Analysis

  • max time kernel
    16s
  • max time network
    157s
  • platform
    android_x64
  • resource
    android-x64-20240624-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
  • submitted
    21-01-2025 02:34

General

  • Target

    92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c.apk

  • Size

    3.6MB

  • MD5

    0366ae0abf0ada8aed90322bfe07dfd5

  • SHA1

    2f0779ce64f02944e87674745cb446c5bc620607

  • SHA256

    92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c

  • SHA512

    52f50f2f847628b1fb498784660050a6f189d8c7cc520c0d3a06ca28cc35ee4961d0a3daca71a540e263ab930ab629b884c3ff187d4abcd8f58549fdf87f9677

  • SSDEEP

    98304:mD/SWbGiowrvH6Odp/9hBbW+te6lXhAyHtu:mWWbGjuvl9jS+oSc

Malware Config

Extracted

Family

truthspy

C2

http://protocol-a100.phoneparental.com/protocols

Signatures

Processes

  • com.systemservice
    1⤵
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:4976

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events

    Filesize

    56KB

    MD5

    7d7f02d3562c3bf6e66060419ce934f7

    SHA1

    41954b42f78e7b6ddcb6a2fa8c395d75e5abf29d

    SHA256

    727dd658b7f9a4075d05fe06b1826e9afb382ab7cc851d6c6d53628181c16ab3

    SHA512

    831264081f9d824279b24d59db969f06f3445c63e719b7f77dfd25d626d0dfd317063f389bb7659540b1f5fd1206dfbc2ff83e67f2915526c06f244042dceaa7

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

    Filesize

    512B

    MD5

    f0796f70965afb6b27ba146f2b8c7999

    SHA1

    f5a9eb64a1fc608a55b299658b486bf0c29c3146

    SHA256

    19b5a27fb7fbaea60fd72b70608f6725b660b2154ce86e34881bb28788faabc1

    SHA512

    c73be45c9d79d0b4c42e0b48a88ff3659b0dcdd85c21884ea6b66a3ab0334d6020387c2ffd5a23975621d7876f3459604fa44844dafcfa733e5f5cf8e4dad2ca

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

    Filesize

    8KB

    MD5

    367999899e76854c96beebf9eb5081b4

    SHA1

    b6575d70fb69dedd53b1e71391addc1f8f3ae859

    SHA256

    e6cd27c73b58d39cc0b775730367e7d6585a74afc2f7357fed3ce313b426b53c

    SHA512

    c2f5b53c586acd847b60e0bd2bee7365d22fcbe51e75fd84d3549725d52c606e923ff06d68198051a18338ce8bcb49bf0f45f358d765538265edfff5022fc5cf

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

    Filesize

    8KB

    MD5

    610efec4fdc12420fd3d513a593467cf

    SHA1

    c4359d5d85b57b4105b35858b15878518639cbeb

    SHA256

    5b4094dce1049fb71f22fe16457ee0270f9a4e57b9f39bc275e6d5b42d1c26c8

    SHA512

    09be682f635cf92d3e926c3dae4d56fc314034133c3818ccabe65fab4831923257e3a84fcf1251ff3f5ed8a48cf94eaf5e49baa6f9f00dc6185c724f36e3773b

  • /data/data/com.systemservice/databases/core.db

    Filesize

    36KB

    MD5

    045489a0639eee27bca52f48828cd93d

    SHA1

    436e7966e7c019273c44faa4d8c5709b816dfda3

    SHA256

    0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

    SHA512

    c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    eb52a90bb70b76e946b62f50b6f7fb85

    SHA1

    42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0

    SHA256

    48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4

    SHA512

    b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    bdf8d56d0df9701882ba40c1b7c59e73

    SHA1

    6dd582a2a41eb3d0c8ef66b69c6da020d7136c5b

    SHA256

    6fd77da7621d94e97da2d5d430645c4efd5ff90e3256d888d402f819d085ef7d

    SHA512

    0f5af98156578ef501a0ef0b379cb4f74581c628426ad93c73ef5c8fe53f43c8cf3cb5bccbeb03c4e9e37eee7ea9a439acaa8c69f11b47f8193e92a5e8ce024b

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    4b4fa516bb38da061491b9c9c67952f0

    SHA1

    4e22ec73d082124f6c31f4bd17e20492343c0ab8

    SHA256

    632bf70ebff2a0d748bad94e6a12ff46378c90fc5fed9fa38ec4112f506ad264

    SHA512

    2ada1519e851b4f20fdbb6c02779548bfb358b51ef97e2ae1ba35d7821b3e9470082673f4aca534e3359e6acfd9460c64a333272af0eba279aa7e97caba228f7

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    b3706150b4e0feee54f0e2fe0a03206c

    SHA1

    3f6be8b2e71590555f0b0672e635790e679b4868

    SHA256

    4860f6449dc4746c4df291b62d30a3897d439ac4604a9618a205ecd8353ea9ba

    SHA512

    850b9b1a55a7fd1e527c909aa26e1c12c01ea9f99a7f31c50c6e2bf8202df00cfdfc7b3385fd99d52d2bd6d7dd19cccd065dfa5ab42effb6785c160995c5e7af

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    2a87568ebf6d8be3026c5278b2c68fa5

    SHA1

    8063a54dba37e3290ed9866ac50935eeb6549d75

    SHA256

    198aaf969a0df12867cb39f2fea6c26424a7e9c297d734a3829b1c35956891fe

    SHA512

    f949d54455d1adfef6cc299745931853b760eab18ded72c6e97a164eb3446e25c711beb9a057ed9a2dfbdec969aaf283203c70a84e96be35c39501d4a208ba25

  • /data/data/com.systemservice/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    f871ff700510a56a54fdd56bc41b7541

    SHA1

    481548c8bc3254a00f497140278597b915460c48

    SHA256

    ab18f3bb605f3cbedaffc75b2d5a03fe21ab82179d268331ea907bdcd32c23fa

    SHA512

    12e3d348199566e137f02b63e4c8b4c722aa086128c0f1cea883d512075b8573d40d889d2b4452d9e3d9c02f523716da9775d93750c242a1a2d9e62f50f60fc5

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    512B

    MD5

    3bb0dfae3ee2c6c4a5d1d97d14b5e7a7

    SHA1

    83b4f7a9727eb4a700fe0b393e2f55a522f7d715

    SHA256

    fc75f25d669d1a2988fdbe01a9ef37bb9bac3a88dd24b80413b867141cf81655

    SHA512

    842fc839d18f5635c68c322964e1c176d501d7a53a82bb450eca364a1671b310c8bbb0cf5a15743255da260cd7a6604e258c5a79b6145e7a0024562226c158c5

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    4f233480c1e8256e15af86cfd31254ca

    SHA1

    8f734927e4e4942c576591e3130433b088121bf9

    SHA256

    67ebea4962bd34db49b4c5b8264f9e769156d781de060c42536e706b7e82179f

    SHA512

    4e6a84402de72ebaa446e818a2a7f742f491cdc78f5570c59f8e952864a72fa5ec6b4eff48569d14952c05f40c828b258986239d356971fc331988a6c507d240

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    4KB

    MD5

    3b3d651aba14b54b967934f70731e10e

    SHA1

    fae3147c17e56efa5ad5281a88a6e29412fecdf6

    SHA256

    205387833bfd21dd906bca1817a89009f78788403160e28e65c1eaba155e6d93

    SHA512

    8248b8b2847ae2c91097127d37df694a593d54b978f3f0552b0c651d15075004fc1b5b9f75d00c16ac19527f3b222b0ea69a1beebc9dc0d2d75ccce7e32cb102

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    7b3eeeec8b21f72b41d511f5af815f99

    SHA1

    2692a06bc5535d5e5f5415669cc22418639b557e

    SHA256

    9d75e4480970f63f9731ffb8e45abb019d5a11b2ec9b07faf720b760d2e957bc

    SHA512

    98e6fe6e4f8c969fa6bec8702a4cac185c61b6dd34951efe18287634fd2467a6175f5057c713ef15fa5627b5c251bca25ee56b2c597d943a99a1d8630d6cc300

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    e8dc121eed8eef64957a1ed6613d9256

    SHA1

    064d9a1e2a8ecbbbc69b6feb2b9b790ffde5f432

    SHA256

    50fdb1179ac47e84221d908ac90e8ad2bf2fccc64dee23c9a8f240357804e6d0

    SHA512

    450ac54984e6ed6f1539cbe12fe37aebc2b3a62a9d63ad4ccc994296102d958c8fd7e0fbeef59d20a9c33d3ef17c1c1b0582f06108004afe4847ca5824616b31

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    1fd270c49d0e690bed3950511979afcd

    SHA1

    cdbc40635d01c639e5da9860179c3e1061a39485

    SHA256

    0d6bbaa5221bf9e102229afa84b0b1e23a091af2cc3c8fe8981fb25f3ca4c8ee

    SHA512

    8bfce2a4de2200c45fbd0eea05b4dbded12e36425bd8ceaedf1ed9ce9f1c6fbe350b9577d700941bc8aa6351b81fe6875edf3b024452ddedb741a1190cb7398c

  • /data/data/com.systemservice/files/PersistedInstallation1084405351955256888tmp

    Filesize

    554B

    MD5

    9b1cfe6bd4e5d18bf7716232b1e06806

    SHA1

    a0d7233748a3a114f97de7f8a4e772394ecb8cdb

    SHA256

    b3b5ba95b29fdbc92a9f275bb20ad4f5d6ae726aafc8cde8729f96b208fd764f

    SHA512

    8bb8abff774e83c06b17d95237d3152481eaa32e145eff0ec76e13317d98c78c68350ffc244b3214cbf33ac82c34f1ffe1929367e572cf9d2505e021a82b3e91

  • /data/data/com.systemservice/files/PersistedInstallation2218349977042403183tmp

    Filesize

    90B

    MD5

    06276be571e3683e088dfe2306b020bd

    SHA1

    ee3cec0e372536efca4ac69c2891c332d8b039ad

    SHA256

    1ba83696e85d9bc077466deacecfb9cfbb150ccc3c6adf948db720a8a62fe17c

    SHA512

    51ada9278d2939e5b50578c0d66b0c2b622870afb3497f4554f27beea19495d6660e2f3fae1417aeb98f73c83fbec080232126ea0f7f8e1a727dd88602ef2612

  • /data/data/com.systemservice/log/log4j.txt

    Filesize

    6KB

    MD5

    1d8ec8faf50ca3e825d9f0c0fd1d0703

    SHA1

    386dbe8fea056c9f24e2c00388507390e7eef059

    SHA256

    1c6a2f5c36c03e3e309358378222176890b878ff280353f6c8b9309fdf3acb2f

    SHA512

    375c019c6e2c6315090b0c824afa00565c4e6f8f467ada75f925686a8f9bf47a38faeb22246739bea1886e2a191c8c39a010b68785aee6afd174e0fa7820772c