Analysis
-
max time kernel
17s -
max time network
131s -
platform
android_x86 -
resource
android-x86-arm-20240624-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system -
submitted
22-09-2024 11:14
Behavioral task
behavioral1
Sample
5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb.apk
Resource
android-x86-arm-20240624-en
General
-
Target
5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb.apk
-
Size
3.6MB
-
MD5
d836feab9d4bf3c6cf086bdc14724c8b
-
SHA1
c837cf7b181679a0081165e5fe4aa0eb94f748f8
-
SHA256
5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb
-
SHA512
8c7801c5f1d8dfda39e0c65bdbea83feb8f217b41b69a245d01dd9e983a6a357c8b0b2be79123bed07e638655fc66ef3a093cc01be68c696ecfea5ab6c692dad
-
SSDEEP
98304:5s13ZL3Vf6JqeomaMDmQZ75ub8GoRJ6Odp/9hBbW+te6lXhAyHzwI:eTLVf6JumaMiQVWovl9jS+oS4I
Malware Config
Extracted
truthspy
http://protocol-a100.phoneparental.com/protocols
Signatures
-
Truthspy
Truthspy is an Android stalkerware.
-
Makes use of the framework's Accessibility service 4 TTPs 1 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
description ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId com.systemservice -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
description ioc Process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.systemservice -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.systemservice -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.systemservice -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.systemservice -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.systemservice
Processes
-
com.systemservice1⤵
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4261
Network
MITRE ATT&CK Mobile v15
Credential Access
Clipboard Data
1Input Capture
2GUI Input Capture
1Keylogging
1Discovery
Software Discovery
1Security Software Discovery
1System Network Configuration Discovery
1System Network Connections Discovery
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD5f7b491ba235edcc12e289ee9788d1a5e
SHA1cf63965b472b68033e8244f132e7d1f12ba1a9cf
SHA25695d44bba22d7a64a9c348078d2f2b62a88d45a72a91a0fdb126a3ad741ffec09
SHA5129c973f412fe7ac201f252ec71e0141483105e4c3a07e04e3053521a348648148a111976c7e7207c028f09204f574760ece381a12ce969151884bfafde4b1182d
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
68KB
MD5654afccd31e0eba1f46e51e16cd400bd
SHA1edfc6d7280747951a68dd55dfe9fb7162ae291f5
SHA25675b53277dc9af1c7629baa8ab9fbc5e590e80785b59d231a359728c7270c9a03
SHA5127d39f53bd5468753ba0d57defb9db2a0c7429f69516505127ca164ae7cf116a1ee1befefceb1aaaac5a16817c242c3c619644987d071788ac432319e5589f0b7
-
Filesize
36KB
MD5045489a0639eee27bca52f48828cd93d
SHA1436e7966e7c019273c44faa4d8c5709b816dfda3
SHA2560151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e
SHA512c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e
-
Filesize
16KB
MD57237409e0640cfab7bdbd429bf821a3b
SHA14c3da934842f8d4835dfe2a9c275a300e5123309
SHA2565c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa
SHA512c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f
-
Filesize
16KB
MD585e240f4e1f3a7ea38cb5279496c79fb
SHA1a33888a962ccee8f8afee2078ed67353cd01a93c
SHA256edfc36a24cf00d2003576a374c21129c481eb3886ede7a650f453c6978033f97
SHA512c5a42a35614d1b41bb2889e62b45e1579ce2cbb36988eedb9e32328cdabc0b2cc89c86c01550fefdf9c709d3e139bad4227dc6ab6c185a3fc3418701ea214564
-
Filesize
16KB
MD57a68ee9859af3ccda8758b74df4756a8
SHA1528bc92914b3c155030cbefb06d637e144cf41d3
SHA2568f74b78cb09f82162d191e6da8bb08c2d9921ef7743ceb0278da68d1a129b432
SHA51211615ceba6e97e0e89f316a3e20e8102eeb80476965e53aba125769759100a275b28b3950d3d95cfcebd897ae04370559cff034921696d620e6f6ef84a342c36
-
Filesize
16KB
MD56fef21b1951c695b2e2d958a22ae32a6
SHA1105b31bec14dfa2df6cf9fc95b7346b2d24ef1b7
SHA2564e85864219b1a71fdb924dd66779c631068eebf41797469467527b39eb849c8f
SHA512de5b67f66c9e9e57406886ea21a02aa01bcfdf1ff7b22ac079fae1d106ada92d7414cdcb0ca732c87e995b06dc8bfe9a12eb7b3c3335c086d00e9f18490678e6
-
Filesize
16KB
MD5f1832b5a5738ede303499c4e33ddf658
SHA16aa8777a1ee91d6b0c1bb2a85c86fee13461cba7
SHA2568003ae7b1458baa0725ba16aaf7e7a3842b943c2fe5305be0f1f11670801dd6c
SHA5120034936dbdbc370709d241d89e66086e714bbf80be3ff237635501adfa6056c531df069da0e7c2d3708a0111bbcee509020369b776757da0314bf211806a7c6b
-
Filesize
16KB
MD5835cfc7decf507cdc5e54f602e3f9699
SHA14a55d424cb32e766554672cb2d0b3804fc47552f
SHA25629257dbf2b37d226ace65bd68d001398801235d93ed830a35435bd4bab4de852
SHA5122ab470c2200d97b545693a4cdc661100e46b0299f3d3890773681bc5f22f29eeda6b6a83a5c627fa22119726f3ce78d40021362a3f018a4f3afb4a08476c253d
-
Filesize
512B
MD5079b06b85eb8f202ea25509393cec619
SHA1e208a193843ed50510966162ce9070af1243ded2
SHA2562bf0e4efab851151439f6e16f3825407dbd3ffa8f4fe7ae6922e6bd2e6789c4f
SHA5129ffbf45ecd4f4db186c5e79da0227ccb8012496f393ed2845f15175cba5147d949d4985657fd593058c2b5b0234cce659281509df516c47bf5778a1d0fa5b794
-
Filesize
36KB
MD52b2bb6e2a23d0dd08d2f29cfcb402934
SHA11665e5f8ce95fa502c532fce4ac5ff811dc570cb
SHA25697a5866f15e93b50802949008f3a473e168b5cbe53d8f3e598ffd1e1c4206d64
SHA5129ac8bfb6c3454f8d2ca611c739d0c675675354446c8ffe3c2953366ee4b6804c4d2170a97b03df94762ef2742a0f49772819f59c0275f4bfcc2021913175951e
-
Filesize
4KB
MD5ae96a2dd93bb4a12f889c6a875ea340c
SHA1d7fce7fb22c20e62a2a9bfad66916fe3b38a33d2
SHA256504c93c1c104dd4fa977b246b3796f16c550d588e8c16386304946302027859a
SHA512d104ebe0527cd9bce38847704dc90399eaa28f43c512fe11e118f73dcc22090eb4b5f414b0d74465cd165b1c40088ba00498ae064740ddd239a088cfbceed700
-
Filesize
4KB
MD5a3bbb13507e9a572aba5c428df06d94c
SHA14bea640f6141e34924dd3b28af17b96f6b02dfe2
SHA2565f30890b8ac7278545bf5869e3fc99912ce322496ba51f91068bbe4bc72f45f0
SHA512969ddd7974263bade85ae2842be14d75c136c779318ba32200c8a2235b2bb0013d68dbf32c7bd192ae8c703247b6ac11d3095daa615386e19d718956e1b0eeab
-
Filesize
4KB
MD5ba387a30cf351ff6503c1816b89fb01c
SHA17cf8f16f7337043732db3f5e020b00915965d8e3
SHA256eddff2af461221fe69395ef9aa716fbf30d326352c700ff155d1dd23f438f3a0
SHA512d991ba2074d5465e5d9d27ae50fd4f20a551882b064cb19f7176f9de42af2ffb294975c7995d8a0813c1bdf6cb1a4cb23d2ee98d513b6d6d57fe8dd473e4ebf2
-
Filesize
4KB
MD580bcf87727ccb5afa1f6e412ca927d56
SHA10de018d0e94cc9665c008cdf47e997791fa4d59f
SHA256f72f3511da83b5a4f95b7185722ac33da312037db9207f7c06fa33652d240855
SHA512124fb0b60ed13b51d4cb5d36235f24d68688650e311a10ff797078a7324c4b9683029deff6c7d316e7ed354cb6d6a1348c5d75043fb8d71bcfec14312c486492
-
Filesize
4KB
MD563af7d59fd5e64e7222531ea72c34839
SHA1508ac94cec5074d8ada876ca101092a9d1848938
SHA256d362384403896406a14d287861a557d991d9ad94ef7d5de1fc105457865f9d8e
SHA512a7c0992ed31c224e4ca2eefb97164fe78a740a5aeb975d5aa33b249a76d867737db08ac04bc4b025373cc6d22075ea258cb1cc2a5d451c5bafcf85a3678f0d68
-
Filesize
90B
MD5617bde07d07a788b15334b8ad1128d1a
SHA13d87638774e0c0ab36de5111f138227c3fd8a868
SHA256b2089c96eb067863e6353e1731d8bcb85a27330c89d408a930ce798ee3721864
SHA512b35332e855f7492bed24e3fffa17d744b0b9ee6666a9dd0c9fe60acf1d2ab4b78680a6aa2f60839c4d3a8d1e808f33baa3668a0e115c7246eeb5dcb98d33c931
-
Filesize
555B
MD5388d6d9efddf385de7047a955a52e839
SHA18a1872938d17e72c52c491168a3e86eda638bc1b
SHA2564c97138011f7df0f6d42e8df48a5988860cc4486482599d4c585e30cac7be314
SHA512f37df76c776313ea0f833a177a0e5ee658001a51ceb434cbd48f5685bb94cf9e69f28baecc4b6a113e5867d76f93efddda2f6c3e03f63cf3d6d3be760c8f19d1
-
Filesize
3KB
MD5136258f72ab737be97ce5764833b7db2
SHA1ece0163a0497b591700da2f8bb8623c3d3713634
SHA2568e1e9d55fafe98b27f2963ea95fee6c3d2e3c78206c33aefbc795f3dd23fa9f0
SHA5128b18eeb07179705ed8bc9fe0c012548d77439fbd3cb1876c4872a8feee9ebee9435f4b74dd6f01c2bce1baabce046aa29c2960e3a06a61bed716f1c1121f5e33