Analysis
-
max time kernel
18s -
max time network
127s -
platform
android_x86 -
resource
android-x86-arm-20240624-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system -
submitted
03-10-2024 02:20
Behavioral task
behavioral1
Sample
2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc.apk
Resource
android-x86-arm-20240624-en
General
-
Target
2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc.apk
-
Size
3.6MB
-
MD5
39fa2c58237de702fc3458251f358cab
-
SHA1
16e4e5003046f5d07a0fb1eff0dad56d9ce53be3
-
SHA256
2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc
-
SHA512
023b77900582d0b6629d587f7411ce5153124cd3870b9533cf9afc5304b874e4353d8dabb7adf8a199768992123e707bc6a87ee682463c3bdccecc8a060e7126
-
SSDEEP
98304:kyHTjmHgJcyw+WoeX89z6Odp/9hBbW+te6lXhAyHmz:k+jmKcyPsXMl9jS+oSc
Malware Config
Extracted
truthspy
http://protocol-a100.phoneparental.com/protocols
Signatures
-
Truthspy
Truthspy is an Android stalkerware.
-
Makes use of the framework's Accessibility service 4 TTPs 1 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
description ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId com.systemservice -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
description ioc Process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.systemservice -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.systemservice -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.systemservice -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.systemservice -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.systemservice
Processes
-
com.systemservice1⤵
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4237
Network
MITRE ATT&CK Mobile v15
Credential Access
Clipboard Data
1Input Capture
2GUI Input Capture
1Keylogging
1Discovery
Software Discovery
1Security Software Discovery
1System Network Configuration Discovery
1System Network Connections Discovery
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD53675dd23e9361be0e838d37f6c1e24fa
SHA1e994be3c9387d774c9db9239896a80eaae8146c9
SHA2561b9c90430dcf05bd401a31dff5b3822ffa36159ec76bae77a2d4967d0051dc7a
SHA5124b2aab1c4e624d6150068e5d285d00d846c527e1f896774823d08bf3f8bf41c14c70123812ac55891f170a67fc0a225341ca5b2a8c22e36276a121e433fd2c2e
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
68KB
MD541a149e105911fd8d3212f79cd03035a
SHA15eeb6fbf1e1730bf14861d7b0e6562253866b088
SHA2564be85e3771a2efe6624735e23ede6d99717b0a94cb224b6ac2483322032ed937
SHA51283595a14ee2060fd1a63c2fadb02ca5ce23fbfc48e0f725b0041ed3aab67b3050a95954f96bcaa9424165eacdcad0952d1cb4d9e25df3f4cc6ccd8ee8b2187cc
-
Filesize
36KB
MD5045489a0639eee27bca52f48828cd93d
SHA1436e7966e7c019273c44faa4d8c5709b816dfda3
SHA2560151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e
SHA512c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e
-
Filesize
16KB
MD57237409e0640cfab7bdbd429bf821a3b
SHA14c3da934842f8d4835dfe2a9c275a300e5123309
SHA2565c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa
SHA512c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f
-
Filesize
16KB
MD55e105c0e78de8e9fe7ac80aef34fe772
SHA153b89983a98380d3eeefc20c0c97ea7a5c8acdbb
SHA25642e15919f32eda51fc445f18ac50571e230361bf73181de4c1ac98b657f92b09
SHA512dbae7ff9201b7b9202c51b085a47de31f4b37854ef149b6edcf47892a9f1fb69de31b0556748afc7cce9e1533f81e14b7bbde1883d960c97d34f5f7eb899875f
-
Filesize
16KB
MD5c604f4aa7a9a58d8db38b78930237804
SHA124d70fcfa13c843dff32b1df915323e6ccab1811
SHA256293201795dc91e3220cf58073cc6af15f98c7822ae3586b62f87ff41b989feb1
SHA5122abe33074626383455f9a28f80263d881e19ea7d65eeea49246dafd68a7835f049b615d1debaa386bf1570ac87a651ef42ee9476d475cb367a2c050fd05823bc
-
Filesize
16KB
MD5807ea23ac38b53f3fa12a1ec482ccdd2
SHA14a950e968027d119e93308503bff9ea2322f65fb
SHA2561cdceb743390a47334c3f0deeacaa0e09b2dfb8ced63847d24b6a898367c09ae
SHA512c6a57dbf40c0bb3885b44922a946b7130ac095d59befea33688d6552eee67467bde5eb80ff0b3e73e88a3152be82a6b86e3441fe0161c21f2f0e1ceb1557934b
-
Filesize
16KB
MD564c16e66ebacad8d60188620651485a0
SHA1db402d5986675f072ca07292e969bb666822715f
SHA2565fdc1a0c7dddf1f30e8a3c9e97086d9eacb0a0c2045b832b1e467b0030df0c88
SHA512e18c98f1d56f9cfcc3b128a4005aded05bc8d52ec41e676d9830a71a5e02d31e9a869bd71fc43c144494d690bb73bbd18c2ae519db33836a21462c64b82ebdf1
-
Filesize
16KB
MD5835cfc7decf507cdc5e54f602e3f9699
SHA14a55d424cb32e766554672cb2d0b3804fc47552f
SHA25629257dbf2b37d226ace65bd68d001398801235d93ed830a35435bd4bab4de852
SHA5122ab470c2200d97b545693a4cdc661100e46b0299f3d3890773681bc5f22f29eeda6b6a83a5c627fa22119726f3ce78d40021362a3f018a4f3afb4a08476c253d
-
Filesize
512B
MD50aedd5422ed3e35c2cd554a308f5eb40
SHA11d314c7668aeeb803e0cd78b8c2a0c38acbbaaa1
SHA256bfff0b0f8dc94742c46618bca0562bf469c9e5f2561dec03e13320c823d6a3fa
SHA512183efd511894eeedff99c83782edf4c89200d27bbff1afa5307e6bc645c687f18018ea0af4a266d1e9c69892d3e2ae29daf821017d933e99e572a7d680dc968c
-
Filesize
36KB
MD56fee91279fba82bcdee68f9209c7ceee
SHA1183b7922323287a52a32cc56616ecaadb91bf785
SHA2562558ff5b26a427e9214ffbca6f40d09f95a9969cd3efc54cb5b5eaa415f3f94a
SHA51231edd1f8a4860d892688b119311244f47049dbd3bed0429e75ff6bd1a3e78ee6fe9c8df9a41ff5719862c355856621a75ec427d616c23c7740e47598ba327820
-
Filesize
4KB
MD53484271d0bba69a205834c0904e254fc
SHA1c45dfbd5a016e37106982a3bc938d6eb41ea9f1e
SHA2566ec67b02735c89081c8f16c4d73bc79eb8bb81103c8f4a8f02dd2f93325f1492
SHA512401d97307d0947de88cd3d946c85b68207f3b3154d8acbe742458ae71f00a28ab393dc83ca272afa3b7f9a588866fb0a607d1c72a44ec3824f32cf26e3e0feb6
-
Filesize
4KB
MD5e217f53159d8d16caed4e93c96d728be
SHA14e7a7156de76d62fc13b5bef6f3445ed9066fea7
SHA256ab0ab168d03e3d17c0ccdee36e73d53cb69235f15b41e0795f3cd22807b9f9db
SHA512993ca0c5a6cd961089c69fcb52615e12ee9765e38707960ef3fbbb8d840832fda1d9dc905ce307b192800e5a3dbb918ac9afbb67d1d6677a535609b6e3129e6d
-
Filesize
4KB
MD5522aaf9c46eeaed95989f0b82fcc5b5f
SHA11accc91f398ed626bf18513101d63bfff6a89b48
SHA25645616d2b4feaf2f437b91126ff5816c6b717e0e43d25e27e2d1b3775047ae1c9
SHA512ad588f45d9755636459227e7a62270ff0b5eb82935e56ff3efa2eed35096ed3963655fec879cc94a79999bb957bc49567df73cb1f07c92be75942c984a6eaf9d
-
Filesize
4KB
MD523b3bd6febb23c0eedcf18d37e266311
SHA17579e0dc363fed368e76b8fd65cab4c196ae8257
SHA256f073b98f95b45d5e85afbd3e4bf81380b509888292816a93b02669ee01ba037a
SHA512c69c713639ca732108c92d62e36cc410d8b71cfed8a8f605f79b3ce93499da84c78af5e736218dc5ca7677c288f413fa56611b68ecbe10abd9cfe954fe9a586f
-
Filesize
4KB
MD5ed30bb22ddb9e2e5ec15288940be60f2
SHA1a70e8629be71450ddc3ae9411f2af722ce44e730
SHA2560f0357235b6cb0441c8fc89dba0e43bafa11a3dc2fd4ed4cf8c8a91df5b7f8d5
SHA5125ab6a066ea69a9562a126c207aa372b73b72748268e36cbabb757fbe8ba4204db73ee60353cee370729edce484e5db918c19db9b99382a050dc9cd588c405948
-
Filesize
90B
MD59933fe72b09f1c9432bef6b9f61134be
SHA14e94039245204da1afbbdf9337701f42b323ce07
SHA256cec946d69d365ff641ebab529895b9befbab9ed03f3a3c9dd06275124d1777fe
SHA512669764f15fd560a4f737b2c3ae987ae6c54e29aa348d9dc5433a9a90dce7b911e999fe56a4b1ac232c955795cc5a8201855338a130e3b422ef30da6b317594c4
-
Filesize
557B
MD5a6a6d00188ad46358bb96287073557a0
SHA12c0539a95e0af8c6d5da27a598b3740c3279042c
SHA2560cd7941c8ea0c9737d0a6ed39ad65176a02b2f8b4a75c55e1d4de6db4863d240
SHA5122bc2b635b7bdb24534e23812f9b68a3db66b848b2136bf81e080a0fb8c9b0490520bc34eb07694b2fa600018a152a5d609f602e8f219ecd17ff58285ce2693fb
-
Filesize
3KB
MD581e2dd532739867e3d74df48da0755d3
SHA18715b1ffbd18f1ba15b8a27e26dcf131b81a984a
SHA256ff31b25e5a67caa03a19f8753fe3fc7f77f3ff00cff69cae84241a063a0a08e6
SHA512165643b9f7bb69fea72744ee3a791bb271d745159bc467f493d34535803d49e79d5e608fc389b86259332585dc7b3f80f319cb56458e219e582c663b4e4adce3