truthspy | e92b20674c86b01be77c51093dee2504ceaeda7adbd4fe401e3803a812e56514 | Triage

Sharing

General

Target

61dcac15b81b104efcae4d707a001ac8_JaffaCakes118
Size

1.5MB
Sample

241020-my922awenl
MD5

61dcac15b81b104efcae4d707a001ac8
SHA1

63489970e3337330eb6e22d3c9772bdf4db69ba6
SHA256

e92b20674c86b01be77c51093dee2504ceaeda7adbd4fe401e3803a812e56514
SHA512

66440c8294a57e429cfa3853ebca2cc011d9b24607da596b2784d479441809427f4a615cb75e3e312d69c000198e95769ff2b0cd10a13ed20b300d2bd559ee91
SSDEEP

24576:/ukVMQX4rkOSVq0IVRoPOZrvmOhvP4x9PrZAAufq61+k60N3jrjEwOPQqFFg4ALi:/LVM6gkSR82vmO4Buy6Ak60N3XjE5FAm

Score

10^/10

truthspy android banker discovery infostealer persistence spyware trojan

Malware Config

Extracted

Family

truthspy

C2

http://protocol-a72.thetruthspy.com/protocols

Targets

- Target
  
  61dcac15b81b104efcae4d707a001ac8_JaffaCakes118
- Size
  
  1.5MB
- MD5
  
  61dcac15b81b104efcae4d707a001ac8
- SHA1
  
  63489970e3337330eb6e22d3c9772bdf4db69ba6
- SHA256
  
  e92b20674c86b01be77c51093dee2504ceaeda7adbd4fe401e3803a812e56514
- SHA512
  
  66440c8294a57e429cfa3853ebca2cc011d9b24607da596b2784d479441809427f4a615cb75e3e312d69c000198e95769ff2b0cd10a13ed20b300d2bd559ee91
- SSDEEP
  
  24576:/ukVMQX4rkOSVq0IVRoPOZrvmOhvP4x9PrZAAufq61+k60N3jrjEwOPQqFFg4ALi:/LVM6gkSR82vmO4Buy6Ak60N3XjE5FAm
Score

10^/10

truthspy banker discovery infostealer persistence spyware trojan
- Truthspy
  Truthspy is an Android stalkerware.
  trojan infostealer spyware truthspy
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
behavioral1

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Software Discovery

Security Software Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

truthspybankerdiscoveryinfostealerpersistencespywaretrojan