Analysis
-
max time kernel
18s -
max time network
132s -
platform
android_x64 -
resource
android-33-x64-arm64-20240624-en -
resource tags
androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system -
submitted
24-12-2024 02:33
Behavioral task
behavioral1
Sample
92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c.apk
Resource
android-33-x64-arm64-20240624-en
General
-
Target
92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c.apk
-
Size
3.6MB
-
MD5
0366ae0abf0ada8aed90322bfe07dfd5
-
SHA1
2f0779ce64f02944e87674745cb446c5bc620607
-
SHA256
92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c
-
SHA512
52f50f2f847628b1fb498784660050a6f189d8c7cc520c0d3a06ca28cc35ee4961d0a3daca71a540e263ab930ab629b884c3ff187d4abcd8f58549fdf87f9677
-
SSDEEP
98304:mD/SWbGiowrvH6Odp/9hBbW+te6lXhAyHtu:mWWbGjuvl9jS+oSc
Malware Config
Extracted
truthspy
http://protocol-a100.phoneparental.com/protocols
Signatures
-
Truthspy
Truthspy is an Android stalkerware.
-
Truthspy family
-
Makes use of the framework's Accessibility service 4 TTPs 1 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
description ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId com.systemservice -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.systemservice -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.systemservice
Processes
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
56KB
MD5522aca091d4de1d74dbf957c3d259214
SHA1d502339dea8fba906dd0af5477b2da665bcae6f8
SHA256063f50e7354283b12b5d6367c29262deb36daa146ca827441ab3fb294370a1b1
SHA512deb181b30e8cbe238d71fbe6696ab24d4c24772fdf192c6dcd771003ef00e2ac52bc1b309cd69f27371ed73de7e3ec607de9ec2c18a2052a1543084d519c6eb3
-
Filesize
512B
MD5fde0663f7de17a6843b0c58a4a80e068
SHA1a7e348ce4f472b44642672cf4c47fb58ade349da
SHA256d2cf8af650cadba4421df503397cba16ced5fb6c80e77add23576c24677f9670
SHA5129472573d9ef19472d7474e60cdbc430ee73d7a29d2ea6e66367c6f8c6cd1ae9d07e495ed7c7939e9863cb9facca594faab7789086bdc9120f6260c5f0c0e2ba4
-
Filesize
8KB
MD54f52ce209af2a074a64a32ce6f846af7
SHA122c3dd4a97ae86a5c98b9e4e5c15cec937c269d2
SHA256043b6cc92cabb9cf7018e1c8d7c1c7196700be3e973a8af8c9af6640be01a1a4
SHA512b7500e823cecfc39eead2057a6914034edcc00444268a8f708af8f9b155535b200ba99254811fd36ccb60a590a5c76731964bef4831d65ced85baa7c4a0ab923
-
Filesize
8KB
MD52cd83737690f890fa8d0bfdf985e68ea
SHA1857aa2b36c1e6ca59ffc5bd17cdf78c85ace1bf1
SHA25629979cd0798ad6014682d8dfbbbe41b4ec1140618d048af8ec8c871c53ee54d9
SHA5121677054ed796dc3ae9be31e762a6858317c293a513524d45a3021af2cc465980bf6c2cbf949b7a982a388a0c52460357e5191dab428ce941b8a87b7bc3d5fd6b
-
Filesize
36KB
MD5045489a0639eee27bca52f48828cd93d
SHA1436e7966e7c019273c44faa4d8c5709b816dfda3
SHA2560151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e
SHA512c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e
-
Filesize
16KB
MD562ad4a05cbdca7f47b3206b7dbda487f
SHA14f4044cef7b7b1e5c6184ed9025267fc92bf0cd3
SHA25618b909096c7c61d51ab076ae8e562effb0d4ada28e2a4ecd0e6b88ef58f6b2a6
SHA5120936531ed1b2b356a247123200739a43cfc765469ab47a424dcd6e3d1176092a212b0a28591d07f8c2d0cc9d2e0eeddfcea8dde314c2f9343783c61075b071a6
-
Filesize
16KB
MD5271116290b167e0ac4975c7285ed735a
SHA1df6c1f195f687734eb4a3dcba678ed23bd6f9c9c
SHA25658645dca98ff547d0586a62b3328b99d60740fd6e153bf9c9c6aeb91fc9934b9
SHA5120e74217b94fe9a8dba61d847b51297721c57ee83286dbcbdaa2eb73607f390262fb2af5895b6b02dc9a8bc2fe17c731c724d6d90aa07da8961a8d30866da90b2
-
Filesize
16KB
MD579397e31600956c1419838d209317707
SHA14360dac91180130c1ab5bf3850f925332e4e1118
SHA2563b655c6d227e4031ebcefa6fea476b5cfdc8df6dfe01ec5bfe5cfac20cac946b
SHA512eff2af0aa9019ed49e09274e8fd8d0d090e7149e4756b9f14d4a20d54f2a97f7c71682846b126d2ef0b7836f998306ee4aa28b21fbffe2162675d590ca893df4
-
Filesize
16KB
MD512552c5b4914e3a2c2941a41bc897ffc
SHA1ac7d0dfdca880cad5aa4ee4d671450271f0d734a
SHA25655e0c476f02022fd0d8314d8ced45351b71fb0eb7d7adda27f236ae4b5d0aaab
SHA51286d5e425dfdb0c66b21bf2f249d03432c79d6611e0624a304c6eafb645fb14ddc8860bf605a3850a6c2c075252ef13e2487f38c6b63d8264df31a1fea3931b6b
-
Filesize
16KB
MD5f00bf12ee4a6d30bd11207ee31a150ab
SHA111b8c2e070d0d2477ce64cda9e147a35037cb368
SHA256aad62ae92986de04344432263c1ce9fbb5cd0542c2f1aca342302e9aa5ecfd31
SHA512fee3d7a2d7b08d42fe95f105ade011bfa5a799ba64bb2509fb41279aecd44785d866dae605239129f0c4499e58d2e69b17ab90f6b0c4501d9b8a9ed7f405fea2
-
Filesize
16KB
MD5e3f13c7d7678604e5b293f6672bc0ed1
SHA1b16c998ac7ca1db79cd4983b207a292ac1d96e21
SHA256486eb5bec4ec277ea7b334a0d0e431e5e62881d3462903e8294640edbe96b2e3
SHA512b63bab85a373912587e78dfc9daf8b4168a223c7af08fb87de8140d66b9f35042052d2d25694e4ea7c9f2064107e5471318b6dcec39c4e3dc0aa352627fa09f4
-
Filesize
512B
MD5d3668525ef0153e9706894c256f294f9
SHA18a062ff9aafe2adc2ceec6ce9534dcf333b2dd50
SHA2563b23eb7323a60ddd41619aef0be6b58350eb016ff24b10f51006e9fcc8ebfdea
SHA512bd08737f6e04233e16d4fa53bd56d2053e4acf0fb679a3304e7c4bca2c861419d0f6c3224ee1b72aaafcf2c982c8c9207a56542d0268555b3183dc63efa07e6d
-
Filesize
8KB
MD5fbfad2efb73e8b4396d4decc3402a11e
SHA1371394cc9c50577af4b4f72e5aeba692bc00a549
SHA25602a42c164d8bd80a0e1d585be7e3bf00de22e3739c27402aa0e3b44640bed19d
SHA512932ffa9b955479871e8509e2a33284a075c5313374f0990da41d6941ad17244c6181f46a54bea741933a341aaad534f5c6ac682dd86c642c88b632257e3b495f
-
Filesize
4KB
MD5535495a9e2e3b8756fabe8852818bac6
SHA14f26c5e66349496306cf17a2db6a2dd44df491bf
SHA256bb6445d0b2d1be67f7c4068f24bcc1d5565ed126615eecfb5f51651dc90121de
SHA512dc04d5304bcd8a1e63869c550aeea7d0b5f5c1fb88e5097bdab88eda0e0e8f60624b1df8f8e5d6ae68f15162bd80bbbe204d2fbed74ebee089bbb9522d8d3bf4
-
Filesize
8KB
MD550d3cb7f0baddb1ff204328814987b66
SHA164182f66ebac51e5c13e1667c584a5f2688ab254
SHA2563ee478dfd43e36b294a2e0c5901a34019cf39aec83200acbb3ecf8524563c08d
SHA512aaff5420b995c87c686d5fd63c9e6d1c69a25400ce375a447354c6a26ba7f7be4095b5505b23097a20eceac1da072ab4bad9e8c503c8c0933d810f957fa13054
-
Filesize
8KB
MD5ab52804805b5884da130a06a8570d7a1
SHA175b2a5798a670ec11f347674785bd8fb660f7af6
SHA25619e373b91096a11622e75663bbc2e69f75720f9d47371282eaa96f46a8c8efe9
SHA5126cd76a40d525512f1dc901f789c3b5bdf0c7056321d83b35ab5072b9d58cbf6fe7a2d1400a955c28ffa18f540c6f7eebc0ebf1ae21bfec9c162b81e458562898
-
Filesize
8KB
MD5719f6396d9b6ca30c8e6e3fdf2602113
SHA1c1b48ee3dd02b1be340f699e43631cd8a64f5834
SHA25632d202e3d21fcd6ae0aa26504fb61b470e277f44c31c66b19e941191e2fe0245
SHA512574e69a77e36c54b16214643dddf5938cebbcf741197efb09d6315903347d733118fc5cefb35eeda16ab66f70b0994769de6b215e2b0d7cc25deb01af5ce7385
-
Filesize
555B
MD5bbcbedc16287c9c53ad89055ea522463
SHA1f7051e74ee738301ec8a9024464865ef12ba5ef8
SHA2564dd1ff4fa9b43959f5daab103a3311212106baf70d6957d134ee6094d26211cd
SHA512a09e1648981add62186f46fb5a532c8f13ff6eef37e375e9280b2584adea35e728e4c382d2ee619307d4c7e095ea9bbd304ef738cb33672020984db9b36e3cf0
-
Filesize
90B
MD5eda0d23e64f791469e4ddc60a9925e04
SHA133d94ae725bca95d000d44ae86109d609005b71f
SHA256654612b367785aac26fbddb281b2db6b4543fee3f4b9006a044423406e44cc2f
SHA51255da696554946255168a70c0623788a538b18c09331743c4c0d633bbbbca334297e6cf231e0f437c1c083a3bab57d2a4ca41525220b9fcc1959acd7b0894c765
-
Filesize
3KB
MD5d3e2f54211a9e5b921bbdfdd7023a62a
SHA12f00e1364c53eb15f86076f1fa9cd8a4e56f5769
SHA256bcc1c344737c7d380e7c546dcfbc9184e95b5a32fa3fa31fcdd667e974ebbe45
SHA512c5f73eff8f23d10bd19541518dc979a1f10131fbac79dd921dea9a98e5ae1cd5712d3e1314d3ab2451c3aaa8cdb86cdb54907264b02d45dab0417bbb22215e29