Analysis

  • max time kernel
    17s
  • max time network
    131s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    13-01-2025 02:43

General

  • Target

    92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c.apk

  • Size

    3.6MB

  • MD5

    0366ae0abf0ada8aed90322bfe07dfd5

  • SHA1

    2f0779ce64f02944e87674745cb446c5bc620607

  • SHA256

    92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c

  • SHA512

    52f50f2f847628b1fb498784660050a6f189d8c7cc520c0d3a06ca28cc35ee4961d0a3daca71a540e263ab930ab629b884c3ff187d4abcd8f58549fdf87f9677

  • SSDEEP

    98304:mD/SWbGiowrvH6Odp/9hBbW+te6lXhAyHtu:mWWbGjuvl9jS+oSc

Malware Config

Extracted

Family

truthspy

C2

http://protocol-a100.phoneparental.com/protocols

Signatures

Processes

  • com.systemservice
    1⤵
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Acquires the wake lock
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:4265

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events

    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

    Filesize

    512B

    MD5

    e6a3d8443b7dc29aa1773327202dc704

    SHA1

    c9316339a55f39a5c33b7a4de34bafa36db65259

    SHA256

    778efd522da697f7523e544a9bbfc1c7964a30617014e0700bd56e0b181a1c63

    SHA512

    69c8a292acf377567552ea9dd613273e46a9507fa889d03d5ef89f5299d16152e983ae14c92ad6b1378d425f75581d59b4fe5abf3e2a6d1a4a9769cb3d6594d2

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events-shm

    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events-wal

    Filesize

    68KB

    MD5

    9e73de49b772732a5c25e580720f66cc

    SHA1

    331ac5284eb156ea618e31037e61051fb2a606c4

    SHA256

    4e5424cf6fba2ef1b6e1b7ea69601bc1f35cd859e0acd01622d38226bd6f9f33

    SHA512

    212564dd94baf9c17441073c79be7b7dad0c57fe66c7dd40914498cb6ecdc23f4b953856f8a6e9986b38b04e690e3cac0e44ff3f0d9132fc766fbf360709c747

  • /data/data/com.systemservice/databases/core.db

    Filesize

    36KB

    MD5

    045489a0639eee27bca52f48828cd93d

    SHA1

    436e7966e7c019273c44faa4d8c5709b816dfda3

    SHA256

    0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

    SHA512

    c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    7237409e0640cfab7bdbd429bf821a3b

    SHA1

    4c3da934842f8d4835dfe2a9c275a300e5123309

    SHA256

    5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

    SHA512

    c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    5fd56e4a83e096359a1b6258d5d5c4ec

    SHA1

    f384e9e2d84cc7ae404846a50f396e416814e501

    SHA256

    545569248e63d334bff38c7cfe1bbc002a8bacedd377d3adc4191c152db37d0a

    SHA512

    fba9998e1a566dd918f407c55fff4dfe25f4da215ceba6a932cc03547f7863a43b4254ab620db9074787b8b353fc5b8b17d87de4c926935d65ef8851ec799b52

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    a2372a2e395bfb8fbbbe88e2bca2e68d

    SHA1

    1fe119e15fae64b5df719c25f05f642b59bd39aa

    SHA256

    fec3a78a1ac76152a58612c3598dbdb2622493915eb51da5d433fc4b9b448198

    SHA512

    3dfdfb16c7e53b274c4ef81ad7708ed2fca1acd5edca772cbfd1966450a24e7b1984998d86b8ec735d0e10336a044bc7b2ede46ab3133ebfe59a5946d4b32041

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    d71bf0559bcc90b44da0eead393fc0ad

    SHA1

    158afe2ee91cb53de3407e7eef619aed7a84b518

    SHA256

    c1bcf154a716f9ac745e179208aa99d0c5239af122c98e8d93016197bbc500cf

    SHA512

    438946e64e7798de813ce169fa0b58a101a230901303992798931c7af625f51233e253a24f546395da9b8d09dc2cec66b3aeabc5eac8ec4e61acad2fd11c8818

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    e811a43898eebd726641bc60830e3e12

    SHA1

    72e08746b5609fa3611e42e732ad80bcd6ed9d22

    SHA256

    38fe3ee9dc77d8c864d1cf206c4beea0c97386686e864def1d862824bffc937c

    SHA512

    d7d4ed035a38abc6f8ba45915a78dcdeff48813887dbffe0d358ab62bdaf53852475c21aae450307bbfe99065330d1128f20c5ab58cff7a08ff2f38f34b99ff9

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    835cfc7decf507cdc5e54f602e3f9699

    SHA1

    4a55d424cb32e766554672cb2d0b3804fc47552f

    SHA256

    29257dbf2b37d226ace65bd68d001398801235d93ed830a35435bd4bab4de852

    SHA512

    2ab470c2200d97b545693a4cdc661100e46b0299f3d3890773681bc5f22f29eeda6b6a83a5c627fa22119726f3ce78d40021362a3f018a4f3afb4a08476c253d

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    512B

    MD5

    fd6a9f7d7fad6c5694b697cb631dc236

    SHA1

    19f1890ce4c1b65f156c734da0b1e7b04bb75b82

    SHA256

    79eb31b3de0306cd5a82c54086ba38131ee2c710228fd0dd9dd00b21568b0d02

    SHA512

    81f6e98fd8e89b0c250c7e9932500c634aa48cf4b54a084581766a82ae901a2605dc4781b4b84e6180bd1bc0483d4db07201fefc35b0e85021835b5edb6813fb

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-wal

    Filesize

    36KB

    MD5

    59df7c303855d2ece8da29960aba256b

    SHA1

    7e6e1b4ff137421680da9b8c3ba06ff58428968c

    SHA256

    59459460d56d3d581f35ad796d24db8e9fb9b5063ea0c183287dbe6c2c4cfc6a

    SHA512

    4ced906197bb2f213e15ccf053ee420e21073e5dc9daa28bb95ee1ac4c51b5d8734e2e9fe888f0d893df6e72f24f33a37085209aaa9191ed9556066340cb9c36

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-wal

    Filesize

    4KB

    MD5

    2be3b39b1fe823398d3850aec65c9eca

    SHA1

    f05e591b746cd3ec20e51c391ca2a7baee867109

    SHA256

    f1894214601ccb5ee1b9adc80fae53daf619be0781f01f0ba1b8ae707b835614

    SHA512

    ba9b48a31f33d29b0b2adfeddf9af0e089d8c8b1b9290c8169374654e05368e663f35c54409947675bd5588bdb2d25cef3b0915bcd96f91b7808bfec2dfa1e8e

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-wal

    Filesize

    4KB

    MD5

    f9bcd7f9f678edde3e7bbef3fbea4cd2

    SHA1

    0e1fdddc0cc2dad80e18a8a3c3d82640a3f9f82b

    SHA256

    96d856c2294e51cd25dba701593eabfc3ae2d0cb9bb35f79eb3d8fe7db1b624d

    SHA512

    e7283db4082e685c1509bbf3691c8a9c2d6cb192ebf17970f8327f5c7a999fd0159e16100beda76dd71ad16ff5b5a1047aeb17aa8ccf9d96a46e76a1995c8dac

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-wal

    Filesize

    4KB

    MD5

    f0aeef5662a3c4fee717d870c8edad08

    SHA1

    ebe159855103e96ce913e893d8487300e2d06571

    SHA256

    3ad2e40525c8fdc751ab81050cd323877d8a7053f36d470b880a154abc084c81

    SHA512

    8e9cef89323e00b3643f1a6ada8f680bed917c99e9f8da903c9fa0ab6ec71b0f005b6e7e681d8dcfa91de690c52b155a12a8dc3b9cb8da29346cac2185ddaada

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-wal

    Filesize

    4KB

    MD5

    5d3b9c9384ed16d0f05d862daebc43df

    SHA1

    bbbd56286729ec2718e00f89e8c8a76d7c531cc9

    SHA256

    ae224bc59a4ad89c34e660cff7f4f4bb6a7794bf5c12d7e91e24872a0473dd95

    SHA512

    48d233522fd79521d507020ef664664db13f23478cba4c777a76a9eaac0f4c751472554cfd87f2a5ebfcd35650c9a9804dd84d61311292cf218a6a8a6d174911

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-wal

    Filesize

    4KB

    MD5

    6c3d55d88996101ff2ab1788b57b9613

    SHA1

    2a4b9f24bf3fb86e2a6780c295f35ebb57d2b88a

    SHA256

    544223b4127d747231cf4b6719fe9fd095ed7c5ebf80eeb477232596c9cda88e

    SHA512

    253f9ac1dba150d15a5ed171c3a08988730cb779886824c983cd45526068c673436b2ddd3c24e75d3695b8bc5331ec3031ff8befcdf47b3a56df0bd5ce668dbf

  • /data/data/com.systemservice/files/PersistedInstallation6499886307170950220tmp

    Filesize

    556B

    MD5

    8be2cf0e5da8af90147b9d94791597df

    SHA1

    4f4deb9f074d2392efa5e81c51ae17fb3a3f5468

    SHA256

    7fe79d19057006280f3ffa3cf1ec447d33cb844b488bffde5852baedb3e1dbc1

    SHA512

    79c0726c7d92f21f7a48339cf62aa139f637c3d34cfa761435c13e39fa3e7c9647fe929442c98088d3839cc5ddd829b1eaaec53acf144c4e6dad01ccfb13303e

  • /data/data/com.systemservice/files/PersistedInstallation6715277639115070834tmp

    Filesize

    90B

    MD5

    f0d0d98852a229c9b5bb278bf3b6a6f2

    SHA1

    acad3c1a6aa828ee3808b81a8bcc9331d2710a2c

    SHA256

    bd4f6003dcbe7acd53fd79344acf18a598f9ddb94dc0936c97f875c385a3a3d0

    SHA512

    e7b4c166f0ca0b221270088621f5742ce0575a5cdcdbeaf5b174aed24f1d1bf8e420241b68ec3bffda759a539f75fb9eb37d258fae90296830f7c56b0ac91bf6

  • /data/data/com.systemservice/log/log4j.txt

    Filesize

    3KB

    MD5

    abbf12670c9a99f7352e0cb6f8d9098e

    SHA1

    f67b0fec73b305bad8ad1bf7e119df85e3631a2d

    SHA256

    3f83f84def4156e823580690e0141ca1b82d82998593d36beb94737e07ccd1a6

    SHA512

    666d3d397af7020442cc923785ab02198e7d3de3242c7b2c7789e27fbf7cefd646501711afc89633720dd5ae6ea27cfadde24a582bf8460da140d56ffc7deb5c