truthspy | 5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb

Analysis

max time kernel
17s
max time network
127s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
29-09-2024 02:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb.apk
Size

3.6MB
MD5

d836feab9d4bf3c6cf086bdc14724c8b
SHA1

c837cf7b181679a0081165e5fe4aa0eb94f748f8
SHA256

5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb
SHA512

8c7801c5f1d8dfda39e0c65bdbea83feb8f217b41b69a245d01dd9e983a6a357c8b0b2be79123bed07e638655fc66ef3a093cc01be68c696ecfea5ab6c692dad
SSDEEP

98304:5s13ZL3Vf6JqeomaMDmQZ75ub8GoRJ6Odp/9hBbW+te6lXhAyHzwI:eTLVf6JumaMiQVWovl9jS+oS4I

Score

10^/10

truthspy banker collection credential_access discovery evasion impact infostealer persistence spyware trojan

Malware Config

Extracted

Family

truthspy

http://protocol-a100.phoneparental.com/protocols

Signatures

Truthspy
Truthspy is an Android stalkerware.
trojan infostealer spyware truthspy

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.systemservice

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.systemservice

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.systemservice

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.systemservice

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.systemservice

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.systemservice

com.systemservice
1⤵
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4252

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Clipboard Data

T1414

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.systemservice/databases/com.google.android.datatransport.events

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
99692d141b227669f6163181db4cfea1

SHA1
4c8f4ea3ef3cad90fd156ec54b38b31348bb1fe5

SHA256
c0d6d1ba4288eaa8c964b9e4275af39b11bd3768c01b43243780651e2b3a050e

SHA512
3a82eb99fe9fece123420df8b85c014b8d14bc577e61ec61cb3c38b96521700005fd2a3b83380a96af95240ffa0d46802a188c10d64a3a50d30ffcc606242d05

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-wal

Filesize
68KB

MD5
49ff1b4b6773f46e51fd7a688542893b

SHA1
6709d058410daa91dce87109b01c0c85fb688d9e

SHA256
0f1bcd38eb5eb3d034dcca28ebf7f9682687eebe163febdf580320d80d429e36

SHA512
ffda75ba9075645ac9912aced6fc57f98567191da925b62774925a750f36494e68939ef3bca3c1baf76dbb43b779036c60fbabbc754fb5dd4533e9bc0e134792

Download Submit
/data/data/com.systemservice/databases/core.db

Filesize
36KB

MD5
045489a0639eee27bca52f48828cd93d

SHA1
436e7966e7c019273c44faa4d8c5709b816dfda3

SHA256
0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

SHA512
c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7237409e0640cfab7bdbd429bf821a3b

SHA1
4c3da934842f8d4835dfe2a9c275a300e5123309

SHA256
5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

SHA512
c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
fad3dca3a1e8d888c1767410147916f0

SHA1
9fec0e873db56776ede3521941e4f8c8e3e5abfe

SHA256
458b70945cb6407606919247ac94e206292318e0695be8cb1cf5c8140462cef1

SHA512
d0a46537b270e8e140baf86418bfe1a53a22544e9d69f2a0ec36650e89fdaf763575f0d36e369449a59b7b3bf68f7fc036d84f857dee1562904d3fff2a309ce8

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
08b99d7f9f4a92b0266730cc821649e1

SHA1
27fffe536454e1c7ba92673b372362717261fbc1

SHA256
7aa017f07647ed4a218c6255cff7343b65c59fe5da22ac53dba364394d758eac

SHA512
4d7d7c13ccfd4b6b46fad1d72a848c94e1cac71cee69221e82ebee761263b5b95aff7a2ece2142258f26f8784aabc03725e9f26e26f896ac38a8120d86e51998

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
c8dfb8892c355cfcb659a5239b6542cb

SHA1
b29e5f0f0905a9194f3f86a22a493040aad4104c

SHA256
03a8d58f05b0a397ef4684bd310b408baf43e5e16f2028e61358e23d4b51e8c2

SHA512
b0079081cbb042f61e39b8b0fe8c1afedad415bbe290c8143440f897b632216af5f23432baa61ae2c947f966996201403fbe7564e6be1489cf8077068ab90abd

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7f751c4a8d34469ae8c4e4d481eb2a91

SHA1
d28adefbacc6faf51e92f6f94d80fe21e5f86d71

SHA256
921e6e74fb03f0a027a8e88edbb5a595be01057ce9d219b281289bf27ea70196

SHA512
1233ce8a77e69b9d3b50319deb4d670d74ef313c3c31d6b5eab101454ae66cd3718f3f13ae17d0d1c31615216e1ee9b31102cc6dd02d057e2c0a005023e36121

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
835cfc7decf507cdc5e54f602e3f9699

SHA1
4a55d424cb32e766554672cb2d0b3804fc47552f

SHA256
29257dbf2b37d226ace65bd68d001398801235d93ed830a35435bd4bab4de852

SHA512
2ab470c2200d97b545693a4cdc661100e46b0299f3d3890773681bc5f22f29eeda6b6a83a5c627fa22119726f3ce78d40021362a3f018a4f3afb4a08476c253d

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
0344040f60f61bcbbe480ce3b68adf9f

SHA1
7521b521d5b8bc12e90ac231aa384b94c3415426

SHA256
08b757712098aa759857e81830466a5b7dc1810ec7732b5d8c1af692e7b2f07a

SHA512
f9e0d1b6ecf9bcd29a27028a1f87dce784435b61c2aeba6570ac135506141767d1a67861307068e7b5602420bea04c6b7798ea88fdce4473b5ed1bf79604b8f0

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
708112d6367bcd8e623571a27836346a

SHA1
691c6a8c3fbd071c267e010d8e7b95b8a46965cd

SHA256
3cc7e4cdd211ff6517677eaf821da7d02265efb29b998f54719e76b74f375f53

SHA512
05edb6df11489c36a358daab51c31dcc259b168625a500b6a472597de7b8244afbfbcfb4b7c741cdf163015c5ee4572868cc2aaf71cd622db2fefc9a9d41c450

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
03a199b231a85995f3911a8850c46709

SHA1
faadeeec2624e05e087a6f3c323cb142916311b9

SHA256
144cb64bc4b160bd50c399f92e42f97593763024d0533adbe0d9a8273cea2801

SHA512
39d732d88430794f0908dbb7e0fb0de16abdaa7923d591996e3dd89d22f8d26a1fe8c400460fccbdbc02220156a27b4fabe79479cc3a24e23ce2351326ffe23c

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
811e485fe3ee835d739ad32f2c5c275e

SHA1
381eeb6113802728b7f32aa23ea814ec6a7dfd1f

SHA256
dcd480bcbeb799a56bb4a4ae3e54940a3f6cc7d66db9d69cc880f4cec475d47b

SHA512
3307a519cc2c2d981ea69b06e73aee808a39637b8a2f17b6badf4a575a8f87556cb114bbf23319095974c53c8b815696218b1ab7ba801eb7952adc322cd8be3e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
a523396eb1bbad834fd26a29a438f843

SHA1
077753826ef71fa330148b5b355398c825aafab7

SHA256
0c05974ae675e57b4b01fe7e91ec371ffa68e921a328b259efde3cc5c02fc508

SHA512
31d39280aea1656950abb131f23082a9f80820bb94094f2999545445da139cd4c46d357f2cd2aaf2ee463ab74564930f0f454358a7c51a99722b9ffe1d14f408

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
cef902a934165be880724ccf6b592fd2

SHA1
73cadb6cbf515f1ed74bea055510a205df703dfd

SHA256
b88034071ee6c5667966a54f0ced8b00d6da614908eb218bb4d6c97769398e61

SHA512
1d5488a04632eaf555085b1d604825b1f2d0f6e04eefc2f4d5d72fb238111652c01c3d405f4409d9c1d10508b9042cccc02a0c8d934540920a210f719320ac1c

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
6f60d6e4469bff204256879e841dae72

SHA1
65be59b676b96e7fabeb72cf550969832aa6f901

SHA256
53f08b02ce7fdee1f3c1afa075ef44f2352ed18e4112de004415957f9baf19f3

SHA512
a98345ffe5c10b8cda119ec7d617b474a5d81d0054fe2558849840bcc070bf65661dad9854d21c7a4820a6c8b17428f1affc5107ab1f3c936c52d63fea4bd5b3

Download Submit
/data/data/com.systemservice/files/PersistedInstallation1247879883593128394tmp

Filesize
557B

MD5
995664d720ce7c2a3c93bbbfe0805b41

SHA1
fb64feaad8a4c4afacd79c78e507496ace8caaeb

SHA256
66ee5f34349a33e6d6fe2eb0d0b2d21262e467ecf6a258d810b45c6863806f4d

SHA512
8189b0e3638579041eed6a8938964ca148dcefe0d6e46cb42785cdddb4418b4bb5e4d3928dd446a68d13de962ef3c1b7df4a00bf85ff2264ed2197f04b9fd6ce

Download Submit
/data/data/com.systemservice/files/PersistedInstallation7364893892997641367tmp

Filesize
90B

MD5
49551080c556f5c615eb346b29bd318e

SHA1
36e7abfd5ce1403226fb212cdddaf7642c125600

SHA256
c80a105385f082b8fb9a6ce9375be54d8cc39676a7bef8e6def7b0ea432a20ae

SHA512
6d0196ca9f7d532005394d1075c56220b48699ef217baebc3dc429b43c7bf6d58a53a75472240d7fd61ae1cc4e20f4261061093cdffd59f528cfc4b83f955ef6

Download Submit
/data/data/com.systemservice/log/log4j.txt

Filesize
3KB

MD5
8483bf5a3ca1e6913d54f0c40a59e0d1

SHA1
c24381d0991bc93635c54ce6007179d5bc16e3fd

SHA256
14e35a866c8a0de45993250c425a24b02c27492beaaa37d72ee5e9deb755d46f

SHA512
0920c67b9bebb6fbc66df82571327099ca23ea44f0f85d6c98540b380dad9dce0b5307173e49f82793fb38b46272b263e7d9c657c82a07ff31fa072de79b1cb1

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads