Analysis

  • max time kernel
    18s
  • max time network
    134s
  • platform
    android_x64
  • resource
    android-33-x64-arm64-20240624-en
  • resource tags

    androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system
  • submitted
    28-10-2024 02:26

General

  • Target

    92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c.apk

  • Size

    3.6MB

  • MD5

    0366ae0abf0ada8aed90322bfe07dfd5

  • SHA1

    2f0779ce64f02944e87674745cb446c5bc620607

  • SHA256

    92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c

  • SHA512

    52f50f2f847628b1fb498784660050a6f189d8c7cc520c0d3a06ca28cc35ee4961d0a3daca71a540e263ab930ab629b884c3ff187d4abcd8f58549fdf87f9677

  • SSDEEP

    98304:mD/SWbGiowrvH6Odp/9hBbW+te6lXhAyHtu:mWWbGjuvl9jS+oSc

Malware Config

Extracted

Family

truthspy

C2

http://protocol-a100.phoneparental.com/protocols

Signatures

Processes

  • com.systemservice
    1⤵
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Queries information about active data network
    PID:4316

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events

    Filesize

    56KB

    MD5

    feac1f5c77957e1b43a0a3c73714ce08

    SHA1

    f7091ca8a4b3a43a8a7c66051ab69061abea961b

    SHA256

    7e2331aefb68ee94fba409db5fa1389d929d2610d7b8b93872e04d101cad1fdd

    SHA512

    34b326e00de9ef1020d3aac9f8e10dc6b2103182ea60e1105cf19a94f0fc6bfdabf403cf7c9364a0df148b4d7afee266956a12d95654254b272104b808913627

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

    Filesize

    512B

    MD5

    94588cfc72decfb11591d74d6139bb3f

    SHA1

    e8bdc7df416717c200347b3601841fa4588d8a33

    SHA256

    11c53912a89b7cd75b846e48227bcdd39083e5f50bea437897d5fb397e2864e4

    SHA512

    1a508bba88e26cd1a9570dad8dabb176886d22dff8b22ceda85539190a9610fb1470fd7733691d6ed09265c653c7aea2818004083caa1464939d48b6aae18170

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

    Filesize

    8KB

    MD5

    ce890540a872416bc30ba767a5cc8688

    SHA1

    042fecf963ec3a4db8ad40280a604133720a00f7

    SHA256

    2563953fbf8152b8af00ca5dfb698c2c54f3d29bd067e439c1057ffdd7bbdbd2

    SHA512

    89ff76b6f68ce25887982c8272ecb15bb611f4932d2d76cb05f098cc3500e1bde94d8dcf99095c52fa840a8ceda7f7278f32cad3bd4a26383850d9a00b4bdf77

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

    Filesize

    8KB

    MD5

    037d16cdeb16143828b7c70cc45edbc9

    SHA1

    a360f1499244f3ef984d5699b6f806b9cf68ca70

    SHA256

    5deacf4c0ce8f8fb0df24b76efed52919a8ec3a9bff83c3c25f91f2d3f66c206

    SHA512

    11c0c25a1b4880a850eac4262732996bb3206f219d5e4ede14b23a58b09198766db6f53c242da17fc90b4ce847d6bea4b376fff277777e629b4af769dff96c42

  • /data/data/com.systemservice/databases/core.db

    Filesize

    36KB

    MD5

    045489a0639eee27bca52f48828cd93d

    SHA1

    436e7966e7c019273c44faa4d8c5709b816dfda3

    SHA256

    0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

    SHA512

    c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    62ad4a05cbdca7f47b3206b7dbda487f

    SHA1

    4f4044cef7b7b1e5c6184ed9025267fc92bf0cd3

    SHA256

    18b909096c7c61d51ab076ae8e562effb0d4ada28e2a4ecd0e6b88ef58f6b2a6

    SHA512

    0936531ed1b2b356a247123200739a43cfc765469ab47a424dcd6e3d1176092a212b0a28591d07f8c2d0cc9d2e0eeddfcea8dde314c2f9343783c61075b071a6

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    f4e263d275f54d79d37bf0682071b195

    SHA1

    6c760f74494b34e5a11fcb5c1efdabef34ef30f4

    SHA256

    9caca258d4d9af7679afd0fdf4c007f36a38ced0f44c15dd7332cf48b822ac64

    SHA512

    61604447033247510d79ff8013f4a78662973baca1d47d44d9f31813bf257949d9055862c9b04493301fac4c26f8326a5f019924021142e40a9dda8c6558883e

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    7a871e14a1b584063fc692b663d3db31

    SHA1

    ff6d3d077d6fd7215210768cc0db273dbffebfd9

    SHA256

    3bba56f2f1bd12c5b1d92d1feec5458814156f39f157d5f16108a56f5d1cfa58

    SHA512

    e63f2c14a1af9400971e593c57dfa6e6f4180bb503b5599d59c5632e2883798ad5ddf64859988dfc4c9c9ee84084c70b7c4e947b734fc6d0376d26a4989d39f7

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    fcaf100ae016609ced8cfb0c35ec889f

    SHA1

    b3cfa3d0030d640f2ffcbf04d7c663f131234722

    SHA256

    51aa7cf38c96d63f992123b18993a67345685753a62345b8fab4005de39b7e4b

    SHA512

    d3e0df047857d1c3c96f7a5676f5dcddff2e88365a57572164a2f6ea3fdbd907b570dce01c937abf11f40f32731e372b0439e51425c8386cb5b60eec0c42927f

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    23cea5c99065323630e5457eed77d046

    SHA1

    dee58a4912da3c5de16c437f3f92f8f2369b65e7

    SHA256

    db3778916ff9838240a79a08d0cb5386091c4a6c35176583fd04e51679c2522d

    SHA512

    dcf08f67fff3f28079c06dbc19f59f7808a01573d8dd51f0dc95b9fb77632fb38d21f9fafe43005a680da3de6be7c34619d0549847fba49cd30c5af746876140

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    e3f13c7d7678604e5b293f6672bc0ed1

    SHA1

    b16c998ac7ca1db79cd4983b207a292ac1d96e21

    SHA256

    486eb5bec4ec277ea7b334a0d0e431e5e62881d3462903e8294640edbe96b2e3

    SHA512

    b63bab85a373912587e78dfc9daf8b4168a223c7af08fb87de8140d66b9f35042052d2d25694e4ea7c9f2064107e5471318b6dcec39c4e3dc0aa352627fa09f4

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    512B

    MD5

    d210b29327ea879e052e0851cdc99179

    SHA1

    997635a34c52fed53ee5ab9527ea39e9b0be47e5

    SHA256

    20733002058dea22c330065277c20e07c7b975a35fe3118445ffe1ddc589f9fb

    SHA512

    d1ddb588f058e3f7b8741bfbddd2da9996dca3ffadea9f19136a7be35e7ab7fcce9c1ea209d17aba9765f48574b342c58a3bf636e3d96d0153b06247657c5ca3

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    35fb5a7df00e32750d2ba2b273af38e3

    SHA1

    6efbd94e552ed5facffc2f8bbbf948942a04c79c

    SHA256

    5b90cd47966cb8238a829f7b582000578c60342b5f0f3a492d7cb1d78686011e

    SHA512

    29d7aaf690d540447aea4066e73be442966e52198fddedb385e8aba2408d8497de187be2887176f84ce22f2d3f5f0fa1ca4a0daaf219cb7a22f4aab84d1d5417

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    4KB

    MD5

    a2545bcfaf5e69bbd3da1260056151ec

    SHA1

    006914ba9c05c8f08cac4e031bcbc3f36dc71f4c

    SHA256

    c1fda1f4ad99cf64f5aa78a6fe2d9d6415934f2898f00aec4e027f71dd5da8c5

    SHA512

    d0e5937fe0f9d29cd681b9f983de13c09f377a3ee887676c46c08899ecdd1a5ec9d5830a0aa19ccccf1d3332f47367bbdd26afee32ce12a8af8dd8b48f8fcdf6

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    7cd8d135aa5d02d878de1b70e538f922

    SHA1

    33c29ce9e83ab80070e0cf0b1adf6d3fe32643cc

    SHA256

    d18478956f86f21d47e5430d1f22da6ce1e9f19344f4af94c5b59235be706dff

    SHA512

    d1c49a11cc65882704dc633f56d31d87231090c13e432a492faa043398b393afc5caf3eac76cc34737912b3cd399b8128b9526cb80673fbdc2c8c12b851821c0

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    b917b54bfc685b2d0dfe10acf00a4fa0

    SHA1

    cbd8d982795dc0e386bfed1ce6aa31bab8c88462

    SHA256

    5643c7f2deaf45fa418eb80c333d283edfcce296e4f0975517c0cfb0c31d14ea

    SHA512

    05eb46e005e2f312300147cdac7b5f13c88a6841ec506008401c1d9d98e983ad791961c134910680ad5e5ad4b0a506fd1ae0c0df0b0afa3e273f6265e0afe420

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    09e037f85519015ec3536d01edeb4782

    SHA1

    7b5e0cdf01d0f5cbe09c3551bb43d205eb119cdf

    SHA256

    d74dac68c46a9bc57caa16f781c4da88c60aa85256d8cbef9306c719254fc410

    SHA512

    77cfb78149302c5c1bc1d434448de1e74e05b21779f9ce05bf2415f844775ea376b5e6178e78a8f9da5ce96326fb1b6d5d07a940b45d6f82fe17883ce0c4f254

  • /data/data/com.systemservice/files/PersistedInstallation411754179111858762tmp

    Filesize

    90B

    MD5

    e3712d222e2b317b61f66bd3d73acd5a

    SHA1

    8486ff304cac5108e0b060e2bf8a55efb47809fa

    SHA256

    b476d7e102d28fd8969259e2ddd11b7ec9c5c5c6637e87ee2a9a7fb1833008db

    SHA512

    b6f2ff186748a5c2168f82a624a45b44dadc55bd7f4b0eeb6290324c551b70e094cc5765276147f9621832fd2bd17ebd92225d6e284dc7376e02046c8b226422

  • /data/data/com.systemservice/files/PersistedInstallation7334532998159855444tmp

    Filesize

    556B

    MD5

    bf0bd0e8668aa50beb80860950fc1f1b

    SHA1

    e357b5aaf9ba81d5ca3c226ac1b4471e12d69179

    SHA256

    476d1852acbabda7498cad76a15b6e0e5897bd633e62176ad5b693f14a42468e

    SHA512

    f4eed9e9aba62c1ba0e6f172e35a6acccfe42a3f6e2c327159c106ccd86dc7841bf7c3cf578bc082453f36a595da0991c8d9ccaf0452a801beae80665312a805

  • /data/data/com.systemservice/log/log4j.txt

    Filesize

    3KB

    MD5

    b3a8fd8de6453c33eca7503f02e8421a

    SHA1

    2c1ef7835836c0e485564782c9262bfcab114f85

    SHA256

    c119af1f88750b415e3c2a013277252e011fcba439ae919240cd235c8d87d71d

    SHA512

    e926f5538dc183f16cc1cf76522e225ecaec59b325042512d399d286fa5ebcd4ab85f509f939dd38c6440322b8d7067db5cd872b46ad301113c4c3cb678d888f