General
-
Target
.apk
-
Size
3.6MB
-
Sample
240429-t5y2nsfc99
-
MD5
3b2bffa809e1332c8b77f91add1a7374
-
SHA1
cf0489ae4122584fcc510ca1c6c93ba8c0405899
-
SHA256
bff0087b9e9d47e64841c0fd32d89c521d1ff4065d695472c7c107ef620ac9ba
-
SHA512
6a74cb476d094958b66b73501ccd961601d1bee0c2f86ef453ccde2dd9c2cf1c53437df8bfa6c1d64f212b27e6f8087b8d1d64ebda3d1582a6150513e2d98531
-
SSDEEP
98304:88zYcEK7XH8yVw98Mbwb81jjrcz7dpN9hB/W+3e+NQGAytLu/:88nEK7XH8yOhjI99j++uG+/
Behavioral task
behavioral1
Sample
.apk
Resource
android-x86-arm-20240221-en
Behavioral task
behavioral2
Sample
.apk
Resource
android-x64-arm64-20240221-en
Malware Config
Extracted
truthspy
http://protocol-a.thetruthspy.com/protocols/get_synx_now.aspx
http://protocol-a.thetruthspy.com/protocols/getsetting.aspx
https://thetruth-db94a-default-rtdb.firebaseio.com
https://thetruth-db94a.firebaseio.com
Extracted
truthspy
http://protocol-a946.thetruthspy.com/protocols
Targets
-
-
Target
.apk
-
Size
3.6MB
-
MD5
3b2bffa809e1332c8b77f91add1a7374
-
SHA1
cf0489ae4122584fcc510ca1c6c93ba8c0405899
-
SHA256
bff0087b9e9d47e64841c0fd32d89c521d1ff4065d695472c7c107ef620ac9ba
-
SHA512
6a74cb476d094958b66b73501ccd961601d1bee0c2f86ef453ccde2dd9c2cf1c53437df8bfa6c1d64f212b27e6f8087b8d1d64ebda3d1582a6150513e2d98531
-
SSDEEP
98304:88zYcEK7XH8yVw98Mbwb81jjrcz7dpN9hB/W+3e+NQGAytLu/:88nEK7XH8yOhjI99j++uG+/
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Obtains sensitive information copied to the device clipboard
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Queries information about the current Wi-Fi connection
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Registers a broadcast receiver at runtime (usually for listening for system events)
-
Acquires the wake lock
-
Checks if the internet connection is available
-
Queries the unique device ID (IMEI, MEID, IMSI)
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-
MITRE ATT&CK Mobile v15
Credential Access
Clipboard Data
1Input Capture
2GUI Input Capture
1Keylogging
1Discovery
Software Discovery
1Security Software Discovery
1System Network Configuration Discovery
1System Network Connections Discovery
2