Analysis
-
max time kernel
17s -
max time network
131s -
platform
android_x86 -
resource
android-x86-arm-20240624-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system -
submitted
13-01-2025 02:43
Behavioral task
behavioral1
Sample
92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c.apk
-
Size
3.6MB
-
MD5
0366ae0abf0ada8aed90322bfe07dfd5
-
SHA1
2f0779ce64f02944e87674745cb446c5bc620607
-
SHA256
92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c
-
SHA512
52f50f2f847628b1fb498784660050a6f189d8c7cc520c0d3a06ca28cc35ee4961d0a3daca71a540e263ab930ab629b884c3ff187d4abcd8f58549fdf87f9677
-
SSDEEP
98304:mD/SWbGiowrvH6Odp/9hBbW+te6lXhAyHtu:mWWbGjuvl9jS+oSc
Malware Config
Extracted
truthspy
http://protocol-a100.phoneparental.com/protocols
Signatures
-
Truthspy
Truthspy is an Android stalkerware.
-
Truthspy family
-
Makes use of the framework's Accessibility service 4 TTPs 1 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
description ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId com.systemservice -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
description ioc Process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.systemservice -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.systemservice -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.systemservice -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.systemservice -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.systemservice
Processes
-
com.systemservice1⤵
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4265
Network
MITRE ATT&CK Mobile v15
Credential Access
Clipboard Data
1Input Capture
2GUI Input Capture
1Keylogging
1Discovery
Software Discovery
1Security Software Discovery
1System Network Configuration Discovery
1System Network Connections Discovery
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD5e6a3d8443b7dc29aa1773327202dc704
SHA1c9316339a55f39a5c33b7a4de34bafa36db65259
SHA256778efd522da697f7523e544a9bbfc1c7964a30617014e0700bd56e0b181a1c63
SHA51269c8a292acf377567552ea9dd613273e46a9507fa889d03d5ef89f5299d16152e983ae14c92ad6b1378d425f75581d59b4fe5abf3e2a6d1a4a9769cb3d6594d2
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
68KB
MD59e73de49b772732a5c25e580720f66cc
SHA1331ac5284eb156ea618e31037e61051fb2a606c4
SHA2564e5424cf6fba2ef1b6e1b7ea69601bc1f35cd859e0acd01622d38226bd6f9f33
SHA512212564dd94baf9c17441073c79be7b7dad0c57fe66c7dd40914498cb6ecdc23f4b953856f8a6e9986b38b04e690e3cac0e44ff3f0d9132fc766fbf360709c747
-
Filesize
36KB
MD5045489a0639eee27bca52f48828cd93d
SHA1436e7966e7c019273c44faa4d8c5709b816dfda3
SHA2560151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e
SHA512c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e
-
Filesize
16KB
MD57237409e0640cfab7bdbd429bf821a3b
SHA14c3da934842f8d4835dfe2a9c275a300e5123309
SHA2565c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa
SHA512c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f
-
Filesize
16KB
MD55fd56e4a83e096359a1b6258d5d5c4ec
SHA1f384e9e2d84cc7ae404846a50f396e416814e501
SHA256545569248e63d334bff38c7cfe1bbc002a8bacedd377d3adc4191c152db37d0a
SHA512fba9998e1a566dd918f407c55fff4dfe25f4da215ceba6a932cc03547f7863a43b4254ab620db9074787b8b353fc5b8b17d87de4c926935d65ef8851ec799b52
-
Filesize
16KB
MD5a2372a2e395bfb8fbbbe88e2bca2e68d
SHA11fe119e15fae64b5df719c25f05f642b59bd39aa
SHA256fec3a78a1ac76152a58612c3598dbdb2622493915eb51da5d433fc4b9b448198
SHA5123dfdfb16c7e53b274c4ef81ad7708ed2fca1acd5edca772cbfd1966450a24e7b1984998d86b8ec735d0e10336a044bc7b2ede46ab3133ebfe59a5946d4b32041
-
Filesize
16KB
MD5d71bf0559bcc90b44da0eead393fc0ad
SHA1158afe2ee91cb53de3407e7eef619aed7a84b518
SHA256c1bcf154a716f9ac745e179208aa99d0c5239af122c98e8d93016197bbc500cf
SHA512438946e64e7798de813ce169fa0b58a101a230901303992798931c7af625f51233e253a24f546395da9b8d09dc2cec66b3aeabc5eac8ec4e61acad2fd11c8818
-
Filesize
16KB
MD5e811a43898eebd726641bc60830e3e12
SHA172e08746b5609fa3611e42e732ad80bcd6ed9d22
SHA25638fe3ee9dc77d8c864d1cf206c4beea0c97386686e864def1d862824bffc937c
SHA512d7d4ed035a38abc6f8ba45915a78dcdeff48813887dbffe0d358ab62bdaf53852475c21aae450307bbfe99065330d1128f20c5ab58cff7a08ff2f38f34b99ff9
-
Filesize
16KB
MD5835cfc7decf507cdc5e54f602e3f9699
SHA14a55d424cb32e766554672cb2d0b3804fc47552f
SHA25629257dbf2b37d226ace65bd68d001398801235d93ed830a35435bd4bab4de852
SHA5122ab470c2200d97b545693a4cdc661100e46b0299f3d3890773681bc5f22f29eeda6b6a83a5c627fa22119726f3ce78d40021362a3f018a4f3afb4a08476c253d
-
Filesize
512B
MD5fd6a9f7d7fad6c5694b697cb631dc236
SHA119f1890ce4c1b65f156c734da0b1e7b04bb75b82
SHA25679eb31b3de0306cd5a82c54086ba38131ee2c710228fd0dd9dd00b21568b0d02
SHA51281f6e98fd8e89b0c250c7e9932500c634aa48cf4b54a084581766a82ae901a2605dc4781b4b84e6180bd1bc0483d4db07201fefc35b0e85021835b5edb6813fb
-
Filesize
36KB
MD559df7c303855d2ece8da29960aba256b
SHA17e6e1b4ff137421680da9b8c3ba06ff58428968c
SHA25659459460d56d3d581f35ad796d24db8e9fb9b5063ea0c183287dbe6c2c4cfc6a
SHA5124ced906197bb2f213e15ccf053ee420e21073e5dc9daa28bb95ee1ac4c51b5d8734e2e9fe888f0d893df6e72f24f33a37085209aaa9191ed9556066340cb9c36
-
Filesize
4KB
MD52be3b39b1fe823398d3850aec65c9eca
SHA1f05e591b746cd3ec20e51c391ca2a7baee867109
SHA256f1894214601ccb5ee1b9adc80fae53daf619be0781f01f0ba1b8ae707b835614
SHA512ba9b48a31f33d29b0b2adfeddf9af0e089d8c8b1b9290c8169374654e05368e663f35c54409947675bd5588bdb2d25cef3b0915bcd96f91b7808bfec2dfa1e8e
-
Filesize
4KB
MD5f9bcd7f9f678edde3e7bbef3fbea4cd2
SHA10e1fdddc0cc2dad80e18a8a3c3d82640a3f9f82b
SHA25696d856c2294e51cd25dba701593eabfc3ae2d0cb9bb35f79eb3d8fe7db1b624d
SHA512e7283db4082e685c1509bbf3691c8a9c2d6cb192ebf17970f8327f5c7a999fd0159e16100beda76dd71ad16ff5b5a1047aeb17aa8ccf9d96a46e76a1995c8dac
-
Filesize
4KB
MD5f0aeef5662a3c4fee717d870c8edad08
SHA1ebe159855103e96ce913e893d8487300e2d06571
SHA2563ad2e40525c8fdc751ab81050cd323877d8a7053f36d470b880a154abc084c81
SHA5128e9cef89323e00b3643f1a6ada8f680bed917c99e9f8da903c9fa0ab6ec71b0f005b6e7e681d8dcfa91de690c52b155a12a8dc3b9cb8da29346cac2185ddaada
-
Filesize
4KB
MD55d3b9c9384ed16d0f05d862daebc43df
SHA1bbbd56286729ec2718e00f89e8c8a76d7c531cc9
SHA256ae224bc59a4ad89c34e660cff7f4f4bb6a7794bf5c12d7e91e24872a0473dd95
SHA51248d233522fd79521d507020ef664664db13f23478cba4c777a76a9eaac0f4c751472554cfd87f2a5ebfcd35650c9a9804dd84d61311292cf218a6a8a6d174911
-
Filesize
4KB
MD56c3d55d88996101ff2ab1788b57b9613
SHA12a4b9f24bf3fb86e2a6780c295f35ebb57d2b88a
SHA256544223b4127d747231cf4b6719fe9fd095ed7c5ebf80eeb477232596c9cda88e
SHA512253f9ac1dba150d15a5ed171c3a08988730cb779886824c983cd45526068c673436b2ddd3c24e75d3695b8bc5331ec3031ff8befcdf47b3a56df0bd5ce668dbf
-
Filesize
556B
MD58be2cf0e5da8af90147b9d94791597df
SHA14f4deb9f074d2392efa5e81c51ae17fb3a3f5468
SHA2567fe79d19057006280f3ffa3cf1ec447d33cb844b488bffde5852baedb3e1dbc1
SHA51279c0726c7d92f21f7a48339cf62aa139f637c3d34cfa761435c13e39fa3e7c9647fe929442c98088d3839cc5ddd829b1eaaec53acf144c4e6dad01ccfb13303e
-
Filesize
90B
MD5f0d0d98852a229c9b5bb278bf3b6a6f2
SHA1acad3c1a6aa828ee3808b81a8bcc9331d2710a2c
SHA256bd4f6003dcbe7acd53fd79344acf18a598f9ddb94dc0936c97f875c385a3a3d0
SHA512e7b4c166f0ca0b221270088621f5742ce0575a5cdcdbeaf5b174aed24f1d1bf8e420241b68ec3bffda759a539f75fb9eb37d258fae90296830f7c56b0ac91bf6
-
Filesize
3KB
MD5abbf12670c9a99f7352e0cb6f8d9098e
SHA1f67b0fec73b305bad8ad1bf7e119df85e3631a2d
SHA2563f83f84def4156e823580690e0141ca1b82d82998593d36beb94737e07ccd1a6
SHA512666d3d397af7020442cc923785ab02198e7d3de3242c7b2c7789e27fbf7cefd646501711afc89633720dd5ae6ea27cfadde24a582bf8460da140d56ffc7deb5c