Analysis

  • max time kernel
    17s
  • max time network
    130s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    10-10-2024 02:23

General

  • Target

    5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb.apk

  • Size

    3.6MB

  • MD5

    d836feab9d4bf3c6cf086bdc14724c8b

  • SHA1

    c837cf7b181679a0081165e5fe4aa0eb94f748f8

  • SHA256

    5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb

  • SHA512

    8c7801c5f1d8dfda39e0c65bdbea83feb8f217b41b69a245d01dd9e983a6a357c8b0b2be79123bed07e638655fc66ef3a093cc01be68c696ecfea5ab6c692dad

  • SSDEEP

    98304:5s13ZL3Vf6JqeomaMDmQZ75ub8GoRJ6Odp/9hBbW+te6lXhAyHzwI:eTLVf6JumaMiQVWovl9jS+oS4I

Malware Config

Signatures

  • Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
  • Acquires the wake lock 1 IoCs
  • Queries information about active data network 1 TTPs 1 IoCs
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

Processes

  • com.systemservice
    1⤵
    • Obtains sensitive information copied to the device clipboard
    • Acquires the wake lock
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:4263

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events

    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

    Filesize

    512B

    MD5

    3453e8970dc03ef0d9680f67d108aad7

    SHA1

    df56a1543c164c5f7b495f6edcb121f01ea27fd2

    SHA256

    d8fdb524611a37504a27527e0c75e3e49d35e3297271f1d44fb2b1ac081465e3

    SHA512

    b1d25f541461a3f12ce10ebfcdb3f782a378914cfd03e24ab4e3490a82d60faf9af5c9c24ef289e809dc875000d6b9ede30c811f2657e662b772c98cd66daab4

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events-shm

    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events-wal

    Filesize

    68KB

    MD5

    aef051ab0cdb082a702fc34002025b20

    SHA1

    556b3e666003b889ca52a4aec94ee0fc009998d5

    SHA256

    65bd05fa30a50b1bf08cfd9d8db52e412b1acdb3bdb8c7fcdee90764a418a854

    SHA512

    279cd9a26c932c90b4d1438fe4543ab188ebe55e18a8bca72910a037bf76d03d5e1c90cac44c2f3551566a4a8c49fc562a7720bb8ce5b24e035b0ad629ffdee1

  • /data/data/com.systemservice/databases/core.db

    Filesize

    36KB

    MD5

    045489a0639eee27bca52f48828cd93d

    SHA1

    436e7966e7c019273c44faa4d8c5709b816dfda3

    SHA256

    0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

    SHA512

    c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    7237409e0640cfab7bdbd429bf821a3b

    SHA1

    4c3da934842f8d4835dfe2a9c275a300e5123309

    SHA256

    5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

    SHA512

    c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    f9e54bc24b72ebd42db2a120c40380d3

    SHA1

    4dae39de23672be9674a8349f08224af0de0e028

    SHA256

    7206f697f0129962465c3e3ea5c79b1ad483d38c288842bee57d3d8a008b64a8

    SHA512

    f4c8c9d69391e59254862afde60aed83a7bc1e52e5544d634e1255b6f540f3b34caec8b504e17102b3ec6571a33b0a307fbb40cedc491b5d0917a21c57faebf1

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    770d8010bfb0c97b885e4a54cbb3f657

    SHA1

    a25f947850879ab2c1189ef2f117c30e8477c3ca

    SHA256

    2e036f4acf8309d84d3cf6d94759cad568042b0dad07f60c8099f06ac34b72a6

    SHA512

    8422308d0f2e87b76d788fb374a575bb217846e3349f19556ed49e8bcda91aa839823b598ff6cf5aa7945384bfedd721885bbef3f3141d525ef5e185b17c4810

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    e53e91f96096e03b203e673b1ba8f71f

    SHA1

    5a36b4710be94428a6e4c11412edf089eba2ed9f

    SHA256

    fb3b7678752ad65ea270a1fd45981afe90e50c913676184652620879c281dda8

    SHA512

    94be822118984c10fabec2f0d87c644db034e8d487ff29d19fdea513c6343d9aa84e9ce6f0e85e9abb83809d72c146ec223bc5d2b6c37e4a46ad206eace44d0f

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    e9c935c0781f90b0adaa1c223a10b6d7

    SHA1

    86388a4906c330a463ca4ff52e2de996a313ae74

    SHA256

    eb6f4c5475b87963f12b1d11ec8e9359806aa8d8670e95e50db2fa338c9b3e46

    SHA512

    ccab0654625430fc4a68b0f9dac0b2261c63ddce7f918f8efc23f039c055bace19adfb838fb8d6f0b1351da2d38ea6bf5f787e010fccee9ddc740259f63d3098

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    835cfc7decf507cdc5e54f602e3f9699

    SHA1

    4a55d424cb32e766554672cb2d0b3804fc47552f

    SHA256

    29257dbf2b37d226ace65bd68d001398801235d93ed830a35435bd4bab4de852

    SHA512

    2ab470c2200d97b545693a4cdc661100e46b0299f3d3890773681bc5f22f29eeda6b6a83a5c627fa22119726f3ce78d40021362a3f018a4f3afb4a08476c253d

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    512B

    MD5

    3c24658f2f4fcf9557f0781e9faa3a13

    SHA1

    9715e69b4b78c21e44b98308d2be6d630782708e

    SHA256

    774923a6657d356a12e23a0538544e14d93488127372b57af6713b8a674eb797

    SHA512

    a69b086bffcf049f7404ccbb37afaff6a84660317e3ee04f086a070c77e529397fd77ccfb0188b4742b2a98cf33001fe4b2ed823ad9b0d796b4c82b36cba40a5

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-wal

    Filesize

    36KB

    MD5

    af9336828afa8e43f95635451fb2540c

    SHA1

    f2321480edf83394d9f88646f6ff3a0c6e9c9f47

    SHA256

    7cd4572057a697ec874c784e3a03ffa1784a023d01e4db24a717347c28b13a89

    SHA512

    a31967c7859a53a2e74a195d5f27b82d9321af222c93d89624d75ba4e74eb5fa8df649b0401f2a1f5ea033a677085cdcfbf94302e7d230b50bab1a8dd03d9607

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-wal

    Filesize

    4KB

    MD5

    b3704e1fa235a2c8d3caea8ae3a95a03

    SHA1

    aff9cd81a38933e4b2a77b64be78a2fbf4afb056

    SHA256

    67673d4b30d0ab9cad77c6ce33dc6a523b50e54d4f43549b63a976ba27e94b70

    SHA512

    005933f2540d2919b75c1bca1dd9d6284e44b84af02b6018abdee946f2958f7cdb9e294d2f683f70c37c9729efc0fc16eb7fd2d27cdf52607baa6aca43688964

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-wal

    Filesize

    4KB

    MD5

    6aa616edf21db1e4def1e3ba5db6b7fd

    SHA1

    57a98f705388bec3815fd3dabcb36da31ddbbcc6

    SHA256

    ffd88193a998c0818ef2da375eaf0c017f495df2203e767035a9ccec607ce8be

    SHA512

    9a8fc2582b6ce7a9e903a79bac1b3bd4e9425f5add124776c0cebc2fcd427f5569df8c0de87439735d91a1bfc68fc68e521caefcf5c8f8f693acff30e8f2e5f0

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-wal

    Filesize

    4KB

    MD5

    a1813a1b826dcfa767b44095052f3d7f

    SHA1

    f91d04c495db6280b2063a72d12a67c505297258

    SHA256

    b31fd6c4db863b4922252386ab5af039ab1b275b8ebd5739455ff419d36974cd

    SHA512

    527adc7d18f61e0b13dd3b502972e736d8d0007f4125b6227ed2ea259442af3c9b7b2fd35da089b500a300205099279283668535a99924dc819d067a4a6aa997

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-wal

    Filesize

    4KB

    MD5

    60122ec203acd77f9066e95192564073

    SHA1

    944d1e9f9624e93bfedc0c2179c688805b6f5b42

    SHA256

    c0635d8fe50e189d1ac2b419f135cb6058fa658f887a4373b6c77ccdd961dac8

    SHA512

    4362e6734778ea74be26d0d98b6e72e49f3663b87857a4eeb4d2b2208ae7b881018472db65c589891b539f5b2a2630c671708a8958c4564b8cc18e347559ed9a

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-wal

    Filesize

    4KB

    MD5

    9d903773d041e171f9e22f858109c87d

    SHA1

    04350946e92d3fd92782cad93b1147134fa47044

    SHA256

    688e6217bcc7fc9277bf9e647f95f00ff8d0467098354a96edc7beaa5b5dce0e

    SHA512

    259b51726085751484af5910fef2184af7b4c1d4aeeeff63684b20c8cc5db0a95f4ca3f19dce3fd69bc83eb0c321c9bb878be1db60a15a19eb77bb753854de14

  • /data/data/com.systemservice/files/PersistedInstallation1175398243550691699tmp

    Filesize

    556B

    MD5

    26c93ab52ad34c1bf83a70aa55874c43

    SHA1

    e9fc8eb9c56e6bf1b4c30b3102fc45d328835f2e

    SHA256

    3e3602bad7e5cbd517101106d381569891143645ae19af7abe08baf250e9b16b

    SHA512

    cd2b378382cfaee86f1c00ecb4e863cb1f095ce362bd84662c2b240a084d05a638ade0ada01a510dac45aa5c422b906a414712d81b647ea9ba41dec5fa489403

  • /data/data/com.systemservice/files/PersistedInstallation620073084200598180tmp

    Filesize

    90B

    MD5

    f862b29d10e91eeefd347745289455cf

    SHA1

    59b11d0f4b9c3eabf4bdc688a40bd8ca9ab676a9

    SHA256

    ae34efba935307f4eae185050f8cf72a3730fa5abe5667c7812334e666d471e7

    SHA512

    4bf3a5ff322dcde6076bf8ece3f0b8e941f5fbe79d1329a48787b94940953ea707670782447077c4878a4bc73f2a7240f566d70a71efe74591efc6f60d7c7020

  • /data/data/com.systemservice/log/log4j.txt

    Filesize

    1KB

    MD5

    eebae2573365cf93c0df7414103da280

    SHA1

    983cd8ac9fb54b7009047c0a5580fdac9ac8e2dd

    SHA256

    d441401aac6059dd90dd7eecde1749d6c2ab3289efb7acae09a507b11af7940f

    SHA512

    2a86ad58c70da6afa0ab250b7e54a175398a3aeef80d9c081b15e9fff345e3b332167d89338985b90f029af21fc02c86af75681346a386b82fbff6f685c2f0aa