Analysis
-
max time kernel
17s -
max time network
132s -
platform
android_x64 -
resource
android-x64-arm64-20240624-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system -
submitted
25-11-2024 02:35
Behavioral task
behavioral1
Sample
92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c.apk
-
Size
3.6MB
-
MD5
0366ae0abf0ada8aed90322bfe07dfd5
-
SHA1
2f0779ce64f02944e87674745cb446c5bc620607
-
SHA256
92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c
-
SHA512
52f50f2f847628b1fb498784660050a6f189d8c7cc520c0d3a06ca28cc35ee4961d0a3daca71a540e263ab930ab629b884c3ff187d4abcd8f58549fdf87f9677
-
SSDEEP
98304:mD/SWbGiowrvH6Odp/9hBbW+te6lXhAyHtu:mWWbGjuvl9jS+oSc
Malware Config
Extracted
truthspy
http://protocol-a100.phoneparental.com/protocols
Signatures
-
Truthspy
Truthspy is an Android stalkerware.
-
Truthspy family
-
Makes use of the framework's Accessibility service 4 TTPs 1 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
description ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId com.systemservice -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.systemservice -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.systemservice
Processes
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
56KB
MD5351c034f022324ced6a7d43855f5540d
SHA16b23b760f57a90d42e0cdb325475304e9f40968e
SHA25628502896a403e798d10e8de049e0873aea454b8994aff0f791d2b660b08bd2ca
SHA512d7967a7cbc9216f570bfefbc383cb63c39a795c20245ec924ae2093035f6a7f828e4c0a8b2cac985c153b0da926e3c318a526d172ee9acabb8c10abe997b6d32
-
Filesize
512B
MD5f368c7901ddb8ce0db32e6661c4458f3
SHA1cc4bde14254c5bb447f8f6896333f8386b46023e
SHA256c722a73446b9872161e41b2cc167cd436f4556ac5488f041d98e69a7aa5e922b
SHA512b45205eea51a55bb7d28250d6b38acf0a9376e07649cb69cdc2dd784c26c67a3cdce6cad276bf4324df0982754dcf4b0897133da523bc2afc5358a64b551eba7
-
Filesize
8KB
MD5c3c43abb7e7d868451ca8a0adc714644
SHA1d72538a8aa2b4d8e76fba06858b55dad2bbde9dc
SHA256c266379424644e5cd80cdb7de86794a5eeaeb260aac0e61f38cdd0e2c8992fbc
SHA51216a8dde72b1c755a34591fece7823b633341c670a81983af1b510a475bc104acd689a70622063cf32f78e82bb45da6489b2a5b5e3bd03a92c14199a009830a87
-
Filesize
8KB
MD569de297571e610c5d15d1c6254203fbc
SHA1ed08fa9691bbd7c526ba9f91cf4a0d76bfc60e5c
SHA2562cf19388ddca08f903bb05f2aa19f64b5045c9595b03247c9e46def2b5aa7932
SHA512eca9a955921021d041d8c3716c67cde495fe48336f98f5d916190a3a6680be583bdabaee166e8a09e2a4fdfe00762769f146924611f19e2879b04f905bd1a031
-
Filesize
36KB
MD5045489a0639eee27bca52f48828cd93d
SHA1436e7966e7c019273c44faa4d8c5709b816dfda3
SHA2560151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e
SHA512c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e
-
Filesize
16KB
MD5d9cf75fdd1c2292d986f6c3d5d60f2c8
SHA107ecb1d3a26d952ae5fecf54f36699ab498510b1
SHA2562d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a
SHA512442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb
-
Filesize
16KB
MD51d3ed5f0ecebd1b628744459c9a314bd
SHA106c53cf4232a9f8ec16957a76840364d8e41de2c
SHA25651f04e644428cdfdb5f1fc1b064a8815530ad1731908021b4eec6c4f45d6d08d
SHA5125809734265d42c808edeaf5f5cd4ce833848d49957c6e683f9a05410455f8bdb39146037f66d6d6d0f6982d321ae6ffd04935d2b8adcbad873c2ea5924906335
-
Filesize
16KB
MD515e8ce65b8c6ceebb28304a1cd79865f
SHA1f6ea65995224fd91e152d8ff022577742991038d
SHA25670c7822411e73ebb9d773ca68eb2d85c06770947d88d0bf78bb8fde9b58e238a
SHA5120145872001e0e7346e5ca447213f087701dd6088415aa0b7d967b30bbbb951b152b48cecca9e2619c8987a18314e01ad921dc62d72521fd535fcdc04056b3aa5
-
Filesize
16KB
MD5076926f4d96d69f955875dcaadb4516d
SHA129a554187024b96e405db8cf313905c8a4ed153d
SHA25689118ef9bd316250c5b51babf576eb77a2645a705abd8416455fe19a54100f8a
SHA51284df5163baf924413ca3c80db1c59dd31a3be578c393578639adef5241881a95cbe031b858de81ba69eb1fdb2ead96f3718115a902e439ce4c76b720d3bcc243
-
Filesize
16KB
MD5efeb16944d0ea23a9f13a06516e3e73b
SHA178cc58fa9fad21d180823d83f897e36ac81af996
SHA256fc92a3d22f0401173eede146355466e1281d9b3149c96b1cf5c5a207a45f040a
SHA5122a9a31fd94ef2c0a3958064968b576cd32cda3b6b5670411886e23cc63be556413538ddca0e84f7add8747dcbaf6f72a1c6c0055139234e1f46f9a32b1ea6b44
-
Filesize
16KB
MD52238195eab25764b61f2d26ef6a720af
SHA1d366efd0cc079f0f87d23c630ec8d99f90541731
SHA256599d63ed390f7e8e81d82b379c9a733ffbf454bfa5843bd0c909737c8d40dfef
SHA512478111185428119bc92f0ffa3b6d88a7c644108c4b1d9b14a53bea1d74278bc78e67752e41d464dd81e3d600de8b7a723d0c7fa0ce920250ffd26977f9fa3470
-
Filesize
512B
MD5d8a8da3eb90c0e3f12de19ccf35568d3
SHA1f5434d52ae2b3927e7c9c2e343eb5ebd9109b2d0
SHA2569c48997595a02dd1b3b83c54b37fd083e02d4c7259d8bd5ed5c1b70670ee5dca
SHA5124a261663d9097a7db479a27ce342afc31ce087da8f357bf3e686712bd096e13eb46cac5a3255a92955b976bee2a4d182afa33ab35dd1792772084b24d1fcc9c4
-
Filesize
8KB
MD527e0bbbf38fa30b8eb80215f699121a6
SHA1020632ad931f864129677a38cc8adb488b1152c8
SHA25677507a60d4790d6baaa981571c973932cc675b05dc8ec39d7abeb3a65a1041c8
SHA5121672ad6b3911fef83724412538ffb90bfd03c4b030262a4ea2f52fbbcf748dbead98dd26bac73a366de31c128386404585b99b0d63c3d6b74b459afd20e51622
-
Filesize
4KB
MD52e003760ff3519bcb7c701517974426b
SHA1356d4325396317fbe206a659c301e9010f6007d3
SHA256e3f2f7e0845633ea892785504e6b6005039eea45b8475bc07ec04c0793cc9883
SHA5128e405e72467bf77b3538016ea97d7086e0b1a3424e25a9ae6de03ce395541e76cb0532697a9e1e38d199ef29d7c690e4e36987ebd836d2d7745d679e4131f77a
-
Filesize
8KB
MD502d5a81fae0b93db357120f6742fa423
SHA10d17557b4f5d479da57640d1ddc29aa10b974821
SHA25666e5374759cb2538e66193693d9aefb4c685bca14e3cb1c60f7db761bbb59ce6
SHA51201f029771f9a1dc47c00d38788d761677bffd8dc1a8899e31f4ec41ba040958a6b176bca3e6e35423e1890c14b9d454e5a60e7b7077f5cbe765bed8e4586ddc0
-
Filesize
8KB
MD522a7a2121febfaa78f266154d78ca5db
SHA192d5609a591364f5cc185c2879100a70b84eeccd
SHA256e0bc17efe23036f05b522d65c69d8f9b4e911693fad556f7575cd277301c1443
SHA512a8505d586cc27c125541c3528af18d5f8af49dc554a29d3f4aa12aecfc66b1839ffb5bf0571da933fbf05a90c853f8690b4f3059c6a64573a76be3c3512e30ce
-
Filesize
8KB
MD5fd3b79f5f3a7bf878a864ca46ab7fa3c
SHA1654e63875b3dd8f777935db834801aeb564ab1af
SHA25691a158b12c9961f83137873068e1abeaf1c988b6bcb52484f79f24560cd9748c
SHA512edcb810c8b219b367a728962634b60cbe5f340901b0a642800fd702a1f12e11ac27d50d8b0883d4055b8c775621c00b6004c6d8d3cd6ccb95798356843fdaa44
-
Filesize
556B
MD5f38fafb39fffd8d6a79a049ed96c6846
SHA1687ea3b25a4c850214b02ee736f2952a7061cf18
SHA2560991d7cac1c3dad98a1304eef3675c3ec9a486ff3450d87948ee3d23dd9359c4
SHA512827a4d8e015cbf680804b5a68d8871a0fbe77b810b419f2f2f7f20917a9e2e21ad43411847438505aa934ad8de50398fcaeb868113a20e4a8ff0e4ca116fee19
-
Filesize
90B
MD5b18bc0d5d90882df109a7d7cca1ea533
SHA1f4a58b7beac05843fee9fc1a42043b1aa52febd7
SHA256bde459723e83611dd6b43e8062e552a7af3a636b87ffb9fe55632bc7de656580
SHA512c88bbf315169e09b9dac8c2684a53512e116cf0fc6ebfa3a95285b5a28f8e8133ec20924b801b8100facf928ac41a66f2e86f65445a4f24ed89a9ce76aaa29ab
-
Filesize
4KB
MD51677d26bc73bc49d18580cd2dff6df67
SHA101f8f73c5bee82c4bec3e868a2b5c63dea99f0df
SHA256aa8b3acf6dfefe9d64b462938c779cca9a1f0b70cd17d7bcee7132e049e0d04b
SHA512adf2d3a09ef0dbec677fe74443686b845153ff7422d2515ea5a0400850702948f0a46f2817a853a516135b22441c1ce4ea70de1f2999e5d738b2d5bfbcceaf8f