truthspy | 223e545e6c755f16fe6084a32b1e853e7ab1236fe485ebe66aaebba040e5765e

Analysis

max time kernel
12s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
18-12-2024 00:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f96f48ac8e0d0f1d0229bb3f19e6a64a_JaffaCakes118.apk
Size

1.5MB
MD5

f96f48ac8e0d0f1d0229bb3f19e6a64a
SHA1

1b0805e2d8b7bba1ddf7f2cea08c76925bb6f8d3
SHA256

223e545e6c755f16fe6084a32b1e853e7ab1236fe485ebe66aaebba040e5765e
SHA512

eea4e734a4cc75ff416b282f526b4eeff3dd5fea0bf2f5fda92fcb8eea7d926d4898d64812eaf0e7c480ecd8b4ba7f88aad176da9ff821cd4599733f7b97430d
SSDEEP

24576:TukVYXX4rkOSVqbJOsQqpQ5D43WX7tjCChWdn2A/VV0VK0l5qTY5WzsXwXKvegYm:TLVYngkSQE+U3ICCq2A/Y9MTGeXVgYFs

Score

10^/10

truthspy banker discovery infostealer persistence spyware trojan

Malware Config

Extracted

Family

truthspy

http://protocol-a77.thetruthspy.com/protocols

Signatures

Truthspy
Truthspy is an Android stalkerware.
trojan infostealer spyware truthspy
Truthspy family
truthspy
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.systemservice

com.systemservice
1⤵
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4255

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.systemservice/databases/core.db

Filesize
26KB

MD5
9c45b23a93be7dc2e2179931cf8ff5cc

SHA1
5ba1f16802c041e85faa0196e30b70a5da7c9616

SHA256
bfbe842056582a3d3f8c3cc3bbcb0f9f91554be050a02084e58c721b25206d9c

SHA512
ebc900671b13983d33e258c6306d3413e1880d1aebb595885ac2872a5ea39e64c960bf41760ac3d18c228ee281612385d5fbd3191dc4d97f0510eb90f2d6a6ac

Download Submit