truthspy | 2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc

Analysis

max time kernel
17s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
22-09-2024 02:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc.apk
Size

3.6MB
MD5

39fa2c58237de702fc3458251f358cab
SHA1

16e4e5003046f5d07a0fb1eff0dad56d9ce53be3
SHA256

2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc
SHA512

023b77900582d0b6629d587f7411ce5153124cd3870b9533cf9afc5304b874e4353d8dabb7adf8a199768992123e707bc6a87ee682463c3bdccecc8a060e7126
SSDEEP

98304:kyHTjmHgJcyw+WoeX89z6Odp/9hBbW+te6lXhAyHmz:k+jmKcyPsXMl9jS+oSc

Score

10^/10

truthspy banker collection credential_access discovery evasion impact infostealer persistence spyware trojan

Malware Config

Extracted

Family

truthspy

http://protocol-a100.phoneparental.com/protocols

Signatures

Truthspy
Truthspy is an Android stalkerware.
trojan infostealer spyware truthspy

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

Processes:

com.systemservice

description	ioc	process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.systemservice

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

Clipboard Data
T1414

Transmitted Data Manipulation
T1641.001

Processes:

com.systemservice

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.systemservice
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001
Acquires the wake lock 1 IoCs

Processes:

com.systemservice

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.systemservice
Queries information about active data network 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.systemservice

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.systemservice
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

System Network Connections Discovery
T1421

Processes:

com.systemservice

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.systemservice
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

com.systemservice

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.systemservice

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.systemservice

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.systemservice

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.systemservice

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.systemservice

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.systemservice

com.systemservice
1⤵
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4257

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Clipboard Data

T1414

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.systemservice/databases/com.google.android.datatransport.events

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
92be8a424c747a5126e4d4133b63e42e

SHA1
8de8f663da38fb1873a4c895a0db059d213cfa47

SHA256
b4e9f02c6eb23a80addd1262a7b7fb1da5d324ea75422d10da4211609a455ce7

SHA512
baa0ab323866c3d0935ddd678ac3a8d70cf870d517d16e53ba06049251a1da030c2fbdf4b808245549d396bd200f721f6f51a8fcf59d8fd4def089a80d27c3ca

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-wal

Filesize
68KB

MD5
7158cfc7f7f54601736cbed41a3d86c4

SHA1
ec5531a991708fb0d180aa73dd1f85486a6528fe

SHA256
97fde5d97de7a93d0f4e9a626002c7c5155b0118bffa61cf83680c81180e35c8

SHA512
c545e4564e49fda5b5e1b760841082880bf7806fc5807376d9273fb3ece8bf678d26259702c7abc40ec9d27a5468e9f5d0fa58f629b2e589136f4b92f7729174

Download Submit
/data/data/com.systemservice/databases/core.db

Filesize
36KB

MD5
045489a0639eee27bca52f48828cd93d

SHA1
436e7966e7c019273c44faa4d8c5709b816dfda3

SHA256
0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

SHA512
c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7237409e0640cfab7bdbd429bf821a3b

SHA1
4c3da934842f8d4835dfe2a9c275a300e5123309

SHA256
5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

SHA512
c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
da3569d6fd35afedd98247adbf51abc6

SHA1
044473a52eb2d47c68988ef90a9ef1188980ad1e

SHA256
3775d832e882de313fce1e25fdf9c7f5ba470de5926181047d0406d960483c69

SHA512
43de0180959b1645a3d5fe8e2ab20666db9fab0f8c6642c17a7986f9fbc345a54255280de2d09df7ea8a5c5634479062975ce6294831c4babbae2f3d7ad7b451

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
095b3fedb73c438c48ad453876c0252b

SHA1
a54bde7c98e43217f26a74c2f7a47069335f798b

SHA256
6789e6154bc0cb23bfad08ab4823e4710766aec6ca9e5bdf50d07ff410d6fdff

SHA512
4c5f2d9496024728b6be4d5eccafdaa3dddde2f5c7129b4d149515a16a21cea0b1853ba30200e12b3495c1e67ec31f28e02406f5ba68498bd28d7ff67a17d8cb

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
822aeabc6e721a7937c2d87fc79859e1

SHA1
52aa178bdaf10527c008adaa0e4a06c39c8d62c2

SHA256
4a48e8e244548ed217439266ae62249093249e47d0dafd68f5f8ece191951c50

SHA512
45c2c3ab061df8bc78d2fc142ccd0feaaf2afdf27bb8594b35b600e2ffd922d602af846632880b18b73e6d2659ae85e7d81441348ceed0c1dff6cecd21a90e26

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
ffeb845cd5fdcbeffb21380fb55a50b3

SHA1
4c43e8365a61055499d4f600e97f5b54dd8ab90e

SHA256
a80b8d64220335f8481d649524994e7230fcf0dbe4c2bff53f64257a4c95e9f9

SHA512
aceb9e245ef6b1544aab5fccfbe631bb1646d004176f3bf4783c5b58bf6e948a03a95bba79684d136e09a80ae28c7ac130698f567327e688084129b4d5c37300

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
835cfc7decf507cdc5e54f602e3f9699

SHA1
4a55d424cb32e766554672cb2d0b3804fc47552f

SHA256
29257dbf2b37d226ace65bd68d001398801235d93ed830a35435bd4bab4de852

SHA512
2ab470c2200d97b545693a4cdc661100e46b0299f3d3890773681bc5f22f29eeda6b6a83a5c627fa22119726f3ce78d40021362a3f018a4f3afb4a08476c253d

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
2ff3e8a7509f73b160fa49ec21a5ccc0

SHA1
5aa3364300064f0f9a7467d00bbbec5f50fdbd2c

SHA256
661d9c2e0056ab5563599ad5923a5fdda3d170c00ca01f7afb5c3167d9cadda5

SHA512
8f345f4dec38919e699070095a2cf2bee3baf76bbd14a51714917b572342282497eea0978dc9f56b52f38bd18a074da1aead2d4db1a4765065568275a310dc4e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
c2e7eafd5ad00c8b972c732bd37e727f

SHA1
5acfc294a9984731516f4922b3e75f716716e546

SHA256
1f74aeab05b7c2828e1033f54b75c9f6bc6100c163c1a2bc3374e1dc90ff3fc8

SHA512
7aefc745ec5d8cd83ea4d7b4de798c764b790e105e06cc52463e83b0019d2764609198f9f14bb938e56926360b8a35dbf9167c1a3571d854d5210ea18c3e96f7

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
051eb237015f9229b938c27516e640a9

SHA1
07b526221cd0f15e7360575267a8d7e4233014ef

SHA256
b1cc60a54bae4d99aaa83719bd295239233e4333b40978e9f20719bd65bf37c1

SHA512
d7876d4f59aaddea5d06e034af9e40f350943f8b3916c00acadf885da72a50f375df54b96b94247e29992d19a6fe1780523bf284fede04a9e059c7b91bff956c

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
80d6db111072a9e88d3f4af4d8a1d8ae

SHA1
4b34dd9b34da077bb8b01ea47eecb505dffe2c5f

SHA256
702992327dd4ba245c2d5c504d6a1acb179db5dbc5ebffb46701ecd889608bb9

SHA512
790978f32028e21080b268282e286d6dd0d52bcdbd5f3dbd55fd16cfb0eee5651e4dfd3441ca9bc72652088f5f9708da15e2ecbff4319a5811eea2ed76764f86

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
0730083e5de64c4f42fceb0a7cbb07ee

SHA1
9534d592752650f501ad84deeec14396d3c30a64

SHA256
2b5a807d918a32e24a7783cb7eacc930199b3baa241ab5e4278a1ad240f3ad8c

SHA512
4d9a044cefcef9baee0a1850b162549147e94bee7402d5245ef2a51c04d12993f73618e87c08499b7b018383e635d3fce2bd97eff666ee31f1ca1035e2902d6b

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
e812e2c0c43c87559665a69028fecf68

SHA1
a6b8be8ee9bd1a5974d2be1b3f8c1361cded8831

SHA256
64c60d265f3e00cd15aecce0b9425c02408aa99d916699e00480e8b3ad706a35

SHA512
d8fcfb787a33a4fd9db3f23b2e07842261d5a0cbe1141dca76e0df8a439196c1e272d3ef64930d8f0972e580f7abcdfc037afe1a6dd8b5b7b11db308933d3b28

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
38e74fb9f5da3d06f0253ca064e79196

SHA1
b486e8403197568f98a5c05bde8eccc3d3729a41

SHA256
fc75c31c9d274e0327b604b38a5d86d87d994e47ca7f93f83da8048d46dd4dce

SHA512
602d1cb9ca82dc6b6f142eb0e8381d081239fea6e6964ca6d4759131586442ab115da4d6569b340b2926551d936d9426b3bcbfb61aca144ecfa7e49a9c4c4b7d

Download Submit
/data/data/com.systemservice/files/PersistedInstallation3698331497306297668tmp

Filesize
553B

MD5
f463db8e8dcfdcfed075a3316e66930c

SHA1
3c13c67d433bfc42b38959ab17e9bdf8bc4235ed

SHA256
d966082fa742d6959b92d2b35a5a8ce0350d2f6aecc5a90ae8c9345c53f73d84

SHA512
2b1a864a3819d28de7e13aa0ff99106f451eedef831f0883c5e198ebe1177b48b6bcc31aa64414629cf5f6e55cac897820fdd214d10fed6b586bb63bffba4cb6

Download Submit
/data/data/com.systemservice/files/PersistedInstallation4305363347771107381tmp

Filesize
90B

MD5
d29b1b24068c1826bc5fa5771bbf2367

SHA1
59ec9cd5d8d0ad99e8e05848fabc10504f02a041

SHA256
8938860f10126c032a7fabc40a2b9d677f63dcf656113f031abb18362950f3c2

SHA512
a79fdbd3d61bd9a3e3a427a753650009cc351a49d0829c647590cea8bda7d51ce966ff18227388fb14c19b3223eff3fcb728e1ad464e606fa3192c24e204ea65

Download Submit
/data/data/com.systemservice/log/log4j.txt

Filesize
3KB

MD5
19e1340a0a757d35a50a3aaba1c6fa68

SHA1
94471a1812a4409b3da1b0e4f83f5479d137eb94

SHA256
703d7014619c4b68bb7a7e6399222d44233e931b3c7d9b2349d3e576fdda20cd

SHA512
587523488d31ce3b2e2178fb9a22cf687ce815e8f32e1cdb8f4867660c5d1be9a0e34206684332c20eff843074f3ca7160bc8539323ec5d0e1035c3ee0521596

Download Submit