truthspy | 99c231e24f06f3d8517dcc3bca2d91ec92caaf2d155a52e20b4110b6f0022408 | Triage

Sharing

General

Target

a1bb31b6b6ef8f381a378475dd303b87_JaffaCakes118
Size

1.5MB
Sample

241126-nwfwvawlcn
MD5

a1bb31b6b6ef8f381a378475dd303b87
SHA1

994d14851a8dd00ea912cf84dd7bdd875d7b95a1
SHA256

99c231e24f06f3d8517dcc3bca2d91ec92caaf2d155a52e20b4110b6f0022408
SHA512

bceac10cd1c1506e866ec176f8861bf86d1313cbda93194bfcdea5bd3ca3aac78d621f217e85edda18381f68138643de7dcd114ad488914d8ac75b07a5b019b5
SSDEEP

24576:dukVExX4rkOSVqG7KBNicW29CoVViNEsbkb7aZKZQNXORemW3hEhUukfrQF0p5d0:dLVERgkSG7EW2riisa73ZQ0zWKMrQgr0

Score

10^/10

truthspy android banker discovery infostealer persistence spyware trojan

Malware Config

Extracted

Family

truthspy

C2

http://protocol-a79.thetruthspy.com/protocols

Targets

- Target
  
  a1bb31b6b6ef8f381a378475dd303b87_JaffaCakes118
- Size
  
  1.5MB
- MD5
  
  a1bb31b6b6ef8f381a378475dd303b87
- SHA1
  
  994d14851a8dd00ea912cf84dd7bdd875d7b95a1
- SHA256
  
  99c231e24f06f3d8517dcc3bca2d91ec92caaf2d155a52e20b4110b6f0022408
- SHA512
  
  bceac10cd1c1506e866ec176f8861bf86d1313cbda93194bfcdea5bd3ca3aac78d621f217e85edda18381f68138643de7dcd114ad488914d8ac75b07a5b019b5
- SSDEEP
  
  24576:dukVExX4rkOSVqG7KBNicW29CoVViNEsbkb7aZKZQNXORemW3hEhUukfrQF0p5d0:dLVERgkSG7EW2riisa73ZQ0zWKMrQgr0
Score

10^/10

truthspy banker discovery infostealer persistence spyware trojan
- Truthspy
  Truthspy is an Android stalkerware.
  trojan infostealer spyware truthspy
- Truthspy family
  truthspy
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
behavioral1

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Software Discovery

Security Software Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

truthspybankerdiscoveryinfostealerpersistencespywaretrojan