Analysis
-
max time kernel
51s -
max time network
82s -
platform
android_x86 -
resource
android-x86-arm-20240221-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system -
submitted
29-04-2024 16:39
Behavioral task
behavioral1
Sample
.apk
Resource
android-x86-arm-20240221-en
Behavioral task
behavioral2
Sample
.apk
Resource
android-x64-arm64-20240221-en
General
-
Target
.apk
-
Size
3.6MB
-
MD5
3b2bffa809e1332c8b77f91add1a7374
-
SHA1
cf0489ae4122584fcc510ca1c6c93ba8c0405899
-
SHA256
bff0087b9e9d47e64841c0fd32d89c521d1ff4065d695472c7c107ef620ac9ba
-
SHA512
6a74cb476d094958b66b73501ccd961601d1bee0c2f86ef453ccde2dd9c2cf1c53437df8bfa6c1d64f212b27e6f8087b8d1d64ebda3d1582a6150513e2d98531
-
SSDEEP
98304:88zYcEK7XH8yVw98Mbwb81jjrcz7dpN9hB/W+3e+NQGAytLu/:88nEK7XH8yOhjI99j++uG+/
Malware Config
Extracted
truthspy
http://protocol-a946.thetruthspy.com/protocols
Signatures
-
Truthspy
Truthspy is an Android stalkerware.
-
Makes use of the framework's Accessibility service 4 TTPs 1 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
description ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId com.systemservice -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
description ioc Process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.systemservice -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.systemservice -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.systemservice -
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.systemservice -
Checks if the internet connection is available 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.systemservice -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
Processes
-
com.systemservice1⤵
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
PID:4485
Network
MITRE ATT&CK Mobile v15
Credential Access
Clipboard Data
1Input Capture
2GUI Input Capture
1Keylogging
1Discovery
Software Discovery
1Security Software Discovery
1System Network Configuration Discovery
1System Network Connections Discovery
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD580a7ca99aff21ec1c0b9d07ffd68ac05
SHA1f1392924615c52707732bf5b97a15ae7ced063dd
SHA256dff1192637108d211fc31400eee14087252a28a75d54255e30a26bbd9dc6efae
SHA5128409af5255d3b8dbf079099d7b5830bd4ba5157e03d2be358a06e0e0c64fc32a3a4083cb60f062245f2e5d5b1a6c70cb4aea10d2b36684e74f25a48c37386c31
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
68KB
MD5c8ac64d6868bbf5ad0f7f843c5947d3a
SHA1f9c4ecf658922f77d2c91ab3f08b2d2f20fb290e
SHA256a04997be0ecbce7556c86799a9e84fdf540e01ce8bea1846324c5ca1b2b54a3d
SHA512a19499b6d9246c807c625e8faed7ecb0e68e5d9d810607dc4ce58b3c7322387997f85bf3dcec6db3f9008d3dd67b80e4e85308e6c4500172d7e69a100b9a1ada
-
Filesize
36KB
MD5045489a0639eee27bca52f48828cd93d
SHA1436e7966e7c019273c44faa4d8c5709b816dfda3
SHA2560151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e
SHA512c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e
-
Filesize
16KB
MD57237409e0640cfab7bdbd429bf821a3b
SHA14c3da934842f8d4835dfe2a9c275a300e5123309
SHA2565c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa
SHA512c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f
-
Filesize
16KB
MD55fbd248ea45894cab4310810fc313dd3
SHA125556cfb98333b9afc35a39dda8fd6db964d05cc
SHA256ea3a0e6ffe96b78dfc06289a6b91c9ef0c3366619c60288ac7ee0b6f968ac7ca
SHA512f3645992e7093438522aed2d4dd69973032160977992bf7f9907bf281afdda682cf2ef661a7bd41061e64e5557994400c0f03b86091032e8cf2a60b5b49444ac
-
Filesize
16KB
MD5f74f3d4a5f17c820ba3511ff5d346baa
SHA15b98e6b43713b077d6925e92094b4ff0ad4db47e
SHA2565b04f42352d104cb71c213c034911a724688305ec384e684acbc7e684c1f349a
SHA512e6ce166f2ba035cefe8bca6ce1e34ab4b29682c2947a4bd2d8f0fd245c9f58f9499af5a5b8e5b6269a4f01664bde45157cb64dd7093db87452abd3b9264f8980
-
Filesize
16KB
MD5592a65ca8809344178826a5b8f84b76e
SHA10a39c19886cd21361082d58a93b1580b47b48f91
SHA2563487e39f726344c6026ac9ab057585a3e3ea269fb495e758223e994582eda85d
SHA5120fa2e1ef2da6bd7de9051fcae1d884f916bbab834717484bff18b9319441a806465f7ec529da4b8a3c25a0b486f5c3594b8b8f770b824ddfe2929893248f736c
-
Filesize
16KB
MD5ecc2eeba3076cf980dcea463bd23f54b
SHA193b4388c268e909e55386be3ceb7de9ec1b7c045
SHA25613f94be4d99af00850f34585b25e268211869ec9adfdbf5722eb0187662b2d95
SHA5129456d421998bf8c30349a4290543fc04a81ec714ef9492e3a8f78615eec984ed53c05e18503432ebe6fbfb59cc9860044b65da5752af3b59da29fb45da66a519
-
Filesize
16KB
MD512713cc432d13249a44d412f9fd7f1bd
SHA1f9676fd0156eb1d9e7f19b2c553b73720f930c4b
SHA2565397b4e50e224dfe7cd6e6e2c2f9587ea91f62fb7d1cc73667c7f03b57492c85
SHA512bc1f44e322089d61293ba8f8fabe7c0e656f87b97f923cf32667150fd56850ccb92be974d46f6d449c928be6772cd422de117efe14a92bca14d9ee3528e12db3
-
Filesize
512B
MD5c08a3760e6cdba846abbec3c6aa4cbfa
SHA1b12fad9a0fa770c6d581d83f6d4b13564cc547d6
SHA2565f4a927c1b5539fcf2295b26ccd511d73e1fc1e5a3adeb380b906f47d7c45506
SHA51236c6e4f3d62ae8de2f5de6d9ffbc1daa222c0c619fc1ed128ba0d8de97dec1a29358bacf37e91bc76941165a1017c3a23c02bc13c507f294749ae89517a362d2
-
Filesize
36KB
MD5145193c2a034a2b75c2415e59a84967c
SHA182c2c3b533bf49b8f6fa338198ef9dc2bd36413e
SHA256087aa2224500fbeef810fdc14c9b0cd3e42cb41105b1a64c486fa66e3e92d4f4
SHA5127d7484c7c72813ee33caf844f83bcd413d30fe65447cefa100bb8714a5135ab7be1f803fc6d607078ba3a442c9356a8b0521109c23ee244e97f4a43831a2720e
-
Filesize
4KB
MD57d016123e2a5c15d4e80a61e08291afb
SHA18ecc77a9df27be6213cd5563cc686f824d214a64
SHA25666e2873ebec7c316ab7deb2d27506bb5aea556ddc8298da60c9d134ac0d4ae95
SHA512772496f40596a0d17d7f84f3e427a8be4fe1ff1d666867fd7ea53b11348ad310e332ff7ab254345d230f2b93058d7e4e7c965c91a6bdec9dd3c556255786189b
-
Filesize
4KB
MD57acca1fe9f2d1a90d40070877e88a2ee
SHA14ce26c03225e8063ec0796c7caab915540045ed7
SHA2568b81204348c96373ac8e1fd071555bd5762a27f060863b21e5f4dcea12d37697
SHA51245fe8c885954e478dcac45532893ae5b76bd332bc84fe3efbbbe7792021bce38884a77dd94c02aa3fcae914f569dbf53412994d19bc845be529c41b6ed114bf4
-
Filesize
4KB
MD525e6db3ade9640dddf768a102849a74d
SHA1502b43662e74eb00c903e7331cf4b0544eb2912f
SHA25649c5fb322d84c89922cef7c3d497cc35077b1b4985db718bc672cfc77a036717
SHA512866942ab70da5331f8b21289b1b337511a56a67f3087e09a7aa8709629762350d076a139fdb479a89264c66c870d9d72543b74b99b2187ea1c848870a12dcd82
-
Filesize
4KB
MD52d1e9befa6418ab3774a630e5b3fc7b1
SHA12472c7cc3d85ad1de5b8ea3e34245bbaf4554543
SHA25690a6093c2e5dee2251ab1e48cd8858cad5129940d2f2d5edb02c282816de6da2
SHA5129ecc65d3e7f3e71261624ff3bbcc018960c059cc8da2fe675c05d5e167a00da19d2ded12f7fc0c6f337f1032a79376306a0bf964d027ae37956f7cecfaa9fea3
-
Filesize
4KB
MD529a1ee70cdeb739ac2a0f5fd87278518
SHA14259725bafd842507652a56992624063eeda0646
SHA256711f794e08972c245e28bc01e823dda313d910dcb20ed35ab83ac8076c9aa9d8
SHA512cefbdba775f08a79d8629cb9cc4cd3f8f46a04d0ef5c15be137f590c582b8caf69cfa7d9d918a0e2197bd86a6734acaeb494904231a070ecf4178fe4a883943c
-
Filesize
554B
MD5aef18d3d340f2ca3cfa30fc2f8ad8f90
SHA1c4fc77c574d1b89862213eb1a9dfeaff4e7ab73f
SHA25631c7d588dc98b77c003dd250d3804ca239b7c520cc163215ba19efb07d612004
SHA5127c9f633b7ddaec52bdc1e2464b37d70a43a090cea982ed8d449c11c9c9a42aee2bac00bb19f81f077d769db2373b3193014e80f1b134b94c4d7bdd20b5bbfeb8
-
Filesize
90B
MD5dcc1f65ac5ecffd56afbe51813fabe24
SHA111ad69b9abb7ce4266636ff0141b29af7d975383
SHA256a51a63e6f009e3347cfbc71981b3b68dbd68440ac2f479d6c41414e97a572581
SHA512c2e9c4b01150d1bb4b05b46f094580c4fea5d3ee7b33ffa92a5b743e37a96a1d52e70e33a3f102c35185a150124bf938dbe4aa4f69df4c27edd6cd4e3b60276d
-
Filesize
3KB
MD53dfbf45e3278c17f549754a20cd20713
SHA147761703194417a3a3a5a83b7db1391fefad80a3
SHA256e3afb96c29910e0f76bc4155e942eaa84cdfc04d591ab35018f05b9ce4440955
SHA512b5cecc6b0fe7e118670a18b02e25a4f7414bcfdc947d00beec23d851c60253ad440e49d4d0c5d84b77db17384fb8fffc7557dd020cd01cfc602c2302bf754cf4