Analysis
-
max time kernel
17s -
max time network
131s -
platform
android_x86 -
resource
android-x86-arm-20240624-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system -
submitted
19-09-2024 02:17
Behavioral task
behavioral1
Sample
.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
.apk
Resource
android-x64-20240910-en
General
-
Target
.apk
-
Size
3.6MB
-
MD5
39fa2c58237de702fc3458251f358cab
-
SHA1
16e4e5003046f5d07a0fb1eff0dad56d9ce53be3
-
SHA256
2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc
-
SHA512
023b77900582d0b6629d587f7411ce5153124cd3870b9533cf9afc5304b874e4353d8dabb7adf8a199768992123e707bc6a87ee682463c3bdccecc8a060e7126
-
SSDEEP
98304:kyHTjmHgJcyw+WoeX89z6Odp/9hBbW+te6lXhAyHmz:k+jmKcyPsXMl9jS+oSc
Malware Config
Extracted
truthspy
http://protocol-a100.phoneparental.com/protocols
Signatures
-
Truthspy
Truthspy is an Android stalkerware.
-
Makes use of the framework's Accessibility service 4 TTPs 1 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
description ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId com.systemservice -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
description ioc Process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.systemservice -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.systemservice -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.systemservice -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.systemservice -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.systemservice
Processes
-
com.systemservice1⤵
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4248
Network
MITRE ATT&CK Mobile v15
Credential Access
Clipboard Data
1Input Capture
2GUI Input Capture
1Keylogging
1Discovery
Software Discovery
1Security Software Discovery
1System Network Configuration Discovery
1System Network Connections Discovery
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD5cef3ea597fd8e750515eb44db8e53953
SHA18cd93d2a30753dfe5ac8f026bc599f0e119bca15
SHA256c852dae03c23a34a0b26bbea7b024211986873f17dd8ad20af58f8a62dec48fd
SHA5123182a64c1a6f3ebe7767a0050d6c8ac61a070edc957ae47572babb512d98c427d210a0de6cd6742e771ca10b1ed06bac31444c98d8089c9cbf3a6fda35da6095
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
68KB
MD50ded20be52cf27c0713acfa6019485a1
SHA1e2ca9749e28d76c3254cb2900be8f5cd490dc15b
SHA25627a1b9e7b82e9de51dee163b778b58f06628f94f4db8b0710f06ba72190e67d6
SHA512a90f8c4ea5eae471b60739dcba5698f9c86d44b1cf0bd4fcb0884e0aec9be330f005c42650af2006990137340f193dfecdb193ed6bd76d9c765a5cb6ea8c8767
-
Filesize
36KB
MD5045489a0639eee27bca52f48828cd93d
SHA1436e7966e7c019273c44faa4d8c5709b816dfda3
SHA2560151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e
SHA512c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e
-
Filesize
16KB
MD57237409e0640cfab7bdbd429bf821a3b
SHA14c3da934842f8d4835dfe2a9c275a300e5123309
SHA2565c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa
SHA512c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f
-
Filesize
16KB
MD5086d44064ee463e4000c1011b6cc965d
SHA15adb68efd37599e29ed6d05fb9aac4ebf0e5c503
SHA256f2d3be8fafe235680cb3752b59074344d42af0b1da15787b95b1b296baf25070
SHA5129462c685b42d51cb0899285f2e9370b2f5937ac7d7cd7e064458be97f1f84d68fd112119f1bc812d764ad968fa679fb0715651189942ca9304504a1a52c986eb
-
Filesize
16KB
MD52615b5900ca793ce42f5f57e5f099500
SHA118ffb32326ca112071e4575fce8cff65b57d841a
SHA256563baf9a94c37a2c0081f4873b5e0ef7820ecf0f069dc113983a5b5c7df1c791
SHA5126adcaa27f291a648448ad0b0e55bb932a1736907e31aa99af4d4a559e76fe27b6c99dea5d9c9c7f68e4cf857dc6ede320dc5716de3b3f571362716fc8ee9b235
-
Filesize
16KB
MD5fb07915cfe3eae3d218fdfece9074cea
SHA1607517b172ad10298880e86b6eb12f14dd5aec81
SHA256326cab69a70d8a5457e5b1b2e5fe54f99b9dfaa16ba22eb4fd0da2077b393989
SHA512a4f2470807c3e5638e06961410345f64e797fcb1cc68ab00608136289c0e14c054bec76e96e8af8b5c3648186a72fb6daf592199598f1c437c2a34c7fe60fea7
-
Filesize
16KB
MD5d7fe95f01cfd138ad970586b82a6aaae
SHA1c925849cdc59805b66cb1bd88cf85fab58fdb8e7
SHA256eb4131884526f0bc27406a07015b22ab8f622f147b2b6d214c6ee2a1214b3166
SHA512e5b1207b0a0edb93aa40173ea8311aed4c74b1527128bc6d6285bd64ff46f2ec114caf312cd77c41ff08af732307e4100ee6dc597b2a685e46d1f466cc8833c0
-
Filesize
16KB
MD5835cfc7decf507cdc5e54f602e3f9699
SHA14a55d424cb32e766554672cb2d0b3804fc47552f
SHA25629257dbf2b37d226ace65bd68d001398801235d93ed830a35435bd4bab4de852
SHA5122ab470c2200d97b545693a4cdc661100e46b0299f3d3890773681bc5f22f29eeda6b6a83a5c627fa22119726f3ce78d40021362a3f018a4f3afb4a08476c253d
-
Filesize
512B
MD510388b3cb2c94dca9d92e9b956b46eb5
SHA1ec7e4aa5c79f9af7da5d6874c5511a145360e082
SHA256a71719b7328a3398fedf2dc0c357fc08f8a0ff2be9dcc8dae5e059f6da199356
SHA5125ba879ca265d31c811ec5261cf502c9bf4230b13c426451e21e92684033ac22c8b9b5cb64762fcd03220e288f84058fe24729b69b53974808b5998a37baf4d1a
-
Filesize
36KB
MD51d0c19cc3d8d344df3228e57b0f9898a
SHA1607e65fa61b55f2c598d9412e9cd59ae8b879a78
SHA2562c852bd4c969a1a13846213ea48eec7eeab6748927a76072488e44dfd565a1c6
SHA5128fc6f931b6cfd867a16a331a4ac7cf4cadc6e058e15c59a18908b3b03d6d2eaea67e3625782e939cf6041acae8892a6b5b866684f9cdf0ad96581196afe09aac
-
Filesize
4KB
MD5428f78f4292dd605bd3a55a2240bc6e9
SHA1de0d6b41f919e934d7a12ae39f6ab12fd94e7ccb
SHA2567fdd381fb65f167ccf5b50e558352758d3ecad747e427eacef7629ef3b370086
SHA5127f1a0264ff959bb5124eba5f9f22d6e3c6b734b24052504f29149108bcf03d97fa1ec516b138a2b7a6ee412084734edfec36a92721a84fb1505bd6a0ae4096ee
-
Filesize
4KB
MD50dbffb4c76de60663a948df7bdb98647
SHA10ea81f4fa0618b8dd07de7eac06580714850e347
SHA2568b00080e91c2b16cbcd706ca6d1031d0c66bf2716aa1c6d23ae275d4ed71fae2
SHA512c312e9ee3bb2952e4215552c614451086711b09d070de61367ddd2f644f41d62c830ebd79c82ca2dbab18602157309547972f9f461b36f842d07787a0b2b14e7
-
Filesize
4KB
MD565626b7f34699a8d97facc2620495e02
SHA136f69c1a8c10ba4ef1b1bf8df6d8bf6f23eda0cc
SHA2564f5ffaf61e308decf53b1e132ac640b694534a61a6293b08dd921f9fa6ce6006
SHA512704acaefd65a21b5adb1022e43ebc3160790190453c6e4b04048e35f1e0d34d4c2f4ca1de8dee784f42c8b507e4a87f9ff7252877fbdb38c22ee600ce46ed782
-
Filesize
4KB
MD55d05ba8e5036833185364aca8293175c
SHA1e23ea709db8cc6f248ba6b2921b7c0eedfe8a3ac
SHA256f3eeb37632ac48aa3bd97d4a6d09c15e3929a327f7fceb0e7543466f8716258a
SHA51254002ce046e9f23b99905b9a79ab0ce5589e9c095042256caa37d904ea0a641bd0b4a0f19c814fa7014bd6322de475cda0001c247354180e9a95b316310d4fc6
-
Filesize
4KB
MD5d933ba2f66622bc4e03fa81e3cc33458
SHA1fa5622729866b3396a12586cd5dad5248473a15d
SHA256635bca146180a82425d289014f7242e729fd0f88b33d60ed3180916f0526fd3e
SHA512c4a4d9d0751f50e05d9dec7c60bc5c94bfc72c62ef16dac58389781f856a818193b503fc132a013cb8000421bee5c2f47f5491f3202c0c5667d6232e9c7a52ac
-
Filesize
90B
MD502ddb417be8f957114e39ce736a97b57
SHA10f613bf0df3fd5c48ef2674204e33834c83fd5fe
SHA256471a2f04249f3760cfc6ae2a35f03857ea58fc8d3f1fc3ff4a0e62908e958c75
SHA512309a13cbd25c12e502ec95927f9b817cd427f1552924d246f9a22ff547011996a8a1e69891a2633dce02bab2fb95274021556273647a09631d745dec1ce04b5e
-
Filesize
554B
MD5c153c3993fec0766ccce8c73ebeec016
SHA1109ff4a494657ec23df155cbda28752b6781f1ea
SHA2568a9883b8887b82b61835c26fc66717354a3a127d1b1665b33d68a5448ee00349
SHA512fd4ded87ef11302529b0aaf2e2c4494a2882a0988f94441c680d24bb3f8bde06a294ed67440777416f7a3f7b72a84c6c1865a876d496928b961aa89124ce24e5
-
Filesize
3KB
MD57d09b24961cd8065e402d24ec34f0332
SHA19d0009a3416d8e676c0999a337386bac894630f9
SHA256a78c48656bec5ffdac3f15caa912374506504a5f9f68b8e99cd4f2f5e0284912
SHA512f6954a0cb52452874e653d05070e6c653f3f493fc464fecea8fdf007f7cbcf1fe665857e91dd44ee225f7aa3aa958088478ce60ad776185d99d3c83e4730167a