Analysis
-
max time kernel
17s -
max time network
130s -
platform
android_x86 -
resource
android-x86-arm-20240624-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system -
submitted
30-09-2024 02:29
Behavioral task
behavioral1
Sample
2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc.apk
Resource
android-33-x64-arm64-20240624-en
General
-
Target
2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc.apk
-
Size
3.6MB
-
MD5
39fa2c58237de702fc3458251f358cab
-
SHA1
16e4e5003046f5d07a0fb1eff0dad56d9ce53be3
-
SHA256
2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc
-
SHA512
023b77900582d0b6629d587f7411ce5153124cd3870b9533cf9afc5304b874e4353d8dabb7adf8a199768992123e707bc6a87ee682463c3bdccecc8a060e7126
-
SSDEEP
98304:kyHTjmHgJcyw+WoeX89z6Odp/9hBbW+te6lXhAyHmz:k+jmKcyPsXMl9jS+oSc
Malware Config
Extracted
truthspy
http://protocol-a100.phoneparental.com/protocols
Signatures
-
Truthspy
Truthspy is an Android stalkerware.
-
Makes use of the framework's Accessibility service 4 TTPs 1 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
description ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId com.systemservice -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
description ioc Process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.systemservice -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.systemservice -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.systemservice -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.systemservice -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.systemservice
Processes
-
com.systemservice1⤵
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4263
Network
MITRE ATT&CK Mobile v15
Credential Access
Clipboard Data
1Input Capture
2GUI Input Capture
1Keylogging
1Discovery
Software Discovery
1Security Software Discovery
1System Network Configuration Discovery
1System Network Connections Discovery
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD512ddde802dd0c9aba4ba9cef1db5ec5c
SHA132dbdd70b20650dcb6e0466eec4c87c65cdc6fc9
SHA2562642c05d1f5ea7df439d1d6dc0dd6602c37f3a2bff579eeca8ce0d87bfa36894
SHA5122167191a9b543df802d9769d162fc10e1c9ed240393319305055d362538e34275a8e3ddba8c06e3a28bdce9a615bb41d44c791a471af936368cdc1e179767ccb
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
68KB
MD5f15fd059fa7b65c9ac3363a386e3bfad
SHA1ededb4ef452aca4b7f6d69f789c6c94e4ebc6445
SHA256c627d6062de3656f50008da6fb5541f432452f316cceaf8d2d5ca2312fb702d7
SHA512e51560fc52090d4cd1c604fda7a5aeebc22ea541a9073302dd2710c62d3a23f56ea8e7c8edd63c221ce295b135358f3f96c65b6cb58a62d0526c62b4c0fcd06a
-
Filesize
36KB
MD5045489a0639eee27bca52f48828cd93d
SHA1436e7966e7c019273c44faa4d8c5709b816dfda3
SHA2560151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e
SHA512c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e
-
Filesize
16KB
MD57237409e0640cfab7bdbd429bf821a3b
SHA14c3da934842f8d4835dfe2a9c275a300e5123309
SHA2565c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa
SHA512c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f
-
Filesize
16KB
MD5dc72ed57ad6f6526bd1083d92979a705
SHA1594fe14264e8922c7bb84d8900894d398b2e1459
SHA25677ea8025e8efff611eb8c34d556b8997c0072cd82fa7f484938cb3d233df3921
SHA512cbe83219f8ed1c993f233d3a9c55692fd4838e9310c7e1cc55842566b0df89de1ef622149a29da032247ebd1985a85c08b00ce76f321b23b699bea0f05171ab5
-
Filesize
16KB
MD5d726ee7abd2e6f76c5bb88d83b8fdbf6
SHA19d0d416ed24a12e12f220cc587cba9b883f61224
SHA256a51a9eb0d2e5ab0706c0daeb0baf91ab863ce8eaa6a4189c340c8d5d9b99aa2c
SHA512ed67f872ac7205deb162ac096b0b7981993d07ddd5339a5d81265740f8a51ae9fc6670216dac11817504dafe70b1c9c31978c3a1c35969c1f1f1aa44a04497f7
-
Filesize
16KB
MD58a003e231889ea951fd9f393e110ad13
SHA11d22662d0b8657582df3adb4971dcdbcae921c4e
SHA256ac9a0df5726df11f8ea261e89455b403ec59e7f647e33444a37a2329620af1c3
SHA5125eb02d56df2c814c4344f6a552069a36a2c724724cb4e343985e4e8c48ab5d253d24b02e85de63a6233401fda487f2781c72afa0ec21808752e7bdd26bb86d40
-
Filesize
16KB
MD5e52a0907289e7f5e122c040ddafda8b8
SHA1e4f33c97afc1d36dae5bb0eeb997dd60f648b630
SHA25615b2dfd5e9259714345e9c167bb74683079d672c49ec2e158c858c89278bbe5a
SHA5120ef0c7445538553dbf263aa97b7dca5961814577fe8ba5c6076fc3392f760d6d0cfb5bdffb7f92d575edcbc78bd0799706c65c4ba42f53640e064e85ede57c7f
-
Filesize
16KB
MD5835cfc7decf507cdc5e54f602e3f9699
SHA14a55d424cb32e766554672cb2d0b3804fc47552f
SHA25629257dbf2b37d226ace65bd68d001398801235d93ed830a35435bd4bab4de852
SHA5122ab470c2200d97b545693a4cdc661100e46b0299f3d3890773681bc5f22f29eeda6b6a83a5c627fa22119726f3ce78d40021362a3f018a4f3afb4a08476c253d
-
Filesize
512B
MD5775841285945fba26b551f3bf8d4c463
SHA1420470fcf5da73f81661967999fb9a5feb8cd1cf
SHA2566805139cfa65d15e656d9af088229c742b59c43c823e8928d9d4f62b16da2583
SHA512958a564cec4d2e02e201cf66581f0bd872e8d4b014eb75bb83ab3c8b21f63b09d83ec427a28b2a5c63a183ac5932eda00157459172a1c4164da57c9420bcdbb9
-
Filesize
36KB
MD5f8c47b279b1649c6ac67608474d85a75
SHA1df7fa6aa5c653a972a0a238e415eb5978780677b
SHA2562fae9641b69c5be4d8fb553d477dffc279972c2be2adbbd2bc5d48a1fc6579d3
SHA512037ff48be95cf063b02d36852a9b01ac17e03dfd729bd0e68a9557ecce8b5185649cd751911b80a74c2866f5e331bf260e577874c60f3c0c5d6542bd492b58bb
-
Filesize
4KB
MD50a2e615ccefced666d010bc8393d6bff
SHA1035e2850aa067ee50540b7a8fd37dd337512082b
SHA2566f64401032c781172b4472581a58e1dacdbb4efcaa92441f324ca5c5679d6872
SHA512f4c634c0b5a17e443c35172434741d2f3e60c1586cad0b065c16b7bc2bd79d29808b7397208c0b50565c64717e8d434ab841be43384dbffdac0c27333a515c17
-
Filesize
4KB
MD5e8b302abd6a14ce77f47b689100275d2
SHA144391815154f0274a791c19949a08bbd44d2c304
SHA2562670ff841eadda9e1a50d1c126745ad2eebc759e9614818bdcc6d9ce8db42197
SHA512c8d4e4d76a76f94ceb0475033bf2b3c30c3aee98f69c2c0f2929884ed11552f5879a192e3aa06c50f5052f60e141ae008bd11e2c15760b927c927b2030289170
-
Filesize
4KB
MD557dd45554b315f39448bb2aeef4a3ca0
SHA17a8b2813b0ce72ec45b8d80d575ab0cdc4fbcb01
SHA256839405ee527222c35ef458c64eb9a55ef2a05cb7bb3f87d3f0ba74e462c9edd4
SHA5123c6d2462eec2221c109e7b4cea62b702db48d5143e96dd12cceb131644a5d8bcb4630220080000476d0395b658a20a36bcf4163beb4b9d10deefc9d0e3032f9a
-
Filesize
4KB
MD54db964a005a8f07cefb876cf345c13fd
SHA17b7a991de010d9b20e2d6ef3faed2f58489b8a22
SHA256ee2054078dee8bdf9d88b69a69ab528cfa15e27239ce6a84cb5f394aa9cd7126
SHA512a80f7363bad69fbd5fcf4f2a1ee913635256ccd2a5cbc8e0f00e22405b095dcce095b0545ebdcff30a6b2a06a2b367d8695ec823e697ad0e4ad8b9da40c6212a
-
Filesize
4KB
MD594771d884033ddfbfc48a6603db1e4cb
SHA1dbf99e5d9ebc010c019a43ef2ff3327e4a2f3fa8
SHA2567a51c528c784e3fc0006ba637f73e1fa32793152fcca0772accbc44b369b2475
SHA512bde3e759ef4dc8f022126e8802c26ef8b52bcbb32a2a12f6e8782ada82053c7d137d4648eb42635189f23a51917a3924a4cc62ee2772b3b631d570e26b142248
-
Filesize
557B
MD5295777367b33b174540e0beba444a3e9
SHA141131381e7943629b46e7e7d0e7c621663cd0295
SHA256d4b5b51368504f646a620c828732ca154d0c6e1b35fe58e2e076d78033aa8b5d
SHA51230cfa605e83fa6121951d5b4b405403456c7369261d9753e493758b1eb749a3b689a62cdcb9b07971faeaafbf1bfb458943f3ceb12a30c2c005ba0520d48207c
-
Filesize
90B
MD5db1cd5747a944319f6a2bcf9bf47b8e6
SHA107ac2266a41f1536ceccfe93247e2ad50fbb3c0f
SHA256571607bf4a25cee2c3ccf3c265c8a76db05a70ccb5aafbf1d18d3a8b0ab02352
SHA512e4f3ec6d7d90ae146d57738990812be218ea908e3e057203fe5682a5d048d1d115b7bcc0758c3f7edcfc983e0432131f3e6f7c2f14e73ab0e90f573607a1c5b2
-
Filesize
3KB
MD520a45ae23c3afe2aa0b8e4c6f3c87a6f
SHA1c0c99b4b19aaa03273c82ba4d2b4408007cf6e3e
SHA2561267cd7ce27ad466eea322163185800a8b19cbf8c93a0e80250989da2adc8dc5
SHA512e58cb4e69bef1d542a7889a11b3bae58ef6b391bead7c78d2d7a1fc90e7f2f174e65d2c82102e80331f3532c7a6a119bcbc1230dba24b226341c7745d6900d01