truthspy | 2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc

Analysis

max time kernel
18s
max time network
139s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
05-10-2024 02:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc.apk
Size

3.6MB
MD5

39fa2c58237de702fc3458251f358cab
SHA1

16e4e5003046f5d07a0fb1eff0dad56d9ce53be3
SHA256

2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc
SHA512

023b77900582d0b6629d587f7411ce5153124cd3870b9533cf9afc5304b874e4353d8dabb7adf8a199768992123e707bc6a87ee682463c3bdccecc8a060e7126
SSDEEP

98304:kyHTjmHgJcyw+WoeX89z6Odp/9hBbW+te6lXhAyHmz:k+jmKcyPsXMl9jS+oSc

Score

10^/10

truthspy banker collection credential_access discovery evasion impact infostealer persistence spyware trojan

Malware Config

Extracted

Family

truthspy

http://protocol-a100.phoneparental.com/protocols

Signatures

Truthspy
Truthspy is an Android stalkerware.
trojan infostealer spyware truthspy

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.systemservice

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.systemservice

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.systemservice

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.systemservice

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.systemservice

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.systemservice

com.systemservice
1⤵
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4319

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Clipboard Data

T1414

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.systemservice/databases/com.google.android.datatransport.events

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
9a805612eadb13c41193b3165ef953dd

SHA1
aab53ebf3294dce6cb6c97b88dbd375f7def43b6

SHA256
7f4307e24b5f69c0654ce77c801733c0ed0edb54dfc4c110f090de8ebfe5e599

SHA512
7d614f11b7f062caabe8e1cb791f2bb4a55a679b54c820edec61dc6217d5e4c0b205755fe5e27207e80fbdcaf2c37fae453c234dd9a5e3c07377be83ed426a7f

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-wal

Filesize
68KB

MD5
3e2fe9fa0e4af3dc4f527391a10d672c

SHA1
14e29969ab972ebf083195607815a5b73dd85083

SHA256
1d3d9cc666b708d069bd0abec5f08d8b2d18f770a456a775dbd4c225bc490623

SHA512
ca8d4ce12bae9fe75eb5de1713773193d2608de65986a7d112a9cbdec9ea3df71eb1b6358ba45a1fc8eb1dcd51304bb541d1b3808f393d9a3343492ffef96c6f

Download Submit
/data/data/com.systemservice/databases/core.db

Filesize
36KB

MD5
045489a0639eee27bca52f48828cd93d

SHA1
436e7966e7c019273c44faa4d8c5709b816dfda3

SHA256
0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

SHA512
c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7237409e0640cfab7bdbd429bf821a3b

SHA1
4c3da934842f8d4835dfe2a9c275a300e5123309

SHA256
5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

SHA512
c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
afc322660c58df9d121ddeb373a55ce8

SHA1
3921fd5d859e32cb5bfb56593b174ebf235373df

SHA256
4a667b2d68f648dc928954318a957c7453c5408909b00771d146c2a44044ff7d

SHA512
cf8be553dbfa788c5ff257586c17a9432b7e8dcd7994edea80f6a6f74280c475ae8e5219d967af9f443c28084c0b5921645dcc63128a786f36d47bd122849abd

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
e9be259959ae1c4923091d1cde9d7791

SHA1
acf1f191a58a42e0130c6a39b0727a8de750fe6a

SHA256
626b489a89f650771b44dd62e6be16b90d59d383fdc3e8f0238dbad69dcc7114

SHA512
0cc6350e772eb939bc8f1233ff2acfecfce778fe0cf276ceadddd69076cbacca0d1c55569c759f158a193d853794b18c582f7f9f345a355bb9a8259499f830dc

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7ff52424647cfd46ef64e4f80dbe29df

SHA1
613c6e47744adaf54c89d8df3eb60e646d271960

SHA256
2066644c98a01dc8659cc5d5bbd91e3955242db0cd2b00f6e9c1100d18b53d71

SHA512
be6d2b9c72b2b2f11aa7e16ba98cd436891f6a0881b6d261141ad5942e9e068de29e67ef0f47dae80b5d2197ee872a189ad3283539d9817cad7bac3aefadf937

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
0b62b5da0de728dccf43856b447433cc

SHA1
97cc0626e9f285b6ed56e5b68f702400a8c312ea

SHA256
664d76931f0522a9319287d64a917f7d953f375d4a87f184242b65c085d25d30

SHA512
2af5ad3d2392d8d660efe39ac7311afe2a34521fb45d2e714f01ffb9b38b5a19daa575b931ec82674272e9ab5801e48b151c138d16c25d759aeb63bfeaa167f0

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
835cfc7decf507cdc5e54f602e3f9699

SHA1
4a55d424cb32e766554672cb2d0b3804fc47552f

SHA256
29257dbf2b37d226ace65bd68d001398801235d93ed830a35435bd4bab4de852

SHA512
2ab470c2200d97b545693a4cdc661100e46b0299f3d3890773681bc5f22f29eeda6b6a83a5c627fa22119726f3ce78d40021362a3f018a4f3afb4a08476c253d

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
186443523871970d5f705d51304e3aaa

SHA1
10ac714c15ca1438a34f6eb94adcf732c1ab0f10

SHA256
b21b56958d4b0be25e127d139befb03db91dc0dba06b1814a064314e0bcf75aa

SHA512
5fe236770e0593146b77228e46366b77dfced2d7f195fac25936c4113f3205fedebda78639ee6d90d794ffc008fe059fb1a1cd51143db0c9bf9ea7e216cacacc

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
ce9709d35239d142a7f9c8cd57dac6dc

SHA1
d6a92c180f2348065a4ada132a3979b49cef6094

SHA256
f4d0321267b288025615d86b5c9964e2e0f50539482b8b297ee8bd77f686606f

SHA512
c883ba667e46622c9d09f668c9ed1d6de40f9b9e4305d18282932a50664c4b015aa60bc7f03f19cc484229dc7cc1f6fa176e62eee2ab1af595cd594e97907bc4

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
fa00b2208cca0801d18def6873304102

SHA1
86c84707fbef1aa2856ca25bb622a84653f3e693

SHA256
fd0622273b64c7730229655d7b17a4d00f6f2a38b791dbd9aec449bfc699d432

SHA512
42a85795d7fed3ae84b9174f628cb8b62c183de1b176bc9928d8ce05241654df1038820319f8a13a24644f079238e013afaa5ade8400fe6587a8ec611047cbd5

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
aad78d67b166a7686057cf360e7133bf

SHA1
f4b970565818d1b346b7ad659b725b29e86c436b

SHA256
966ab1b6bcc65cb3ed98f86814e427e54b4608fe99c5e4e7e1f9d317e883d184

SHA512
5beb415cb1e02044f75a6ebeb5b3fe31230e13cea4805965f576147733acf12d00b898e984d80e598fa1ea1917155a1b55556818337efbca4b868a65252f6fd1

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
2f3d5d06fcafe6a38569691ca5278e14

SHA1
ba19f3dbbf709ec7a3d4f7869a0564bd2f5ca086

SHA256
afe8b922bbd3487a44339fc744dc6764edd6152523a47f4ef1e9cbc54e37242c

SHA512
3d5f886510212f502374ba8e6aa23fea8c5cd8ac8579e021eb83dd803b7962c6a9be2099b78e23d66ac0d718a5ef235d2f6c1b050d4d9f922e62983706c81e6e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
07c22fa9dc0f05d439d306c0dda8f66a

SHA1
8cba96950592f355fa3fccde510c7b54e9afbb0c

SHA256
a4e65b6c762ed768c107c04b85f87df6f6192dc6667f1a6863451d4314b79a4d

SHA512
6c3ddc94250d8a468bb37d4a8a0eca230cdc8dc9b07fe6ffb425201b705ce050a8d6506d9a953026a3206abedb008184b86339fec4919dc4d6a7f1eab2900da5

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
f8bb92b4776b097206aac28d02dfe917

SHA1
2166adc112c5cbb8c06314260f33c2a3c5c311c6

SHA256
ff0d51ec33e6a189c627cda1c7b78701bdaecac81e079fe079249998892631c7

SHA512
a1a2a9e2b8046505ff8e254d086488e5e2d4271c1c9b5dbc17fce1c498a2d2c43eab297999f7c10dee5ba30c79041ba55b7064299fb2edbf5a0bd93bbc989b36

Download Submit
/data/data/com.systemservice/files/PersistedInstallation1087534480230575116tmp

Filesize
557B

MD5
3891b0c19a27dac51f5161521ec96429

SHA1
71e35a07c210991f9fdbbb24b50b8d30c13ffcd9

SHA256
d317eb309f90baf43820d07ec1425a47aff7070dc8f550e770edbcbd92a3fc17

SHA512
efae9372f8d5242322cd53355472dae6701b3c3e1cd55d972440f24aace28cda4f4a8f65b0e099646ea332d5cc42f0b5e39f5ab1ac8e64185b92d20756b160b5

Download Submit
/data/data/com.systemservice/files/PersistedInstallation3544557843148530607tmp

Filesize
90B

MD5
abae4fbeb18e52e92ae70c6f47476b21

SHA1
d9e1c975e433b5577eb22895e2253d4970e99f63

SHA256
b4564108a42c57907666f3606998db30282a6f452ac558efa2894d37ad5f7076

SHA512
f6440f2f0a96c9a5ff76a6471ed225156df4eb064c223d94cdcc8f8a8afa799e7583c1e0fe07c0ecbfe893091a57c5a84e03a97980953852a277d9022cf589d9

Download Submit
/data/data/com.systemservice/log/log4j.txt

Filesize
3KB

MD5
4aaeb8bc2e9dff5531534bd5acdda731

SHA1
0c4ec18b529333c7c3db8032640742ac4173dcc3

SHA256
7a9ae28dca0d1f18560689fd686829f11ba8dd55e5dd80ae13be6768b73f4b85

SHA512
669024508e3a7c7c9c7b2d3333e8d0a2c7debb8c448808bba373b70e28257221e4db8a5608810485bbebb0467ee82182942d623d2910c53fba11979800ba35ff

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads