    c375ee808bd4ef9e6c04e2a87f92b13f4a6c6d41d4a799c859c0e3bdefc1f959

    SHA512

    fbc756d177fbf15bab7fac6d4ed6be9677dfa5950fa60c1d1804b9c218137876b2d79a1183e1dbf19391e61a679f82184baa81e4e7444097f02b57552011e720

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    a9b7075ebf53d3996e64c2a226741469

    SHA1

    dbb19e82590ca33c7573a77c639fc995f9a4ff5b

    SHA256

    9f7e745616b8413d0cf54d0406ac652d4af1d44830de49de5e2a2f112e4c4c78

    SHA512

    bfae99f8eef1df35a534caac697f41d6e970d09ea1e13a4282cb72f807285a89b6f35f513c8662dba4cba1261b580eba0d65d19593828295cdc1cdc69a044b82

  • /data/data/com.systemservice/files/PersistedInstallation7401923912872756146tmp

    Filesize

    556B

    MD5

    9b7e6d213add8ed04cc8acf3949d042c

    SHA1

    23b02b965c26c43e4ad668cd064c7e8a3f5ba839

    SHA256

    e84996ac8a90702030de53a692b79de723eb957c27de412eae8c5c1d1281f85f

    SHA512

    f267dd5da34d614af14354c93dc3c45c79b723453eac4fb4dff04c7f2bdb5c6a6269ca01d23b1603998b24d55bc65c183d4410011fc5d7049c81f14ba9a92eff

  • /data/data/com.systemservice/files/PersistedInstallation7928678882459483363tmp

    Filesize

    90B

    MD5

    e357313498ad34e47e47e7c27676ab58

    SHA1

    a1feb60c0f39aec36f58c54bd7c9412e8364f12a

    SHA256

    cc0f9f0ce3941076bb4285b9ee804e4e8c46db767205192d2cbcdf06f88b44f1

    SHA512

    48afe6081e91b849bd531fc5aba5a25f1f39a2963e5d61534b026f3a4f379a827707345152cb5ddf23f2c5ad90124efdf1b533cda4a664c15f97e75fe730d9c8

  • /data/data/com.systemservice/log/log4j.txt

    Filesize

    3KB

    MD5

    6bdecd020fac8bb4cb9e662e163c5144

    SHA1

    41bea5779bc15bdb784d40be0d3796ad814ebc47

    SHA256

    e7d0d7a37da872d04fc595e70e0855c204e7ceb4b96b81cfda9f61e3e6e6e3eb

    SHA512

    c723495e73df0f7c302f2666de340028322d5c0750be2554abea0648ac622f88641a814e058dc9a203503936ab2bb557be92102fe286a050f3d202f6b96beca0