Overview

overview

10

Static

static

10

92c3337b3d...3c.apk

android-9-x86

7

92c3337b3d...3c.apk

android-13-x64

10

Analysis

  • max time kernel
    19s
  • max time network
    150s
  • platform
    android-13_x64
  • resource
    android-33-x64-arm64-20240910-en
  • resource tags

    arch:arm64arch:x64arch:x86image:android-33-x64-arm64-20240910-enlocale:en-usos:android-13-x64system
  • submitted
    30/01/2025, 02:24 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c.apk

  • Size

    3.6MB

  • MD5

    0366ae0abf0ada8aed90322bfe07dfd5

  • SHA1

    2f0779ce64f02944e87674745cb446c5bc620607

  • SHA256

    92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c

  • SHA512

    52f50f2f847628b1fb498784660050a6f189d8c7cc520c0d3a06ca28cc35ee4961d0a3daca71a540e263ab930ab629b884c3ff187d4abcd8f58549fdf87f9677

  • SSDEEP

    98304:mD/SWbGiowrvH6Odp/9hBbW+te6lXhAyHtu:mWWbGjuvl9jS+oSc

Score
10/10
truthspybankercollectioncredential_accessdefense_evasiondiscoveryinfostealerspywaretrojan

Malware Config

Extracted

Family

truthspy

C2

http://protocol-a100.phoneparental.com/protocols

Signatures

Processes

  • com.systemservice
    1⤵
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Queries information about active data network
    PID:4509

Network

  • flag-au
    DNS
    protocol-a100.phoneparental.com
    Remote address:
    1.1.1.1:53
    Request
    protocol-a100.phoneparental.com
    IN A
    Response
    protocol-a100.phoneparental.com
    IN A
    104.21.16.1
    protocol-a100.phoneparental.com
    IN A
    104.21.112.1
    protocol-a100.phoneparental.com
    IN A
    104.21.80.1
    protocol-a100.phoneparental.com
    IN A
    104.21.48.1
    protocol-a100.phoneparental.com
    IN A
    104.21.96.1
    protocol-a100.phoneparental.com
    IN A
    104.21.32.1
    protocol-a100.phoneparental.com
    IN A
    104.21.64.1
  • flag-au
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
    Response
    android.apis.google.com
    IN CNAME
    clients.l.google.com
    clients.l.google.com
    IN A
    142.250.200.14
  • flag-us
    GET
    http://protocol-a100.phoneparental.com/protocols/get-brand-info.aspx?brand_info=tts
    Remote address:
    104.21.16.1:80
    Request
    GET /protocols/get-brand-info.aspx?brand_info=tts HTTP/1.1
    User-Agent: Dalvik/2.1.0 (Linux; U; Android 13; sdk_gphone_x86_64 Build/TE1A.220922.033)
    Host: protocol-a100.phoneparental.com
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Date: Thu, 30 Jan 2025 02:24:17 GMT
    Content-Type: text/html; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    Cache-Control: private
    Vary: Accept-Encoding
    Set-Cookie: ASP.NET_SessionId=h1h334at5mkfexq4a1x1ktuw; path=/; HttpOnly; SameSite=Lax
    X-AspNetMvc-Version: 5.2
    X-AspNet-Version: 4.0.30319
    X-Powered-By: ASP.NET
    cf-cache-status: DYNAMIC
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=v%2Bv2ak5NsriPE6goCM84740Lv2eIBJCdINEytn8XB9%2FVy49qGj8Xca73RDUv71ce1ME%2FIpa43NG5cXtRYCcvtUmHyc%2FiBaFZ5ESCCieS1I7wYeAztUqAN5Ch9AlNO6QXdX6nYqMsk6A9TA6S6z1%2BUJ6z"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 909e0139792f9517-LHR
    Content-Encoding: gzip
    alt-svc: h3=":443"; ma=86400
    server-timing: cfL4;desc="?proto=TCP&rtt=26721&min_rtt=26721&rtt_var=13360&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=238&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
  • flag-au
    DNS
    rcs-acs-tmo-us.jibe.google.com
    Remote address:
    1.1.1.1:53
    Request
    rcs-acs-tmo-us.jibe.google.com
    IN A
    Response
    rcs-acs-tmo-us.jibe.google.com
    IN A
    216.239.36.155
  • flag-au
    DNS
    remoteprovisioning.googleapis.com
    Remote address:
    1.1.1.1:53
    Request
    remoteprovisioning.googleapis.com
    IN A
    Response
    remoteprovisioning.googleapis.com
    IN A
    172.217.169.10
    remoteprovisioning.googleapis.com
    IN A
    216.58.213.10
    remoteprovisioning.googleapis.com
    IN A
    142.250.179.234
    remoteprovisioning.googleapis.com
    IN A
    142.250.180.10
    remoteprovisioning.googleapis.com
    IN A
    142.250.187.202
    remoteprovisioning.googleapis.com
    IN A
    216.58.204.74
    remoteprovisioning.googleapis.com
    IN A
    172.217.16.234
    remoteprovisioning.googleapis.com
    IN A
    142.250.178.10
    remoteprovisioning.googleapis.com
    IN A
    172.217.169.42
    remoteprovisioning.googleapis.com
    IN A
    142.250.200.10
    remoteprovisioning.googleapis.com
    IN A
    142.250.187.234
    remoteprovisioning.googleapis.com
    IN A
    216.58.212.202
    remoteprovisioning.googleapis.com
    IN A
    216.58.201.106
    remoteprovisioning.googleapis.com
    IN A
    142.250.200.42
  • flag-au
    DNS
    www.google.com
    Remote address:
    1.1.1.1:53
    Request
    www.google.com
    IN A
    Response
    www.google.com
    IN A
    172.217.16.228
  • flag-au
    DNS
    www.google.com
    Remote address:
    1.1.1.1:53
    Request
    www.google.com
    IN A
    Response
    www.google.com
    IN A
    142.250.187.228
  • 142.250.200.14:443
    android.apis.google.com
    tls
    2.9kB
     6.8kB
     19
    15
  • 104.21.16.1:80
    http://protocol-a100.phoneparental.com/protocols/get-brand-info.aspx?brand_info=tts
    http
    558 B
     1.9kB
     6
    5

    HTTP Request

    GET http://protocol-a100.phoneparental.com/protocols/get-brand-info.aspx?brand_info=tts

    HTTP Response

    200
  • 216.239.36.155:443
    rcs-acs-tmo-us.jibe.google.com
    tls
    1.6kB
     7.0kB
     13
    12
  • 172.217.169.10:443
    remoteprovisioning.googleapis.com
    tls
    3.6kB
     13.5kB
     17
    16
  • 216.58.212.228:443
    www.google.com
    tls
    1.1kB
     5.6kB
     11
    8
  • 216.58.212.228:443
    www.google.com
    tls
    2.5kB
     8.2kB
     22
    17
  • 142.250.187.228:443
    www.google.com
    tls
    1.0kB
     4.7kB
     8
    8
  • 142.250.187.198:80
    312 B
     6
  • 142.250.179.226:443
    tls
    135 B
     40 B
     2
    1
  • 142.250.179.226:443
    tls
    135 B
     40 B
     2
    1
  • 142.250.179.226:443
    tls
    135 B
     40 B
     2
    1
  • 142.250.187.198:443
    tls
    135 B
     40 B
     2
    1
  • 172.217.169.66:443
    tls
    135 B
     40 B
     2
    1
  • 216.58.212.193:443
    tls
    135 B
     40 B
     2
    1
  • 216.58.212.193:443
    tls
    135 B
     40 B
     2
    1
  • 216.58.212.193:443
    tls
    135 B
     40 B
     2
    1
  • 216.58.212.193:443
    tls
    135 B
     40 B
     2
    1
  • 216.58.212.193:443
    tls
    135 B
     40 B
     2
    1
  • 216.58.212.193:443
    tls
    135 B
     40 B
     2
    1
  • 224.0.0.251:5353
    3.7kB
     11
  • 1.1.1.1:53
    protocol-a100.phoneparental.com
    dns
    77 B
     189 B
     1
    1

    DNS Request

    protocol-a100.phoneparental.com

    DNS Response

    104.21.16.1
    104.21.112.1
    104.21.80.1
    104.21.48.1
    104.21.96.1
    104.21.32.1
    104.21.64.1

  • 1.1.1.1:53
    android.apis.google.com
    dns
    69 B
     109 B
     1
    1

    DNS Request

    android.apis.google.com

    DNS Response

    142.250.200.14

  • 1.1.1.1:53
    rcs-acs-tmo-us.jibe.google.com
    dns
    76 B
     92 B
     1
    1

    DNS Request

    rcs-acs-tmo-us.jibe.google.com

    DNS Response

    216.239.36.155

  • 142.250.200.14:443
    android.apis.google.com
    https
    4.3kB
     7.0kB
     10
    12
  • 1.1.1.1:53
    remoteprovisioning.googleapis.com
    dns
    79 B
     303 B
     1
    1

    DNS Request

    remoteprovisioning.googleapis.com

    DNS Response

    172.217.169.10
    216.58.213.10
    142.250.179.234
    142.250.180.10
    142.250.187.202
    216.58.204.74
    172.217.16.234
    142.250.178.10
    172.217.169.42
    142.250.200.10
    142.250.187.234
    216.58.212.202
    216.58.201.106
    142.250.200.42

  • 142.250.200.14:443
    android.apis.google.com
    https
    2.6kB
     3.4kB
     9
    11
  • 1.1.1.1:53
    www.google.com
    dns
    60 B
     76 B
     1
    1

    DNS Request

    www.google.com

    DNS Response

    172.217.16.228

  • 172.217.16.228:443
    www.google.com
    https
    3.4kB
     8.3kB
     11
    11
  • 1.1.1.1:53
    www.google.com
    dns
    60 B
     76 B
     1
    1

    DNS Request

    www.google.com

    DNS Response

    142.250.187.228

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events
    Filesize

    56KB

    MD5

    181a0adc79d304ff68362802c352a6a1

    SHA1

    c876350f43cb1cae3d7db26c72743fe79056bc17

    SHA256

    fa8d1325ad9e899ea86e134e9959d69189497436424335d613c473dae2526340

    SHA512

    e2ec3277afa89c3e0b9c0c5b3881301ba617a599c47e3b7c43251595425b63d21083c033c9f60aa0f2e10a468a98dd3a1424c86172653c9d2511a473cd447f08

    Download Submit

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events-journal
    Filesize

    512B

    MD5

    b534e6bba4d13535e47681b87b90a31c

    SHA1

    f4ac9737893d695cfcc5e977305b28ff184cb15a

    SHA256

    4d424eee671ad9648cbf25f394accdc5f844118bbe59a2e7db51730f4c91a4de

    SHA512

    c42f074d25ccc7914a9569265734fbdaea9ef5f296d33ff9db164504783603fdf809e7634a8600effcd9053761548894fc476b27871ead79304b18d9dbc27dd6

    Download Submit

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events-journal
    Filesize

    8KB

    MD5

    280c85835e2764b8064d8209c71d92f8

    SHA1

    e5e8e861993e1c5c9d2be28ebdd6b3f431b73b8c

    SHA256

    da00042523c47f49c1d8f170421b7eb0146e3b348376c1bc68e6d88b2acb4058

    SHA512

    ee8c57d50be9527e1e2f3c94138b4e2b64f815351a2c5cbc1a1d7a8ff93ca4a8f58332a1a0d7c138ced30fc529ccb41f2c07c1576d6680c89889f7e2eff86626

    Download Submit

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events-journal
    Filesize

    8KB

    MD5

    3631d88cb66304c8d2d1827e9d8aae55

    SHA1

    380f6e11916fde57d84069fc03f51f3ec59e72ca

    SHA256

    e9588fa457b57fb45e5c7ef04b1f33769b0efd7ffa0daa7c5cc1fb4374e5f82e

    SHA512

    1618f954a9567a1156dfaedb3f1e6ef79a71109445fb66692ac8a85a7a9c71305b3b1432358a9a5157e5036b9af1166daec8ecd117e0bdd299c0ceb73b49aaa0

    Download Submit

  • /data/data/com.systemservice/databases/core.db
    Filesize

    36KB

    MD5

    045489a0639eee27bca52f48828cd93d

    SHA1

    436e7966e7c019273c44faa4d8c5709b816dfda3

    SHA256

    0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

    SHA512

    c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

    Download Submit

  • /data/data/com.systemservice/databases/google_app_measurement_local.db
    Filesize

    16KB

    MD5

    62ad4a05cbdca7f47b3206b7dbda487f

    SHA1

    4f4044cef7b7b1e5c6184ed9025267fc92bf0cd3

    SHA256

    18b909096c7c61d51ab076ae8e562effb0d4ada28e2a4ecd0e6b88ef58f6b2a6

    SHA512

    0936531ed1b2b356a247123200739a43cfc765469ab47a424dcd6e3d1176092a212b0a28591d07f8c2d0cc9d2e0eeddfcea8dde314c2f9343783c61075b071a6

    Download Submit

  • /data/data/com.systemservice/databases/google_app_measurement_local.db
    Filesize

    16KB

    MD5

    f0518671af5dc5ef9cb75b2d1c671ba0

    SHA1

    ab78f1a4fc27997029d7b8df98d62517db24c59f

    SHA256

    4dd4860c428a27a551bcc817761f941ca3d9648d5b1ca9a0dc8d4b031153b7a0

    SHA512

    5d02124cdfbd032d810d4300646330583e853017e8896158125d0e7c7a22d348f7edc56a4dfbb100262caf03a42b6a546317fab2879d1c4b5318e97bafc4963a

    Download Submit

  • /data/data/com.systemservice/databases/google_app_measurement_local.db
    Filesize

    16KB

    MD5

    e720491af5dc0916b00815ff8a4cfded

    SHA1

    6e7a36608d59589cec785f1a8f822e93e998b907

    SHA256

    b372433a93525aca1a7bb7379247f318a3ecd976fc6602af2aa48cd1d5c81528

    SHA512

    1fa124dd313733b22f6512db989c0185c33d1f89abbbf389ef4033818219f3624db9aa4c04e4a9f536e3249ef6843104a2a2babc6e39f706d9ca39e0143b196a

    Download Submit

  • /data/data/com.systemservice/databases/google_app_measurement_local.db
    Filesize

    16KB

    MD5

    43d06d293bda1f035e754bba18ea6e94

    SHA1

    f0ef4fa5d1fd3e72a267038a0f46c282a411d619

    SHA256

    7ac540b75d4365f84a6ff38bd6735339f072d0faa1b1a6645bed309164c5afb3

    SHA512

    d5cf8bd47c1ba4bfd45fb313cfe43231206ee797f501245e45c8d00c20d669c886c1c441f36426c1da9ed1052bfe1fb26d1b40ec0d4e94d52b20c334e5aa16fa

    Download Submit

  • /data/data/com.systemservice/databases/google_app_measurement_local.db
    Filesize

    16KB

    MD5

    f55a83d8ff0e6d213105f5ca67109d25

    SHA1

    74b1fcc3d172ffb7e94feedf047bb50e218f83de

    SHA256

    a9e8e0c10daf2259d56b5ab76b831390d45d98c62415dab0e16b12bd020e7abe

    SHA512

    d475f1fcf63fcb6da294b705eaa7dea0acb365f79585145777fa9107b36a69b96c244d041755aec434cbba09cf1e4703ac8cc5a65319e5b5def76022f23a5cee

    Download Submit

  • /data/data/com.systemservice/databases/google_app_measurement_local.db
    Filesize

    16KB

    MD5

    e3f13c7d7678604e5b293f6672bc0ed1

    SHA1

    b16c998ac7ca1db79cd4983b207a292ac1d96e21

    SHA256

    486eb5bec4ec277ea7b334a0d0e431e5e62881d3462903e8294640edbe96b2e3

    SHA512

    b63bab85a373912587e78dfc9daf8b4168a223c7af08fb87de8140d66b9f35042052d2d25694e4ea7c9f2064107e5471318b6dcec39c4e3dc0aa352627fa09f4

    Download Submit

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal
    Filesize

    512B

    MD5

    e7dba007c8cdf6169f5bfcb32869f3b0

    SHA1

    c2434605342167150557f898fd10681e990fb6e8

    SHA256

    95fc03aded4895c819660b005df3f8190cceb4afad7260ac0321d7d3dead45eb

    SHA512

    b2b00a4a62d3d82b65e64d428ce046b30e13b1647002affe6883adc2425ca00957741725b585dae379460608658c00acd32aa2c12dd8e963981067878259c2f1

    Download Submit

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal
    Filesize

    8KB

    MD5

    2ba2644c473223aea5f566541fdd9df3

    SHA1

    4e905ba06e09960900fdfed2bd5898ced9cd5797

    SHA256

    b9e668226dd3cbc25e40fdb943b1d31df02e06c522a3b36c2b396556cf732e1f

    SHA512

    0dc07c3db56924772f44027ea350c843df7b324cecf78c5daa4cd70280080b18b50dd14d17e01af60e0af0055d9f8bca8a91e63bf2268201d7fefb6c6fdf0f88

    Download Submit

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal
    Filesize

    4KB

    MD5

    e2dbbbc3823cd8e01c40d13608877127

    SHA1

    b0d3ed995fc00f13362a923bbbf16df30ddd2418

    SHA256

    d082bb576bf2dce0f8882c078d0ea46a6d6b122a19363e25d1ef19f5fcd0b599

    SHA512

    a80b13300705ceb41b2290cc0cd5f986467ed71e70d7db6f314ac1a595e8a696b5ebbba9ed0223bcbebd33ab1865dfe4151144d0d2a7d2ca333bb3eb6c1a1e38

    Download Submit

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal
    Filesize

    8KB

    MD5

    11f9bfb2fe885f026dd3d7868417aa42

    SHA1

    55cbacdac24d6949154ea386ab5d70b48e47c4ca

    SHA256

    e55e87c0d7d625d391faa215380600de7f8da326511f92f3eadff93cdc9c55b4

    SHA512

    a35a0f01be1a73f3ed5f5878739f37a537f4f8e18273aae36fc35968a2caf20e00a4c72ad5f50539ad27f0fd0454f927c35c70ba589e7f5fb8bcccb366029b06

    Download Submit

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal
    Filesize

    8KB

    MD5

    485afd3c09ce83e0a9945a1fa5d88175

    SHA1

    7c8a29e63ea2f4444348bc1e280d16ec63be6e22

    SHA256

    3f5ebf78c8d5d6a3206cd2099727369ae731e0546503e8dda1394c7aa167bb13

    SHA512

    cb71f84212d0a0fd051cc9262c98bc0515f6f706d9ade484760fb51e25c3361e2d5982c5cf8631c040c79be2aaed6dee49b29b68e4ef25f748db704660820616

    Download Submit

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal
    Filesize

    8KB

    MD5

    5aa163e938aea5dd48ba84209d55a067

    SHA1

    821d88dac0d1d926a52aeeb398ce4fe793993d52

    SHA256

    0c182a76ae0300b6c8ddd58d14857fbba83f579f334cc1bf450338834c31ed32

    SHA512

    7f3a2e663530d6b87afd9a6b0b079566c735ae17763b408423d959d131b14ef32b272b094fe7c2f2b8ea8c31f052b6aea5d1ac33f71e5d98e6e68d982e232c20

    Download Submit

  • /data/data/com.systemservice/files/PersistedInstallation1162780551558134755tmp
    Filesize

    556B

    MD5

    058a64af8431b4fda63748ef56bc86de

    SHA1

    a523031dd822dba1b4cd0c215a4133b84861af1d

    SHA256

    a78d928e36dd2d00298dbd523caa6ce04e9de47cdb6d8cc2fe8bbb5e7aa72082

    SHA512

    81eb9287d71e229610114cdae54c333d19e780bc56c9dcb4bb3a59cc7d355accbf51bfdaf4e83482d400538482a27e79a48819440ee4fc1a30f56d669093327d

    Download Submit

  • /data/data/com.systemservice/files/PersistedInstallation7355191452883232086tmp
    Filesize

    90B

    MD5

    d267cff94bd607d5c1661dece0576408

    SHA1

    9a417ae3df890d1d380e74e47b3cc621f7e79284

    SHA256

    36508c29684cf0637831023fc9bff7b0023e8ac4fae5098923fed5172809ab3c

    SHA512

    8cd0a9067a760647efef7897667dd5d2deb8c1e11f15ece1674ab5d84a05c8d51c9b5d06744d93de5adc71743cbf5887f3203f2a2d5dea3dc32f58d2d7283f1c

    Download Submit

  • /data/data/com.systemservice/log/log4j.txt
    Filesize

    3KB

    MD5

    6c565e6cbc3ff3b32d3882b19c1fea5b

    SHA1

    7b0589b82a7a676f26d45c775982ad8438dae2e7

    SHA256

    686b55b0ff7fe529c91edd66c4e03a016a349ed6d580f39c920cd915be59a772

    SHA512

    6966f828a7bbac9daa8061e17618359818a2adbbc4f4ba9f06c7a02fc10ca95e56bdfb2d4cde89c533f4ef31a7257503516c0245be55ae23332a30d92d4fa9cd

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.