Resubmissions
03-05-2024 15:21
240503-srtpcsaa8z 1003-05-2024 00:46
240503-a45chscg82 1001-05-2024 15:24
240501-stbxbscb46 10Analysis
-
max time kernel
37s -
max time network
136s -
platform
android_x86 -
resource
android-x86-arm-20240221-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system -
submitted
01-05-2024 15:24
Behavioral task
behavioral1
Sample
7ae5b896cfa90e89bb97c94d9438cde9e9c107204ace3e58cdbde7dbadaa4562.apk
Resource
android-x86-arm-20240221-en
General
-
Target
7ae5b896cfa90e89bb97c94d9438cde9e9c107204ace3e58cdbde7dbadaa4562.apk
-
Size
2.9MB
-
MD5
df66a94dfc86e6097c386550f31c4100
-
SHA1
ee4b21d5567c71787a58e18b90d0d93395d01022
-
SHA256
7ae5b896cfa90e89bb97c94d9438cde9e9c107204ace3e58cdbde7dbadaa4562
-
SHA512
cddf2359888da7f38266d005500374b0bde6679bda8871049eae48461fad85187e0b9f68ff53e6f7c833f60995a6adc26e81035ddf9317847200249e7ff13695
-
SSDEEP
49152:HLV4Jb6W1wGLVdbbM1pssjodLaIITeSC5QfMkrHBOx4JEb5UzrzVS52l4eJB3GzD:HLQt1wGLLs1tcduTTO8frhOZlUznVS2u
Malware Config
Extracted
truthspy
http://protocol-a60.guestspy.com/protocols
Signatures
-
Truthspy
Truthspy is an Android stalkerware.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.guest
Processes
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
27KB
MD5c7b5801f4970b944a556dda8d75097f6
SHA1ab62d5c3d60940ac286f019fecd21f822af864f2
SHA256cc9e08d0728cef73f1f391fc1486845d285b6a14d778ef14c0ac2401e6b3fde0
SHA5126ac93f5393ce957d0be7de34145f433285f6ee37f6037f174f4532502da62218dddfc0e32883bf94830b4c79f63aa16cf10b3fa7b6eb4187b72f7703b6e0f0c1