Analysis

  • max time kernel
    18s
  • max time network
    132s
  • platform
    android_x64
  • resource
    android-33-x64-arm64-20240624-en
  • resource tags

    androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system
  • submitted
    24-12-2024 02:33

General

  • Target

    92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c.apk

  • Size

    3.6MB

  • MD5

    0366ae0abf0ada8aed90322bfe07dfd5

  • SHA1

    2f0779ce64f02944e87674745cb446c5bc620607

  • SHA256

    92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c

  • SHA512

    52f50f2f847628b1fb498784660050a6f189d8c7cc520c0d3a06ca28cc35ee4961d0a3daca71a540e263ab930ab629b884c3ff187d4abcd8f58549fdf87f9677

  • SSDEEP

    98304:mD/SWbGiowrvH6Odp/9hBbW+te6lXhAyHtu:mWWbGjuvl9jS+oSc

Malware Config

Extracted

Family

truthspy

C2

http://protocol-a100.phoneparental.com/protocols

Signatures

Processes

  • com.systemservice
    1⤵
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Queries information about active data network
    PID:4325

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events

    Filesize

    56KB

    MD5

    522aca091d4de1d74dbf957c3d259214

    SHA1

    d502339dea8fba906dd0af5477b2da665bcae6f8

    SHA256

    063f50e7354283b12b5d6367c29262deb36daa146ca827441ab3fb294370a1b1

    SHA512

    deb181b30e8cbe238d71fbe6696ab24d4c24772fdf192c6dcd771003ef00e2ac52bc1b309cd69f27371ed73de7e3ec607de9ec2c18a2052a1543084d519c6eb3

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

    Filesize

    512B

    MD5

    fde0663f7de17a6843b0c58a4a80e068

    SHA1

    a7e348ce4f472b44642672cf4c47fb58ade349da

    SHA256

    d2cf8af650cadba4421df503397cba16ced5fb6c80e77add23576c24677f9670

    SHA512

    9472573d9ef19472d7474e60cdbc430ee73d7a29d2ea6e66367c6f8c6cd1ae9d07e495ed7c7939e9863cb9facca594faab7789086bdc9120f6260c5f0c0e2ba4

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

    Filesize

    8KB

    MD5

    4f52ce209af2a074a64a32ce6f846af7

    SHA1

    22c3dd4a97ae86a5c98b9e4e5c15cec937c269d2

    SHA256

    043b6cc92cabb9cf7018e1c8d7c1c7196700be3e973a8af8c9af6640be01a1a4

    SHA512

    b7500e823cecfc39eead2057a6914034edcc00444268a8f708af8f9b155535b200ba99254811fd36ccb60a590a5c76731964bef4831d65ced85baa7c4a0ab923

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

    Filesize

    8KB

    MD5

    2cd83737690f890fa8d0bfdf985e68ea

    SHA1

    857aa2b36c1e6ca59ffc5bd17cdf78c85ace1bf1

    SHA256

    29979cd0798ad6014682d8dfbbbe41b4ec1140618d048af8ec8c871c53ee54d9

    SHA512

    1677054ed796dc3ae9be31e762a6858317c293a513524d45a3021af2cc465980bf6c2cbf949b7a982a388a0c52460357e5191dab428ce941b8a87b7bc3d5fd6b

  • /data/data/com.systemservice/databases/core.db

    Filesize

    36KB

    MD5

    045489a0639eee27bca52f48828cd93d

    SHA1

    436e7966e7c019273c44faa4d8c5709b816dfda3

    SHA256

    0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

    SHA512

    c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    62ad4a05cbdca7f47b3206b7dbda487f

    SHA1

    4f4044cef7b7b1e5c6184ed9025267fc92bf0cd3

    SHA256

    18b909096c7c61d51ab076ae8e562effb0d4ada28e2a4ecd0e6b88ef58f6b2a6

    SHA512

    0936531ed1b2b356a247123200739a43cfc765469ab47a424dcd6e3d1176092a212b0a28591d07f8c2d0cc9d2e0eeddfcea8dde314c2f9343783c61075b071a6

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    271116290b167e0ac4975c7285ed735a

    SHA1

    df6c1f195f687734eb4a3dcba678ed23bd6f9c9c

    SHA256

    58645dca98ff547d0586a62b3328b99d60740fd6e153bf9c9c6aeb91fc9934b9

    SHA512

    0e74217b94fe9a8dba61d847b51297721c57ee83286dbcbdaa2eb73607f390262fb2af5895b6b02dc9a8bc2fe17c731c724d6d90aa07da8961a8d30866da90b2

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    79397e31600956c1419838d209317707

    SHA1

    4360dac91180130c1ab5bf3850f925332e4e1118

    SHA256

    3b655c6d227e4031ebcefa6fea476b5cfdc8df6dfe01ec5bfe5cfac20cac946b

    SHA512

    eff2af0aa9019ed49e09274e8fd8d0d090e7149e4756b9f14d4a20d54f2a97f7c71682846b126d2ef0b7836f998306ee4aa28b21fbffe2162675d590ca893df4

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    12552c5b4914e3a2c2941a41bc897ffc

    SHA1

    ac7d0dfdca880cad5aa4ee4d671450271f0d734a

    SHA256

    55e0c476f02022fd0d8314d8ced45351b71fb0eb7d7adda27f236ae4b5d0aaab

    SHA512

    86d5e425dfdb0c66b21bf2f249d03432c79d6611e0624a304c6eafb645fb14ddc8860bf605a3850a6c2c075252ef13e2487f38c6b63d8264df31a1fea3931b6b

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    f00bf12ee4a6d30bd11207ee31a150ab

    SHA1

    11b8c2e070d0d2477ce64cda9e147a35037cb368

    SHA256

    aad62ae92986de04344432263c1ce9fbb5cd0542c2f1aca342302e9aa5ecfd31

    SHA512

    fee3d7a2d7b08d42fe95f105ade011bfa5a799ba64bb2509fb41279aecd44785d866dae605239129f0c4499e58d2e69b17ab90f6b0c4501d9b8a9ed7f405fea2

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    e3f13c7d7678604e5b293f6672bc0ed1

    SHA1

    b16c998ac7ca1db79cd4983b207a292ac1d96e21

    SHA256

    486eb5bec4ec277ea7b334a0d0e431e5e62881d3462903e8294640edbe96b2e3

    SHA512

    b63bab85a373912587e78dfc9daf8b4168a223c7af08fb87de8140d66b9f35042052d2d25694e4ea7c9f2064107e5471318b6dcec39c4e3dc0aa352627fa09f4

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    512B

    MD5

    d3668525ef0153e9706894c256f294f9

    SHA1

    8a062ff9aafe2adc2ceec6ce9534dcf333b2dd50

    SHA256

    3b23eb7323a60ddd41619aef0be6b58350eb016ff24b10f51006e9fcc8ebfdea

    SHA512

    bd08737f6e04233e16d4fa53bd56d2053e4acf0fb679a3304e7c4bca2c861419d0f6c3224ee1b72aaafcf2c982c8c9207a56542d0268555b3183dc63efa07e6d

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    fbfad2efb73e8b4396d4decc3402a11e

    SHA1

    371394cc9c50577af4b4f72e5aeba692bc00a549

    SHA256

    02a42c164d8bd80a0e1d585be7e3bf00de22e3739c27402aa0e3b44640bed19d

    SHA512

    932ffa9b955479871e8509e2a33284a075c5313374f0990da41d6941ad17244c6181f46a54bea741933a341aaad534f5c6ac682dd86c642c88b632257e3b495f

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    4KB

    MD5

    535495a9e2e3b8756fabe8852818bac6

    SHA1

    4f26c5e66349496306cf17a2db6a2dd44df491bf

    SHA256

    bb6445d0b2d1be67f7c4068f24bcc1d5565ed126615eecfb5f51651dc90121de

    SHA512

    dc04d5304bcd8a1e63869c550aeea7d0b5f5c1fb88e5097bdab88eda0e0e8f60624b1df8f8e5d6ae68f15162bd80bbbe204d2fbed74ebee089bbb9522d8d3bf4

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    50d3cb7f0baddb1ff204328814987b66

    SHA1

    64182f66ebac51e5c13e1667c584a5f2688ab254

    SHA256

    3ee478dfd43e36b294a2e0c5901a34019cf39aec83200acbb3ecf8524563c08d

    SHA512

    aaff5420b995c87c686d5fd63c9e6d1c69a25400ce375a447354c6a26ba7f7be4095b5505b23097a20eceac1da072ab4bad9e8c503c8c0933d810f957fa13054

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    ab52804805b5884da130a06a8570d7a1

    SHA1

    75b2a5798a670ec11f347674785bd8fb660f7af6

    SHA256

    19e373b91096a11622e75663bbc2e69f75720f9d47371282eaa96f46a8c8efe9

    SHA512

    6cd76a40d525512f1dc901f789c3b5bdf0c7056321d83b35ab5072b9d58cbf6fe7a2d1400a955c28ffa18f540c6f7eebc0ebf1ae21bfec9c162b81e458562898

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    719f6396d9b6ca30c8e6e3fdf2602113

    SHA1

    c1b48ee3dd02b1be340f699e43631cd8a64f5834

    SHA256

    32d202e3d21fcd6ae0aa26504fb61b470e277f44c31c66b19e941191e2fe0245

    SHA512

    574e69a77e36c54b16214643dddf5938cebbcf741197efb09d6315903347d733118fc5cefb35eeda16ab66f70b0994769de6b215e2b0d7cc25deb01af5ce7385

  • /data/data/com.systemservice/files/PersistedInstallation609274719862198147tmp

    Filesize

    555B

    MD5

    bbcbedc16287c9c53ad89055ea522463

    SHA1

    f7051e74ee738301ec8a9024464865ef12ba5ef8

    SHA256

    4dd1ff4fa9b43959f5daab103a3311212106baf70d6957d134ee6094d26211cd

    SHA512

    a09e1648981add62186f46fb5a532c8f13ff6eef37e375e9280b2584adea35e728e4c382d2ee619307d4c7e095ea9bbd304ef738cb33672020984db9b36e3cf0

  • /data/data/com.systemservice/files/PersistedInstallation7376367499238442794tmp

    Filesize

    90B

    MD5

    eda0d23e64f791469e4ddc60a9925e04

    SHA1

    33d94ae725bca95d000d44ae86109d609005b71f

    SHA256

    654612b367785aac26fbddb281b2db6b4543fee3f4b9006a044423406e44cc2f

    SHA512

    55da696554946255168a70c0623788a538b18c09331743c4c0d633bbbbca334297e6cf231e0f437c1c083a3bab57d2a4ca41525220b9fcc1959acd7b0894c765

  • /data/data/com.systemservice/log/log4j.txt

    Filesize

    3KB

    MD5

    d3e2f54211a9e5b921bbdfdd7023a62a

    SHA1

    2f00e1364c53eb15f86076f1fa9cd8a4e56f5769

    SHA256

    bcc1c344737c7d380e7c546dcfbc9184e95b5a32fa3fa31fcdd667e974ebbe45

    SHA512

    c5f73eff8f23d10bd19541518dc979a1f10131fbac79dd921dea9a98e5ae1cd5712d3e1314d3ab2451c3aaa8cdb86cdb54907264b02d45dab0417bbb22215e29