Analysis

  • max time kernel
    16s
  • max time network
    134s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240624-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
  • submitted
    06-11-2024 02:28

General

  • Target

    92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c.apk

  • Size

    3.6MB

  • MD5

    0366ae0abf0ada8aed90322bfe07dfd5

  • SHA1

    2f0779ce64f02944e87674745cb446c5bc620607

  • SHA256

    92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c

  • SHA512

    52f50f2f847628b1fb498784660050a6f189d8c7cc520c0d3a06ca28cc35ee4961d0a3daca71a540e263ab930ab629b884c3ff187d4abcd8f58549fdf87f9677

  • SSDEEP

    98304:mD/SWbGiowrvH6Odp/9hBbW+te6lXhAyHtu:mWWbGjuvl9jS+oSc

Malware Config

Extracted

Family

truthspy

C2

http://protocol-a100.phoneparental.com/protocols

Signatures

Processes

  • com.systemservice
    1⤵
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Queries information about active data network
    PID:4460

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events

    Filesize

    56KB

    MD5

    aa0638bd73bab854bcbfcd8fb8862fbc

    SHA1

    31c66019fa3e4f6e0494f374db33993d873fa643

    SHA256

    2603de66cbce97b197a59cede1eeae5be5dc48f311c0043b17ad5afcbd740fe9

    SHA512

    4d996a8ae9885a2ba4fc707d24680770ec6e6b202f3e0f94da42c583ec45bd21436c93232eb45ee59b132954ee019a6e4dbecfc441c23af8ebbdc640675800f7

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

    Filesize

    512B

    MD5

    7eb2a2ed108de448f484f30dc22c0d1f

    SHA1

    4e2ee57733969c63d9d76a735a6fe2f97b87443b

    SHA256

    5dc8efa98ace63249d1d93029da1c7671711877fcb3f8e3e5c6159992f488e4f

    SHA512

    42a2824b9d694c4216a1d0aa5f4154320d0bffca6cd7f09314ccfe2f36778db6fd4a41bc83bbf86f254c82611e82e1159d7be8b6c8e2b5ae911dab24cd5b0f90

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

    Filesize

    8KB

    MD5

    aa2cd44692b366bd6cd4cc82678d7224

    SHA1

    b308404fb9db97204e2fccdbde448998d8d15082

    SHA256

    44aee8404fd9a97266d5e348dba63c150540112b1b5b3b67936aa67e92bd1c92

    SHA512

    51ff476b1dd570858ebe3af96d260aaf8e372d2a3ed368becf111d18591d53fd77ece6e0814b434ca5c2f825205368a117a5f4575a03a587e96fecbf7b0fca79

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

    Filesize

    8KB

    MD5

    5c860d621c944ffa18b4c7b1a022db62

    SHA1

    9cc14ba019daa20af1df0dbbe23d97b8442ad3de

    SHA256

    3a0f9e1cf825c73a4f071f145dfbe08444c21ce2eaf0243d95b31e5c6d977767

    SHA512

    feeaa191f52a8ca2f4e31c40ba8f443afea43a410ca8be8fa001d0f1a32be604c82f51814f3fa834b3b9410e73beb168c65fb9bd23a906b4547dc5f3995b2611

  • /data/data/com.systemservice/databases/core.db

    Filesize

    36KB

    MD5

    045489a0639eee27bca52f48828cd93d

    SHA1

    436e7966e7c019273c44faa4d8c5709b816dfda3

    SHA256

    0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

    SHA512

    c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    d9cf75fdd1c2292d986f6c3d5d60f2c8

    SHA1

    07ecb1d3a26d952ae5fecf54f36699ab498510b1

    SHA256

    2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a

    SHA512

    442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    73ae034a3794a9b6e54b65839575d5a3

    SHA1

    3e7766ccf4be6e56fcdb6e465c90e2de358a8499

    SHA256

    266332ae0f75b2237c0d6aa6b5fbe50153a933dee791059a392eae56e93b8fb9

    SHA512

    32e4a7e91a5c2129b869b5b2c294c49bcfd636dfdcd1ba3afcedeba20f27c522bd7888b3b50e556509f32778f359dc9bd757eeb8f2ec138b1850d9a7909563b3

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    cf006469312fb6889f8d4397c332209b

    SHA1

    96eea023dd0370ffb2397f253ac7bc35cfbfdec2

    SHA256

    3ccdf97af92e69570020b0ec3dfab351d412390bffda15cbdfb6a23d559cfd64

    SHA512

    4846b9a87c49bef1c49a048bb8a604923c38842318386b40d6ec6afbe4942e847da33e7f5c0997cd4fce8bbfe93a50ddb900448aed972c452e2499582e11e44c

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    b461d00481544c02928f2bf754158562

    SHA1

    d505efd34314da557b45455afb2caf971993f263

    SHA256

    e030e46dc5d61be293948d923bb0251b867f97024c3c4d9a6c1bb411dfd965d1

    SHA512

    a4f4a9c90f1a6b758ea2b03651a198f77f9f31e5f8b46d9b7c445ad48d269098866bcaba694f685bedb44ba9bc3bd38543847e259bd035116687a599570abcb0

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    b2637948511299658b7eba3f9d52c721

    SHA1

    c3c10fe3d9b4b0fb7b02bfb3420f163a958c91c7

    SHA256

    1fb2f9b713e2e2884a74615e6b0a164b38a13d603adb631e9fe2ab4d4abb9217

    SHA512

    99cd34156f883136952e61ffe161a12ccb86b7f3d0f610332999018dccef7360d9c79e890bd1098ea00ca80c576811cbeb3756e9569027fd328ba3cc620cf4ef

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    2238195eab25764b61f2d26ef6a720af

    SHA1

    d366efd0cc079f0f87d23c630ec8d99f90541731

    SHA256

    599d63ed390f7e8e81d82b379c9a733ffbf454bfa5843bd0c909737c8d40dfef

    SHA512

    478111185428119bc92f0ffa3b6d88a7c644108c4b1d9b14a53bea1d74278bc78e67752e41d464dd81e3d600de8b7a723d0c7fa0ce920250ffd26977f9fa3470

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    512B

    MD5

    9385c189162052557232c8b6cd45231a

    SHA1

    9cd616c7f293c18ac4e587efa4ee47d3d5004f15

    SHA256

    02c678095c1fc0d0663fb5d75d92d32ef5da4b845eae957418718f34cef4b18e

    SHA512

    665be0c7b6410ff71c0f4f413899a0d2cbd6e733bf3dac86f1822d2228ae1d5bdd012c01ca051e8485a936853b69b10164e9e6ffaf9826231bbe83842d89a5d6

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    3ad9f60728ea00b8ae17c351eb12c97a

    SHA1

    872add843c8791ba17fc60f79b7f189bff4a4f52

    SHA256

    0ef101b78f6fecdc640405361855dced5b738b4b64ffb87e7359cb25c2253638

    SHA512

    ba54cdf9bbe040bd7e4b64697f0fc9fccae9c81f680ad9351fce46c32076068d693f7d9b1372a2b6ce4420b55747547845311daed8cd39a63b334611786587c5

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    4KB

    MD5

    56acf3f4c0c0ae96aee1acc1b2dd9dd6

    SHA1

    b933bebfe125901b8857bc51ce5300ea2cd02065

    SHA256

    d7891c10f75b07cbbe00b66a83f9bf39b7bcc22fc41a032e2dbfa540feb33918

    SHA512

    b4f85841d1f9cc9c1efdf9e336ba95bdaff44927e9b6897b7cb5f656ae01a50da052a9132f0e6a737a3379c8a9f4cb510b87c914d8e3f878b14faf2f97e81190

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    edbd8c7278e1726f48edfbb0b41c2cbd

    SHA1

    9f88c75e1fa09dd735e4af05f7066f4600202db3

    SHA256

    715334cc388af84b21767b09ecfd19a3921ea0f99bc1c6e4e53a2bd9b6aaa93a

    SHA512

    844c89e3a008f477dbaf254e652cf921732e1d90abaa9dcde93b8c61f8a2b2739472cfd85c784e120de7a93acdca2e456dea13d4dd8de8f98961a3dbbd690240

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    0f176a0efb46265f0c5bbe95913eee90

    SHA1

    08fb55a6b046dc4832cd84f0ee35d74462adcbbb

    SHA256

    9a471a4e3497a4d639f723e27de6addd07b2eb86ae412d6d63d9a857d5997c39

    SHA512

    4ecb503e343b8774406d5ad773e7966f9359a8f343409d2f487cead45b03325648396b6740f80a8e0139a2b3bafd6ae5cb05a024a7bf9510dad5d6e853de2028

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    c90989910d8a5f2fde539ac90755b4f1

    SHA1

    867d83d5d67c2afbc187d40f3fecbbdfcd672895

    SHA256

    418d7add6e287c118c216b353f8809beacdbddd77e8baf22537ef23586f85711

    SHA512

    1639d270147f60107b182e36f6c12309f187bf810ad835cb7a4b88f159643b9a1ee3091179b1a688fe3be5260736269209749da3261de5bdde77c5324c22c2a2

  • /data/data/com.systemservice/files/PersistedInstallation4593597087771704602tmp

    Filesize

    90B

    MD5

    1d72ec4a2ed9d7c5f5c9c1e16225b79a

    SHA1

    b2cf8c224e05b09eb6f0226d91187f56531aa6c7

    SHA256

    d54187eca3d35bb57840b8bb14c1cbcc259f31610ee133089e44e434b0cfb587

    SHA512

    dd8ab8010771445eb32b7e38880b3b53ced516123b7c19d5ce341214bd9ef75bc06d3fc2c9a71dbec032b5c3ea6657fbba1187aa84824815a6e52001d964f500

  • /data/data/com.systemservice/files/PersistedInstallation5809619244450936742tmp

    Filesize

    556B

    MD5

    751fcc7938265bb66fe3a469e3f84504

    SHA1

    135b2b1d21cf1ff611abc96f5fb7e9eb8562b6cc

    SHA256

    5e2c3f0fd8942b1dfc46e60e879b1b2777304bc76822e3e4d93414908f836acb

    SHA512

    064626c99722a5c9fdaf431bbdf21a32c4a4a28f7325624ef68ec2e478d62462709ce59aec851a1e8e34b211d2dbae13f160cec8a8af4bde701b03ae4250b337

  • /data/data/com.systemservice/log/log4j.txt

    Filesize

    6KB

    MD5

    dc7dae910f9d0864205fa7c3d03c2c7d

    SHA1

    492c234391e974b06d5a6617c945999675473a92

    SHA256

    cf848eeb0ec7fb75717ae2f2e0415bbefe1132e66b17fab1b4651fa8e605a998

    SHA512

    99dc289fc5292c40885ecaefd6f823972a2b57ec0d8513a272aef3c7afd889dddc27938288f69fe941fb159e056af1639a3c8a502d288efba104e624ebee46ff