truthspy | 39283b786c20fdab98188039031cc732615aeb71be06f3530f2f219b1d393ac3 | Triage

Sharing

General

Target

916a24ee1239cc515e6f7285563d1e89_JaffaCakes118
Size

1.5MB
Sample

241123-3z7laszkfk
MD5

916a24ee1239cc515e6f7285563d1e89
SHA1

327b47177d1065c846fc2ee8b0acab08e94eacb4
SHA256

39283b786c20fdab98188039031cc732615aeb71be06f3530f2f219b1d393ac3
SHA512

2353026c8e15f0a856eb8014d5aceecc2817b2b304686797291b4bd8526a3df10b44898c5643e5356a1389748fd854f479419f3aad8bbf917a2eeeed47e5194b
SSDEEP

24576:HukV8/X4rkOSVqNFhUyp1tC6xutS8BCQDR5uxPWDL+ycGMo+LdF0p5dFsRlRo:HLV8vgkSN/UyNJu/uxPWv+yVugrFs/C

Score

10^/10

truthspy android banker discovery infostealer persistence spyware trojan

Malware Config

Extracted

Family

truthspy

C2

http://protocol-a76.thetruthspy.com/protocols

Targets

- Target
  
  916a24ee1239cc515e6f7285563d1e89_JaffaCakes118
- Size
  
  1.5MB
- MD5
  
  916a24ee1239cc515e6f7285563d1e89
- SHA1
  
  327b47177d1065c846fc2ee8b0acab08e94eacb4
- SHA256
  
  39283b786c20fdab98188039031cc732615aeb71be06f3530f2f219b1d393ac3
- SHA512
  
  2353026c8e15f0a856eb8014d5aceecc2817b2b304686797291b4bd8526a3df10b44898c5643e5356a1389748fd854f479419f3aad8bbf917a2eeeed47e5194b
- SSDEEP
  
  24576:HukV8/X4rkOSVqNFhUyp1tC6xutS8BCQDR5uxPWDL+ycGMo+LdF0p5dFsRlRo:HLV8vgkSN/UyNJu/uxPWv+yVugrFs/C
Score

10^/10

truthspy banker discovery infostealer persistence spyware trojan
- Truthspy
  Truthspy is an Android stalkerware.
  trojan infostealer spyware truthspy
- Truthspy family
  truthspy
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
behavioral1

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Software Discovery

Security Software Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

truthspybankerdiscoveryinfostealerpersistencespywaretrojan