truthspy | 5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb

Analysis

max time kernel
17s
max time network
132s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
27-09-2024 02:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb.apk
Size

3.6MB
MD5

d836feab9d4bf3c6cf086bdc14724c8b
SHA1

c837cf7b181679a0081165e5fe4aa0eb94f748f8
SHA256

5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb
SHA512

8c7801c5f1d8dfda39e0c65bdbea83feb8f217b41b69a245d01dd9e983a6a357c8b0b2be79123bed07e638655fc66ef3a093cc01be68c696ecfea5ab6c692dad
SSDEEP

98304:5s13ZL3Vf6JqeomaMDmQZ75ub8GoRJ6Odp/9hBbW+te6lXhAyHzwI:eTLVf6JumaMiQVWovl9jS+oS4I

Score

10^/10

truthspy banker collection credential_access discovery evasion impact infostealer persistence spyware trojan

Malware Config

Extracted

Family

truthspy

http://protocol-a100.phoneparental.com/protocols

Signatures

Truthspy
Truthspy is an Android stalkerware.
trojan infostealer spyware truthspy

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.systemservice

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.systemservice

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.systemservice

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.systemservice

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.systemservice

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.systemservice

com.systemservice
1⤵
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4261

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Clipboard Data

T1414

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.systemservice/databases/com.google.android.datatransport.events

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
39f6331df0a5fa86741823d1bec9857d

SHA1
78c880ea2b36a75625eba177b3efad3ca3d30bd5

SHA256
551a6bfdce7d24efc1e15829c143ad2b9c20d9c3927c8498b6d29577834664ab

SHA512
b2a142061fd75fda0af97513ac6801443e3e82b897d60761064c9f7e99fdf96567c920a7d41814b41af5369efc452d978f0ad5cedd4bf6514b19f79667118517

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-wal

Filesize
68KB

MD5
9da53d8d60c0f1b94120f0318f218d76

SHA1
1b9b7cd251cd65290db485a4bd8d8f54efd233dd

SHA256
4126a49b4fe09ebafd75064a5f7ed5a903301fd23fff6002c3b4aee2d1754b79

SHA512
32243bf59bbf5bd8a9a5bff81c1eeda52c780cbaba2fb9bc3c671b4f98e415a0f830b8d9cfdf7b1a3f62206673d2c05b461c5e50da2de531b46bd86f0d2e6aa7

Download Submit
/data/data/com.systemservice/databases/core.db

Filesize
36KB

MD5
045489a0639eee27bca52f48828cd93d

SHA1
436e7966e7c019273c44faa4d8c5709b816dfda3

SHA256
0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

SHA512
c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7237409e0640cfab7bdbd429bf821a3b

SHA1
4c3da934842f8d4835dfe2a9c275a300e5123309

SHA256
5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

SHA512
c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
ae8e3057ead6bc93d3fc74f06c4825fe

SHA1
21227299f2c95fb26aa9ebcefeda0869f47f9cb2

SHA256
a9552761306326b44d26f60f36cffc2762fb627a2e3f013eab6afccce25cfb6d

SHA512
8dda7e22e6e63deed71b5b1b4c5f074bfac43a8229f9bb099ed762ff82ac2a0c4214ba55d10b0e389fe87b23f961f627e31bba0a8817e37ff3261bf4034c81f0

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
0ba82fa9147af59b13fde3b935f6c2ad

SHA1
e7d8c0c3e081151dcbce91d71ad8eeb291c28257

SHA256
1bf37e77212d7d5140a9e933e93042c23dce9745867693b40c00a64fdef00fb7

SHA512
9e9026efef52071b17f1bf491bfe5a408bcf30329e95ae3e8970f05016a9378c27537819ea31b99ab9e812194cd9ff70e6f8fe030e6b4a564b120385c4dfe0d0

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
e0377eda04fdbde73c5fab881a7a2c8f

SHA1
e878dbce5f46dbe004b9124dc7d0b41261825c9e

SHA256
05ea1050926a8ae93e33e386fc64d08163b10166e15c66efa6d1a347a1c1c749

SHA512
ae7a6db3bd1c6d4686a68e1d8cae45bfb2bd2f958cff759dc36136562141da98e56eeeaf5730280e8909a35085c2ee7b249c3e2fd7f30e3deffb54e4c03a4def

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7de60b3ac7c3c618a7c8c4eca77b750f

SHA1
7dc63e8831ce074fff69ae1c2a49f0f44785d9d0

SHA256
2ca6e618bb5cf528de890c907940ce5a067b82b05198e98fcf163856fae64bb3

SHA512
663fb436b2466c66dcdb82c33e9701892ed11e64fed4692400af200b302e821e31b47890eee7077f78a8b7f4556c5ef080eb2d9d5e5493d9ddff8eb87985896b

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
835cfc7decf507cdc5e54f602e3f9699

SHA1
4a55d424cb32e766554672cb2d0b3804fc47552f

SHA256
29257dbf2b37d226ace65bd68d001398801235d93ed830a35435bd4bab4de852

SHA512
2ab470c2200d97b545693a4cdc661100e46b0299f3d3890773681bc5f22f29eeda6b6a83a5c627fa22119726f3ce78d40021362a3f018a4f3afb4a08476c253d

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
25bd625835a971d2d5a0510326975ba4

SHA1
75e019c0c7dbe3f371ba5d2bb0ffca91da9c93c5

SHA256
9fff2d35fb70bcdc50e1de0fd70496836698dd33ce175f5d6c14262e26237634

SHA512
4f5f5e098e73820d9ae938da21f6a336746d8803616ee70c7334aada1f4146cebc3c578afdeb337907a029198e2e683f91830f076a8ff74922e3f6dda20e630f

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
e3489292b1156cef31d65f4d55546d61

SHA1
dfc2d237b512b5ae7067d6224b69d9be1f65e159

SHA256
59e235988b6de8b855defce2ba5f663841f3fdaefb09436f15a9362770878b24

SHA512
40b6c728bf0cbd9a4505b649333271dec2018a70305d8da37c6f560703bfeaeaef92fcfc8add707a5900ecee9e6692d0d39813ce6111dcf988dab6579a9d8634

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
41359575197eaa5a951faee47891157b

SHA1
a769252fe1540244b7989673781bb7ad399d1829

SHA256
e87b7593fd419069e4e5aa2f78bb2f2dc8057bbd6222a17dcec88b16bf6e71c1

SHA512
702c41bbf9205f646c09203e860f3c4f9e6273d99fd81533c19b97716da3ffb2ee08633a51ad4d3b9c9ee4eb4030e59a246f026cbce430bf33e76b56590931f3

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
34606d03d75b16ae712eb34e34e86487

SHA1
ff75479ef4b8a7b0acc23792e7ef71dabdd8d8ec

SHA256
1e4856a95abb469e83a373b85478875f81833da80a51636eb1d2a6da0506f68b

SHA512
1fd797af327464da92c8943cabd7adf0b1428cd2323509a2c6fedca67539462a72ebe31bab03ba0818e1182a6d1b03d8d1655d91d668cca895391d3be8aecb7e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
0dccf63b690becc49751be7c34bcc42b

SHA1
59acde9fe467937a9d10e433b3150bc74c3143a5

SHA256
1465cd2a98ef0aa8179ec2fc330a1c93ec2af9126f5460058f4f1b6c9fea9473

SHA512
8b6728523f168b73c62d15b6771894abfac2f4138ec7a4fcc380671a4bbc9e3c284fc93866467b2132ffbd8e69ca59fd1f3250b8f8b94c1acf860c109d016040

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
526982b4d5cda686487fdc8f9b2915ca

SHA1
bd786a327a781afdce1cefb5039ef03ca8160156

SHA256
ff3d1ba1c5ad5da1fdb489d694ba928e66917b18abac75ff52160c1072072d0c

SHA512
95412acccb1e38e6c889ba0ea7268b8a07a5b66c546ed68c63811071b23de2b262e94b2e1e27b51a26c3f696fbd1954d44c0093ccb46d37aec177dd89d618e25

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
e05ac9a22b5b0de25b5d021284a3ad3f

SHA1
f42c3808ec8b7fb7eaf7c76703374a97bddbe6cc

SHA256
ed92aa03d1632182e4bd7e07744080a4556ca40082819f36d0540442f65646ba

SHA512
79bb4f0b2c7f6608956530f1f9d9ef61ddd748fc40680ff0786d4d9d8c9927ab674ffbd5de326785287fca287c50be916befd8d4ba02ac290d4ea65b94bb0d01

Download Submit
/data/data/com.systemservice/files/PersistedInstallation3562531122543389580tmp

Filesize
556B

MD5
e2c219e83adaa8009559c0ea34371ae8

SHA1
7f520cfb13a24425d69ba489430ae43456acd0b3

SHA256
3cbceb1a2af0943871eec3e47bfc25c74b55fd5245a2973d0e09a9ab1f0690d3

SHA512
ce2e388e44356cca9bbe9ee45cd3c59ab826df36bb5f41fbb6c45ba86af2f0163ffcfb9e4e7f6424bd741c99c01b7cd630db22a1ad57b6aaed520acba4b975bf

Download Submit
/data/data/com.systemservice/files/PersistedInstallation7801166562068239402tmp

Filesize
90B

MD5
3c88e465028d78b6cd3a79ba7d419ff7

SHA1
bfc248a77a279060cae193f468efbfe102341e4a

SHA256
6b0ec64b64bbd30e3b7c7839afd7db0631ef144a43360752eddd76e734d87242

SHA512
a81c2fe87d2c2d03e15dadb86fea7566bb70640e6bfa5b10f15f40049b67136c32cda94a4354c6b2ea74c1a7f0bb3fc923b8ba6c53ade52ede56dad30d03e733

Download Submit
/data/data/com.systemservice/log/log4j.txt

Filesize
3KB

MD5
b439f0466af8a9e4dfb6d059ce0281c3

SHA1
4bc632305d76d17648a69869ff572d3394f16570

SHA256
9c7a2d253c70fba8125cd9cbc08bedec0ad2fba206cc80e1d709ead0af071e96

SHA512
c0abd7bc73580218d85d36b68e6c2e1681fb4332ae2e992d9d32f9a62c767eaaeea476ac32c6ca8bebeeb7c84fdf818f41ce6d7fa4c8cf830055faf0c84f678c

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads