Analysis
-
max time kernel
17s -
max time network
132s -
platform
android_x64 -
resource
android-x64-arm64-20240624-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system -
submitted
21-09-2024 10:47
Behavioral task
behavioral1
Sample
2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc.apk
-
Size
3.6MB
-
MD5
39fa2c58237de702fc3458251f358cab
-
SHA1
16e4e5003046f5d07a0fb1eff0dad56d9ce53be3
-
SHA256
2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc
-
SHA512
023b77900582d0b6629d587f7411ce5153124cd3870b9533cf9afc5304b874e4353d8dabb7adf8a199768992123e707bc6a87ee682463c3bdccecc8a060e7126
-
SSDEEP
98304:kyHTjmHgJcyw+WoeX89z6Odp/9hBbW+te6lXhAyHmz:k+jmKcyPsXMl9jS+oSc
Malware Config
Extracted
truthspy
http://protocol-a100.phoneparental.com/protocols
Signatures
-
Truthspy
Truthspy is an Android stalkerware.
-
Makes use of the framework's Accessibility service 4 TTPs 1 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
description ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId com.systemservice -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.systemservice -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.systemservice
Processes
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
56KB
MD50b035973dad41590602f6e350241e385
SHA1a8af8171aab94aa6f27d676fb83f98df04c1c15b
SHA25600f22b9bb9b53bb27ad03e40c30dfe6d1d6a016a619649482654df681cd6977c
SHA512294a820e619294840be1fc66d8af06646b42ca2de4c131311571b6f27b36e20ad266444df082692a84aff03a50b04af50b40d467cb861d11e39606fb9d4f53c2
-
Filesize
512B
MD540b4f8f8d0dfc00fb737cd66a833f7de
SHA1d93894ba1d18d5f31abde223535234119bb340ef
SHA2565a9a12531f5b08801558b46d7ccb4f008b5012a2f3e24809483560b52c3bb8bb
SHA5125e217698558efd51b4c38e19cc9d6c9d9d5d5d0cc62efddeca6f045a29bd31d1298eef18f6919d84434d7cbde0a7b76bf928c08a7c70e63de44ad699fcf4e4ae
-
Filesize
8KB
MD51d5f4c5f3e8ce269b3d6b58b2cacd880
SHA1fc00917d231adfa1f3b314a497fa0e348d185cd3
SHA256bca7832372fec510cec295e1ad4d1fce86843f652d1da952da5c1fe506bfd21b
SHA5128bae5455fff920ab35bff6483c2a1b2849e7536561cf98c7deb1b9e1e16679b6fda2340a908fd4b9196cbdba5a5c3592f70020fb982a7f255b518fa2145dca3e
-
Filesize
8KB
MD557b91b8d8d37ebd30a13db19a5c4a959
SHA1cce324bfde9b3de677bd7a3d360300f311704978
SHA256f1418e1a352072828683cc892417a573256975d5255bd64c512ccfa262f3861c
SHA512ab388ce3671baa4b0f921339fa5214f712c0160459ceeda227a956247762244321242c9161df0b013d970e2aa1c5d41ec43a86a673cbfd7febd3e8a114c45f9e
-
Filesize
36KB
MD5045489a0639eee27bca52f48828cd93d
SHA1436e7966e7c019273c44faa4d8c5709b816dfda3
SHA2560151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e
SHA512c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e
-
Filesize
16KB
MD5d9cf75fdd1c2292d986f6c3d5d60f2c8
SHA107ecb1d3a26d952ae5fecf54f36699ab498510b1
SHA2562d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a
SHA512442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb
-
Filesize
16KB
MD5be09528175f6611a1ca390b593347221
SHA18d797ae26dbc6efcbe9ae913016cf4810353f02a
SHA256c3d518b485ee242cc71e5006c75c80fdb7adcb80999a79ef2eeed5d61a092ed5
SHA5120de7a4703128275bb166e9fdf57d8ea59faa246f55b8732b2a2bc133c4a0af8122daad2de318c0a345a227cd9ee684381f96236e29ecdee540518c64c19ebd2e
-
Filesize
16KB
MD57c7b4acc8fea51d4b43483018744e4e9
SHA10c7ed9db7692b2ce09059cdba06266604b1e4a0b
SHA256c2b4fb2f00a53bd7d3a15e067e94f3d03d968379f50541d9331818c7a330b393
SHA512917f7b465a14983936bc94ae49f13ad0cadbba807bfa28456ca81d031c1b6f792a06c9831145cd1b4ea98ae8b7e735666b54902fba7d45927cf321b124ae0aa3
-
Filesize
16KB
MD5f8c09a63361abd1336fd4075a7817a0d
SHA1dfbbf928dfac2f96d272b433eca2984671c423e5
SHA2567e2551df3119fcfdd18e65a4612d6faaf8b75726329252421ac8b02ae87e4ddb
SHA5121772d53f64bdf68cf49b7b6e816831b77e3c17584c869b09c4c015b0a8c1af86796ec06374dea4da1acec961f1db684cbdb0c71f387660dd7b27b8cee4e7fa43
-
Filesize
16KB
MD53398acae0c52a2e323781150fa80f91c
SHA12697ab8864c8c850fd38deeb9108e80bbe1286fb
SHA2566855265e5b3ec851e21a0f849aae1226d84d5c2487594cb9c7cda67acaadfea6
SHA512f1a2b5db4ed53ea874ae6585175e17a00896068720b05bfefddcf36deccf97b9209a27b0c017869f96c3f2ad48746053088644d10ea99e86ae6ad1a52f645a0e
-
Filesize
16KB
MD52238195eab25764b61f2d26ef6a720af
SHA1d366efd0cc079f0f87d23c630ec8d99f90541731
SHA256599d63ed390f7e8e81d82b379c9a733ffbf454bfa5843bd0c909737c8d40dfef
SHA512478111185428119bc92f0ffa3b6d88a7c644108c4b1d9b14a53bea1d74278bc78e67752e41d464dd81e3d600de8b7a723d0c7fa0ce920250ffd26977f9fa3470
-
Filesize
512B
MD5dd1b189489c2e649dde1535ac5eca95e
SHA1ffab69a65d24e83ca6a62298f23cec581bef1dd6
SHA256ff540e5a1d5042b92b7540c0f849358f43a7a09ccccf260f66229824f273c718
SHA51275770239708f1e1a000805e4bbfc5bc58339a0ea56976561c02c36973e4f48623b57c759bc6b509b73f24fdec0d3ff4dc93d52bbb440a21bb7d951ad0c62ff53
-
Filesize
8KB
MD5583de9d9666e73d31bf6d01446143171
SHA121c255ba58226be4df0e25956fc04981840b85e7
SHA256aed4a65cca33d92ebce34a38bb63747b8b7bfd2a9848a55670135b7dc93033d8
SHA5126dc2ada028725b153c67e5c3e2318cd4db7eaa0723fb2bba36c50340cb1b83fe600723bcb69f239e8c7d47d7b11bb0c5c091089e445d4bb0cb6cc9e81cd938e2
-
Filesize
4KB
MD5c39d025e38996a4dc6dfeb979f64ae6f
SHA1c27f236a0d6150da36a7c6f6943cfbedc8cd5f6b
SHA2564ec2d4e5107f82c543b6846b327f6443d646f857667cd11d0a6f61ce35f247e9
SHA51208d48b5c105ff582b7df27ddb62871fcc0c7e6953a89712ad473c93cb18a930cb7fd4dbc494dc8a565b9b19bd8a6b94d14209b798a29bda5cefd0fff1d17ea67
-
Filesize
8KB
MD59022fb5a3355e2d4c9ea6c2029099956
SHA1ef1bf90c903f24acae13b5b9dc887d23fd316c97
SHA2565996a4ecf29b3a0ef062ea5c96627e8c0d90b005514ac11cfef84ce8e1b82ec8
SHA51269994702b9c8877dfd5f7156341e62f92985d210532f0312e920dc13d67888ea83bf6eb445a46c8130e31b166cd87c5f6037077fc48685f4bccef54da2aeda8d
-
Filesize
8KB
MD5dbb7a4898ff8b2a4386f72c4e34af603
SHA17bdfb5e410a45d4145a43d6607e60fac5cb513e7
SHA2568299737d884c9ac60b17057f2d5f1a4526fdbef64e1cdae02a9f71f83c2a89fe
SHA512db0912e97dac89e6f1750653d83709008787b9bf7f3587fa250f71d1e1625a8d2dec1d47e131979093df1919dfa2d9d1a7cc11356b5f0f90313173b8e5722dc1
-
Filesize
8KB
MD5355307a60d02584c969bcc6fabb13283
SHA1be6e139a4a574fde15775796e16c93d2d628edd4
SHA256b5019383f5815f71a1131b71adba93276d88fa8720dbb176b7780aa3a47b6ba1
SHA51234544e6ad0684ee7d3e8e1ca6e20ce9d8660efb72c635b99922933bfdcea1ff5ff7ae17cdb879900629abdef624555a6b4f0a998d28d4c702295681b7c1c3e65
-
Filesize
90B
MD53f73009824a52a859fc69eca855d60fc
SHA1bf1b8af2a4c5ed52d02d5867af93366e5264b537
SHA256253f8aef782f0406dba37ba2a88790260e75dac70454c354cfe513d65f7da7d2
SHA512e32b93a3e1273f6ff6f30ea42da883356f6df51bde9641a8103dd01429a4ed1ab36ced02fe99a04dac7b57901f1ddb105e9967dd77e63a1f0a76690baf75e31c
-
Filesize
557B
MD5d566cdb135d88a9b83431089c89289a3
SHA12d8f3d76b60418f24ac056ccddf79fbf3a697b42
SHA2566107b429ba28b582f2eb95d3a8a9adf1b87735376f34486a171f4f3c08eaeda2
SHA512c3d0f5d94a0436e1147bca4f51b923880f0ebb8681849b62e6894f31e024caf1ae3f66c9e06d746d13d788c3fb411367ecf647d6bf623bb4bb5a6b46760d15aa
-
Filesize
3KB
MD5b8e5555bebbafc0c057db0ee401d7495
SHA180087f5678ed5a01a2f5cb0befda92fd4969c3b0
SHA256a4001bce5e901da3baeb92b947f532da47880d409762821e5e27f9f1651d536f
SHA512c7d65007d2e658ec5a66ea3ce9f596ea0dae40e07c6f723ac390465b7e3885154e49c3aec906be6ef337cb3e657303e05bc78f1ca66effd97bd2f3cf53644daf