Analysis

  • max time kernel
    18s
  • max time network
    127s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    03-10-2024 02:20

General

  • Target

    2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc.apk

  • Size

    3.6MB

  • MD5

    39fa2c58237de702fc3458251f358cab

  • SHA1

    16e4e5003046f5d07a0fb1eff0dad56d9ce53be3

  • SHA256

    2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc

  • SHA512

    023b77900582d0b6629d587f7411ce5153124cd3870b9533cf9afc5304b874e4353d8dabb7adf8a199768992123e707bc6a87ee682463c3bdccecc8a060e7126

  • SSDEEP

    98304:kyHTjmHgJcyw+WoeX89z6Odp/9hBbW+te6lXhAyHmz:k+jmKcyPsXMl9jS+oSc

Malware Config

Extracted

Family

truthspy

C2

http://protocol-a100.phoneparental.com/protocols

Signatures

Processes

  • com.systemservice
    1⤵
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Acquires the wake lock
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:4237

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events

    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

    Filesize

    512B

    MD5

    3675dd23e9361be0e838d37f6c1e24fa

    SHA1

    e994be3c9387d774c9db9239896a80eaae8146c9

    SHA256

    1b9c90430dcf05bd401a31dff5b3822ffa36159ec76bae77a2d4967d0051dc7a

    SHA512

    4b2aab1c4e624d6150068e5d285d00d846c527e1f896774823d08bf3f8bf41c14c70123812ac55891f170a67fc0a225341ca5b2a8c22e36276a121e433fd2c2e

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events-shm

    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events-wal

    Filesize

    68KB

    MD5

    41a149e105911fd8d3212f79cd03035a

    SHA1

    5eeb6fbf1e1730bf14861d7b0e6562253866b088

    SHA256

    4be85e3771a2efe6624735e23ede6d99717b0a94cb224b6ac2483322032ed937

    SHA512

    83595a14ee2060fd1a63c2fadb02ca5ce23fbfc48e0f725b0041ed3aab67b3050a95954f96bcaa9424165eacdcad0952d1cb4d9e25df3f4cc6ccd8ee8b2187cc

  • /data/data/com.systemservice/databases/core.db

    Filesize

    36KB

    MD5

    045489a0639eee27bca52f48828cd93d

    SHA1

    436e7966e7c019273c44faa4d8c5709b816dfda3

    SHA256

    0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

    SHA512

    c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    7237409e0640cfab7bdbd429bf821a3b

    SHA1

    4c3da934842f8d4835dfe2a9c275a300e5123309

    SHA256

    5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

    SHA512

    c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    5e105c0e78de8e9fe7ac80aef34fe772

    SHA1

    53b89983a98380d3eeefc20c0c97ea7a5c8acdbb

    SHA256

    42e15919f32eda51fc445f18ac50571e230361bf73181de4c1ac98b657f92b09

    SHA512

    dbae7ff9201b7b9202c51b085a47de31f4b37854ef149b6edcf47892a9f1fb69de31b0556748afc7cce9e1533f81e14b7bbde1883d960c97d34f5f7eb899875f

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    c604f4aa7a9a58d8db38b78930237804

    SHA1

    24d70fcfa13c843dff32b1df915323e6ccab1811

    SHA256

    293201795dc91e3220cf58073cc6af15f98c7822ae3586b62f87ff41b989feb1

    SHA512

    2abe33074626383455f9a28f80263d881e19ea7d65eeea49246dafd68a7835f049b615d1debaa386bf1570ac87a651ef42ee9476d475cb367a2c050fd05823bc

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    807ea23ac38b53f3fa12a1ec482ccdd2

    SHA1

    4a950e968027d119e93308503bff9ea2322f65fb

    SHA256

    1cdceb743390a47334c3f0deeacaa0e09b2dfb8ced63847d24b6a898367c09ae

    SHA512

    c6a57dbf40c0bb3885b44922a946b7130ac095d59befea33688d6552eee67467bde5eb80ff0b3e73e88a3152be82a6b86e3441fe0161c21f2f0e1ceb1557934b

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    64c16e66ebacad8d60188620651485a0

    SHA1

    db402d5986675f072ca07292e969bb666822715f

    SHA256

    5fdc1a0c7dddf1f30e8a3c9e97086d9eacb0a0c2045b832b1e467b0030df0c88

    SHA512

    e18c98f1d56f9cfcc3b128a4005aded05bc8d52ec41e676d9830a71a5e02d31e9a869bd71fc43c144494d690bb73bbd18c2ae519db33836a21462c64b82ebdf1

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    835cfc7decf507cdc5e54f602e3f9699

    SHA1

    4a55d424cb32e766554672cb2d0b3804fc47552f

    SHA256

    29257dbf2b37d226ace65bd68d001398801235d93ed830a35435bd4bab4de852

    SHA512

    2ab470c2200d97b545693a4cdc661100e46b0299f3d3890773681bc5f22f29eeda6b6a83a5c627fa22119726f3ce78d40021362a3f018a4f3afb4a08476c253d

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    512B

    MD5

    0aedd5422ed3e35c2cd554a308f5eb40

    SHA1

    1d314c7668aeeb803e0cd78b8c2a0c38acbbaaa1

    SHA256

    bfff0b0f8dc94742c46618bca0562bf469c9e5f2561dec03e13320c823d6a3fa

    SHA512

    183efd511894eeedff99c83782edf4c89200d27bbff1afa5307e6bc645c687f18018ea0af4a266d1e9c69892d3e2ae29daf821017d933e99e572a7d680dc968c

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-wal

    Filesize

    36KB

    MD5

    6fee91279fba82bcdee68f9209c7ceee

    SHA1

    183b7922323287a52a32cc56616ecaadb91bf785

    SHA256

    2558ff5b26a427e9214ffbca6f40d09f95a9969cd3efc54cb5b5eaa415f3f94a

    SHA512

    31edd1f8a4860d892688b119311244f47049dbd3bed0429e75ff6bd1a3e78ee6fe9c8df9a41ff5719862c355856621a75ec427d616c23c7740e47598ba327820

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-wal

    Filesize

    4KB

    MD5

    3484271d0bba69a205834c0904e254fc

    SHA1

    c45dfbd5a016e37106982a3bc938d6eb41ea9f1e

    SHA256

    6ec67b02735c89081c8f16c4d73bc79eb8bb81103c8f4a8f02dd2f93325f1492

    SHA512

    401d97307d0947de88cd3d946c85b68207f3b3154d8acbe742458ae71f00a28ab393dc83ca272afa3b7f9a588866fb0a607d1c72a44ec3824f32cf26e3e0feb6

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-wal

    Filesize

    4KB

    MD5

    e217f53159d8d16caed4e93c96d728be

    SHA1

    4e7a7156de76d62fc13b5bef6f3445ed9066fea7

    SHA256

    ab0ab168d03e3d17c0ccdee36e73d53cb69235f15b41e0795f3cd22807b9f9db

    SHA512

    993ca0c5a6cd961089c69fcb52615e12ee9765e38707960ef3fbbb8d840832fda1d9dc905ce307b192800e5a3dbb918ac9afbb67d1d6677a535609b6e3129e6d

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-wal

    Filesize

    4KB

    MD5

    522aaf9c46eeaed95989f0b82fcc5b5f

    SHA1

    1accc91f398ed626bf18513101d63bfff6a89b48

    SHA256

    45616d2b4feaf2f437b91126ff5816c6b717e0e43d25e27e2d1b3775047ae1c9

    SHA512

    ad588f45d9755636459227e7a62270ff0b5eb82935e56ff3efa2eed35096ed3963655fec879cc94a79999bb957bc49567df73cb1f07c92be75942c984a6eaf9d

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-wal

    Filesize

    4KB

    MD5

    23b3bd6febb23c0eedcf18d37e266311

    SHA1

    7579e0dc363fed368e76b8fd65cab4c196ae8257

    SHA256

    f073b98f95b45d5e85afbd3e4bf81380b509888292816a93b02669ee01ba037a

    SHA512

    c69c713639ca732108c92d62e36cc410d8b71cfed8a8f605f79b3ce93499da84c78af5e736218dc5ca7677c288f413fa56611b68ecbe10abd9cfe954fe9a586f

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-wal

    Filesize

    4KB

    MD5

    ed30bb22ddb9e2e5ec15288940be60f2

    SHA1

    a70e8629be71450ddc3ae9411f2af722ce44e730

    SHA256

    0f0357235b6cb0441c8fc89dba0e43bafa11a3dc2fd4ed4cf8c8a91df5b7f8d5

    SHA512

    5ab6a066ea69a9562a126c207aa372b73b72748268e36cbabb757fbe8ba4204db73ee60353cee370729edce484e5db918c19db9b99382a050dc9cd588c405948

  • /data/data/com.systemservice/files/PersistedInstallation428410512466128093tmp

    Filesize

    90B

    MD5

    9933fe72b09f1c9432bef6b9f61134be

    SHA1

    4e94039245204da1afbbdf9337701f42b323ce07

    SHA256

    cec946d69d365ff641ebab529895b9befbab9ed03f3a3c9dd06275124d1777fe

    SHA512

    669764f15fd560a4f737b2c3ae987ae6c54e29aa348d9dc5433a9a90dce7b911e999fe56a4b1ac232c955795cc5a8201855338a130e3b422ef30da6b317594c4

  • /data/data/com.systemservice/files/PersistedInstallation4696658060921606371tmp

    Filesize

    557B

    MD5

    a6a6d00188ad46358bb96287073557a0

    SHA1

    2c0539a95e0af8c6d5da27a598b3740c3279042c

    SHA256

    0cd7941c8ea0c9737d0a6ed39ad65176a02b2f8b4a75c55e1d4de6db4863d240

    SHA512

    2bc2b635b7bdb24534e23812f9b68a3db66b848b2136bf81e080a0fb8c9b0490520bc34eb07694b2fa600018a152a5d609f602e8f219ecd17ff58285ce2693fb

  • /data/data/com.systemservice/log/log4j.txt

    Filesize

    3KB

    MD5

    81e2dd532739867e3d74df48da0755d3

    SHA1

    8715b1ffbd18f1ba15b8a27e26dcf131b81a984a

    SHA256

    ff31b25e5a67caa03a19f8753fe3fc7f77f3ff00cff69cae84241a063a0a08e6

    SHA512

    165643b9f7bb69fea72744ee3a791bb271d745159bc467f493d34535803d49e79d5e608fc389b86259332585dc7b3f80f319cb56458e219e582c663b4e4adce3