Analysis
-
max time kernel
18s -
max time network
157s -
platform
android_x64 -
resource
android-x64-20240624-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system -
submitted
02-10-2024 02:38
Behavioral task
behavioral1
Sample
2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc.apk
Resource
android-x64-20240624-en
General
-
Target
2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc.apk
-
Size
3.6MB
-
MD5
39fa2c58237de702fc3458251f358cab
-
SHA1
16e4e5003046f5d07a0fb1eff0dad56d9ce53be3
-
SHA256
2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc
-
SHA512
023b77900582d0b6629d587f7411ce5153124cd3870b9533cf9afc5304b874e4353d8dabb7adf8a199768992123e707bc6a87ee682463c3bdccecc8a060e7126
-
SSDEEP
98304:kyHTjmHgJcyw+WoeX89z6Odp/9hBbW+te6lXhAyHmz:k+jmKcyPsXMl9jS+oSc
Malware Config
Extracted
truthspy
http://protocol-a100.phoneparental.com/protocols
Signatures
-
Truthspy
Truthspy is an Android stalkerware.
-
Makes use of the framework's Accessibility service 4 TTPs 1 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
description ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId com.systemservice -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.systemservice -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.systemservice -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.systemservice -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.systemservice
Processes
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
56KB
MD53be5bd4b1d4fcbd926cb17d715ead805
SHA1025cb0fb94e07440eb5be0dbae3dd46ccd993d1c
SHA256fbc657a1fdeb6fdd1aa837efa60623d146630cfa144fa2bf15df156c27a76a19
SHA512bab6f1c534d33d6675f3c9107166fb427b9d2793c00853730f65eb2dc90aa54767d934d5c444405310618c4dc74ebdf424945543f14124407ab0bd1407b6ee6b
-
Filesize
512B
MD594fda6fc27eda928be7660fccebde9ad
SHA1bdba4ac5c29c132549961b11bf322e66324fb2db
SHA256ed659eb3735c849b19dde2c5a67fe1174c371a095e9d27b45fafe08c0a7968b6
SHA512c384c6870a59a8ce2f7a5835d7ace07cb5089d622a390d5f1160274fc3749c8d908fcd050ac9bb1b52226dd4baba059df7ae760ecc17aa5cdd5d938d97a507fb
-
Filesize
8KB
MD505fc541913c4b20cb524caa38b3ce1b4
SHA19d189ca7ee0058bfab79b7066f6dd09734f14aa8
SHA256c8241828cf8cf54a4eaf6a3e12f030435eb9b31d88ad8905f68c96ef43424392
SHA51246fcb55294c382344521b7683dde244d7dfe00d8c876487641f7f378bc25622751e20df9c2d5ccc10bea0a92c0aacfc5e480cfb45884380f9409e9df0d7ce533
-
Filesize
8KB
MD5b6517db216e63adf1ecedfdad047793d
SHA1d1c4e84171181f2792d72c0e7a0387841c374b62
SHA256355ef3db0371ad03f988f95d70ebdd791c8cfa3928171bc5055517ee1e8f16b0
SHA512ebc20f997aeceffad8488d327ca4cf995ebd4a8f275d6d52db0fcc69ef2673aa48a7e236e10e05caf0c979d85d0d5c75ff866e4d9d4961c7c5635adb9ac69746
-
Filesize
36KB
MD5045489a0639eee27bca52f48828cd93d
SHA1436e7966e7c019273c44faa4d8c5709b816dfda3
SHA2560151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e
SHA512c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e
-
Filesize
16KB
MD5eb52a90bb70b76e946b62f50b6f7fb85
SHA142d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0
SHA25648472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4
SHA512b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c
-
Filesize
16KB
MD5dcece676a79206b1f19a967a6b1c362c
SHA1777bbdf404091c25d5ef18b71f89c0291e83e875
SHA2566acd7487c9634c85ac2e9103e1d8ee3306f26119ee6b16a20b1fe574ef960fdc
SHA5121fdc2aebd31953ff9c2414ca22004eeb9c3da16169bdc02667ec01ef987b34a4ce3d9fc562bc73fb107e9a2735e874c462feeb4cd1c5ea591a70d07a49629090
-
Filesize
16KB
MD5f31e9e0e26538469d5ad9fcd87002823
SHA1a5aee7854fab90e9b6b27792624ae290363ec463
SHA2568ca44165023e39f95e424ca37fd50e0d63ee02eeadf7db1dc3a36464a8056c85
SHA512def94251dc88d6807dc1b910f844218d4d69f864bfa9380639d1970ec77919547564fba8b22b9f1e44908f93cdba6cbc64256d946913f7ff8696aa4f5b94c052
-
Filesize
16KB
MD5e718b8eb3634b90299dac70751f742ce
SHA1473c20d9980cd037e2b989cd47a1e699f6775b3b
SHA256ebd6cadef2362f5f3f30cbc700f681ea4788a3b35d0f11f0052b058ac1061a9b
SHA512293e23b2a55f00181d6ac67354738cea4f153195d4a55b949285db86937e93aa2e3bd11e035ae92d9a80cac75edc176a9bd3dfdea4a93be7cdf0de8330116990
-
Filesize
16KB
MD5d372136bddcc01765cc285a0ae20f243
SHA1c2bdfd2df3aba0319f77b320b0f6b159f774b04a
SHA2566745ab225c6af016d0b8dd3d6451e272b803442498be0e2c1b1b2c515bd46854
SHA512f9456a0a1708f6452c114b098e5fa92417df3a715a596adf1626f2ac0a39bb6220bbfe97a49e2c367a34b0d6c0020b09ddf99569f273f352c024fd69ad42bcac
-
Filesize
16KB
MD5f871ff700510a56a54fdd56bc41b7541
SHA1481548c8bc3254a00f497140278597b915460c48
SHA256ab18f3bb605f3cbedaffc75b2d5a03fe21ab82179d268331ea907bdcd32c23fa
SHA51212e3d348199566e137f02b63e4c8b4c722aa086128c0f1cea883d512075b8573d40d889d2b4452d9e3d9c02f523716da9775d93750c242a1a2d9e62f50f60fc5
-
Filesize
512B
MD5c94a9f0931ea60a1c8a1553bb8d31a78
SHA191b4a4f4869c2ca5c7d9a3f2bea747d34e69546c
SHA256c2b9867d925296b6ca473669ed2e3b1d7b0f1e17bcb79fcf70ff981c33475b55
SHA5129163e9d463bcf80ca66cb601b93b3638064ea699898e165e457b5e661bb6767e12ff3cd538c07c1575b8cf77cbf13160ed5f2f26ebaf09b46abc92fc1accc0ae
-
Filesize
8KB
MD535d1ef87e271aee0d22b3db1e37aabb6
SHA12b69fac5815963e8392e8225dfb4be4ea64b56d2
SHA2563b4d7ffb5ceb5770750df98bbc92bbec90f52867a3e6685db9cf8e9770f17f7a
SHA51281b7e10317d0cf5fb43227e479cce5820b6bec28a865d64514d3b4f40a688c2a15f11399a002eae42882ec29cc9006e1577f14f0c83902abcc2d5699533ddd82
-
Filesize
4KB
MD50360cbd3f02f44ed5a08d4188713728f
SHA10fdb55b540cebca46e75461cc6fbbfa134f88a9e
SHA256a42bed791cf56c2ce5f42ce64142901771de61b4317e3a1c030774ae5a746dd6
SHA51254aa44381ba08263284deb562c068ed1061c193378af3ef2a62e18a2dd4b6b0e478370aa33e90a4d241dc10bf6b538a91d0357d4ac701a59fb26571abef9bfbc
-
Filesize
8KB
MD55ea4c77ef42da34be94a92e00ecfff75
SHA139320f1d122a3ef593dc909940f77faf3d9ed962
SHA256aa5ff7c322d8312ba0222c97454736e3522d3970dbdaba886c9754b4973fe74c
SHA512d05d172bd73e1437845579a124540ae57869f2ec90d6dda06542cadee3d1e00a1a575c424fcb26661d68fb090916688097ea7c694495b634535448ee95405364
-
Filesize
8KB
MD5f9df4675b7ab28db88ed3e0f31b0924d
SHA14891a9b68a99094bf9032ae1a4b4da6c3050350f
SHA256009edb5347fee1b532c4ba9535f8fdeffb8e1a184d5690952f2af7478d159059
SHA5125a173222959ec2916118e6dec651044a11cbc59843bcc598ed65a43b297725a476fd4380a098909fc88c02434cffb03cb6e30556b24d8d2e78e24ab90d8e4712
-
Filesize
8KB
MD5a8530ab841d77ae6e5173d6807d9dad7
SHA1bedd83b06185ab179adb90c6b4c00ea34a023b53
SHA256d1c51db9e92aec2a0499190124b15877afc67e1e3429e293847a11da61bda62c
SHA51251170292a412fc2a738ac140b8db50dc5217638ccef9e1644748161bfa6c6187759824399d1b8ebb015384f838d8b360dd7a5294d0b109dfa4deeafb6e7a0c1c
-
Filesize
556B
MD57a53bdaf99652afc8ce1a2b9783508a4
SHA1d78837967ddf784d96ead3b13b0c91681cc426c5
SHA256b5f78739dbdf6d17c794afa90c753883ad390b44fc32d83a229aca983b0069fa
SHA51243198a791f596f8687a2afb032d23d08c7f56a4befd985d39d48d354bd1374e2375802cde4898cbe34786e048b9359e12631b9c0203cd16cfdf5190a681f4656
-
Filesize
90B
MD525a274ccd071aad22ea1d0c2e5cb414b
SHA19c5d70661fe7f05683bd41d1b590c9993de0b5e3
SHA2561a3397e145702c563adf8b40eba0480c3e5f77c8617b8cc5231e8f8d1a91a436
SHA51288e66ce276e7ff29896bda1986f45cf30ac2b85afe65159421f2eef9abadbaaafc7606f6eb90b65e996d250928c1bd1d5c8bd6d87177a2d76114257338c8f854
-
Filesize
3KB
MD57f6d94b0b4cab888035c2b8a3bc6bc57
SHA1e1f10f2abe382cea3c1ea175ad424754f83a9902
SHA2560693758a9013faf7c60d7063317d3163ab73616eb032de51a0ff5f51493b38b3
SHA5120752f95cf0b04d97f03360b0f2056cb147a49d00e7d37410d698bed094ab772cb78fe59d52d630b21a64fe9350cc1f4d60eb3613bf98d01cbf2dd2e80b4aebd1