Analysis
-
max time kernel
20s -
max time network
134s -
platform
android_x64 -
resource
android-33-x64-arm64-20240624-en -
resource tags
androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system -
submitted
26-09-2024 02:22
Behavioral task
behavioral1
Sample
2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc.apk
Resource
android-33-x64-arm64-20240624-en
General
-
Target
2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc.apk
-
Size
3.6MB
-
MD5
39fa2c58237de702fc3458251f358cab
-
SHA1
16e4e5003046f5d07a0fb1eff0dad56d9ce53be3
-
SHA256
2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc
-
SHA512
023b77900582d0b6629d587f7411ce5153124cd3870b9533cf9afc5304b874e4353d8dabb7adf8a199768992123e707bc6a87ee682463c3bdccecc8a060e7126
-
SSDEEP
98304:kyHTjmHgJcyw+WoeX89z6Odp/9hBbW+te6lXhAyHmz:k+jmKcyPsXMl9jS+oSc
Malware Config
Extracted
truthspy
http://protocol-a100.phoneparental.com/protocols
Signatures
-
Truthspy
Truthspy is an Android stalkerware.
-
Makes use of the framework's Accessibility service 4 TTPs 1 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
description ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId com.systemservice -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.systemservice -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.systemservice
Processes
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
56KB
MD5830aacbee760d6c0c26d180143ee7066
SHA188aafe1da4e6528ac9c10e10d1f1b311206c9e0f
SHA2568f9f862029dd63deac63c22d710f99cfadf4836d9d116a0ad09dc4e7d497dc94
SHA5122d2144d940b2e791bb0ed92bb98dfb02bdbbe2c1d0e38b3cfdc905fb50a87264e1b832c4ed8ad866b319190a5266995bff13a08982264aeefc5239afdf063fff
-
Filesize
512B
MD5611d411078413f29718af20db78a31b0
SHA1de593916bc754bf8d804010e4fa897f399e1ea5c
SHA2568b0e52f88b5ba9265dfc287fcf904040dd8963c8e54aa0bd08e28da13467eee9
SHA51289e622b81c5abea4d2a44a42577d75801b6b48d7932d454af03027dff2e1e2cd8b28bd10b46cb4cdef98108acdff586c057b25f816a88b5499cde6ecf7dbc4ff
-
Filesize
8KB
MD58525898feea89ef2e34f99a6c4354b8f
SHA14fd5f3c64370ef7fec07d6a16b48eeb3488898e0
SHA2567af2dc6602a2ab6c2388e58aec20eef4416d899531490bd113ad1fb1f807e984
SHA5128a277a2ed0ed49cda94a85c78801b178b5be028e2ba9742c99c515363eb73167ee373683a4831258f695fede2fdea673c24323224485eb01cb774fa1d5bf6446
-
Filesize
8KB
MD5639c5a1877023dbbacc3be16feaa3f60
SHA147fa5e893a3644ebbc737ee879c99bd6f98eba3d
SHA25680bc9be633c16c21a688673a6b5d25eea5ed8ed1c37fc3a16ebf66ef91d3897f
SHA512d17749547a6b3ea38b3dfe2026c88ef539312bd788385f4e2caa8ea0e636b651f8777f3d25ead78721d9aeab4280c1fbb364c1114826efd7f375996e77110f1a
-
Filesize
36KB
MD5045489a0639eee27bca52f48828cd93d
SHA1436e7966e7c019273c44faa4d8c5709b816dfda3
SHA2560151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e
SHA512c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e
-
Filesize
16KB
MD562ad4a05cbdca7f47b3206b7dbda487f
SHA14f4044cef7b7b1e5c6184ed9025267fc92bf0cd3
SHA25618b909096c7c61d51ab076ae8e562effb0d4ada28e2a4ecd0e6b88ef58f6b2a6
SHA5120936531ed1b2b356a247123200739a43cfc765469ab47a424dcd6e3d1176092a212b0a28591d07f8c2d0cc9d2e0eeddfcea8dde314c2f9343783c61075b071a6
-
Filesize
16KB
MD52a083a69524984c8ba77ae5949ae1117
SHA1ad240cc7898e46d812f96b376b548545252e2b7b
SHA256b56ad4a37adb7268a35a8bd4ec1e0e19aa1c689767bf262ed92cac3e90718863
SHA5125fabf32e8377a0a4ce2dd6e9b7bf5356ee68e36f1688aa486b714d761a060fd84068c6a27d5de533ddb081c04464ab22f98de75e214fd45666275c2f13d8b8e2
-
Filesize
16KB
MD5f54e407644b29b1aa15e3f6b28dc41fd
SHA1e12b182257c7087cf1d716c5ff8f147280e25d54
SHA256a4e909a12c38f6bbce48de3dcb2a05f79c8793dbbf569d3aa32ac7c5218a2ccd
SHA5120180f73d1d750f88d2862fb57af73ace1cb0c13a84bd6fc5b0d388956716c0c248f0182e5e89ad90ea51c8445d2f6e6a06a6071fd300a82de31d073f786dacf6
-
Filesize
16KB
MD52ab04569ef06d07c13186a23fbdf00a8
SHA18d0b3076fc9c17449d82d06fa96d9a8758b3f432
SHA256a10245fcfb6bfcd8b1a7af0f7c595129b9aa18e37277e8163ba197e76fa76b08
SHA512afef4961a6b56fc139e5be602bd1e53f356c961657fb637b6ac8da0c0c2e1f265964eb72b1764b29824bffe95fe73eb6119af9599fde5851259db715b605a58b
-
Filesize
16KB
MD5a058fe2ca4327824e5b14d9ad3e5ea47
SHA1a9c2a6fef99968e521d2c1e1869f949dfd8e24d2
SHA25666545bbc3c9a34dbcc0ead13c96605b829617b644e7f8c8f5fa58a613bf7a8b4
SHA51278bfde1d2ea20697571ad6194d84de39bab67a55095a5fa29e7e4ad30b64fb3292deca55e4b43b4cd0775f5f84e985e0d0b1d7485bfc79e053484c5aa351d400
-
Filesize
16KB
MD5e3f13c7d7678604e5b293f6672bc0ed1
SHA1b16c998ac7ca1db79cd4983b207a292ac1d96e21
SHA256486eb5bec4ec277ea7b334a0d0e431e5e62881d3462903e8294640edbe96b2e3
SHA512b63bab85a373912587e78dfc9daf8b4168a223c7af08fb87de8140d66b9f35042052d2d25694e4ea7c9f2064107e5471318b6dcec39c4e3dc0aa352627fa09f4
-
Filesize
512B
MD559eabbfab183832844a169e011f06279
SHA12a7a8e31bba7204e6f0d0ea9257e375ec233531a
SHA2566d0dfeebcd2a94855270d756f087772b9c88e6cd6041dd056d818ae7def205e4
SHA5126a01805cc7c94f9bf1be12a934f5a6c1c027d20331246508d8d0da718f9c2431c98b0447232170ca7e3218c89ea8889a38d3cdf9bca07045d4f62e65688acf4b
-
Filesize
8KB
MD5a9fc12c1de86a0614bf11d41c6707299
SHA116aab59be4dfc3d768b897755c027b21df98eb8e
SHA256b5c46d47a97df838947ba74efdd4c92495a6109a55ed81c98be8310e185070c6
SHA5128317b61acf5f42b639fa2f817b970be7b9f937fac1649113b8085974a5f1ecff79d3f51d6a51572dc755ee3c7262d25a67819aaed65503a3c34b9fb0596895a0
-
Filesize
4KB
MD523d063044b6060e90257ba602b348066
SHA15b30954af0dfdb8d22725cf3a57b84fa2eacdcbf
SHA25610241fac180dd5f8d55a2ea1e71b5310548747b959d5ebb77e4b8aa2785f249b
SHA5128468d8544849df4e646bb249006f7a1c45fd335748f082ab0d7257100d9d13e5693b02ca8688acd4dc475e633fcd7e86fcd762deeb65d58a6711d72943d54a91
-
Filesize
8KB
MD5c761b5b98652d5572ba66509ebd4239b
SHA1e1cf6cacce1ef4a8c6a7deb5bc80547e3526a47c
SHA2568d87ed58e513f7e2f1a46fc8b46d78f04b5e8e721e7e9fbafc41c110c82326d8
SHA5121961d8c8deec661add2b52c9d40a036b45b6968cbc0d2093c6a703bfb03c641d7a50102b9bfe9dd5a0d971447527ec6a006cd13015ebe0bffc0e4c1d9fe49a6e
-
Filesize
8KB
MD5ca2f9f5f56f2b6f7c97056538ac7f97e
SHA1d21f7d5448a47d262aef47739d4844d3c92a0bea
SHA256e5fb297befb3c950ea7097d232bb461fc0f79505f9e68d983fb53b88b0585e44
SHA5122d9bdca150d7492d29f1200ac265d8baeff93b373993674df6869367ea3d613fa63e3301f43e876aa0961fa861092848bdd58524e3f9f3db32c0d93fd0c0a2ab
-
Filesize
8KB
MD54319cd7d8ea3b8637de57b529884802c
SHA17047da2495471dfedac06c220d40a9a061701271
SHA2567891dbf5b1dea71c8e64c16c3bcb31e6e6580e7cf3a346f3a0b61fe459be2af7
SHA5125dcd03b058708891ee6848c14bc3f567eedcca30d2b6b5e921d0f98606dfd591297cf7645588c58ed2df7978aeafa6e8c7a374854f02a9e4461f65a01188bad0
-
Filesize
556B
MD5cad2cfed552fee70ef4f4053e8b1d884
SHA1d197d962ee6a3d4b35dea34b69b05969caf235f6
SHA256fea72f6cc69c575795030865bc9301ac778065d04c3fd3e3305f91b5cee8f460
SHA512acfd9778b9f5e076eaa9d1a116b22b8d17d458a42275a97f1bf291b5167149a7509469317405e638b684d461785e791a0d07495fe4a1034fe78933c8a2799781
-
Filesize
90B
MD5675d8aedd4e660d50b2eafc754717b39
SHA12677f1948183b8a5576f0e2992adb45c16b1cb53
SHA256891bee56bb15b9ff10ced52d834880c1975ce5343037d7bec71dc5e19b77619f
SHA5123db980620452235c0fb34d3eb974a625c75813325ec9305e5260b11c429d7247e712c418dc35a6345284404058101872ba7a946f3a986015d3d85bd81f1a165c
-
Filesize
3KB
MD5d077a2665dde71d6d21c59d1c49d1438
SHA13f383f5a9d05f8c4fab2179231830631c93397b9
SHA25643580f06a67964128a44561fbcb51aa14963b2e41b06d14aa91af1845de90bde
SHA512ebcabc7c4216cf821456c8c298396d33baf342be9b73ac0e974d2e8ea9ae27d6950625c1fb92a295d542d5034c9e879a69c431cde2c53d8b8436455141c27abc