Analysis

  • max time kernel
    18s
  • max time network
    157s
  • platform
    android_x64
  • resource
    android-x64-20240624-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
  • submitted
    02-10-2024 02:38

General

  • Target

    2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc.apk

  • Size

    3.6MB

  • MD5

    39fa2c58237de702fc3458251f358cab

  • SHA1

    16e4e5003046f5d07a0fb1eff0dad56d9ce53be3

  • SHA256

    2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc

  • SHA512

    023b77900582d0b6629d587f7411ce5153124cd3870b9533cf9afc5304b874e4353d8dabb7adf8a199768992123e707bc6a87ee682463c3bdccecc8a060e7126

  • SSDEEP

    98304:kyHTjmHgJcyw+WoeX89z6Odp/9hBbW+te6lXhAyHmz:k+jmKcyPsXMl9jS+oSc

Malware Config

Extracted

Family

truthspy

C2

http://protocol-a100.phoneparental.com/protocols

Signatures

Processes

  • com.systemservice
    1⤵
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:5103

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events

    Filesize

    56KB

    MD5

    3be5bd4b1d4fcbd926cb17d715ead805

    SHA1

    025cb0fb94e07440eb5be0dbae3dd46ccd993d1c

    SHA256

    fbc657a1fdeb6fdd1aa837efa60623d146630cfa144fa2bf15df156c27a76a19

    SHA512

    bab6f1c534d33d6675f3c9107166fb427b9d2793c00853730f65eb2dc90aa54767d934d5c444405310618c4dc74ebdf424945543f14124407ab0bd1407b6ee6b

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

    Filesize

    512B

    MD5

    94fda6fc27eda928be7660fccebde9ad

    SHA1

    bdba4ac5c29c132549961b11bf322e66324fb2db

    SHA256

    ed659eb3735c849b19dde2c5a67fe1174c371a095e9d27b45fafe08c0a7968b6

    SHA512

    c384c6870a59a8ce2f7a5835d7ace07cb5089d622a390d5f1160274fc3749c8d908fcd050ac9bb1b52226dd4baba059df7ae760ecc17aa5cdd5d938d97a507fb

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

    Filesize

    8KB

    MD5

    05fc541913c4b20cb524caa38b3ce1b4

    SHA1

    9d189ca7ee0058bfab79b7066f6dd09734f14aa8

    SHA256

    c8241828cf8cf54a4eaf6a3e12f030435eb9b31d88ad8905f68c96ef43424392

    SHA512

    46fcb55294c382344521b7683dde244d7dfe00d8c876487641f7f378bc25622751e20df9c2d5ccc10bea0a92c0aacfc5e480cfb45884380f9409e9df0d7ce533

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

    Filesize

    8KB

    MD5

    b6517db216e63adf1ecedfdad047793d

    SHA1

    d1c4e84171181f2792d72c0e7a0387841c374b62

    SHA256

    355ef3db0371ad03f988f95d70ebdd791c8cfa3928171bc5055517ee1e8f16b0

    SHA512

    ebc20f997aeceffad8488d327ca4cf995ebd4a8f275d6d52db0fcc69ef2673aa48a7e236e10e05caf0c979d85d0d5c75ff866e4d9d4961c7c5635adb9ac69746

  • /data/data/com.systemservice/databases/core.db

    Filesize

    36KB

    MD5

    045489a0639eee27bca52f48828cd93d

    SHA1

    436e7966e7c019273c44faa4d8c5709b816dfda3

    SHA256

    0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

    SHA512

    c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    eb52a90bb70b76e946b62f50b6f7fb85

    SHA1

    42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0

    SHA256

    48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4

    SHA512

    b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    dcece676a79206b1f19a967a6b1c362c

    SHA1

    777bbdf404091c25d5ef18b71f89c0291e83e875

    SHA256

    6acd7487c9634c85ac2e9103e1d8ee3306f26119ee6b16a20b1fe574ef960fdc

    SHA512

    1fdc2aebd31953ff9c2414ca22004eeb9c3da16169bdc02667ec01ef987b34a4ce3d9fc562bc73fb107e9a2735e874c462feeb4cd1c5ea591a70d07a49629090

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    f31e9e0e26538469d5ad9fcd87002823

    SHA1

    a5aee7854fab90e9b6b27792624ae290363ec463

    SHA256

    8ca44165023e39f95e424ca37fd50e0d63ee02eeadf7db1dc3a36464a8056c85

    SHA512

    def94251dc88d6807dc1b910f844218d4d69f864bfa9380639d1970ec77919547564fba8b22b9f1e44908f93cdba6cbc64256d946913f7ff8696aa4f5b94c052

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    e718b8eb3634b90299dac70751f742ce

    SHA1

    473c20d9980cd037e2b989cd47a1e699f6775b3b

    SHA256

    ebd6cadef2362f5f3f30cbc700f681ea4788a3b35d0f11f0052b058ac1061a9b

    SHA512

    293e23b2a55f00181d6ac67354738cea4f153195d4a55b949285db86937e93aa2e3bd11e035ae92d9a80cac75edc176a9bd3dfdea4a93be7cdf0de8330116990

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    d372136bddcc01765cc285a0ae20f243

    SHA1

    c2bdfd2df3aba0319f77b320b0f6b159f774b04a

    SHA256

    6745ab225c6af016d0b8dd3d6451e272b803442498be0e2c1b1b2c515bd46854

    SHA512

    f9456a0a1708f6452c114b098e5fa92417df3a715a596adf1626f2ac0a39bb6220bbfe97a49e2c367a34b0d6c0020b09ddf99569f273f352c024fd69ad42bcac

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    f871ff700510a56a54fdd56bc41b7541

    SHA1

    481548c8bc3254a00f497140278597b915460c48

    SHA256

    ab18f3bb605f3cbedaffc75b2d5a03fe21ab82179d268331ea907bdcd32c23fa

    SHA512

    12e3d348199566e137f02b63e4c8b4c722aa086128c0f1cea883d512075b8573d40d889d2b4452d9e3d9c02f523716da9775d93750c242a1a2d9e62f50f60fc5

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    512B

    MD5

    c94a9f0931ea60a1c8a1553bb8d31a78

    SHA1

    91b4a4f4869c2ca5c7d9a3f2bea747d34e69546c

    SHA256

    c2b9867d925296b6ca473669ed2e3b1d7b0f1e17bcb79fcf70ff981c33475b55

    SHA512

    9163e9d463bcf80ca66cb601b93b3638064ea699898e165e457b5e661bb6767e12ff3cd538c07c1575b8cf77cbf13160ed5f2f26ebaf09b46abc92fc1accc0ae

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    35d1ef87e271aee0d22b3db1e37aabb6

    SHA1

    2b69fac5815963e8392e8225dfb4be4ea64b56d2

    SHA256

    3b4d7ffb5ceb5770750df98bbc92bbec90f52867a3e6685db9cf8e9770f17f7a

    SHA512

    81b7e10317d0cf5fb43227e479cce5820b6bec28a865d64514d3b4f40a688c2a15f11399a002eae42882ec29cc9006e1577f14f0c83902abcc2d5699533ddd82

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    4KB

    MD5

    0360cbd3f02f44ed5a08d4188713728f

    SHA1

    0fdb55b540cebca46e75461cc6fbbfa134f88a9e

    SHA256

    a42bed791cf56c2ce5f42ce64142901771de61b4317e3a1c030774ae5a746dd6

    SHA512

    54aa44381ba08263284deb562c068ed1061c193378af3ef2a62e18a2dd4b6b0e478370aa33e90a4d241dc10bf6b538a91d0357d4ac701a59fb26571abef9bfbc

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    5ea4c77ef42da34be94a92e00ecfff75

    SHA1

    39320f1d122a3ef593dc909940f77faf3d9ed962

    SHA256

    aa5ff7c322d8312ba0222c97454736e3522d3970dbdaba886c9754b4973fe74c

    SHA512

    d05d172bd73e1437845579a124540ae57869f2ec90d6dda06542cadee3d1e00a1a575c424fcb26661d68fb090916688097ea7c694495b634535448ee95405364

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    f9df4675b7ab28db88ed3e0f31b0924d

    SHA1

    4891a9b68a99094bf9032ae1a4b4da6c3050350f

    SHA256

    009edb5347fee1b532c4ba9535f8fdeffb8e1a184d5690952f2af7478d159059

    SHA512

    5a173222959ec2916118e6dec651044a11cbc59843bcc598ed65a43b297725a476fd4380a098909fc88c02434cffb03cb6e30556b24d8d2e78e24ab90d8e4712

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    a8530ab841d77ae6e5173d6807d9dad7

    SHA1

    bedd83b06185ab179adb90c6b4c00ea34a023b53

    SHA256

    d1c51db9e92aec2a0499190124b15877afc67e1e3429e293847a11da61bda62c

    SHA512

    51170292a412fc2a738ac140b8db50dc5217638ccef9e1644748161bfa6c6187759824399d1b8ebb015384f838d8b360dd7a5294d0b109dfa4deeafb6e7a0c1c

  • /data/data/com.systemservice/files/PersistedInstallation4113036871808617206tmp

    Filesize

    556B

    MD5

    7a53bdaf99652afc8ce1a2b9783508a4

    SHA1

    d78837967ddf784d96ead3b13b0c91681cc426c5

    SHA256

    b5f78739dbdf6d17c794afa90c753883ad390b44fc32d83a229aca983b0069fa

    SHA512

    43198a791f596f8687a2afb032d23d08c7f56a4befd985d39d48d354bd1374e2375802cde4898cbe34786e048b9359e12631b9c0203cd16cfdf5190a681f4656

  • /data/data/com.systemservice/files/PersistedInstallation8792993048105240954tmp

    Filesize

    90B

    MD5

    25a274ccd071aad22ea1d0c2e5cb414b

    SHA1

    9c5d70661fe7f05683bd41d1b590c9993de0b5e3

    SHA256

    1a3397e145702c563adf8b40eba0480c3e5f77c8617b8cc5231e8f8d1a91a436

    SHA512

    88e66ce276e7ff29896bda1986f45cf30ac2b85afe65159421f2eef9abadbaaafc7606f6eb90b65e996d250928c1bd1d5c8bd6d87177a2d76114257338c8f854

  • /data/data/com.systemservice/log/log4j.txt

    Filesize

    3KB

    MD5

    7f6d94b0b4cab888035c2b8a3bc6bc57

    SHA1

    e1f10f2abe382cea3c1ea175ad424754f83a9902

    SHA256

    0693758a9013faf7c60d7063317d3163ab73616eb032de51a0ff5f51493b38b3

    SHA512

    0752f95cf0b04d97f03360b0f2056cb147a49d00e7d37410d698bed094ab772cb78fe59d52d630b21a64fe9350cc1f4d60eb3613bf98d01cbf2dd2e80b4aebd1