Resubmissions

03-05-2024 17:30

240503-v3bn2aeg58 10

03-05-2024 15:32

240503-syk1ssdb37 10

29-04-2024 16:36

240429-t4ld7aff4v 10

20-02-2024 15:07

240220-shaj5aah26 6

General

  • Target

    Clash royale.apk

  • Size

    3.2MB

  • Sample

    240429-t4ld7aff4v

  • MD5

    f2b9ffb8bb4684754a7e1eb02f1added

  • SHA1

    b3d4a329b035a97c21f09698eb20e3db732aed82

  • SHA256

    eeac062c8c9149a6739371238b857f18fb8a61c146443a972d1eb201d504216c

  • SHA512

    37ca4bedd0054ab5233b441861e9c30f128238e75849ef744195d92e5c0a8f5da6db633c95b05397a978d0f7bdb31be4c2cfbf696687a3e968dc5cef17043345

  • SSDEEP

    98304:F1yqxOabNLn7Rk3H0bbamJL4F/E+roUWwvlL1K:zLwyNLVcCJk6+rotsl4

Malware Config

Extracted

Family

truthspy

C2

http://protocol-a.thetruthspy.com/protocols/get_synx_now.aspx

http://protocol-a.thetruthspy.com/protocols/getsetting.aspx

https://thetruth-db94a-default-rtdb.firebaseio.com

https://thetruth-db94a.firebaseio.com

Extracted

Family

truthspy

C2

http://protocol-a748.thetruthspy.com/protocols

Targets

    • Target

      Clash royale.apk

    • Size

      3.2MB

    • MD5

      f2b9ffb8bb4684754a7e1eb02f1added

    • SHA1

      b3d4a329b035a97c21f09698eb20e3db732aed82

    • SHA256

      eeac062c8c9149a6739371238b857f18fb8a61c146443a972d1eb201d504216c

    • SHA512

      37ca4bedd0054ab5233b441861e9c30f128238e75849ef744195d92e5c0a8f5da6db633c95b05397a978d0f7bdb31be4c2cfbf696687a3e968dc5cef17043345

    • SSDEEP

      98304:F1yqxOabNLn7Rk3H0bbamJL4F/E+roUWwvlL1K:zLwyNLVcCJk6+rotsl4

    • Truthspy

      Truthspy is an Android stalkerware.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Checks memory information

      Checks memory information which indicate if the system is an emulator.

    • Registers a broadcast receiver at runtime (usually for listening for system events)

    • Acquires the wake lock

    • Checks the presence of a debugger

MITRE ATT&CK Mobile v15

Tasks