truthspy | 39283b786c20fdab98188039031cc732615aeb71be06f3530f2f219b1d393ac3

Analysis

max time kernel
103s
max time network
136s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
23/11/2024, 23:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

916a24ee1239cc515e6f7285563d1e89_JaffaCakes118.apk
Size

1.5MB
MD5

916a24ee1239cc515e6f7285563d1e89
SHA1

327b47177d1065c846fc2ee8b0acab08e94eacb4
SHA256

39283b786c20fdab98188039031cc732615aeb71be06f3530f2f219b1d393ac3
SHA512

2353026c8e15f0a856eb8014d5aceecc2817b2b304686797291b4bd8526a3df10b44898c5643e5356a1389748fd854f479419f3aad8bbf917a2eeeed47e5194b
SSDEEP

24576:HukV8/X4rkOSVqNFhUyp1tC6xutS8BCQDR5uxPWDL+ycGMo+LdF0p5dFsRlRo:HLV8vgkSN/UyNJu/uxPWv+yVugrFs/C

Score

10^/10

truthspy banker discovery infostealer persistence spyware trojan

Malware Config

Extracted

Family

truthspy

http://protocol-a76.thetruthspy.com/protocols

Signatures

Truthspy
Truthspy is an Android stalkerware.
trojan infostealer spyware truthspy
Truthspy family
truthspy
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.systemservice

com.systemservice
1⤵
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4241

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.systemservice/databases/core.db

Filesize
26KB

MD5
9c45b23a93be7dc2e2179931cf8ff5cc

SHA1
5ba1f16802c041e85faa0196e30b70a5da7c9616

SHA256
bfbe842056582a3d3f8c3cc3bbcb0f9f91554be050a02084e58c721b25206d9c

SHA512
ebc900671b13983d33e258c6306d3413e1880d1aebb595885ac2872a5ea39e64c960bf41760ac3d18c228ee281612385d5fbd3191dc4d97f0510eb90f2d6a6ac

Download Submit