Resubmissions

03-05-2024 15:21

240503-srtpcsaa8z 10

03-05-2024 00:46

240503-a45chscg82 10

01-05-2024 15:24

240501-stbxbscb46 10

General

  • Target

    7ae5b896cfa90e89bb97c94d9438cde9e9c107204ace3e58cdbde7dbadaa4562

  • Size

    2.9MB

  • Sample

    240503-a45chscg82

  • MD5

    df66a94dfc86e6097c386550f31c4100

  • SHA1

    ee4b21d5567c71787a58e18b90d0d93395d01022

  • SHA256

    7ae5b896cfa90e89bb97c94d9438cde9e9c107204ace3e58cdbde7dbadaa4562

  • SHA512

    cddf2359888da7f38266d005500374b0bde6679bda8871049eae48461fad85187e0b9f68ff53e6f7c833f60995a6adc26e81035ddf9317847200249e7ff13695

  • SSDEEP

    49152:HLV4Jb6W1wGLVdbbM1pssjodLaIITeSC5QfMkrHBOx4JEb5UzrzVS52l4eJB3GzD:HLQt1wGLLs1tcduTTO8frhOZlUznVS2u

Malware Config

Extracted

Family

truthspy

C2

http://protocol-a.thetruthspy.com/protocols/getsetting.aspx

Extracted

Family

truthspy

C2

http://protocol-a60.guestspy.com/protocols

Targets

    • Target

      7ae5b896cfa90e89bb97c94d9438cde9e9c107204ace3e58cdbde7dbadaa4562

    • Size

      2.9MB

    • MD5

      df66a94dfc86e6097c386550f31c4100

    • SHA1

      ee4b21d5567c71787a58e18b90d0d93395d01022

    • SHA256

      7ae5b896cfa90e89bb97c94d9438cde9e9c107204ace3e58cdbde7dbadaa4562

    • SHA512

      cddf2359888da7f38266d005500374b0bde6679bda8871049eae48461fad85187e0b9f68ff53e6f7c833f60995a6adc26e81035ddf9317847200249e7ff13695

    • SSDEEP

      49152:HLV4Jb6W1wGLVdbbM1pssjodLaIITeSC5QfMkrHBOx4JEb5UzrzVS52l4eJB3GzD:HLQt1wGLLs1tcduTTO8frhOZlUznVS2u

    • Truthspy

      Truthspy is an Android stalkerware.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Registers a broadcast receiver at runtime (usually for listening for system events)

MITRE ATT&CK Mobile v15

Tasks