Analysis
-
max time kernel
17s -
max time network
131s -
platform
android_x86 -
resource
android-x86-arm-20240624-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system -
submitted
28-09-2024 02:21
Behavioral task
behavioral1
Sample
2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc.apk
Resource
android-x64-20240624-en
General
-
Target
2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc.apk
-
Size
3.6MB
-
MD5
39fa2c58237de702fc3458251f358cab
-
SHA1
16e4e5003046f5d07a0fb1eff0dad56d9ce53be3
-
SHA256
2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc
-
SHA512
023b77900582d0b6629d587f7411ce5153124cd3870b9533cf9afc5304b874e4353d8dabb7adf8a199768992123e707bc6a87ee682463c3bdccecc8a060e7126
-
SSDEEP
98304:kyHTjmHgJcyw+WoeX89z6Odp/9hBbW+te6lXhAyHmz:k+jmKcyPsXMl9jS+oSc
Malware Config
Extracted
truthspy
http://protocol-a100.phoneparental.com/protocols
Signatures
-
Truthspy
Truthspy is an Android stalkerware.
-
Makes use of the framework's Accessibility service 4 TTPs 1 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
description ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId com.systemservice -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
description ioc Process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.systemservice -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.systemservice -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.systemservice -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.systemservice -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.systemservice
Processes
-
com.systemservice1⤵
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4251
Network
MITRE ATT&CK Mobile v15
Credential Access
Clipboard Data
1Input Capture
2GUI Input Capture
1Keylogging
1Discovery
Software Discovery
1Security Software Discovery
1System Network Configuration Discovery
1System Network Connections Discovery
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD532a93c673b4f00e91c71289708414b70
SHA1532827d89bf8969e79b5131a8d4efe6654a1052f
SHA256bc81d9cae6c3b808ef6b8edd107f3fc6f350dac7e54c110d0328cb64cf2be725
SHA512a3394f9c08dc685825463d66983ff94bcb8a93da3ec08c18e243e7aa4f03d6cd82460530dc57b602318c2af802bf71caa8c602f3ff41c9a6e86686dcb637ca9a
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
68KB
MD5bd1f6e8a3841f9f4b3735c2350c465e7
SHA131f84a1e4a2745ec96ab2954e632036c54c2cc2a
SHA256e988d27cb832123aac3cf0c1a64698923597182efe988d104c8fb017d2a97619
SHA51288ca170544f6386815d607d3250a365fb006b3bac6ea0ad1a3cea784e659e9db3f0540fbf0956bb592784ea62bf3aa8cffdae01393d31128de80e33eb056c9fa
-
Filesize
36KB
MD5045489a0639eee27bca52f48828cd93d
SHA1436e7966e7c019273c44faa4d8c5709b816dfda3
SHA2560151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e
SHA512c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e
-
Filesize
16KB
MD57237409e0640cfab7bdbd429bf821a3b
SHA14c3da934842f8d4835dfe2a9c275a300e5123309
SHA2565c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa
SHA512c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f
-
Filesize
16KB
MD58660b16cac3518a957f02ec23d14e686
SHA1174c9694d28daedac87ceacde475248b87fb13b7
SHA2562c67fdee75a400d8cfd096fe490455c857af4da9893e7d1d32fb3700501d8889
SHA5126072f3ff806d6296c2a5712ae27f036466a3c73f7a8d0d9d7572c6e0cff6ef91aec9775128df506f3a3341a437391c77b56e94d1804ba8295a3b2e08cafa92bc
-
Filesize
16KB
MD53027590fead1231e874e039994848787
SHA118a591197cc17d10378915d4dcaa14a2763d9a4c
SHA256f75bdbb77a720c6bee1bb5c68e0db630eb876b49fed6cc2f0250bf550c478423
SHA512a168e39240bc51a86a35d1b8334fa131fffac4f823df0d70eb04d959ddc36c8418b6a0182ee0931720b0d0bd2a916bfdf546ed793e888d867f91bec6f99ef6d8
-
Filesize
16KB
MD5a4ee8578a8d38981d3506ad1029bc669
SHA1f128d18f1e7fd5155d71651c962320b4620f8cf3
SHA256974e86b0b921bd1a5345c208c98c120cccf1cd36660d0752a8684c2fe225b94a
SHA512cb9a321b0be65101260e71921d405059db33db336915db2b3519317b53a15daa1ce76546305a64360232617e7bd293c254e9fba5be83e2cf6e8f619b39a42fcf
-
Filesize
16KB
MD525c72ce3df9c2e4836e95466cb917adb
SHA10eb67e63de5e0c654156136ad286060fa86e7608
SHA2564ab63176aa6bc91ab00d7075f5cc6eb94ff91298f8045d413974afd9b3dc662c
SHA512881cb52e44e44dc81f43c232cc09e818dd121f0f2184c04c4e4f7366b458b80f36cbd85b3d3d53ccc33146d4941df968543ffede52d2dd384d075b8f9598d42a
-
Filesize
16KB
MD5835cfc7decf507cdc5e54f602e3f9699
SHA14a55d424cb32e766554672cb2d0b3804fc47552f
SHA25629257dbf2b37d226ace65bd68d001398801235d93ed830a35435bd4bab4de852
SHA5122ab470c2200d97b545693a4cdc661100e46b0299f3d3890773681bc5f22f29eeda6b6a83a5c627fa22119726f3ce78d40021362a3f018a4f3afb4a08476c253d
-
Filesize
512B
MD5df347bfc3c37edd975e4efaceae5d49d
SHA1ad9d58f95a1e26974c7c9e5d09327194dd4292fc
SHA2567204427d00746f6771ffa528bc6ac94ba0fb0c7049110501da80853726a5cf1a
SHA512b330bc0087a8149bc583ca6807b7f244a300f32d0cb149225f39c7c704019c7d7d7ccfb3f468c04a2174d58b5c2b721fb06ea23d2594775ec051dfb0fd538c37
-
Filesize
36KB
MD5669f7e0f565f8b8da5fe02578d9fd228
SHA1e438b9acbccecb54c48f60c96ad038e976062494
SHA25671a3aa71297eaf51eda420a8e36c394847e6819bbdf22ab9e8f631b0a388173d
SHA5127150b7723af1c3a4047ae8bf1dfd9f28ffa56321643d6304f11c2061986da46291ab9cca5350f335c25d53df4cc033cf1a6c48f3bb3d70deed02e161ce7acb43
-
Filesize
4KB
MD5ed452df5fde9051e1cb8cf9516b14d6f
SHA1afb7297dc03fc3481b9796780e5b77c95475fbbd
SHA2564e166cda45e3497dfb38b79209d02aad905ce06c6060b612cdc838192b4e2e91
SHA512c3722da132fe3711eac5908016341f7de6b8b95262b959c77ba4b937a717bbdb1eddd35035c8c24aaf2e05b05985fde06a25d61267da6889fba4454103699bb9
-
Filesize
4KB
MD5ff63ed56afd03cdde1625ad0a873d8c6
SHA149097ec9145cc84ce6a6e2be650ccd4afe0d038f
SHA256e0914ca0f6246bbf1d58022858067747fd737f19273f00a9d2ae4e590602f16d
SHA5124c5e476e277c976d0162fbc362faae5fa7c6591fc1f4d620e25de0c0908b5433cd2c6c2a18c112cf35ed8b36acfae2c3987340504171cb47af31613b2ac14b71
-
Filesize
4KB
MD5835e585d91b278aa35a9afd505809a59
SHA115cc88a8b92952c7395f998b173de99efc19f4c0
SHA25631d8f01c8ceddc5031d6606838ef64ebb9178a9134e60f3152d4d363308ebcc0
SHA51240b7b402555507bf0828bc668f4df25d5fdd74e7a42cb4baff957f177af35528a32cb21802f888021afb240def759cea6f72a2c4eef97df37c6f214c46818e1c
-
Filesize
4KB
MD5b96ef08c34fc934dcba171fc4cddd0cd
SHA16ea75b54647ce9d312cb072448ebe6fb5ad8b308
SHA256a4b135c061e8b542aecf76ecb20cab27ffebed2496858dbaf6dcee6a54b52584
SHA512a58af35da9f7f0054a29ca86573057f2965bf85a60e27a5778ccc3b2047296ff32469f7c4e85171a167fe80049bd7eebaf6f13f22985fd2c70a7cea601d8a49d
-
Filesize
4KB
MD5a0e1c75f34a87350e15129595d167d02
SHA10c2581c25bfc2a93e7896a103cf133b45f9203fb
SHA25633cac952da004dc6bec3eb1d090ff97e9003783b186554ba19b6e9d483ec4079
SHA51226de12fd277e7bfa19f7670f2a5488a02d98c430e95b555eb29d411b9a49d9f860a23f20dc6991987f0e86a1d9a1ae1becdb99185a5b3264a3a795e9fb4f9502
-
Filesize
90B
MD510043259459a133204fc2aa0478ab0c8
SHA15c27a33d0fd45421d2eada50063dcd2622d2f6cc
SHA256a3f974f892f1a8837f219f8864460970bdfa74e2112f9863080b0f6790cf4028
SHA512a360c4acd8aea8f68fa21d3b0a3418ed08dc44f904adab885fa6058d350cc45d4e795a3c8e70477d406a15e771bd64b371327750667c87777288a9ba84d6918e
-
Filesize
557B
MD5cafc68b925503cdde556b7a2c28ecb1e
SHA15fa6ff271943f96ac8b4f5ebbd397fa635592873
SHA256e5c3da5f9a2e1d427ff7a2eb0bb8ebca8c28aa12be4b63e992200dcfc16f49f8
SHA51265a44f65016874af7833820491c2f6daaa2e141845437ecec3f3b69ec800edc667c9e5fe6c212d6059694da68dc7f744a9bacb2741d014c1d18532632ea6fdd3
-
Filesize
3KB
MD51d6c0b710a2de3ca8963af46a5352dbe
SHA15258a056b479e41058f02946b7e0680ca9420211
SHA25689bbf63ca21a59b48c1d213091fdbbe0601aeda8521c0582057465f70d4d028f
SHA5121adee4cf865d26067ded0d9efd8147167e24cdf6616c80cd288e6a511951096a5dbfece43d9c2760a396695e701e80ac880602d3badc4b20dd4212f926b92160