truthspy | 2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc

Analysis

max time kernel
18s
max time network
149s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
05-10-2024 02:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc.apk
Size

3.6MB
MD5

39fa2c58237de702fc3458251f358cab
SHA1

16e4e5003046f5d07a0fb1eff0dad56d9ce53be3
SHA256

2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc
SHA512

023b77900582d0b6629d587f7411ce5153124cd3870b9533cf9afc5304b874e4353d8dabb7adf8a199768992123e707bc6a87ee682463c3bdccecc8a060e7126
SSDEEP

98304:kyHTjmHgJcyw+WoeX89z6Odp/9hBbW+te6lXhAyHmz:k+jmKcyPsXMl9jS+oSc

Score

10^/10

truthspy banker collection credential_access discovery evasion infostealer persistence spyware trojan

Malware Config

Extracted

Family

truthspy

http://protocol-a100.phoneparental.com/protocols

Signatures

Truthspy
Truthspy is an Android stalkerware.
trojan infostealer spyware truthspy

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.systemservice

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.systemservice

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.systemservice

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.systemservice

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.systemservice

com.systemservice
1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:5062

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Connections Discovery

T1421

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.systemservice/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
ac629a04584aea495cf5cd2b84744047

SHA1
04f07b46295a881b58f37a6e92aa2bdb415c9ff2

SHA256
6ca08c96ab7589b0a955eb033b4b2bea37e5085c4cb0cfacda352b31d45249ac

SHA512
43697ebdb460bbb2141d528287aa6682672eb35f7f98636a858bba5761640e29e051e6cf4e6535cb27538a59ea5a09359c6831e82f09df8532552b98d9abd946

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
93d437f2dd991630ec65382c88e1b40c

SHA1
c5ac41760226155e27f79be66e91c1c50614c9c2

SHA256
4ebc3a4eab79045d49297d6812bf0159d1eab7226027abb09f7b5b7304a89309

SHA512
c3eca80c1f9c89c31d036b66d5c0790a328b3c464d3fa05f59751a25e84f04fa4ad3c1af8332d42737e1fb2b38a6977a840fd8a008047f81c82dc1c25ec88c96

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
c6d84e8a4d57007bd759524410cfbd16

SHA1
eecee3cf845ce87b4b58acc055606a8699c8c2e6

SHA256
3e1ca991c2b2241e6d77dcba4ceba0a0255f3b572efb46d4d4148cf31d024879

SHA512
eb2377f3319a2d2fd030dcd7484bc49318aa3314695550b02a10c091cc35fdc5d4b624b85aa11abe98cecb6bed568deec685d6b8bff13eb5e0bfa2f72608edd3

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
b8da4cb81852ea1a6ab6dcb5f96e7ae9

SHA1
375cef9448be283f72ce4753f81a90e29d272c9f

SHA256
f1792bb250e4ef8b3b4a5074c6e4f8b1bf9ec1fe1d558cde63944903041b9a71

SHA512
dfb96e914b77463cc60f21fb7fa5f0a1db8a77c926e5686466f70b537822a4270aed8c98829cadef9045db237c74462155d707c312ea78d32f747a61d65384a2

Download Submit
/data/data/com.systemservice/databases/core.db

Filesize
36KB

MD5
045489a0639eee27bca52f48828cd93d

SHA1
436e7966e7c019273c44faa4d8c5709b816dfda3

SHA256
0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

SHA512
c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
eb52a90bb70b76e946b62f50b6f7fb85

SHA1
42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0

SHA256
48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4

SHA512
b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d60fecf8d172cc2a1e6227171d7734bd

SHA1
31c39521ed2c8c81ab78a6c1f465fcdcaebb45e8

SHA256
191887c930f0329607cd2fad281c6e3d452585776ffc704306491454b15be1da

SHA512
1b42eef08dc786ab3c81347866cada1ddfeba56c20658122e01116605ce7917a5a4f1c34edc8923999f8acb598bbf2b684c09ef7399d37eb5091aa5a5c71fc9f

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
f3354bea0b74918ba617b4667d6dbd41

SHA1
03d9008711cdb50252d6434c1d056c5c40c2902f

SHA256
e6a6f2798df251f020f3377f00d9271f8462f6e98657372d03398cbb487881b8

SHA512
70ff034989ac978656e994f2022e064130b27df6489c698728eb930543829258105d2067acab33fcd67530fd808b0483412f5b8aad630ae2b5e068db011547b6

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
f107805fa5b6ff4843211952a5777c4a

SHA1
e040d1434b827bc87c52f8912636035cf17a838a

SHA256
717709fbfc9153ed41d3f4b2f23050dbdefc6e8d6bf0e4616b0c8f68443edf05

SHA512
a9226b1dc8adeda8503e89977d3123930af9e648940c9511c78095707f1fdba3b3ab2e989a66fd2b7a3c9173ae4756324a320276f6660f63f8be8e5e88ffccbd

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7aede100045b10962e5ea15c08cbbd3f

SHA1
d13e522ff6a7c04552acb0e986f42b850394bdce

SHA256
32cf6ad45bbc1954877cfd4740a17406d49402e50016b6cbd65279e56611db93

SHA512
c7c9f2007e979c710d057103177068d962de5ca6aec63aef8464d9527e70d947c78582d0535a80d9d89e14d4a73a85b6858ff05bc745311b65418969ab75008c

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
f871ff700510a56a54fdd56bc41b7541

SHA1
481548c8bc3254a00f497140278597b915460c48

SHA256
ab18f3bb605f3cbedaffc75b2d5a03fe21ab82179d268331ea907bdcd32c23fa

SHA512
12e3d348199566e137f02b63e4c8b4c722aa086128c0f1cea883d512075b8573d40d889d2b4452d9e3d9c02f523716da9775d93750c242a1a2d9e62f50f60fc5

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
4621575add8e0b7586c5f8baab8a0cbf

SHA1
51a016828626f4871b734eaa2a5627dffba05263

SHA256
8e5f3d259b2d063b06d58fc113ca68ea3f85ae7203c2fb8eb1e5590241af1486

SHA512
08b23b7fd8534261f1629d989e78e96d0b73bd7675e0fe17ecd5dfd21594811f0a86d41d6283c5faba3d96fd9df590ca28cb5989d568896a86da64ee2c1f01ad

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
3b067a23b7a27f2e153f80c506182152

SHA1
a7224eb81d74a6600f679f6f449cadbd70977015

SHA256
0d8545e659f88b48a565f63e2ae8febb45072dc2753ea78f794dfa051a0ea845

SHA512
dc016b68364d604659e0b523f9c5b94cb78c3ede9f62b220bfccaeb0bbaf7a67a7d3b15f5c6f42bb6e250bcea51a92f9ace08ff26fc1cbfaea80ffbaff70aad4

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
fa3e123a83bbc8b3add8afed4f37b3e4

SHA1
d1f8a5faf715dd20e8ccc77ea0cf527c6a936fe4

SHA256
c264e05a7915a93f23abf74d28fdd6651b055ce18f81aa9fc9e6d2746ffb1be1

SHA512
059070037a6cd2bfaf108601bc451dfd9546365bb940d8490975f890b9f0345f45c147bdc07d3244d73298721f6a4eb8b8f4f3287382dd0cbf29d97413fb4372

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
b1d66fc1bdd2c8286664810db4d69550

SHA1
12597d2f91969afe3247e5761f70b8d8d31c0fd2

SHA256
f742ea75d14000b22c948ee031a037f41fd233f7d8b7d0217303f2fb77a330c7

SHA512
594bd5e589463f240399989c3d0f3d58c405a04419ed8e5e9b7f5d9ff5e458bab08e952331c9a3cb5bb7b4d6ab276b659df68bb43c8ec919fba3a96ceb03d3e3

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
3ca8514aa17843ec0bb77bd1e3e9dda5

SHA1
52116c8125ddff3391609d00d99c79402841a3bd

SHA256
dea6d689b8a8d0877e89d219806a16bf15773ebe7245e4a7913ee8f6c4d1b24c

SHA512
ecfa5868730c50c7db20463cd37a9e9a174be5da2950c1a7f972ab62cdf80d3afd07a2dac5d69e40a889156f3be67b805f340d49c848e3b136a365a673541a23

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
03876b5abf20e1860392ec91c0e4b342

SHA1
9df534697c7c411e24c4e7d10318ea6d541cc2fe

SHA256
8174f4639b9bfe61c429bb831e85a94761b1424d05527f942c4b610c0b320d57

SHA512
bfa7ba277ed6e7ed1de8cb6f2eeb3b9595cbdfd690c8019390373829e2cc61d9dc37d0d2969fee866bc8540efba5eed2b71351a049689438dbde142ccdeb9b50

Download Submit
/data/data/com.systemservice/files/PersistedInstallation1424395558592620625tmp

Filesize
90B

MD5
34f681796a7c026a4ed5874323f19bf8

SHA1
631a57e8b8783f38ba55193c8a29f94ed2c7a87e

SHA256
403c02a0d4f4dfd3c2da0ec7c2dbfda0f25273c7858fc1948d2f1ca141cffe04

SHA512
f3b5a9816d4e4f5271affcc753246038029b79bfce493d0638877e60c5fe01fa54e66cb76debd285916d4ae57f99c5912fb7be2cb97482341185183f6de60a0e

Download Submit
/data/data/com.systemservice/files/PersistedInstallation7104576964282525166tmp

Filesize
555B

MD5
e86c6b6dfe7840fa76b1f8b6cef50f39

SHA1
a7bc6d1a8af549acce210624bdd08be9bc66aca7

SHA256
2b18a119ee9dc7216db730f89155586cd7eb7bdfc125045707ed72c1c597c334

SHA512
c6440dd14f3ef5caf540b185ad6be85749a160ad44e4edeecd18ffa55a6fbf2d4b7f5cb6d8520c155f7019a1d67ff5afd3e7bebf18b20b13fce50e8f98d8399f

Download Submit
/data/data/com.systemservice/log/log4j.txt

Filesize
3KB

MD5
1ec009ac0707b2d76022bbcb79610ab4

SHA1
100afeccbea3dea010f306db7116fcd6c9699a00

SHA256
8489e213dfb593cfc19ff960b1fc6f77bd0b200f36cb0a185daa3195f7ddcad8

SHA512
f3cfa472ab4c40f59559769610507391f6478df5668c5ccf29aaddebf56c76bb73b6c476143ba0ad9b1e8b0fa35b5d081fc63cfae4c65872ac4d0cfa92f0d05e

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads