Analysis
-
max time kernel
19s -
max time network
28s -
platform
android_x64 -
resource
android-x64-20240624-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system -
submitted
21-09-2024 21:33
Behavioral task
behavioral1
Sample
2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc.apk
Resource
android-x64-20240624-en
General
-
Target
2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc.apk
-
Size
3.6MB
-
MD5
39fa2c58237de702fc3458251f358cab
-
SHA1
16e4e5003046f5d07a0fb1eff0dad56d9ce53be3
-
SHA256
2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc
-
SHA512
023b77900582d0b6629d587f7411ce5153124cd3870b9533cf9afc5304b874e4353d8dabb7adf8a199768992123e707bc6a87ee682463c3bdccecc8a060e7126
-
SSDEEP
98304:kyHTjmHgJcyw+WoeX89z6Odp/9hBbW+te6lXhAyHmz:k+jmKcyPsXMl9jS+oSc
Malware Config
Extracted
truthspy
http://protocol-a100.phoneparental.com/protocols
Signatures
-
Truthspy
Truthspy is an Android stalkerware.
-
Makes use of the framework's Accessibility service 4 TTPs 1 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
description ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId com.systemservice -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.systemservice -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.systemservice -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.systemservice -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.systemservice
Processes
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
56KB
MD51f8688c9779c1cc2d9070099cdc5e519
SHA11db5b4790395dfe373e12343c765c4e94ef7170d
SHA25690bc22de75b6d2cd21fdb6debf9f8b48482b35caf4d1f262df928a839037f047
SHA512564c02001468a20f421b2a44bb6be6ea10eaad867e6a7576c5935ba6eda7dfbfbc1f5dc97b6dfe61790c3cca60b45fd86d18caa5556c76e7abe8d012792179ac
-
Filesize
512B
MD5fe9700f5c2599c821b1e345602f6219a
SHA1acf86c8981ee1849abe7145dae57d39caa3a98b0
SHA256b4bd30200e62d788633a3eca4b78a6fa44df7974be52847d3179e5487b6345d6
SHA5129ce1880dcbd0774317a3df737be5ddd5907fdfe0aded817a05520b95f2156d778f6c8318a840c7121b96580b87f10053c4d4b675a173c6e8dff596eec36e7172
-
Filesize
8KB
MD571572740a41dd2012eb10914579fea1d
SHA1c5955408f065ad0ca6bb3611cff7d74e0570b453
SHA25600fbd531db06151568974a949b0ba029d1a9f917e7690964ab5e0271c7ff3365
SHA51218c1036d34959203e48954e0034e68208b3dab8b85d6ea26e293245473f111c492944a948e6e0439fcc121a5d5a71f7d32cc74ea685e8223a5aab7b75530b870
-
Filesize
8KB
MD5ec615a407bbc1b404432f6ffd7e65274
SHA148e8b3482743f529d5b68dfc6e6a84bb034b4f6b
SHA2568ddf49335466b524a6ed0b57b5bf649517374e4d95dccd02e02109dee2b7c911
SHA512e5c8d0c3f5d7636a80cb4225a80f73fbec36b9c436a86ceea4e7cacb60398c4ddf9ce5c6b6b11b4749a663629fc549f728a5d92266b0ae250f56be3c45989ada
-
Filesize
36KB
MD5045489a0639eee27bca52f48828cd93d
SHA1436e7966e7c019273c44faa4d8c5709b816dfda3
SHA2560151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e
SHA512c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e
-
Filesize
16KB
MD5eb52a90bb70b76e946b62f50b6f7fb85
SHA142d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0
SHA25648472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4
SHA512b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c
-
Filesize
16KB
MD50037c328468190f2d5163381896c7a7b
SHA1f89905c1a878118329dcf1654ee96afd78d23468
SHA256922233b30b1d10882cef896408bb47b2418610da5a922dfc8b3fa6af1e1f9ee4
SHA51283b778d5e437f2fad203133f914b5a6eb7ac56ca56778414f8111a51991c86794705a2ba65462f072535c8d1735549a90a73e0d3d30126716aef78dbc04f72d5
-
Filesize
16KB
MD593c429ab96e11b5eec400106cb79ee6c
SHA1fbbe36b8f5d36355ab7eaa1c2e6d44e8469d6d0c
SHA256555121a27a573655db476ef79b0ffe65dbec87f9d0698e6dc892a37bcf7d168e
SHA512e44341005ca2f07c2eb0f70e2acb1c2935eb45264199f902e73e86f3900e2acc719e71e29dec7530b106045c1104a4f272b4bbedb2a25fc5191ee2f0dd88fe9d
-
Filesize
16KB
MD501c05e19ec107924ca2065447218d630
SHA1d234bfbf800a36b06ec1a1c31cd59e2f782a83b2
SHA256756a523969577faf052fa71b0d17d40a0c4601cdc44cee00ec6b7b4847c6bf06
SHA512cebe875ffdd5d77e8ffb8ef4865d116efd257c4be77c4fc016c011a90219073c4a08c2930320f7a3704b8a4487b49f06b1529b4d81543bbf6247321a37d9a786
-
Filesize
16KB
MD55861641939352027e15e58aef23088df
SHA134f0bcb90b4e2624d601a838977ccf6c26087e0e
SHA2564da694a3b1d2de915665c611d43e6861bbb380757196ff3141570412bbfd8eb1
SHA512d2c8e93a1b69dbdbb1e212bd7d4e357b26628f701a91f2d0c957722996ae1adcb35091c436760c53ac43843352578efeb38c5b2c53ff7f0ffd3389fcea03ffa6
-
Filesize
16KB
MD5f871ff700510a56a54fdd56bc41b7541
SHA1481548c8bc3254a00f497140278597b915460c48
SHA256ab18f3bb605f3cbedaffc75b2d5a03fe21ab82179d268331ea907bdcd32c23fa
SHA51212e3d348199566e137f02b63e4c8b4c722aa086128c0f1cea883d512075b8573d40d889d2b4452d9e3d9c02f523716da9775d93750c242a1a2d9e62f50f60fc5
-
Filesize
512B
MD53ce30f2a12711b4e6f4feef45303f186
SHA189402d90f8a55dd8a25aac29891e86e804bc7229
SHA256f31b783504979d303313e03fd831a502c19625865b88aafa3b18b5ba580bba50
SHA512aeb0e39906bd58db4f638bad155d1d56ed92dd1fb67179afa282af40558a32ea087cd654efe9ca0859cb76a18acb9cd194d61b3c9b4827e89706509ca0ebdc67
-
Filesize
8KB
MD54af2665c0b138612eca5170827d8b627
SHA1e503c4c54739408cb5a4eacc112b2c297aece444
SHA256f7fc416807b337845f4857b62e498beebb3e476592dff00060452f348fd59fe2
SHA512685e679372ff06bb4adc1832009e7579dd5b9f257ec0879dfd0d5ce928a4ba8e25a9a2d32b345cf122b749d0e9e62b797d7df28dfcab39c71739fba3d25bf2e3
-
Filesize
4KB
MD579ed0932c4abdf1f5cffa73b03c6fde9
SHA1ea5d5cc7b5a3e7454da574020c86b763247121fd
SHA256963ed136804a460dbd8a98fbd8a504c6e1103d5eb0bac3ea73130d19a8a85cb0
SHA5128f739e2fc547bc0e78d5d8eca57f9afcfc284d2823ee2195a772b7227f353b6766a4d479c1c146a61815d37242581764f14b2e370c08c4fe70f5a650f005788a
-
Filesize
8KB
MD5876db04e03b8eb89d0a5891e069fec3e
SHA1c621a8087072e96354ddbe99e7aecaad4fad9366
SHA25668eb7eeb015115eff8c634cb2f96111d96db6692c782644856423f6945fc82ae
SHA512f41dac098d4d1792ed2398e869dfc5c0147e09cb3731494d91e4725a4173b061841b889f091a89dd8cb762ca381640e901f493d4ebdc478b1bf1923f5a460ace
-
Filesize
8KB
MD5d0dfcc6ac360db2f3587243e93c500f3
SHA1c5b98fbd98b2682d41f8a23c3661f99e6b0ef3d3
SHA2561b3c7efea668c551e297f35b5f4e3be14d9f5ee276a08d5715922678929a181c
SHA512346d804053eba8fd1a9098a68e08416cd43087fbc384911c51a60a4cd5cec0ceb90b8a72996e9cdb9f3d6df58f2592c979efaedaca3bcc6b991f5a672da15c78
-
Filesize
8KB
MD5703ec84fdcc8c66fa7cf6401e8937bde
SHA1662d1696343eb2c815f0a67988dbc8f441d9bb11
SHA256b7dbc41fccef76401b984a54176fbd6a87876929bb0f9454a762e1e582c248b9
SHA512c67d2efb8dec123cb8d371392f875079e34b28ab5fc9eeac2d669047e2b2fed963c00f518500ff9e3e7871551f40bd9a52f5fd26a01b2eebe4276ad4ba271e2d
-
Filesize
557B
MD5e98427f455f86f65c8f96f9ee2bac872
SHA101b2663f4dfc836c3477d562ad26d8fdb22c1d05
SHA25666e0639b05cc5f130699989225b0b32a2ed18d2f64391712a7582a4aa3425b5d
SHA51208eab7b8e4c6ef3a3cea0f928b07d076f639beed0ff0ea24f1a2dc11433f68174456f27323180b341020957dad0c8c6232ac367f8f433dafe7b3dbc8f1496ea6
-
Filesize
90B
MD5ada1ce5e3d048ac4178b03f630d8a25f
SHA1f1081e172b68f798f9b595756daa3826e2dc1cfb
SHA256266d975dfda012b615ecc86faf8fa08af5908c91b58eb5955c435ebe8cb79941
SHA51228d7929e028d8c4d27ff7693b3c54923dac9f362e52e57b59df855cda841e9bae8906fbbf44c3cce09e20b2a3b8d4f1d8f543db63f6fd73bef9e40d35379d2ff
-
Filesize
3KB
MD518337cf22f20bbc60b9e7f8c89887ed6
SHA18318076f4855284f8c61b0242562d43ea8bf86dd
SHA2563cb3ff93d5d0d18d65604050d6553dc02fbbaac204df0b2b81cc494470bce27d
SHA512b11eed116a194adbb4eea44093e3dc5221f4d3d09294f5d34cd1e70f1a284e6b05b64ada805c5a45780a28b0b16620b8da5a0ba503e2f6929b1700cb64a927d0