truthspy | fefc35ce29a326420873597eae3662904649f5db16f09901048eade4d06110b6 | Triage

Sharing

General

Target

d541a70a27d275d4da01af02ab3e555a_JaffaCakes118
Size

1.5MB
Sample

241208-e6ypzaxrar
MD5

d541a70a27d275d4da01af02ab3e555a
SHA1

991bfee5c575ecd5c1472f77c81fcd58232279a8
SHA256

fefc35ce29a326420873597eae3662904649f5db16f09901048eade4d06110b6
SHA512

95a011314925caaec5dab0c4db618233439f375501d2515bcb2e62ac36c75e26bfa89449cd07c18da6811e5fc760712cc9faacab71c9add894bb2c996b313c01
SSDEEP

24576:UukV0IX4rkOSVq17KBNicW29CoVViNEsbkb7aZKZQNXORemW3hEhUukfrWF0p5d9:ULV0SgkS17EW2riisa73ZQ0zWKMrWgr9

Score

10^/10

truthspy android banker discovery infostealer persistence spyware trojan

Malware Config

Extracted

Family

truthspy

C2

http://protocol-a79.thetruthspy.com/protocols

Targets

- Target
  
  d541a70a27d275d4da01af02ab3e555a_JaffaCakes118
- Size
  
  1.5MB
- MD5
  
  d541a70a27d275d4da01af02ab3e555a
- SHA1
  
  991bfee5c575ecd5c1472f77c81fcd58232279a8
- SHA256
  
  fefc35ce29a326420873597eae3662904649f5db16f09901048eade4d06110b6
- SHA512
  
  95a011314925caaec5dab0c4db618233439f375501d2515bcb2e62ac36c75e26bfa89449cd07c18da6811e5fc760712cc9faacab71c9add894bb2c996b313c01
- SSDEEP
  
  24576:UukV0IX4rkOSVq17KBNicW29CoVViNEsbkb7aZKZQNXORemW3hEhUukfrWF0p5d9:ULV0SgkS17EW2riisa73ZQ0zWKMrWgr9
Score

10^/10

truthspy banker discovery infostealer persistence spyware trojan
- Truthspy
  Truthspy is an Android stalkerware.
  trojan infostealer spyware truthspy
- Truthspy family
  truthspy
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
behavioral1

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Software Discovery

Security Software Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

truthspybankerdiscoveryinfostealerpersistencespywaretrojan