Analysis
-
max time kernel
77s -
max time network
86s -
platform
android_x64 -
resource
android-x64-arm64-20240221-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240221-enlocale:en-usos:android-11-x64system -
submitted
29-04-2024 16:39
Behavioral task
behavioral1
Sample
.apk
Resource
android-x86-arm-20240221-en
Behavioral task
behavioral2
Sample
.apk
Resource
android-x64-arm64-20240221-en
General
-
Target
.apk
-
Size
3.6MB
-
MD5
3b2bffa809e1332c8b77f91add1a7374
-
SHA1
cf0489ae4122584fcc510ca1c6c93ba8c0405899
-
SHA256
bff0087b9e9d47e64841c0fd32d89c521d1ff4065d695472c7c107ef620ac9ba
-
SHA512
6a74cb476d094958b66b73501ccd961601d1bee0c2f86ef453ccde2dd9c2cf1c53437df8bfa6c1d64f212b27e6f8087b8d1d64ebda3d1582a6150513e2d98531
-
SSDEEP
98304:88zYcEK7XH8yVw98Mbwb81jjrcz7dpN9hB/W+3e+NQGAytLu/:88nEK7XH8yOhjI99j++uG+/
Malware Config
Extracted
truthspy
http://protocol-a946.thetruthspy.com/protocols
Signatures
-
Truthspy
Truthspy is an Android stalkerware.
-
Makes use of the framework's Accessibility service 4 TTPs 1 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
description ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId com.systemservice -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.systemservice -
Checks if the internet connection is available 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.systemservice -
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
description ioc Process Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS com.systemservice
Processes
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
56KB
MD5de1a102cb20c798bc39f3531c28e4826
SHA19fe39bcf567e0a71067554e335889e2c1ac759f5
SHA2569d1aea702ea81adc5041861b2dab95fe64112c2ed6bfa43696bbd20d31fec378
SHA512be9e8576eb238d1964a1d52db149e83f5666ad37bf265b44ffe7739209bd43ea501b800405221067e56a08ffb7c4ec5b426e2e3665a1ea58612307f20781288e
-
Filesize
512B
MD5e1f066397bbefd23376d5f033b605628
SHA17623575cbeaacb55db72d3ac1a6379caacdec036
SHA2566f8eb0042c70f7d03fcce16c286f054ed6bb13521d35a14d2095949fcfed27aa
SHA51205c2e77b769accc32a9fdb8dc135640f51b6903df316840da18f629b03ba03612ab302a7024ac57a22048f7701491cbc723a0afc245a638e62c6de09b053834c
-
Filesize
8KB
MD55306ab51199f781591bc88b334322d92
SHA15e6604fe0fbf554a02125347f2100a9aae4ce72e
SHA256cb494bfcab450a007f5360919887fa13c2b974a220bff4bd63c5fdd7aeef1853
SHA512f7bd584b867d9d4788710fdc037bcdbebfaa326846889df20e988365fd8c1416c0089fbce192ccdf04e499a657c44e909dfb9cdc72c354cbe9f0a7debcd545b2
-
Filesize
8KB
MD56b034ae8767e26fa00d1ece17274fbc6
SHA18bd11a1fba45deb4e9624094201b116f3f73ee93
SHA2564407926023540a4b6af7a75f529aa2c1e9fc2f723a378ca16db6eb7a544f91c8
SHA512216dd8271bc115a4111b891743b80921e614221a7d0a5bc2e9b32410a775018733f1f01e79cc448b9e736e7667c020744c1906dbd92b1f24972b349cd9eccd73
-
Filesize
36KB
MD5045489a0639eee27bca52f48828cd93d
SHA1436e7966e7c019273c44faa4d8c5709b816dfda3
SHA2560151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e
SHA512c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e
-
Filesize
16KB
MD5d9cf75fdd1c2292d986f6c3d5d60f2c8
SHA107ecb1d3a26d952ae5fecf54f36699ab498510b1
SHA2562d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a
SHA512442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb
-
Filesize
16KB
MD54fc610f5c17a4cf51ca192f9d95a49ae
SHA10f5c63c5a6acd5898918db7921eba9158b9b70d7
SHA256ead7575e8b716cae73f8c811f857c01dfed3c7aa77e0685492c93c5df5ef51a7
SHA512e9a5b87941ae7c79b8cd7826fcbd2f284fd4547b54509df0ca236b62678df7382e8c5211ed68c62ee8b2f2a1ee04d3519872a19c20a67e679a19a640fc530cb4
-
Filesize
16KB
MD5267088e6a3ea83ccbb892fc468a1e50d
SHA1c0993384d1d2f7578aacae5984f45cb17e117216
SHA256bf1bde7dc650fae21c18bd6b591fc94c62d1197821e93116d8af2b56c110072b
SHA512dd249c35b6a67bfc3cbba57b8162b3c9052f2aa1f482e445d3f5ab2adb0c788e4bec4358641e5ecdd8f30c297b5a37d32288b702633e0457b763f5c08e39f880
-
Filesize
16KB
MD5fd96bb45ef7bf7c56462a5e28642879c
SHA16443101bd51d0d93ee77daa5b0a454a6ea7a37dc
SHA2560a147547b00cf855cd2c6553be063e2e17c622211e722405d5fd1cffaf62cb9f
SHA5124d82e56d03375bd2b9ce02d7391ae951145770a43b7cb54fe8332bdf699ec3d2616e69f8752106553bb942a0ef0ee72942a522cddef9d6886b5848b897fa4999
-
Filesize
16KB
MD510c56a7fe60662493ef6e2eb0eb9deab
SHA19d7cc164dd61d36dd28c2f30df9db8dfd3da6aca
SHA2562eebaffb7205dec7000fdb2e0961c179b41ac8d188cb9a4d9c1e8d661cdef48d
SHA512f83e193fa9ba9498ed5e95879a98c91ae289bf60d274822e07fccd3f34d0d1edd95f03201908ae264f009088393a826f5c78301840dc1ab67f3573a71cf57faa
-
Filesize
16KB
MD530ba120600d5f0108fd3dc7caf631a97
SHA1944b9a3dd7113390eff78921bbb37dfae4f7f75a
SHA2565d7765de1be467dbc3d2c25437599a1ac41a176be6b4ce9f97180f7d3d524d29
SHA512786094e5f1faf32413e25077778bf1d7a354118ac33b706185ef1457d7f06c8c13e33e328727192216b2abd95a599f4fd023232cc1e15710fe5b8ced85663a4e
-
Filesize
512B
MD58ea9bed27ca5c6b86e6c374cca10b66c
SHA170f73fb4e4cfd8fcf5321fbcb6c8edb9f5b28f5a
SHA256274445521875831f8434178de00df217314516b168f2bb684116600cf997259a
SHA5127da218a617a538295dc5a920be61717286f660916b227b2c5b87c010211f11d124b1d86981f5b385fab7924621e31c33d9d4db7a79702e057cda6fc2492d10f5
-
Filesize
8KB
MD5d0e23e06b7f5bb020a5b1eb82355735d
SHA13ca1a0d8c1fac45ee3fe70ec0609ed023fa01303
SHA256261af4314079d49e1ddc528740ce0cfe1190a2e424ae0bd44d184b4f5400f26a
SHA512da835d17e4da6ad2392e4216d400fc907ae983939a61909ce3b16d88a2c21f7b9a2883e2e749fb1427b79a0e46c3d507aeb0d1edff3b4f9b8a7dbe6c513d1d62
-
Filesize
4KB
MD59a3097a467b2de7447788cd16d16cf51
SHA1c2e19eb43db61f1cbaf6a6a54427645c654c65f5
SHA256ccf3d252e9fb999a6b5e062bf25f51023a9d3b165599ac3006c4d757b2a73f5f
SHA51293c0aa57c948b65225f940f344abc677c8c4170e0f2d5dc03930de68d1d66d0ae8d062ea000d0765086b9f8212bf957e8af63134d5675b2494480432b199819a
-
Filesize
8KB
MD51f3f8704137a5fa23b6fe78e0e8bc3db
SHA1f900cab1b0b6e5c4c7550302289831c4b971df8f
SHA256f46691fd73d93a063364aaecd600337ac0ca3da63b3cfe9fc45bc9a1d0836a9e
SHA5121a1950be654aee553e85562ec71f31a96dccba8fe7e740a93898ceceba6e66fbf199ab717d1786a581a24ee179868f99e70c50913a382a071055cd1c8cd1a3fc
-
Filesize
8KB
MD5041fc66f5d9d6d807e68567fcd888650
SHA120fd74123ab3174f2dcdd242b06a29172bee8d40
SHA256ec5536a0ee4b578d595ee4e12f23b1f5f2e0fdc4f337777d743a2047accd1484
SHA5126dc0966ebb1b6cef0d57738b71e27201165e21c3d96debc62b2ac89d7fcf838aac1229615981152f5fd40bf2ad5762db31d95c6bd2913d0a935718d1958a97e6
-
Filesize
8KB
MD5b9c5e4c7db7b09a94e297c099959e77d
SHA1cd1634e07f6a50130ca6e0e8f8b06b48c383ddf1
SHA2569476c1b67ab9a217dbe313df2e7ab121fee566990e5b165ad6435d0ef683ff87
SHA512506228e200dfd41dc0ea3a82703751c5f3e242ef3e9a82499a0cddbd5c55a25aa9314bc77b4dee70dcd867b6744ea5f7579edf5aa6cfebbafb024bb328501b0d
-
Filesize
90B
MD53d71b89cd9e427f4e8ed88b9ec1bdd64
SHA177a23dc9896cda008c3ad8a448c1e6f312fe89f8
SHA2561906e012b549cddfe1ab44d2cb35e08ec11fa5e0f6a1aea55f0c5bface6d8630
SHA512186e559ce7387d618bd4d07ea17be01bdcbf9af7fa75079054bb92eede9ca883d9bc3911de0ffdfaf9c5a8f767c8429a01e515614eb76657f1d584db274f3cfa
-
Filesize
557B
MD51487a3f282e1f6999183b04e7bc8b08d
SHA1975c111853babc257bb2710b801b75f3b463af73
SHA2563a7269a84bce7ba6b151fa82653b68b5554d2466f3b312020fe590089528889a
SHA512889e392a3af5f8c2c3eba346c886ed5b6fe8e165d2407cb450a993497087f0fb8c9b3d8fe82de7f55effbb886c07ddea642b52f791516691ece80cdaf06e03c0
-
Filesize
12KB
MD52e8a654ba540a1c52a3969277ba1b43e
SHA119eacfda6c9b6b264d631f78bad3cd2a45a5a6fb
SHA256fcd8a4f06cba188ceff2c4cf458d0fb0852347a709f1319cb2741b1b19219666
SHA5121ec4a1ffc5a6e9863adf99f461593443090b9a121024c4a1f6802c99841e219927e26868794dbb7ae636125554c238f707ab85755d9fc56f8dd6f122e7a1eeac