Analysis
-
max time kernel
16s -
max time network
156s -
platform
android_x64 -
resource
android-x64-20240624-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system -
submitted
22-09-2024 01:16
Behavioral task
behavioral1
Sample
5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb.apk
Resource
android-x64-20240624-en
General
-
Target
5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb.apk
-
Size
3.6MB
-
MD5
d836feab9d4bf3c6cf086bdc14724c8b
-
SHA1
c837cf7b181679a0081165e5fe4aa0eb94f748f8
-
SHA256
5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb
-
SHA512
8c7801c5f1d8dfda39e0c65bdbea83feb8f217b41b69a245d01dd9e983a6a357c8b0b2be79123bed07e638655fc66ef3a093cc01be68c696ecfea5ab6c692dad
-
SSDEEP
98304:5s13ZL3Vf6JqeomaMDmQZ75ub8GoRJ6Odp/9hBbW+te6lXhAyHzwI:eTLVf6JumaMiQVWovl9jS+oS4I
Malware Config
Extracted
truthspy
http://protocol-a100.phoneparental.com/protocols
Signatures
-
Truthspy
Truthspy is an Android stalkerware.
-
Makes use of the framework's Accessibility service 4 TTPs 1 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
description ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId com.systemservice -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.systemservice -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.systemservice -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.systemservice -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.systemservice
Processes
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
56KB
MD53b12a44342639e1cb1a18851e3cd77b6
SHA1e3cd96d4abb939025bec961ac2bdc964f18e2448
SHA2562c5f0237e7803a19c06ac9f8e0276d4e352f5dcb57af19f13120533465d1319b
SHA51218c463c659f828b5383ce3bddf1b4dfb074467511d364e131bafc1fa7600b88f3823b58437c011c3982e70fd64870bcaabe20e6fc4d684c2f20c649959e10286
-
Filesize
512B
MD5d8295530b30652f6f01751df21f9b758
SHA1f02ed45f31570713798aea033faff3bc483cffa7
SHA25668f68aca1532b77dbf749bbb8cd512afdebd495a45d56e990f4bce3907ff222f
SHA51236ada4e1d98f6bbce861113a1feea9581db4141728d41d9ec8d6fa5c2128751f6e6977d9f448c9c4ddf6bd20cdc0237ab3d153fcbb5042c87e0c6914fc58bc86
-
Filesize
8KB
MD511f8490681c56c450f7c7de6021935ff
SHA1f36e95343b158041492624d3832685e4eda6fef4
SHA256ca4e98ddcda6f5c4574da777d0d36d7132f77162b1077741b66960954e47619b
SHA5129376d94bf0f3e743698cc2a37f9ebc49dc19c6582d00b1bdbd8c9b27971f2eb25b18ee0888f2f1f4071d82073d4e69f0a5432b4cb52a68981cbebc0f6a46ef84
-
Filesize
8KB
MD511fe926836edcab859b4b7eea49b238b
SHA1298317e383a96c45166cfb50badf9620c1c54742
SHA256b194d2fd363e004c48ab1a963bffa287ad92ea854f11b09b58662a35ddec1775
SHA51243f72c69d9b33e079f8498b6adbd67bd0a622c7814da769b1d734f71668ee3d4ec1723f8d5bb6d0cfce8383e929470a3b1c8fab4160dcdb4695322c8b3624456
-
Filesize
36KB
MD5045489a0639eee27bca52f48828cd93d
SHA1436e7966e7c019273c44faa4d8c5709b816dfda3
SHA2560151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e
SHA512c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e
-
Filesize
16KB
MD5eb52a90bb70b76e946b62f50b6f7fb85
SHA142d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0
SHA25648472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4
SHA512b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c
-
Filesize
16KB
MD5f10614c38cc3d27d83f69d7d47ce2658
SHA1f77e47aca9653d970676921d40782248f9a5c474
SHA256cae61094bd5ebf81017cedac12c0a262f6ed41cb4d4194690ec77ccc73486330
SHA5127206d75906f1c9eb675f6615aeec3a79df0c92cd450432909d84e7dc4494f8a21e5ec258066db398b0f806dd11636bb1c73385a3221ed8239c38d73b7a0fadfe
-
Filesize
16KB
MD581cd5e92d110b2a63073c047555b7c6c
SHA126444bbbebff0e39bf1a0114da4fa85f7604f06b
SHA25629b3907af142d6ffdbf4b1413c2e2ff8504901e167630656b797a27b930589c1
SHA512abf04e79bb24e594b5132bca8f7b1627a473c930258f51de6aa9bcb4e99b60213708e4253df9cfa5f05f693dce24d85792eeec3495f8c78058884f1a0f329b73
-
Filesize
16KB
MD50ff18807b8936395da47be4540d4168f
SHA12595d574e9d0de9db208b7056578a233e2e30d72
SHA256e75f64c14e9d7aa20b0da2a548e174433e11da9a0318f4758666f80c82f3ba1d
SHA5129a13176792c5f9ddc1cf3125113ed7d0a7828677702aa19637db3297be3343b294eaeff852b73b95919ef006ae90d34aee1db7485557e28cf7468d8a249ac095
-
Filesize
16KB
MD5dd5f49b683914a412e042acc177814a4
SHA14d383d4449e4daca09f319cc52fd5986a58a52fe
SHA25600f1740de7ce96c7b422c0db54b368e57cb57c94fe5841d5bd838739c3a32d36
SHA51266933c83acebbec65a5001ebcb1da00db8f2561a5f5d854bd3c99c298b751b1d02531889fcc0bbed2baa599503a9f5569dbf7d7612a2614838d6e2c09e7b603c
-
Filesize
16KB
MD5f871ff700510a56a54fdd56bc41b7541
SHA1481548c8bc3254a00f497140278597b915460c48
SHA256ab18f3bb605f3cbedaffc75b2d5a03fe21ab82179d268331ea907bdcd32c23fa
SHA51212e3d348199566e137f02b63e4c8b4c722aa086128c0f1cea883d512075b8573d40d889d2b4452d9e3d9c02f523716da9775d93750c242a1a2d9e62f50f60fc5
-
Filesize
512B
MD500793c649b4e9b5f2fd6b0598a759bb5
SHA1b2f4d7aeb88ab134030bdaca217097dafa58e3e9
SHA2561bc58fb4e2c300b1fc607a3daaa8b138f6b2bf574a0949d8da8cd57cf673b421
SHA51251a84edce4499d9a1d0b44e0c283bf709d104a6ab21d58592de24286d28c33ded839d5a82e166a549eeb7a9f760af927cf452b9e86774062390456fab4f7823a
-
Filesize
8KB
MD5c886c2164eba2411209a66e3ce16a472
SHA17d7b7f59b1ab339f3313ff876dc05b786554a694
SHA2566e72403c8368b79cb7c8c6a0b39419d909bb5b59f1696960a587c6c392fc6df6
SHA512cd4450365cb906edb013cb1cb8d93c372bbdd65ec1f15b71f8471b0c30949504a2b71d79f2e9230a02ee0aa3ae8caeba3bc2a8a02ea4d5fd40ea853ced99aed9
-
Filesize
4KB
MD5993c72942f26137218dc0870f4d68852
SHA19ee1237da6097426c7558f626eec3eec2147fbae
SHA2561e07b386254b2c53e2a941a3ec0440ba876c77844329db96e4d8618be7399871
SHA5122bd4db65e1c1e56386042a6117199b63b68ca6ba88b8880b81fc84aecf0f73b746a81543d93f456c7cb34133f1b940c0cc9b981f86e2ee323cc5cca5ba635763
-
Filesize
8KB
MD52274e8c3fc5cb6f56ab7fcee51589001
SHA1efa80823f47b39bf31b10bb44da3042ce78c4723
SHA25688fa0b922c336fdb92ba5c6bab944a03f0faa14148573717e41cf993c7e79172
SHA51284c30b490028a18fc82a305712e04844c98573af645050fb53027593e54452d985f1f77855c6bb62023d631fa0ec01fd847b571bb94012481da59bac5596587a
-
Filesize
8KB
MD55c3c8040549c2e8d1f7c42f5a14bc5df
SHA16fa1e01be44e7dc119b585b7055ab9d8a77784ee
SHA256b512b7f61bedeb9734f921df29e1224e92f04fbcdc93cb406ded0d40393e854b
SHA512432c5fb9a3beca4a5d7bcb5e78b5d36026816cd1670d90c05c3f422f1592f42e60adee67fde0a1f2277e15ed6385aef0ea0f134de6bc9d8619cdf9ab2ac8b465
-
Filesize
8KB
MD5fb027f4567b6699a7b9a1a48f190ba19
SHA1e17cd7b033099f654c2ad1ee13606331f562c578
SHA2567cfcc9b9bb8aeab2998c8bb8fe522151587e17851786cf6ccc89628ef3cc65e4
SHA512fa44ca0b6fcdca419dc8d66c5fd93d1737e31bfbdc759af97496e5d1190f502e7269145d611a1b1d27f08ae34c9309836c44f06d9345c82304fd93087f2ce3ae
-
Filesize
553B
MD5695dc93f763721409256a495ba4c4b5b
SHA1d887a7b02c26cbcefbaa4cb590d8fe08b9b9c357
SHA2560a50fefa8d8282dd40a221af15638174ba2c10ad922563154f8b09b4c1186906
SHA51205b84fb6ecafc178567405c26d24b4988230429a89bb364fd57e85b3304e8637c54e2b9c5ead07c36e3371f23c59a64e2fa46b8227f87430ff07d6f579676a2e
-
Filesize
90B
MD5c048aae9e271903464105dbc53bcb271
SHA1cbfd0fdd459aea4affe6ab7f6453ca3f16fb1321
SHA2560dc2627d1440d2e0f0e461db5320dd0c5acf193510c95fc5859eaf87b078e9c6
SHA5124c6fb7b1a9377b90a4f3d74dd46c36f668530bc9867211e8bcb3515993506c34876e8353d71fca109dff26cd9f53cafe2785a5bc34b94f1d1b2f820988d36448
-
Filesize
3KB
MD50b8aa7409df117a5207b1c418c19cfd9
SHA1c17060f87af06a21d290fba33641eea5b9a754da
SHA25680fe168c856f9a83edce84f54dbbc0080b97aba6e588b6da3896d5ad602529a6
SHA512e62bd308990c7b511f7e89b87fe474982017a3b33274caf9546ccf26235d9182eb143cfaf8e842588aed35cba3600fdc2e0de3a1a85e1b29dc48f2bb33f43ad8