truthspy | 8a67b576ad92e821134e4fcf8050778cb6e087d68e1d7ca79146640200e51d2f

Analysis

max time kernel
12s
max time network
130s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
20-10-2024 01:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5fc4c34809087a4091a32f77ceb1ab47_JaffaCakes118.apk
Size

1.5MB
MD5

5fc4c34809087a4091a32f77ceb1ab47
SHA1

4e1441bf7e74fa512492de3f51866792bb4452fc
SHA256

8a67b576ad92e821134e4fcf8050778cb6e087d68e1d7ca79146640200e51d2f
SHA512

746e050467973b84613dea4b380dfb4d844f8308c9443f36c97bec4a0210b7ffe30444fbe3ed5d1aff97353d33b1d0f877cd0c93b0a91b36cad992d765125a90
SSDEEP

24576:4ukVo9X4rkOSVqZw5Dbb/g/P3oEA/mhvBu2lsTKDHsT4WL/XaEp4nUZ/tEf6+DDB:4LVotgkS2x//0oEA/Mvg2ls2DMsWL5iZ

Score

10^/10

truthspy banker discovery infostealer persistence spyware trojan

Malware Config

Extracted

Family

truthspy

http://protocol-a75.thetruthspy.com/protocols

Signatures

Truthspy
Truthspy is an Android stalkerware.
trojan infostealer spyware truthspy
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

com.systemservice

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.systemservice

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.systemservice

com.systemservice
1⤵
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4219

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.systemservice/databases/core.db

Filesize
26KB

MD5
edac61d8b03ea79bd944d77d2e7b59fe

SHA1
637a5e7158e6ff0aad95e94d7edb641855b39f4a

SHA256
adfbaf84454684a68c34fff680dbf8d80fe8eb3836333deb95e33b89efa8b018

SHA512
cb42ba6c850b34f5c494ee90bdcde629e0122410408dc4d745684b789965e8e4c96e87068b9a8ae68238c238a4b0909607a0587e04c664cc79717fd57e7cfc3a

Download Submit