truthspy | 41752e7b3d8374ec74b94ebc258a0fefd3d41a44bb07a43d85546701afb50e36 | Triage

Sharing

General

Target

Dilshod.apk
Size

2.8MB
Sample

250114-bnc4rsvnap
MD5

84e73c6c1a69ac3f3dedd5119080f19d
SHA1

65fffa7ab8f7a3ff5154b6c69a3ee31186c9d012
SHA256

41752e7b3d8374ec74b94ebc258a0fefd3d41a44bb07a43d85546701afb50e36
SHA512

ed3678dab2f80bafcf4c80bd095829cf54088c72e6f32bac58031b0270e06d32e4729898fab250f194113bb3046c47f97965f8f728f292d33ba8e9acf6fe0e30
SSDEEP

49152:0V1yqxc7abNLn7WvcWgEhaj+10GbHr9wzWhcAqL4iR9YO791fWFwGOLV31+snp4N:m1yqxOabNLn7RkKw0GbazjL4ZOOFwGO2

Score

10^/10

truthspy android banker discovery evasion infostealer persistence spyware trojan

Malware Config

Extracted

Family

truthspy

C2

http://protocol-a.thetruthspy.com/protocols/get_synx_now.aspx

http://protocol-a.thetruthspy.com/protocols/getsetting.aspx

https://thetruth-db94a-default-rtdb.firebaseio.com

https://thetruth-db94a.firebaseio.com

Extracted

Family

truthspy

C2

http://protocol-a748.thetruthspy.com/protocols

Targets

- Target
  
  Dilshod.apk
- Size
  
  2.8MB
- MD5
  
  84e73c6c1a69ac3f3dedd5119080f19d
- SHA1
  
  65fffa7ab8f7a3ff5154b6c69a3ee31186c9d012
- SHA256
  
  41752e7b3d8374ec74b94ebc258a0fefd3d41a44bb07a43d85546701afb50e36
- SHA512
  
  ed3678dab2f80bafcf4c80bd095829cf54088c72e6f32bac58031b0270e06d32e4729898fab250f194113bb3046c47f97965f8f728f292d33ba8e9acf6fe0e30
- SSDEEP
  
  49152:0V1yqxc7abNLn7WvcWgEhaj+10GbHr9wzWhcAqL4iR9YO791fWFwGOLV31+snp4N:m1yqxOabNLn7RkKw0GbazjL4ZOOFwGO2
Score

10^/10

truthspy banker discovery evasion infostealer persistence spyware trojan
- Truthspy
  Truthspy is an Android stalkerware.
  trojan infostealer spyware truthspy
- Truthspy family
  truthspy
- Checks if the Android device is rooted.
  evasion
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Acquires the wake lock
- Queries information about active data network
  discovery
- Queries the unique device ID (IMEI, MEID, IMSI)
  discovery
- Checks the presence of a debugger
  evasion
behavioral1 behavioral2

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

Software Discovery

Security Software Discovery

System Information Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

truthspybankerdiscoveryevasioninfostealerpersistencespywaretrojan

behavioral2

truthspybankerdiscoveryevasioninfostealerpersistencespywaretrojan