truthspy | 2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc

Analysis

max time kernel
17s
max time network
134s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
21-09-2024 02:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc.apk
Size

3.6MB
MD5

39fa2c58237de702fc3458251f358cab
SHA1

16e4e5003046f5d07a0fb1eff0dad56d9ce53be3
SHA256

2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc
SHA512

023b77900582d0b6629d587f7411ce5153124cd3870b9533cf9afc5304b874e4353d8dabb7adf8a199768992123e707bc6a87ee682463c3bdccecc8a060e7126
SSDEEP

98304:kyHTjmHgJcyw+WoeX89z6Odp/9hBbW+te6lXhAyHmz:k+jmKcyPsXMl9jS+oSc

Score

10^/10

truthspy banker collection credential_access discovery evasion infostealer spyware trojan

Malware Config

Extracted

Family

truthspy

http://protocol-a100.phoneparental.com/protocols

Signatures

Truthspy
Truthspy is an Android stalkerware.
trojan infostealer spyware truthspy

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

Processes:

com.systemservice

description	ioc	process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.systemservice

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001
Acquires the wake lock 1 IoCs

Processes:

com.systemservice

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.systemservice
Queries information about active data network 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.systemservice

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.systemservice

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.systemservice

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.systemservice

com.systemservice
1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Queries information about active data network
PID:4449

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Connections Discovery

T1421

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.systemservice/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
e7399f6ca5cfb63711b98dde4902a0de

SHA1
4bd61312ce348ae4c953a37c2723bcdc08d1703b

SHA256
9786439809ba29d0affbbfbb6fc15f5d6ce924ba52dca0acf5e168bb6de5f42a

SHA512
9d6ec00751c26051c217232da29cad66397387155de8d0ba50fe5e0b8877e59defed2c4c332432c93247d2032d512eaf26f3b9a1778dee9bd0fabdaea399b1bb

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
f9a15862401d6159bcb7e3c369ac7f57

SHA1
41956fc0f844e99b0738b9b89abfb534949224e6

SHA256
f27d78b1d82a9774ed2fd551f3161830ff37f44ca7f66c01965319d13cb61c73

SHA512
30ddb5b5461afa0a239897ec165f7d87142ec3ac83859c0cc17da9db60c695f0e6d5ec7a7e0ee0d56f780555307323bcb279e87e6bdac2042cb1db6af200a13d

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
876b01e0b6d9c0907c572bd5389f226e

SHA1
af19e58c78c2e23f50e9ee1d2b3c57e5b9c2fa61

SHA256
de842e87d4bfda11bade251334cbf42722c71116fc282eb2878b8648ea31c809

SHA512
c585ebcdd0751a48164db00162198ea5041c738856de4ae52ade5d96c1043f9a3b15a6ad628b9558ff01e052ca8f1475fddf231b19b90ded915736b830079fc9

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
114ef7ab515a7321c91a0898c598424d

SHA1
dca5d8b8398d64edffcf36ce6fac0c7eccc4df37

SHA256
f9859c8052d02ba83fd612db1d26bd8c1f1d84b3b81b717b3a1a5e444a3e1300

SHA512
e257cd13a4c0401d83fa86cd46e66afd5b8d7871e5c9acb554560c657934a8638ca3b718ac377d88e331de04d5abfbb53a674a3f6f1788ce8982e523e948e735

Download Submit
/data/data/com.systemservice/databases/core.db

Filesize
36KB

MD5
045489a0639eee27bca52f48828cd93d

SHA1
436e7966e7c019273c44faa4d8c5709b816dfda3

SHA256
0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

SHA512
c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d9cf75fdd1c2292d986f6c3d5d60f2c8

SHA1
07ecb1d3a26d952ae5fecf54f36699ab498510b1

SHA256
2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a

SHA512
442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
947301156c0fe008b9947698aa91ead9

SHA1
5734b7009329883223dd28a1d09d028d60b20d22

SHA256
1f7f038f3302f4c49e3449e040a4365b988e319e80b07fc6c14ec127035c1ea4

SHA512
ba82aaecdd902507b352d2512fab4e15e1787477dc4a75d7d72ae0d3b7716726cb6daea90503a4fb249e5a326afd19d46c493727470a28f3b66ce1e0b4a2f947

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
6fea4f6e541c221ea1431ec6b4b62a9e

SHA1
89838f5849d87b22ee8fb3ce53365a5fe804ea95

SHA256
fb4ac82b741e873029bb17308c04705428aa27386714a423bd323f09556e94ad

SHA512
cbeef4e34f124ade9f1110c2813b5ac9706c16f90a21733f65f0a12fac5be3181f51e4100e8e5f04c14b66bbd71eb47928925b08450225c5a47e06bf4c7e3ee8

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
bd1a9e629d567b86f2daa6e384756268

SHA1
b2dfeeb5b8e322963024debe8e21c053cea824fe

SHA256
2b1df62007a337fd7f8582a85fd1db6d356833d0e81bb04ba4c9e4ecfefcd1e0

SHA512
f0532b154c5bff79a140b56a3534af75bdc080c26c9ce7e8233c50c6d228602b5abc73ac1e45ef2ea7d05a5e8820d703aaaf56fb1cf5ef7228f7677bfcd3449a

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
8226cb8a36783254cdce7178a1ebd929

SHA1
6ed9da9e402baf43fb0ceecd473c9a99fd9ce0d3

SHA256
e6aecb8b58f7032d83a9ac3b4341c21eabd64f86a5f0935ade48084027b719f4

SHA512
1e9b508328f8027c4dbf5f2a76964b67ab03a50ef2e5b79f3ca91d42ac16bcd0a8cc78b7c57c3292f9579dd49d0221d80ce96cb7bc03c089c638a5a49cadb436

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
2238195eab25764b61f2d26ef6a720af

SHA1
d366efd0cc079f0f87d23c630ec8d99f90541731

SHA256
599d63ed390f7e8e81d82b379c9a733ffbf454bfa5843bd0c909737c8d40dfef

SHA512
478111185428119bc92f0ffa3b6d88a7c644108c4b1d9b14a53bea1d74278bc78e67752e41d464dd81e3d600de8b7a723d0c7fa0ce920250ffd26977f9fa3470

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
2a0964b26994f4849e96a99ec541d695

SHA1
2caedeb7d93fb332505e5e90ad3bcb50782eb69d

SHA256
487223795df2c7f0ef805ee3c4730a3596c3b2fc623bcad2abea935e11b3b91f

SHA512
fb2b3d7fe0d612c7d96d981e3bc8482a8a1b3c9f2dd0ac7bd73a89760aae6bdff2a56743665b9dcc03055a5c5bc935d6e1957ac90e731852aeea38cebbc1bd25

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
a0388784aa665b226c2391b4c140239d

SHA1
e837c2581624f845b742e6855cb10d24385831fc

SHA256
1f1eac3bf5b69f5af79a3cf97a554a901dbd42d2c38d65425a62d6f25ac618be

SHA512
e22523f8e00d885f4fb7836fee6b6f89fd12fc09da29d77fa33767e7c2f63223561276a46c5bb97d4352fdaab9311b6cf7fda4e2633095e4577647e5af028eaf

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
674e204625f26fd4df7fbd251c89a7a6

SHA1
86fcd67114492975b4a8c74c607a47681bf45e73

SHA256
f06c49472c3f57a89b5594fd5b6b5a5f0fb5daae3abfa50c6bf35e05b0d4ee83

SHA512
9adaf3a2e4da450e3a31a24de9ac6caac77cb99ec94136a207379a814dcf98cf0e97e8f886940b0e143b88e2051ebcf9facf743cb4687f5a413a4a6081689c93

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
9a6dbca3f3495b5e9e07929b6bede95c

SHA1
3002c0a87c168a06dc599099b5d1e6ecf349bd5f

SHA256
f3e9ee8286ba6ff19f346974e8f6badaa405391a71cd2a1d89355ede90ff179b

SHA512
cf3b8cb342aaffa60e232ccaf1f7f15c652474b6f648d9de18654fb8961c10c99215b735b5eecf0bf922c4318a588df794b4c4f2b0a3523aa5989146dcb87822

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
75e224317cafc158da5f54152b19f56a

SHA1
d80f11a6bd9c4bcda1760ea80a7e9612eb1c4201

SHA256
f8531fac590de55e09973ff16631450b88ba22849b96b6ebc1e2530b55272c83

SHA512
fb037f11d687407db9876775ee506384c6d7085da41db922edaec9388c7d6cc5648302fd8bdd6e4b05e905088b543e2f012ea76ffa5d8806a1f704c90c20dabf

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
6133604e5b17a144c05ec0886947ee96

SHA1
c480c6704083ba5e2c37a90bbd908178c95f5eaf

SHA256
002548e3d2f80898f145402ae9a6085a3ea2c53cb062b9a07fb0ce4bc9cb28e1

SHA512
a7f2545f053d50153b6e1c48f90bbfc14445297f9dbf0cbb3c2dba0c1fa113def5fcafe1e1a5ecde08393c93dd5914b86f83e2b27e13e1dca6294aa6b293c1ac

Download Submit
/data/data/com.systemservice/files/PersistedInstallation2274007711278192151tmp

Filesize
554B

MD5
1c5416639459377bdceaea80aea4436c

SHA1
6258ad773e67bc98a5b4913567d341864edffc9b

SHA256
5a252109a16638cdbaf07ca77e9119a1d39d0ec1215bf3413bcd424aa060117f

SHA512
65646f75508ad435e0dddbd8a7b39cb22b34faf012a4fe08a55478decc0425b5b1428b847da6d367a77daf5ca7a2cf4cc5a297cfe4e1aaa80db2384a26fba3e3

Download Submit
/data/data/com.systemservice/files/PersistedInstallation6409808109399346760tmp

Filesize
90B

MD5
c7f2c6a5ecccc6e458ac76d82c42811d

SHA1
02684bf275b7a7f5179c6808584f11a502d5a300

SHA256
45ab77106da7d5c9e22f3fae47944f53ef7fa4364d2745e12dbaf8da4f3f8d69

SHA512
d5648cb2e868eb5173789e308295720dade86e82dbd6a35fb64d1522c095d303d1d90810edcfb80a21dc6952fae3bbf4fb8cbbc2c9f56a341ebe62ab53518f46

Download Submit
/data/data/com.systemservice/log/log4j.txt

Filesize
6KB

MD5
e425f4ba8bfa26f475ff4c8a297f62a4

SHA1
e0e57657624dd0ae28dfa103603cf38f75bb3a7a

SHA256
578221d685504c1633440fcd2e86eb91740c782235741f6e81a25a636e7f69f3

SHA512
859f035fbd861cfa7a008de1a4b89788717cb779de708769a44c1bd5f0ce470f8623eb0edc4cd1b668f3ec5d9f50ba09c6785b3c132d36a43b3bf5f0af327c85

Download Submit