Analysis
-
max time kernel
18s -
max time network
134s -
platform
android_x64 -
resource
android-33-x64-arm64-20240624-en -
resource tags
androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system -
submitted
28-10-2024 02:26
Behavioral task
behavioral1
Sample
92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c.apk
Resource
android-33-x64-arm64-20240624-en
General
-
Target
92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c.apk
-
Size
3.6MB
-
MD5
0366ae0abf0ada8aed90322bfe07dfd5
-
SHA1
2f0779ce64f02944e87674745cb446c5bc620607
-
SHA256
92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c
-
SHA512
52f50f2f847628b1fb498784660050a6f189d8c7cc520c0d3a06ca28cc35ee4961d0a3daca71a540e263ab930ab629b884c3ff187d4abcd8f58549fdf87f9677
-
SSDEEP
98304:mD/SWbGiowrvH6Odp/9hBbW+te6lXhAyHtu:mWWbGjuvl9jS+oSc
Malware Config
Extracted
truthspy
http://protocol-a100.phoneparental.com/protocols
Signatures
-
Truthspy
Truthspy is an Android stalkerware.
-
Truthspy family
-
Makes use of the framework's Accessibility service 4 TTPs 1 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
description ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId com.systemservice -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.systemservice -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.systemservice
Processes
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
56KB
MD5feac1f5c77957e1b43a0a3c73714ce08
SHA1f7091ca8a4b3a43a8a7c66051ab69061abea961b
SHA2567e2331aefb68ee94fba409db5fa1389d929d2610d7b8b93872e04d101cad1fdd
SHA51234b326e00de9ef1020d3aac9f8e10dc6b2103182ea60e1105cf19a94f0fc6bfdabf403cf7c9364a0df148b4d7afee266956a12d95654254b272104b808913627
-
Filesize
512B
MD594588cfc72decfb11591d74d6139bb3f
SHA1e8bdc7df416717c200347b3601841fa4588d8a33
SHA25611c53912a89b7cd75b846e48227bcdd39083e5f50bea437897d5fb397e2864e4
SHA5121a508bba88e26cd1a9570dad8dabb176886d22dff8b22ceda85539190a9610fb1470fd7733691d6ed09265c653c7aea2818004083caa1464939d48b6aae18170
-
Filesize
8KB
MD5ce890540a872416bc30ba767a5cc8688
SHA1042fecf963ec3a4db8ad40280a604133720a00f7
SHA2562563953fbf8152b8af00ca5dfb698c2c54f3d29bd067e439c1057ffdd7bbdbd2
SHA51289ff76b6f68ce25887982c8272ecb15bb611f4932d2d76cb05f098cc3500e1bde94d8dcf99095c52fa840a8ceda7f7278f32cad3bd4a26383850d9a00b4bdf77
-
Filesize
8KB
MD5037d16cdeb16143828b7c70cc45edbc9
SHA1a360f1499244f3ef984d5699b6f806b9cf68ca70
SHA2565deacf4c0ce8f8fb0df24b76efed52919a8ec3a9bff83c3c25f91f2d3f66c206
SHA51211c0c25a1b4880a850eac4262732996bb3206f219d5e4ede14b23a58b09198766db6f53c242da17fc90b4ce847d6bea4b376fff277777e629b4af769dff96c42
-
Filesize
36KB
MD5045489a0639eee27bca52f48828cd93d
SHA1436e7966e7c019273c44faa4d8c5709b816dfda3
SHA2560151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e
SHA512c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e
-
Filesize
16KB
MD562ad4a05cbdca7f47b3206b7dbda487f
SHA14f4044cef7b7b1e5c6184ed9025267fc92bf0cd3
SHA25618b909096c7c61d51ab076ae8e562effb0d4ada28e2a4ecd0e6b88ef58f6b2a6
SHA5120936531ed1b2b356a247123200739a43cfc765469ab47a424dcd6e3d1176092a212b0a28591d07f8c2d0cc9d2e0eeddfcea8dde314c2f9343783c61075b071a6
-
Filesize
16KB
MD5f4e263d275f54d79d37bf0682071b195
SHA16c760f74494b34e5a11fcb5c1efdabef34ef30f4
SHA2569caca258d4d9af7679afd0fdf4c007f36a38ced0f44c15dd7332cf48b822ac64
SHA51261604447033247510d79ff8013f4a78662973baca1d47d44d9f31813bf257949d9055862c9b04493301fac4c26f8326a5f019924021142e40a9dda8c6558883e
-
Filesize
16KB
MD57a871e14a1b584063fc692b663d3db31
SHA1ff6d3d077d6fd7215210768cc0db273dbffebfd9
SHA2563bba56f2f1bd12c5b1d92d1feec5458814156f39f157d5f16108a56f5d1cfa58
SHA512e63f2c14a1af9400971e593c57dfa6e6f4180bb503b5599d59c5632e2883798ad5ddf64859988dfc4c9c9ee84084c70b7c4e947b734fc6d0376d26a4989d39f7
-
Filesize
16KB
MD5fcaf100ae016609ced8cfb0c35ec889f
SHA1b3cfa3d0030d640f2ffcbf04d7c663f131234722
SHA25651aa7cf38c96d63f992123b18993a67345685753a62345b8fab4005de39b7e4b
SHA512d3e0df047857d1c3c96f7a5676f5dcddff2e88365a57572164a2f6ea3fdbd907b570dce01c937abf11f40f32731e372b0439e51425c8386cb5b60eec0c42927f
-
Filesize
16KB
MD523cea5c99065323630e5457eed77d046
SHA1dee58a4912da3c5de16c437f3f92f8f2369b65e7
SHA256db3778916ff9838240a79a08d0cb5386091c4a6c35176583fd04e51679c2522d
SHA512dcf08f67fff3f28079c06dbc19f59f7808a01573d8dd51f0dc95b9fb77632fb38d21f9fafe43005a680da3de6be7c34619d0549847fba49cd30c5af746876140
-
Filesize
16KB
MD5e3f13c7d7678604e5b293f6672bc0ed1
SHA1b16c998ac7ca1db79cd4983b207a292ac1d96e21
SHA256486eb5bec4ec277ea7b334a0d0e431e5e62881d3462903e8294640edbe96b2e3
SHA512b63bab85a373912587e78dfc9daf8b4168a223c7af08fb87de8140d66b9f35042052d2d25694e4ea7c9f2064107e5471318b6dcec39c4e3dc0aa352627fa09f4
-
Filesize
512B
MD5d210b29327ea879e052e0851cdc99179
SHA1997635a34c52fed53ee5ab9527ea39e9b0be47e5
SHA25620733002058dea22c330065277c20e07c7b975a35fe3118445ffe1ddc589f9fb
SHA512d1ddb588f058e3f7b8741bfbddd2da9996dca3ffadea9f19136a7be35e7ab7fcce9c1ea209d17aba9765f48574b342c58a3bf636e3d96d0153b06247657c5ca3
-
Filesize
8KB
MD535fb5a7df00e32750d2ba2b273af38e3
SHA16efbd94e552ed5facffc2f8bbbf948942a04c79c
SHA2565b90cd47966cb8238a829f7b582000578c60342b5f0f3a492d7cb1d78686011e
SHA51229d7aaf690d540447aea4066e73be442966e52198fddedb385e8aba2408d8497de187be2887176f84ce22f2d3f5f0fa1ca4a0daaf219cb7a22f4aab84d1d5417
-
Filesize
4KB
MD5a2545bcfaf5e69bbd3da1260056151ec
SHA1006914ba9c05c8f08cac4e031bcbc3f36dc71f4c
SHA256c1fda1f4ad99cf64f5aa78a6fe2d9d6415934f2898f00aec4e027f71dd5da8c5
SHA512d0e5937fe0f9d29cd681b9f983de13c09f377a3ee887676c46c08899ecdd1a5ec9d5830a0aa19ccccf1d3332f47367bbdd26afee32ce12a8af8dd8b48f8fcdf6
-
Filesize
8KB
MD57cd8d135aa5d02d878de1b70e538f922
SHA133c29ce9e83ab80070e0cf0b1adf6d3fe32643cc
SHA256d18478956f86f21d47e5430d1f22da6ce1e9f19344f4af94c5b59235be706dff
SHA512d1c49a11cc65882704dc633f56d31d87231090c13e432a492faa043398b393afc5caf3eac76cc34737912b3cd399b8128b9526cb80673fbdc2c8c12b851821c0
-
Filesize
8KB
MD5b917b54bfc685b2d0dfe10acf00a4fa0
SHA1cbd8d982795dc0e386bfed1ce6aa31bab8c88462
SHA2565643c7f2deaf45fa418eb80c333d283edfcce296e4f0975517c0cfb0c31d14ea
SHA51205eb46e005e2f312300147cdac7b5f13c88a6841ec506008401c1d9d98e983ad791961c134910680ad5e5ad4b0a506fd1ae0c0df0b0afa3e273f6265e0afe420
-
Filesize
8KB
MD509e037f85519015ec3536d01edeb4782
SHA17b5e0cdf01d0f5cbe09c3551bb43d205eb119cdf
SHA256d74dac68c46a9bc57caa16f781c4da88c60aa85256d8cbef9306c719254fc410
SHA51277cfb78149302c5c1bc1d434448de1e74e05b21779f9ce05bf2415f844775ea376b5e6178e78a8f9da5ce96326fb1b6d5d07a940b45d6f82fe17883ce0c4f254
-
Filesize
90B
MD5e3712d222e2b317b61f66bd3d73acd5a
SHA18486ff304cac5108e0b060e2bf8a55efb47809fa
SHA256b476d7e102d28fd8969259e2ddd11b7ec9c5c5c6637e87ee2a9a7fb1833008db
SHA512b6f2ff186748a5c2168f82a624a45b44dadc55bd7f4b0eeb6290324c551b70e094cc5765276147f9621832fd2bd17ebd92225d6e284dc7376e02046c8b226422
-
Filesize
556B
MD5bf0bd0e8668aa50beb80860950fc1f1b
SHA1e357b5aaf9ba81d5ca3c226ac1b4471e12d69179
SHA256476d1852acbabda7498cad76a15b6e0e5897bd633e62176ad5b693f14a42468e
SHA512f4eed9e9aba62c1ba0e6f172e35a6acccfe42a3f6e2c327159c106ccd86dc7841bf7c3cf578bc082453f36a595da0991c8d9ccaf0452a801beae80665312a805
-
Filesize
3KB
MD5b3a8fd8de6453c33eca7503f02e8421a
SHA12c1ef7835836c0e485564782c9262bfcab114f85
SHA256c119af1f88750b415e3c2a013277252e011fcba439ae919240cd235c8d87d71d
SHA512e926f5538dc183f16cc1cf76522e225ecaec59b325042512d399d286fa5ebcd4ab85f509f939dd38c6440322b8d7067db5cd872b46ad301113c4c3cb678d888f