Analysis
-
max time kernel
13s -
max time network
149s -
platform
android-10_x64 -
resource
android-x64-20240910-en -
resource tags
arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system -
submitted
20-09-2024 02:26
Behavioral task
behavioral1
Sample
2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc.apk
Resource
android-x86-arm-20240910-en
Behavioral task
behavioral2
Sample
2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc.apk
Resource
android-x64-20240910-en
General
-
Target
2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc.apk
-
Size
3.6MB
-
MD5
39fa2c58237de702fc3458251f358cab
-
SHA1
16e4e5003046f5d07a0fb1eff0dad56d9ce53be3
-
SHA256
2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc
-
SHA512
023b77900582d0b6629d587f7411ce5153124cd3870b9533cf9afc5304b874e4353d8dabb7adf8a199768992123e707bc6a87ee682463c3bdccecc8a060e7126
-
SSDEEP
98304:kyHTjmHgJcyw+WoeX89z6Odp/9hBbW+te6lXhAyHmz:k+jmKcyPsXMl9jS+oSc
Malware Config
Extracted
truthspy
http://protocol-a100.phoneparental.com/protocols
Signatures
-
Truthspy
Truthspy is an Android stalkerware.
-
Makes use of the framework's Accessibility service 4 TTPs 1 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
description ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId com.systemservice -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.systemservice -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.systemservice -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.systemservice -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.systemservice
Processes
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
56KB
MD501e6b0f091cf98c92eb8f000f259e8dd
SHA170ec97f414baacf7cc83ee24fd3ce5b15a57740b
SHA2567cef721d63c9397a413633ba1c81110e6cfe06bdb3527e65d8aa167b7999d32c
SHA51288dc78de22336a1b50296fa10f42782d905d2172a919b2edd82d2e2ad0fb35c22aeae16659310b34ebf85f645471212dba8e3cdb76d7bf9e9debb1a7a130bb17
-
Filesize
512B
MD52dcb11f8fed409bb8db801385ffc7b52
SHA19607a394fc8977cbf5f612ca2f9ffaeec53bee9d
SHA256d9d013c9c78e0a0c0d2e28c7804a6a0a3aa18a422dd55a13660c24ca9cb2c7d9
SHA51218827f1b9bc4a24fb9e892ff10b686c022584bfe13a1e40485bf6102568dbc3c3d9bd3777322b1511f553b0066e8534af800303646ee11ec7a9555b7ca68a8a6
-
Filesize
8KB
MD5089cae53a28638cfcb1f7278c744a06c
SHA10d51fa993106036b6a95c6937c0c32ee7992856d
SHA2569cb6b249ec7eeee75b0debcef0249cc46c985c722141a02610e1c8a8cefc8fe4
SHA51204666435201c272bfd329c3698b33a226be42a615644b7e65328c340b1003908d070c4d9ad088e9963f8e4e831e3bc256399f78158eac093b6cc2a5b1a5d08cf
-
Filesize
8KB
MD52fd94d47755705b4e40bf6d9274a79fc
SHA1376d47330dacbe0cc034875b662f7d478486b059
SHA2563d52a6587dfe9d05cf07cfc5e88e05f521181b8ca298095c0f7d07edf56ace17
SHA5129f72fe4c78bc49f635ca821b7b5e67637900e12dd25022994c002691dc1df7daf9bf8feaea8f6f78008e6d0d30c448a1aeaacb78d9c4ae1ee9cb6007f4a047b4
-
Filesize
36KB
MD5045489a0639eee27bca52f48828cd93d
SHA1436e7966e7c019273c44faa4d8c5709b816dfda3
SHA2560151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e
SHA512c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e
-
Filesize
16KB
MD5eb52a90bb70b76e946b62f50b6f7fb85
SHA142d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0
SHA25648472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4
SHA512b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c
-
Filesize
16KB
MD5493da7a550b7b61d01bc7c1b1d116b52
SHA174c6cd0dd2304ad57e47e6027d362ae7d29d2dca
SHA2566e531f40fed767c5a0506425b1e3376a379ccdfeffe13b9d3cda44bd7925ba7a
SHA51229d6674b9a45cc255b7c0af87c2f96ea3d27106264689666aa48e211b06c2300d2da10eafdd424404756fa63f273a8f9b06dbb1a4ac4df028cad8cbd0da59b3a
-
Filesize
16KB
MD5fe3c59353600b42f25cdacf3299eb4c8
SHA11299bb380dcca03d21b30e51e1efd9091914a6b6
SHA2569e3d66cb4fbc23eeafbc777248f832048abc6896ab728fa189b2e999ff77c7e9
SHA5127ae9d80ef689382d3c02b02ed858b211cc91495290b22939601a9565ec150a50c6d62662f13b1d3ad649ffee18ce903dd7522c9f57d9eb0b6ce1df479ff730fc
-
Filesize
16KB
MD597286328c2b2688417dc2dd3175cb783
SHA19b765033704f8fef3b98da9b48bae153dac8a27a
SHA2561bf7bf8895a6d156b1cf52fc67f02777ac3aba6f54619e8207c288dccee8b2c3
SHA5129f3698877f4dbf182f8b3cfda252f3f76dcc8ee5121c4b9120d9e91f4eecbb936e9c1e4b3747ab3d8e6d39a92b9af5c403c97263535f5ef6c47a67df48e82796
-
Filesize
16KB
MD51a3d389f446bb26c3679845fa12c1d22
SHA112c3e8e366a9b52e5c008f86969249a018806607
SHA256408c6260309e08ae529baf16c5ac62347034d40501b86adbbfe0e3b753931844
SHA5125a9fef31ee1a2e0c64da0f443291a51106c4c715bfb13eacc2db057a95cf0fa6101150c0a04d6dad18f1ed4d6a70a28e886b34555c638ff6ba3d488d4f179498
-
Filesize
16KB
MD5f871ff700510a56a54fdd56bc41b7541
SHA1481548c8bc3254a00f497140278597b915460c48
SHA256ab18f3bb605f3cbedaffc75b2d5a03fe21ab82179d268331ea907bdcd32c23fa
SHA51212e3d348199566e137f02b63e4c8b4c722aa086128c0f1cea883d512075b8573d40d889d2b4452d9e3d9c02f523716da9775d93750c242a1a2d9e62f50f60fc5
-
Filesize
512B
MD5e0156a303e3d82e502e2a56c45e4b8eb
SHA1f7d6b31a108e6278e2cf6dc04fed6ca5bb719c07
SHA256d7c9f9169db179228b9977c755cff54f1a39ab8227990aabd120d8c3479dc930
SHA5123a775f5e6ee685dccbb3c07e1a6bd6ce06dbee4a3e7622cec19c43bfc825d10cb629b7c5d79e1dcd270eb3c77756c380ac091a27c1047acd6c21a67569e44ea6
-
Filesize
8KB
MD5ed1eab298ce0f5b54e0f00cd7ee8bd1a
SHA188afb6ddabd6287c1ae48fb9359ddda7bcb2c297
SHA25694b64fffc3d1bb054c8b49f043a54fa144f286196362a991a5d1dc767a31da94
SHA5124a534be6741d3635f9e5895fcb2026e605f5c85ba5389865e4a5e0ced2505296f55a931269bf14dfcd907660bcac8b9d3cfe8bfeea4cc1af42820ba7c4bd4d99
-
Filesize
4KB
MD56ce0559da8bb341d10b3e85d218086cb
SHA117ee6eb7db0d833822d92b7005065bdb5e9deefb
SHA256ed15fcddfe75739cbc90eb31bda27b35f156e7294229f72b39d6bdf30bf60040
SHA512fc2420f3442fd881f277723f535185494b7e4918fa54f747a800b772c348cb3aeedba338b516e6ba4b6ce8e565daa533d28d93e436b2dffd1e1c42bdcac505b7
-
Filesize
8KB
MD54528cc5d591c9f7098b4a728ab777783
SHA1cb2bc2fc2cacd243bb5e86cd3490b164fad57c25
SHA2563e21ec35875afedf40255dba9f0119b02ead5ffb4013c8cee6bd4aa529dd8781
SHA51258aece8eedcce6640e40f5e35f4bf85dc021b9871ef795bb16def1383a00a19a89b737a10740661586ff76f3beb3262ac69aa1ec5dc598cc7beeaa1479f542b3
-
Filesize
8KB
MD572c90d20bdf5f53aeae78c51cae85beb
SHA112715d4a55c80feb728a2213736e4e7e87a5dc0b
SHA256c4ad8330039a3ac02e1ed65844873ebb572a620a4b7c36bc2b37d89d249dae74
SHA51297585cb9b13ec964f62defef47fdad083ad19cc012070fab0845d7cabf9db01d76350d16e71d5659b4dfc0a070629add53f210bb25fb29ee11749a01323b65d9
-
Filesize
8KB
MD5877fa9dc5a788acc91dbc5d0b9f9a84b
SHA11d17c9c4d10a06766d7380dec7d651f0859e3a9b
SHA2569a54350e4b4719762dd13cbc4682002b832c6cfbef133db75b40203706d7d2ff
SHA5121a36038fe89ff09f65ab1d09b55dc048db0850051ed509e33d3125e584c6122d61a824fb4bbef58dfa0a0d7c4bb275e301490d62e2e4d0f3c8a28beca600ab70
-
Filesize
90B
MD5a01bb20a451035d3614fcf8cc5ed0343
SHA18bd83f3a2106056d0c40b7b8e7cfe2ea37c0934d
SHA2568abe26d407be70ea30450b42c5b8b611d9e644615d15729dbde9deb65fa2f889
SHA512a2420ebb06af60e56c83734acbf8fb8a59dea9070e5e284554ae2e7d7a544bf48b553b5207c40f2b16e07f58ae030b361ce3f96abef6a9a8d87c1fcae5c7d790
-
Filesize
556B
MD5f2685ff722ca4ab589eaf9580cf56088
SHA163a9166936d33d8be54533a4af181351ff67ecaf
SHA2560e43450da8441a0847d7be44ac838099205066e1da759b32420f2fcb18c3a1d9
SHA512f7068615773f45ff11b8aba92cbc0f5554e57ef7524194f6334888a6a3d77de91973f533758cb2106c89ef3b9d2ddbb4b9b2357c7742e0397868dc37afde9a30
-
Filesize
6KB
MD53171ac0ebe8d087a88623cdb4f512ffb
SHA1a1636eb09d25771b1911ed49d39715eb39c228cf
SHA2565c28253daa837a8f0652a09b0f41b1ec3842a4c2dd94b367398f775b6588e1b4
SHA5127757c086553b6058cf9fa8db54dd1a764e9f186e248ad9446fa01d641a5755bfab9f0ee1953fda6dd75120145e41c80f50f09234fd2ceeb025d4b764e0e6169f