Analysis

  • max time kernel
    17s
  • max time network
    132s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240624-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
  • submitted
    25-11-2024 02:35

General

  • Target

    92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c.apk

  • Size

    3.6MB

  • MD5

    0366ae0abf0ada8aed90322bfe07dfd5

  • SHA1

    2f0779ce64f02944e87674745cb446c5bc620607

  • SHA256

    92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c

  • SHA512

    52f50f2f847628b1fb498784660050a6f189d8c7cc520c0d3a06ca28cc35ee4961d0a3daca71a540e263ab930ab629b884c3ff187d4abcd8f58549fdf87f9677

  • SSDEEP

    98304:mD/SWbGiowrvH6Odp/9hBbW+te6lXhAyHtu:mWWbGjuvl9jS+oSc

Malware Config

Extracted

Family

truthspy

C2

http://protocol-a100.phoneparental.com/protocols

Signatures

Processes

  • com.systemservice
    1⤵
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Queries information about active data network
    PID:4496

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events

    Filesize

    56KB

    MD5

    351c034f022324ced6a7d43855f5540d

    SHA1

    6b23b760f57a90d42e0cdb325475304e9f40968e

    SHA256

    28502896a403e798d10e8de049e0873aea454b8994aff0f791d2b660b08bd2ca

    SHA512

    d7967a7cbc9216f570bfefbc383cb63c39a795c20245ec924ae2093035f6a7f828e4c0a8b2cac985c153b0da926e3c318a526d172ee9acabb8c10abe997b6d32

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

    Filesize

    512B

    MD5

    f368c7901ddb8ce0db32e6661c4458f3

    SHA1

    cc4bde14254c5bb447f8f6896333f8386b46023e

    SHA256

    c722a73446b9872161e41b2cc167cd436f4556ac5488f041d98e69a7aa5e922b

    SHA512

    b45205eea51a55bb7d28250d6b38acf0a9376e07649cb69cdc2dd784c26c67a3cdce6cad276bf4324df0982754dcf4b0897133da523bc2afc5358a64b551eba7

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

    Filesize

    8KB

    MD5

    c3c43abb7e7d868451ca8a0adc714644

    SHA1

    d72538a8aa2b4d8e76fba06858b55dad2bbde9dc

    SHA256

    c266379424644e5cd80cdb7de86794a5eeaeb260aac0e61f38cdd0e2c8992fbc

    SHA512

    16a8dde72b1c755a34591fece7823b633341c670a81983af1b510a475bc104acd689a70622063cf32f78e82bb45da6489b2a5b5e3bd03a92c14199a009830a87

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

    Filesize

    8KB

    MD5

    69de297571e610c5d15d1c6254203fbc

    SHA1

    ed08fa9691bbd7c526ba9f91cf4a0d76bfc60e5c

    SHA256

    2cf19388ddca08f903bb05f2aa19f64b5045c9595b03247c9e46def2b5aa7932

    SHA512

    eca9a955921021d041d8c3716c67cde495fe48336f98f5d916190a3a6680be583bdabaee166e8a09e2a4fdfe00762769f146924611f19e2879b04f905bd1a031

  • /data/data/com.systemservice/databases/core.db

    Filesize

    36KB

    MD5

    045489a0639eee27bca52f48828cd93d

    SHA1

    436e7966e7c019273c44faa4d8c5709b816dfda3

    SHA256

    0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

    SHA512

    c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    d9cf75fdd1c2292d986f6c3d5d60f2c8

    SHA1

    07ecb1d3a26d952ae5fecf54f36699ab498510b1

    SHA256

    2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a

    SHA512

    442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    1d3ed5f0ecebd1b628744459c9a314bd

    SHA1

    06c53cf4232a9f8ec16957a76840364d8e41de2c

    SHA256

    51f04e644428cdfdb5f1fc1b064a8815530ad1731908021b4eec6c4f45d6d08d

    SHA512

    5809734265d42c808edeaf5f5cd4ce833848d49957c6e683f9a05410455f8bdb39146037f66d6d6d0f6982d321ae6ffd04935d2b8adcbad873c2ea5924906335

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    15e8ce65b8c6ceebb28304a1cd79865f

    SHA1

    f6ea65995224fd91e152d8ff022577742991038d

    SHA256

    70c7822411e73ebb9d773ca68eb2d85c06770947d88d0bf78bb8fde9b58e238a

    SHA512

    0145872001e0e7346e5ca447213f087701dd6088415aa0b7d967b30bbbb951b152b48cecca9e2619c8987a18314e01ad921dc62d72521fd535fcdc04056b3aa5

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    076926f4d96d69f955875dcaadb4516d

    SHA1

    29a554187024b96e405db8cf313905c8a4ed153d

    SHA256

    89118ef9bd316250c5b51babf576eb77a2645a705abd8416455fe19a54100f8a

    SHA512

    84df5163baf924413ca3c80db1c59dd31a3be578c393578639adef5241881a95cbe031b858de81ba69eb1fdb2ead96f3718115a902e439ce4c76b720d3bcc243

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    efeb16944d0ea23a9f13a06516e3e73b

    SHA1

    78cc58fa9fad21d180823d83f897e36ac81af996

    SHA256

    fc92a3d22f0401173eede146355466e1281d9b3149c96b1cf5c5a207a45f040a

    SHA512

    2a9a31fd94ef2c0a3958064968b576cd32cda3b6b5670411886e23cc63be556413538ddca0e84f7add8747dcbaf6f72a1c6c0055139234e1f46f9a32b1ea6b44

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    2238195eab25764b61f2d26ef6a720af

    SHA1

    d366efd0cc079f0f87d23c630ec8d99f90541731

    SHA256

    599d63ed390f7e8e81d82b379c9a733ffbf454bfa5843bd0c909737c8d40dfef

    SHA512

    478111185428119bc92f0ffa3b6d88a7c644108c4b1d9b14a53bea1d74278bc78e67752e41d464dd81e3d600de8b7a723d0c7fa0ce920250ffd26977f9fa3470

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    512B

    MD5

    d8a8da3eb90c0e3f12de19ccf35568d3

    SHA1

    f5434d52ae2b3927e7c9c2e343eb5ebd9109b2d0

    SHA256

    9c48997595a02dd1b3b83c54b37fd083e02d4c7259d8bd5ed5c1b70670ee5dca

    SHA512

    4a261663d9097a7db479a27ce342afc31ce087da8f357bf3e686712bd096e13eb46cac5a3255a92955b976bee2a4d182afa33ab35dd1792772084b24d1fcc9c4

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    27e0bbbf38fa30b8eb80215f699121a6

    SHA1

    020632ad931f864129677a38cc8adb488b1152c8

    SHA256

    77507a60d4790d6baaa981571c973932cc675b05dc8ec39d7abeb3a65a1041c8

    SHA512

    1672ad6b3911fef83724412538ffb90bfd03c4b030262a4ea2f52fbbcf748dbead98dd26bac73a366de31c128386404585b99b0d63c3d6b74b459afd20e51622

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    4KB

    MD5

    2e003760ff3519bcb7c701517974426b

    SHA1

    356d4325396317fbe206a659c301e9010f6007d3

    SHA256

    e3f2f7e0845633ea892785504e6b6005039eea45b8475bc07ec04c0793cc9883

    SHA512

    8e405e72467bf77b3538016ea97d7086e0b1a3424e25a9ae6de03ce395541e76cb0532697a9e1e38d199ef29d7c690e4e36987ebd836d2d7745d679e4131f77a

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    02d5a81fae0b93db357120f6742fa423

    SHA1

    0d17557b4f5d479da57640d1ddc29aa10b974821

    SHA256

    66e5374759cb2538e66193693d9aefb4c685bca14e3cb1c60f7db761bbb59ce6

    SHA512

    01f029771f9a1dc47c00d38788d761677bffd8dc1a8899e31f4ec41ba040958a6b176bca3e6e35423e1890c14b9d454e5a60e7b7077f5cbe765bed8e4586ddc0

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    22a7a2121febfaa78f266154d78ca5db

    SHA1

    92d5609a591364f5cc185c2879100a70b84eeccd

    SHA256

    e0bc17efe23036f05b522d65c69d8f9b4e911693fad556f7575cd277301c1443

    SHA512

    a8505d586cc27c125541c3528af18d5f8af49dc554a29d3f4aa12aecfc66b1839ffb5bf0571da933fbf05a90c853f8690b4f3059c6a64573a76be3c3512e30ce

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    fd3b79f5f3a7bf878a864ca46ab7fa3c

    SHA1

    654e63875b3dd8f777935db834801aeb564ab1af

    SHA256

    91a158b12c9961f83137873068e1abeaf1c988b6bcb52484f79f24560cd9748c

    SHA512

    edcb810c8b219b367a728962634b60cbe5f340901b0a642800fd702a1f12e11ac27d50d8b0883d4055b8c775621c00b6004c6d8d3cd6ccb95798356843fdaa44

  • /data/data/com.systemservice/files/PersistedInstallation5009497293978090083tmp

    Filesize

    556B

    MD5

    f38fafb39fffd8d6a79a049ed96c6846

    SHA1

    687ea3b25a4c850214b02ee736f2952a7061cf18

    SHA256

    0991d7cac1c3dad98a1304eef3675c3ec9a486ff3450d87948ee3d23dd9359c4

    SHA512

    827a4d8e015cbf680804b5a68d8871a0fbe77b810b419f2f2f7f20917a9e2e21ad43411847438505aa934ad8de50398fcaeb868113a20e4a8ff0e4ca116fee19

  • /data/data/com.systemservice/files/PersistedInstallation9094815607798722051tmp

    Filesize

    90B

    MD5

    b18bc0d5d90882df109a7d7cca1ea533

    SHA1

    f4a58b7beac05843fee9fc1a42043b1aa52febd7

    SHA256

    bde459723e83611dd6b43e8062e552a7af3a636b87ffb9fe55632bc7de656580

    SHA512

    c88bbf315169e09b9dac8c2684a53512e116cf0fc6ebfa3a95285b5a28f8e8133ec20924b801b8100facf928ac41a66f2e86f65445a4f24ed89a9ce76aaa29ab

  • /data/data/com.systemservice/log/log4j.txt

    Filesize

    4KB

    MD5

    1677d26bc73bc49d18580cd2dff6df67

    SHA1

    01f8f73c5bee82c4bec3e868a2b5c63dea99f0df

    SHA256

    aa8b3acf6dfefe9d64b462938c779cca9a1f0b70cd17d7bcee7132e049e0d04b

    SHA512

    adf2d3a09ef0dbec677fe74443686b845153ff7422d2515ea5a0400850702948f0a46f2817a853a516135b22441c1ce4ea70de1f2999e5d738b2d5bfbcceaf8f