Analysis
-
max time kernel
13s -
max time network
151s -
platform
android-9_x86 -
resource
android-x86-arm-20240910-en -
resource tags
arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system -
submitted
24-09-2024 02:38
Behavioral task
behavioral1
Sample
2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc.apk
Resource
android-x86-arm-20240910-en
General
-
Target
2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc.apk
-
Size
3.6MB
-
MD5
39fa2c58237de702fc3458251f358cab
-
SHA1
16e4e5003046f5d07a0fb1eff0dad56d9ce53be3
-
SHA256
2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc
-
SHA512
023b77900582d0b6629d587f7411ce5153124cd3870b9533cf9afc5304b874e4353d8dabb7adf8a199768992123e707bc6a87ee682463c3bdccecc8a060e7126
-
SSDEEP
98304:kyHTjmHgJcyw+WoeX89z6Odp/9hBbW+te6lXhAyHmz:k+jmKcyPsXMl9jS+oSc
Malware Config
Extracted
truthspy
http://protocol-a100.phoneparental.com/protocols
Signatures
-
Truthspy
Truthspy is an Android stalkerware.
-
Makes use of the framework's Accessibility service 4 TTPs 1 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
description ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId com.systemservice -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
description ioc Process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.systemservice -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.systemservice -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.systemservice -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.systemservice -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.systemservice
Processes
-
com.systemservice1⤵
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4362
Network
MITRE ATT&CK Mobile v15
Credential Access
Clipboard Data
1Input Capture
2GUI Input Capture
1Keylogging
1Discovery
Software Discovery
1Security Software Discovery
1System Network Configuration Discovery
1System Network Connections Discovery
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD5f100146bd644e73ba7389ced848f4d02
SHA1519966706aa5aa41a0f716f16d7fdd8694d86911
SHA2561b4bb17d07b0edc80d60a3bbce0126f0573c4bb102563c815e2448196b0ef239
SHA512e85b8b9ab87c398b666bfd6849162393683ec9d2458978c20961bdd55b7d616316bb62360f8968298007fd1386e23823fc875b8783664802541499555bc802d0
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
68KB
MD55b12b0b03c4ddcf866b94bb241995a9c
SHA189ceebb69a018d8deb16df7a38bd44b00af41b5b
SHA25647c52027170d2c4223e658f32e66462fd37fc7f464e107042161c7f6c631e861
SHA51261b44f3c80268a858890ef936726ecb6fe98881c8f0fd64a796ddb75234872f78e2d42cafe0d5a29ff7f0bca18004d27b2cdc3ec3a1296a9789a623b92901c60
-
Filesize
36KB
MD5045489a0639eee27bca52f48828cd93d
SHA1436e7966e7c019273c44faa4d8c5709b816dfda3
SHA2560151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e
SHA512c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e
-
Filesize
16KB
MD57237409e0640cfab7bdbd429bf821a3b
SHA14c3da934842f8d4835dfe2a9c275a300e5123309
SHA2565c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa
SHA512c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f
-
Filesize
16KB
MD555bcd38a8d78ab8af4cfb5f69551f8ec
SHA1dbae7a804c8c4f67a2f16f65677978a67326a8cc
SHA25662db997b131a62776af2a9c72c78411bcbd0eeebe003a8f72f36773cede00336
SHA5125200af671b4a15899ee04bc4016246a5eb8318663894d4ed1f1d4210f467c2d2c7f3c6aec6ed35c18a8629d7ab985e834a4f58c3a0d45a02f58242d52d91c52f
-
Filesize
16KB
MD546a05ac4608024f70b82b00ece244bba
SHA11a1bd107b5eba587e9d80d6fd3bc57d6fad2c499
SHA256207eeb20c8b23c1803d9d5a0637af1541ab5e5baa9daf38ac962d2a303058942
SHA5121cb66cf2ba04b0a34bf1f5858da07b2809336ee42c5c35bebc78364f43a5fb9df616deac4676d1a11f3ad86a1199e7b71a6564d14c26af1381f4f86f1191b185
-
Filesize
16KB
MD55d7988fbd8698b3365737f97a263343c
SHA1fb86e86851fbf556c86a23b30b3aa3fc74fe39ca
SHA256206569ade6290cc97613c25769f8283166c2e5b3bc8745455e6f606e294c566d
SHA5126d042f2ab240388ab8e58fe827c72bf8dd46f605c8c597711e2079fc56e0f2f59e8df6f8990687ff6996cb0e39c833f77a222f79e1c2d59f5c2a7bd6d1c8be5c
-
Filesize
16KB
MD521eb8a3e4f281161e139b2482a9e4bb2
SHA16902a3419d4eb7f62f9a46930c6cd23c28cf909a
SHA256b2ba94b9d035745f6f522fd0dcf711a81dea09e0e471f38f85c34dbb5d6791fc
SHA512348eb256112c05d1905b83da7b94eac5fbaaaec98b86fe5f6b6c5c235eff874e1c2ebedeaec80d4f56b95adb7282360931f78eba4173418cd19220dccb5f7ac9
-
Filesize
16KB
MD5835cfc7decf507cdc5e54f602e3f9699
SHA14a55d424cb32e766554672cb2d0b3804fc47552f
SHA25629257dbf2b37d226ace65bd68d001398801235d93ed830a35435bd4bab4de852
SHA5122ab470c2200d97b545693a4cdc661100e46b0299f3d3890773681bc5f22f29eeda6b6a83a5c627fa22119726f3ce78d40021362a3f018a4f3afb4a08476c253d
-
Filesize
512B
MD5de78eb7f7526ab10d9ef793bee6ecf68
SHA1d761f75f907820d4395948fc97aba0c4e946902f
SHA25602a979e646d3bc6239c2acb51ebe9d13a5482612e0041a15d0fd61a300c68eb9
SHA5129fe581f25ace95ecad08dbddd9dc86e45616bda6253623c8a343c98835e509db48f5521792bb41171461615f1bc89638d993b92e05cd77656817e6f1e017d115
-
Filesize
36KB
MD55f62d453986b0f37ca730df995ef65c2
SHA1a0979485c67919f5e3ab21e69bfe2d1f94857ac5
SHA2564c4ea2e607ff7967d808570bb1de2ecdfc0a5b1a7c64b534ffce3df7eb5a11bd
SHA5127b762d539210b14722a6788ad1905fe9c9b09614cf7dfc4e464051853f5e86c6813c8da3fa057d2b425d3d110ed97aea41e142cbf4747f925e7ecaae2b45629f
-
Filesize
4KB
MD5f2c2bc9df2bc1139190a4d48c4dffeaf
SHA1e16f6fe12b8b666c9715fefe89ca2cf89151ec89
SHA256a0c4b499f01c1d0caaacd9962cadbf3988f9f5e6a2fb29b2bde5cc606e0038d6
SHA512cd3dab88fe70e29e73c81ed23a113583eacc2d22be77cd28079d66e07533c5921a1516b2873137d10cafac6666736a0841351da4ea5269da270718bafd77cf2b
-
Filesize
4KB
MD5e0900649bee0ec563e5d6ee9f62a393b
SHA18bca5db9ccf052f7f02eaa2bef8f0d78607e6da0
SHA25629d701cf7780a3bd290a9d959eba6d3364a7576ead6d3a2f536d9602b4c1bec2
SHA512c28b28b9c2be7a8035f6aed15e9ac36aa5995b6bd8b6a047a2a40323a762af467a23f5deac0613901799d456ba9f86e23292f7fdf696b6d8db0b4fb435489ae9
-
Filesize
4KB
MD5f270d84c3fc89e38e51091d52a4de699
SHA1d14d6f7f86a96dc73d3f57e5da070cafc09e809a
SHA256707097fb46e3848091a6ee03018c35a981cea9441036a04f12e22a3a5397844b
SHA51210d496c80010513b41f5d56d18b3e60adf113d822d124a8e5fe9838d5e8828fea96c2da079278957413b3ddfa5efb0f20643fa4f36b4e2f2796012fdb4e4de61
-
Filesize
4KB
MD5e1ab1a08ff49ba82de5caa5077ed487e
SHA13066b08aebaf4fbbc3b41fde61b488ccbc40a97a
SHA256219375d6799c0756e3fff02d14aad01a562a2cf3705ce1af04f240572de74d21
SHA512784fb7d9497927b534155da2fe15966058f1bbf66c669c86bf3a852dcd5792f983bdb557b18443a95a0cdf210d3adbb3022274bca8adacd148a4bcf21550c734
-
Filesize
4KB
MD51c98d6b65d17b1ef16801f79d2c0272b
SHA1b8fc4c6b27078728fdfef45b3e139d56525dd35c
SHA256a19213feb06b8a033681f486da8c9fda793584dcc04f0e4f53e55d502da1b539
SHA512b891a5c2517c3504271dfff346e6ad0cb36a2bbaf8e3fa1a651a2075aff1ed9cd0f7fbc39e6dcd3d497f2fb9b5ff0794508d579f17f011b7b20f072084a9fe94
-
Filesize
554B
MD505cd3a5201e3678d2b27132c6485f5a8
SHA19d3859e29595651d416891eeaa20af27c3494fed
SHA2560cedd42186161ae5c1fd8bb3c43ba8c43b6761963ac68ac3c8ee6f793e245573
SHA5125fdbcc44d6e649b7e22f01f21e78fcfc409ecc47521594afaf470595e90f9f6b7831df73992706d47d8ee21504efb8b16c4dc9f7ae654050d6f2117c3deaed8e
-
Filesize
90B
MD5c2320631b8ddfc5efa903de331c18cce
SHA1bcf41cb4255b14e054803d06975ed81a7c119bbb
SHA2565720624a1d79af78f47d9dc73d58d65cdcd0a00cb2165515ff5a2569ca83c6af
SHA5128311d9f026b921034ecb55b13c77ed35468f7b34054aa0a177e69869910e286742db86989db611f0f359317fb05cd68e54aab04b513b0a96b763a2765034879f
-
Filesize
6KB
MD5d5f894f11f00b3e61a54625308cceac6
SHA1a2f94699a6acc6e4411d02c4084ca461faa8ef02
SHA256fe8e963dce82a5f3e0aafb9ee2bfbcc5ca339b25c9a3180e645e9d12c1ebe563
SHA51230ad35126e72443799e78d29d2595258fcfcfbb32aa42f01636fecee348ff4b3f19e7e62b5ca80cf5951d7140c8577fc429f9fbbb0f331d812d907c43407e9d8