truthspy | 2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc

Analysis

max time kernel
18s
max time network
132s
platform
android_x64
resource
android-33-x64-arm64-20240624-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system
submitted
30-09-2024 02:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc.apk
Size

3.6MB
MD5

39fa2c58237de702fc3458251f358cab
SHA1

16e4e5003046f5d07a0fb1eff0dad56d9ce53be3
SHA256

2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc
SHA512

023b77900582d0b6629d587f7411ce5153124cd3870b9533cf9afc5304b874e4353d8dabb7adf8a199768992123e707bc6a87ee682463c3bdccecc8a060e7126
SSDEEP

98304:kyHTjmHgJcyw+WoeX89z6Odp/9hBbW+te6lXhAyHmz:k+jmKcyPsXMl9jS+oSc

Score

10^/10

truthspy banker collection credential_access discovery evasion infostealer spyware trojan

Malware Config

Extracted

Family

truthspy

http://protocol-a100.phoneparental.com/protocols

Signatures

Truthspy
Truthspy is an Android stalkerware.
trojan infostealer spyware truthspy

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.systemservice

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.systemservice

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.systemservice

com.systemservice
1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Queries information about active data network
PID:4306

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Connections Discovery

T1421

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.systemservice/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
405771b49ab0508d423aa8d9f7183e3b

SHA1
066c4e99ad655c7681fc7541619c798ac989d1c4

SHA256
904f47c140b795f2c05bc3f307b3dc9ee75a4dede61a0c11742a279e4ade3f98

SHA512
83f3ee57df745ef2bd33630c979d87b738c3e503c3f0c765aefd68a26ce755352ef78fcc4e28b3b64c1e7ec950ede50088a0bda76da59b74a602f356d3495824

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
de63b1b724d7aef36565e7585bab4fae

SHA1
801ca8ff30a8f899e40ae8ce4e1e4fa8451da308

SHA256
c0e4ecb163143358a0f3b7bd622807df381f028551eb62866c6b4f2f714a40c6

SHA512
4b1a0d44ce7fcb4f76f4bb29347c2cf83157463233ff3a80ff50dcd755815b8dd1636d65979a288e329f3e55ddef3875576d651966a76cd184786ba37c20601d

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
7879e352eca3d9e1d508d6c05a85e827

SHA1
5663e364a68cdf2c614d9a55b9cd732cb68dffdb

SHA256
a3d95fc1724a6b8112bf22452552879fa5a20091dd972a356b1fddeaeee9127e

SHA512
45e61e9d73f887781294ebce956b75a44830ac909274bb547a0545cfc43d07105b043c078b11ba93ab685b6b0be185ab87c344b9cfaf9d125d486765bf820fad

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
12eea975f7146e6292b2c8c6b031f879

SHA1
6a1caa5ed21413cf48c8e86ee86277a2a7a33ff2

SHA256
7b8e15ac367652eb1046b72cf64a22d522e17271017ba15aad94d29eb5711fbe

SHA512
e94dcd07677b7bbb612518adb715076d24c181c482b7dd14c5368e25d5994185db253ffc30240837a506ad72303ffcf176668a1c001f88b1777fd84d20a5a630

Download Submit
/data/data/com.systemservice/databases/core.db

Filesize
36KB

MD5
045489a0639eee27bca52f48828cd93d

SHA1
436e7966e7c019273c44faa4d8c5709b816dfda3

SHA256
0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

SHA512
c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
62ad4a05cbdca7f47b3206b7dbda487f

SHA1
4f4044cef7b7b1e5c6184ed9025267fc92bf0cd3

SHA256
18b909096c7c61d51ab076ae8e562effb0d4ada28e2a4ecd0e6b88ef58f6b2a6

SHA512
0936531ed1b2b356a247123200739a43cfc765469ab47a424dcd6e3d1176092a212b0a28591d07f8c2d0cc9d2e0eeddfcea8dde314c2f9343783c61075b071a6

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
99512055ef01d657050f2736247fc1cf

SHA1
adfdf1bed2e64e979dcc8c043820d427c95fb42b

SHA256
13a09a445e9f13a1dc5c285691ea9a07c69e2f8a1f2639a7d44b20bb5c311379

SHA512
609f4183f628b492789732cf401852e19f66a164e5c28c6b19868fc6d7ad7e7d560cc5423a1ffab49b5751fd44648245ae1d705366a63e0e7814cc049010dc0c

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
75c9fbbb55b969cfe4d8523dbcfcf4f0

SHA1
02caca2178b19ef4de976da2e06fb0da37866403

SHA256
a413903dfebb7b927a46de13edc1a7bbe21491136a75b9bf14edaa2e60a90d4e

SHA512
1243b402d9d71dbc9580ae172d343fd396c4ecd60daf9efd2396a3866b862205bc5e555451c039fac8a51775495f77d9004e1f0aae8ce3e931e5dc0951e4201d

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
10d9124731c0ce705d30ff0054bfd928

SHA1
20193d5910182b62310ba3df5b4f5db2d10f223e

SHA256
1079fff4c38e6559310db4ee836c810bbbd84c9f980f74020e04473b4cba776e

SHA512
e9a065beaf7589d200bac2b1eef9a568123943ea49631ab919d958e22eb5f0f014ade1135675133295824be53484aa12348dd9c1bda6ab74e07fbb3d386fb780

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
5d8636cf49ecd3f25025117c9288020b

SHA1
e7a3233984fb9a5fb7b4f23f7255c60b5550b5fb

SHA256
515556d95ec82db8e4ac42436ea79e8bff76e6b80cf67d60347483acc7f22069

SHA512
d761ff7a86d950ef503f90fc691e3ef3fe50e50dce593631267990194525eba057d0d138751ed5fcba21bf7db68d6bab4c622d889542636b4ed5865c2970ca94

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
e3f13c7d7678604e5b293f6672bc0ed1

SHA1
b16c998ac7ca1db79cd4983b207a292ac1d96e21

SHA256
486eb5bec4ec277ea7b334a0d0e431e5e62881d3462903e8294640edbe96b2e3

SHA512
b63bab85a373912587e78dfc9daf8b4168a223c7af08fb87de8140d66b9f35042052d2d25694e4ea7c9f2064107e5471318b6dcec39c4e3dc0aa352627fa09f4

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
98c9214da17425a869a0cb35dea5a764

SHA1
8d593153b10651f94b29e70699698ce4a41c0a0c

SHA256
28b0f22b37fed1ddf357bc680fe97c38ff3ae1134dfa72ec1b273cea53d700b7

SHA512
da6d4da4c758ebc737931b87ae889e60bc61e4b3207efc0ad52f727a2a516471d52e44b4c873e9852e937f9bc129a85d0e3f96611a470362dad80acc6d4196ac

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
48f0d7b3105dbc69430aadc534d4b4c7

SHA1
c1cac21b47e358d9e83e9bea16b5d45367f063c9

SHA256
59979d4dbfd13c6a497521dafea169f8c75737251bf4d6d44a35c1f57909e712

SHA512
aabda82cd1b05c1390eb76b30fa0349e2fd31eda7448c8b186fd29e4c8977717eb7cda0824de20bb8ee84817dbef8e5f582f1fbebc9b245a644e047cec0fea1d

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
e4131096b3401534c9e163fb7f5476d0

SHA1
9ece1a5d39ddb8d0fc27517665b8b5977d2ca091

SHA256
f0ef6f1c570dc1dbf227adefcc987f0e5ef9e43e7166811bc2f03f23fe51162a

SHA512
c77608402384fbc7deded0b89acf774968532a5df0eabc8ad7e57149df4c79826451632fa9e7bad15f20fadb0b0c679804578aace52a77ae9512f55f60c65a2e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
f1288f5974686afc0633ea04e50ced7e

SHA1
d71376699eb376f224690da5642ea94f939ea0cc

SHA256
0fb217f12863b97daba294a14023c95f00fec1dae0e428efa89d1741ebb0ed4a

SHA512
af6e8e1373bc7224355ceede4dfd8ce6296e2edbc010cf4ea548b7557694ae63b0dcf01ca61d715d8517ed3cca2d4a62238c2bb55603e5c4a461b2e965f8c900

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
1f85394496f6f70eec253b8d7b419ec3

SHA1
c1425a7839fb9cf29bf56fd8eea083b74b9fde8f

SHA256
ac7657cd824c1247a5bfe0ffaa433a35a1e21dcbc0b37336cb14649f1b8f24c0

SHA512
f5c9d7420c2cc620d30c158a65e6a8024c0ebcee331f8a8b74f8c96331001f74ad3b978708d70d0d7e6cb955e71d53ec1d059f44216ca0e7f3a1ebc68f23f90b

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
41eb8a5d2ebca0cdd060123c5e211267

SHA1
55cf920c9c7ce955f4dc8c94ec07ae46aa806fb5

SHA256
360ab3939d6e7e85a1a4a6d0088f2c86c0a3ab9721dc5bbdc4e83193faa13fd0

SHA512
fd7f01a65b0ecec27334ad7ea6b2c8859e9c5664a83c5b0eaa1fbd72e161d8a97c2523162b865b780c628e74f77d629f1e8f394632b84b39870f4352cdaa079c

Download Submit
/data/data/com.systemservice/files/PersistedInstallation5676696143921071401tmp

Filesize
90B

MD5
885b918fb25c79ff87b5784e6e968aa6

SHA1
64339a483c31f14c7d1bf9c02b871b3dfa7c1c3d

SHA256
907f2ac86a2cd93fa2c453f9fcc5ec591f3361e631e9d861f8e93c68c242599f

SHA512
82f47b757df0fc002e7701cd6104d7e5fc7ccc3dbec98f030f9dadbe66d5ca2b9da935cee733074ce883d74f1e493ccc69ac5eb899bf1a3c226645958fc42dd7

Download Submit
/data/data/com.systemservice/files/PersistedInstallation8220899095800567926tmp

Filesize
553B

MD5
c917c6cb306874a475fcddb531d5117a

SHA1
163d22f3171ac2c424979292b953039e2fb7d9a7

SHA256
b2686dae9d53a6b3abd9433ec69e477149056ffe739a0fd09376a7d143e7df34

SHA512
982e6f8e2817f9d586ffafd8424734939f496b1ad2526c841ba1dfa217adbbda0d710817cca0e2320145e9cfa2d1154a203c5e47d71be84f6a12486d1f002b28

Download Submit
/data/data/com.systemservice/log/log4j.txt

Filesize
3KB

MD5
ac126866644af97ec87c69a427f1cad0

SHA1
d06f0ddc22012c51450a3535c10d224f6b63e153

SHA256
01df9c022d17cfab82b93417c37ff28a836a4370a21a5de740f70e3dfdef2b29

SHA512
81ea56006d50f1190f1f33a72902b194c44f88f72f076f084b7059c1c5c83f17c058d2f453bb35cadd21d445c8fa47cf6c8a1a71c42573da1a48a447ebb53c01

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads