Analysis
-
max time kernel
16s -
max time network
132s -
platform
android_x64 -
resource
android-x64-arm64-20240624-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system -
submitted
01-10-2024 02:39
Behavioral task
behavioral1
Sample
5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb.apk
-
Size
3.6MB
-
MD5
d836feab9d4bf3c6cf086bdc14724c8b
-
SHA1
c837cf7b181679a0081165e5fe4aa0eb94f748f8
-
SHA256
5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb
-
SHA512
8c7801c5f1d8dfda39e0c65bdbea83feb8f217b41b69a245d01dd9e983a6a357c8b0b2be79123bed07e638655fc66ef3a093cc01be68c696ecfea5ab6c692dad
-
SSDEEP
98304:5s13ZL3Vf6JqeomaMDmQZ75ub8GoRJ6Odp/9hBbW+te6lXhAyHzwI:eTLVf6JumaMiQVWovl9jS+oS4I
Malware Config
Extracted
truthspy
http://protocol-a100.phoneparental.com/protocols
Signatures
-
Truthspy
Truthspy is an Android stalkerware.
-
Makes use of the framework's Accessibility service 4 TTPs 1 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
description ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId com.systemservice -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.systemservice -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.systemservice
Processes
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
56KB
MD53382c0278e31970e65e7e810e3f927bb
SHA14234803644bf13e0c7e191e9b056031092bff50b
SHA2566293f9c71feb054252bcdb2f5381860408ab4f0b4b6da21fe0d2b2da27d12bb0
SHA512f1cb3aa3d41a8860261f03c290fb464d9d72e21dbd2e6379ed251340ff168d03a27c17c58febcf58a84ddc92da73f94bbaa5c3f0d21f64f874250b4ede4bf95a
-
Filesize
512B
MD561b1a7aa72237959ce6286ad10bd9123
SHA134cb79378bb53d515fbf84d857238f668a7ef123
SHA2569e0154cfc419d71ff0afa69778d5cbdb2d86fe0f1999c09c679155ee5ac4f4b5
SHA5125e9d417923132c0125eb0131e7c8034192b64a7341ba1109e48fccd8cdaa2e7d67d28b7cce4297c49316b08511fca37743ea618538697624d875c1bf499b5b7c
-
Filesize
8KB
MD53291a9cc8b1f67dc54dcd1a7b421fe00
SHA10796edd0bc7c129ff4175643abec4c1610eee67c
SHA256e0efbacbab4aeea285596de42e9b4e3613cb93cc3af35106b6d713d4075f49eb
SHA5128205a4d5c3865d338bf28f7d26908b7d6d6ae890cf76bfc1a337560a6a92aff96028d11dc15fd7113b4003c1b9c5a883bdf2299550c021304acdb12b0625deb2
-
Filesize
8KB
MD5d95d573c27896836acafe1c1f0f4b81c
SHA13fa4931bf585f89b3041dae5c01cac678845b46f
SHA256b5010566da59a8a31d0b8a37ec1e9c7a689bbcf37f14197efa41e9fd39b149b1
SHA512df4cd940ad76dff75d79ae95df5e147cdccd4d5ffb2ce64bad9f14b5789e06b061ed6023483a6236a9a5610da022518fbf12d184b902f727cab73baf2eb1502e
-
Filesize
36KB
MD5045489a0639eee27bca52f48828cd93d
SHA1436e7966e7c019273c44faa4d8c5709b816dfda3
SHA2560151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e
SHA512c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e
-
Filesize
16KB
MD5d9cf75fdd1c2292d986f6c3d5d60f2c8
SHA107ecb1d3a26d952ae5fecf54f36699ab498510b1
SHA2562d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a
SHA512442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb
-
Filesize
16KB
MD52e42a30e31a8448cdb19307559974a39
SHA1e221d4f6e680f605bd64edb5ed973c80dd3d1d43
SHA25631ad04fc712768166dedda6f2f8153600dbacec36614c98a6d15b6d8973aaf7e
SHA51221571bc13dd2a29eac42007d7e972a20afea1ac22f6e88486b1684a02221982cca95827b042d301237df18d0ab7b83c583ff76e04813a84329f9d2b2252af78a
-
Filesize
16KB
MD5983f7543bd14500ed88811db6f416745
SHA1f68f9fad529def44f7fb4dba14ec3aa53f79035a
SHA25645b122ed6ede5ecc0b65699c93406fc295a21c9faddbb6fb16b1b84c634840c4
SHA512d8accd8655c35a6c5efa1ccd9fcc7d19c534bb64a553ac031079bbb2ba1c9f10bdcea5474b62b45f91757a7893f5ea574ac6d1dae428277eaddb6d7242b751d5
-
Filesize
16KB
MD555e53d459c4f40e89c04704f684e1caa
SHA168dc15f75e3db75185f6a606a47da7342ef9926b
SHA2560ca33963ec99eed7790ffed828f91fc4d93cc04bc1d8e1ee5635af1a1b653611
SHA51287be3893c59d373cb802a89fe9d5c4ed7cdb4957b474a8159a5ff33b38fb269acaa006c0cf94c162c59aca122794cb860fe42551f827841be14570e4195ebbc4
-
Filesize
16KB
MD53797e739888c14df40a1b46accfb2404
SHA1d87ecf484398258af74ebadcce87e71fdbed7e23
SHA256862d8e16db9b200e1206b67ee434a8099c74c420ef07c67073c98cb2c48ebd06
SHA512742a89f18ffe6b77315eb73b593825564d84b07560d613f27be4cf34f1000fa5f7cdb7c6482920f5b37a20ef0b3b1a794f0e18711d8cf7d2e634e58900ffb9a0
-
Filesize
16KB
MD52238195eab25764b61f2d26ef6a720af
SHA1d366efd0cc079f0f87d23c630ec8d99f90541731
SHA256599d63ed390f7e8e81d82b379c9a733ffbf454bfa5843bd0c909737c8d40dfef
SHA512478111185428119bc92f0ffa3b6d88a7c644108c4b1d9b14a53bea1d74278bc78e67752e41d464dd81e3d600de8b7a723d0c7fa0ce920250ffd26977f9fa3470
-
Filesize
512B
MD52648c144903f35dfa288b32ffe55174e
SHA10f55de48a9196192f3f9a2a32c84af24b934ac45
SHA256b7e4516cc51c1f19ea8b6261db0ddda8b1bafd91020383a845ff7444a66008f9
SHA512139847564abbb77113a3d4ad22adcf5a4bee286ea8761910497b478264878d6d9663bfd13f378e6f3a2c1702c24afefdc44806757e18c768604b93f3b751e945
-
Filesize
8KB
MD5b530a8711aadecc1a01117cba1717645
SHA1a6f814eedc159ddeb2df8bfbb53738244e40fd78
SHA256e11523361d1b8f8fd46e8b2a7f79900016d33bccdaa308e1d732f7c31acf7c8f
SHA512ce87247e5c3cdfe374a2b1711c548083f7bed2d74bd3364f9b55c0943a58429fee42c33c202d73795ba8087b326c54a3dcd09a9d681009092e9f90316c1c133a
-
Filesize
4KB
MD52ced9d9f4c4024951661ba01b9540d7e
SHA1a678ef428f639d255c194b4a3aaeb2066e177e38
SHA2569545818bcfae35ca484c54bf352d278e58269e4425db8e57fc531b291a827819
SHA512999c0877a222bf485d5e802c162ca396d115a1f5e8d9e0b85a67a4e1ba1f98ea6f594ec77088361662d8e71969457f4b6fb05063622439710077758e6e6f6915
-
Filesize
8KB
MD5067f668cb5d0e2104cbf24d4eb5ecebc
SHA186fd73365e08e9644c9b739beb96d2921ff75ab0
SHA2569fb3121885700f1145df57be228b3b9e2a051186789a4685906f38c68121c5a4
SHA512742d3f1ba6fab69344bd20c2b1f29e50ce221b94f66ed7ef0d30473c955eb3cb9dc863e7e84272a850fbd82e2ba1e8d8d11ca6b04f9aee033b405e31df096699
-
Filesize
8KB
MD53b092029f896f7e8da113ea129786c62
SHA15c3ac7f6f8ef30b908d1952e04dcbe0c57415ec1
SHA256c375ee808bd4ef9e6c04e2a87f92b13f4a6c6d41d4a799c859c0e3bdefc1f959
SHA512fbc756d177fbf15bab7fac6d4ed6be9677dfa5950fa60c1d1804b9c218137876b2d79a1183e1dbf19391e61a679f82184baa81e4e7444097f02b57552011e720
-
Filesize
8KB
MD5a9b7075ebf53d3996e64c2a226741469
SHA1dbb19e82590ca33c7573a77c639fc995f9a4ff5b
SHA2569f7e745616b8413d0cf54d0406ac652d4af1d44830de49de5e2a2f112e4c4c78
SHA512bfae99f8eef1df35a534caac697f41d6e970d09ea1e13a4282cb72f807285a89b6f35f513c8662dba4cba1261b580eba0d65d19593828295cdc1cdc69a044b82
-
Filesize
556B
MD59b7e6d213add8ed04cc8acf3949d042c
SHA123b02b965c26c43e4ad668cd064c7e8a3f5ba839
SHA256e84996ac8a90702030de53a692b79de723eb957c27de412eae8c5c1d1281f85f
SHA512f267dd5da34d614af14354c93dc3c45c79b723453eac4fb4dff04c7f2bdb5c6a6269ca01d23b1603998b24d55bc65c183d4410011fc5d7049c81f14ba9a92eff
-
Filesize
90B
MD5e357313498ad34e47e47e7c27676ab58
SHA1a1feb60c0f39aec36f58c54bd7c9412e8364f12a
SHA256cc0f9f0ce3941076bb4285b9ee804e4e8c46db767205192d2cbcdf06f88b44f1
SHA51248afe6081e91b849bd531fc5aba5a25f1f39a2963e5d61534b026f3a4f379a827707345152cb5ddf23f2c5ad90124efdf1b533cda4a664c15f97e75fe730d9c8
-
Filesize
3KB
MD56bdecd020fac8bb4cb9e662e163c5144
SHA141bea5779bc15bdb784d40be0d3796ad814ebc47
SHA256e7d0d7a37da872d04fc595e70e0855c204e7ceb4b96b81cfda9f61e3e6e6e3eb
SHA512c723495e73df0f7c302f2666de340028322d5c0750be2554abea0648ac622f88641a814e058dc9a203503936ab2bb557be92102fe286a050f3d202f6b96beca0