truthspy | 5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb

Analysis

max time kernel
18s
max time network
132s
platform
android_x64
resource
android-33-x64-arm64-20240624-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system
submitted
06-10-2024 02:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb.apk
Size

3.6MB
MD5

d836feab9d4bf3c6cf086bdc14724c8b
SHA1

c837cf7b181679a0081165e5fe4aa0eb94f748f8
SHA256

5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb
SHA512

8c7801c5f1d8dfda39e0c65bdbea83feb8f217b41b69a245d01dd9e983a6a357c8b0b2be79123bed07e638655fc66ef3a093cc01be68c696ecfea5ab6c692dad
SSDEEP

98304:5s13ZL3Vf6JqeomaMDmQZ75ub8GoRJ6Odp/9hBbW+te6lXhAyHzwI:eTLVf6JumaMiQVWovl9jS+oS4I

Score

10^/10

truthspy banker collection credential_access discovery evasion infostealer spyware trojan

Malware Config

Extracted

Family

truthspy

http://protocol-a100.phoneparental.com/protocols

Signatures

Truthspy
Truthspy is an Android stalkerware.
trojan infostealer spyware truthspy

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.systemservice

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.systemservice

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.systemservice

com.systemservice
1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Queries information about active data network
PID:4335

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Connections Discovery

T1421

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.systemservice/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
8de21c37f6c09e4752390afb7ecab093

SHA1
4d46d2c653f9e5446d68d050da50d6a92a8f0783

SHA256
6cdfb765b8ba3337a385125116ec4b008f180f5cd08806f56b074e4d756a0757

SHA512
164691e20a60aef664a34ba78885b6ad833b6d4bb37f3041e9b78ba33561d9be89e7b59497a3a04c8065be28d01b5ac6b7f272ec43ff626071eb845a77bc9c27

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
544cc6a71597c3e01df73812bde63cef

SHA1
eeb8b09bae3ec28b539743fd639cff9d33c6d9cf

SHA256
9ffbfdce0c236f453570045afce15d023532ca669635a5a91bcc879203163f78

SHA512
d3a101d6614bca82427c92045fbab562b79b110bca72669f8554928b1b0f35fde35b70c8dff0afa37b3e8f46b57403ca8c2ab767c6088f0c40c800af40b94f44

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
2000b2c76b904cc426d2dc67adf7c349

SHA1
470aa66de381c2e36192eed7462bc0f346a0541b

SHA256
450671ba1f6bba0cee030add74f49fd34445252444c245b79ba8c705adee1a9f

SHA512
5ad42ce3db91294f6aef127526a433f09acbd0b3f419caa68da6ed2f3899a5666ad9c278680243da3fe97a553092da80333be36edb5697ecd9237ce81828f6fb

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
cb7cc7d962b29707285e756bfceaba7a

SHA1
8da1b5f4efe3430f41ee6da6c4edc5a13450db12

SHA256
2a4936264e97cb594958d50b0bf055beaff9c05370f8e0a86c334bcfc345daad

SHA512
33ada75c3ea916b43f655ed9d7c6a2ec572ba0c2f19dadbdf66edd4ea566d8d5b0800664a7b929a2501ee6833da55e0131f79ccc86791e5e2b50a663f84bb708

Download Submit
/data/data/com.systemservice/databases/core.db

Filesize
36KB

MD5
045489a0639eee27bca52f48828cd93d

SHA1
436e7966e7c019273c44faa4d8c5709b816dfda3

SHA256
0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

SHA512
c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
62ad4a05cbdca7f47b3206b7dbda487f

SHA1
4f4044cef7b7b1e5c6184ed9025267fc92bf0cd3

SHA256
18b909096c7c61d51ab076ae8e562effb0d4ada28e2a4ecd0e6b88ef58f6b2a6

SHA512
0936531ed1b2b356a247123200739a43cfc765469ab47a424dcd6e3d1176092a212b0a28591d07f8c2d0cc9d2e0eeddfcea8dde314c2f9343783c61075b071a6

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
e013ab1e7871a2a1a319706fa40c7151

SHA1
55ae3c4169721d6d0cbed3b6505cf3ccf59cd7e1

SHA256
84bd7ec92fa27ad3a8c2afb0b315232771d27f006a17cb4b379bd4f20ac8242f

SHA512
b16317d5529d3003e9ca6dd006f5739342246c221b345e486567224da427b4cc774532c4b796b846fc2b60be1aefe93408b29b5d8e4ca1e080279c5797ef1550

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
0f23aefe64a12f7c90ed5483532eca99

SHA1
aaeee6f3585e7ec1fa7e016a2aae65ae3e42dc64

SHA256
07022ea87ece465dbdca6ca48aaab401d8c1befad3ce0031aac6a1f80cb94419

SHA512
2a5aeba231deb4cb0b98b6e0616d6a29702e2c27b0d10139ff08589e6cccf81280eb4a7aaeb74a853fb15e80cae5b905d5d95081b04ea81df14763bbfba37ca3

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
ffa3c78bf96efce1b20e104ba93a6540

SHA1
1eff72d89afaefb7cb0ecc79a187a5c917d19a9d

SHA256
5a3f262c029266078038d3ac86272f39ecdae77e8e3285822f2e85b5bdfd4c4c

SHA512
fd950435a7d8b8363400e04cd3e70f941adef3fed2617f347fb3a9ef5141e8fc648292bc5dd54a19b06532c57ce1ad07b2c6c8c7163769bc4cf7c726879707ef

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
f38468bdcfd28e0c21a0dda04494f497

SHA1
600240d12cca3ae05b8caf4ac2640d0e5e59a9b2

SHA256
5920605fd789d89170aa0566f8d65cff0088c1eb91bd1647793fc8948c5a62cd

SHA512
664ccef2356246d18a00843f282d3cc3ae6a78c1a08ae245bfda3105e4c81afb81a407bff8aa4fd162c53f6306fcc8ba84cf354401a9960e01ec8bf8381b24bf

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
e3f13c7d7678604e5b293f6672bc0ed1

SHA1
b16c998ac7ca1db79cd4983b207a292ac1d96e21

SHA256
486eb5bec4ec277ea7b334a0d0e431e5e62881d3462903e8294640edbe96b2e3

SHA512
b63bab85a373912587e78dfc9daf8b4168a223c7af08fb87de8140d66b9f35042052d2d25694e4ea7c9f2064107e5471318b6dcec39c4e3dc0aa352627fa09f4

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
5592f9dd0dd636579e11b1da40596b14

SHA1
8383dfc5a28dfac2a69b6d2b5d42db16edd7851f

SHA256
f6af6ed25ddd8c679e866460ab0af7dccd6007d7af7c5524857dace06366c73b

SHA512
2475b844d51b7325638e1e72bd8ddb913b97267ccef9ad31075e8214f7200e8670a1389a734e84dd35f75b70232d9d77bc6bbf4f32f19e92545f57b036456a38

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
bf74c6174ad9313a22c31ac50a61efef

SHA1
ea50b6a9b5b899b0e500bc578dda1ecce355b776

SHA256
ef66e07f43f80a2059a735977001ca103ed5c54d0f684a1eda04a91518cfcac3

SHA512
bf7939c1ec53fe9e536c92b91f2ee1a7d5d3885d4b2f5e6f5252812d607a36ae47b7f9024625fba460bde195fc33418b8b527ce7932aaa66728141c0713ea170

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
7aba2cd941c04d3dd6217554f3f07dfd

SHA1
22e49380f619d8196bf233d734f6c10576df7eb7

SHA256
29b4e885ccb2e2f55e9d7ccedb6dc5cc21c79ce44eb6c188bee5369975b96b02

SHA512
3ed82c06d2703e285b110136d582bd410b8dde57e1e2ba41c9e44ecfed77ff7164c80d7dc2523604ac2b695b963f149a161a48857ac2780798e6d1951bcd284e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
461475052355a49b061e2b0c29b8ce13

SHA1
a76ca2619c37c2b5e3fb156d5f628053c00e8b37

SHA256
b8f0f28f7c5cffee85accca885d71cec86494945e24937f9207230ac25cc8d9c

SHA512
72dc11cb55357500027a7a2bb58ac35a18a7a8a95b10c892f199a99fad1e8abed0c8b00f199ddad488ae40b2ed88d53b8752844cbc1c27141f394ac120230309

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
c7398a19f52ba29984ad7f6a8a6c0dca

SHA1
3ee105567f7d4a3a710cfd732750e9469ef7a6a4

SHA256
856e816673f97dff3f6f4b5a30cdc3ecb8fae349757526fa7b2114e279f4fb06

SHA512
5e496215fbb9a9da201765966594b17ee18a784474a8c80f913580f32f93963a6fa0e62a5eae5ae405bf8a64b3cde6dda910bb8065ae7e3641c7a38feb3b858e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
5fbc0a5cef9e8c9f39541bafceedf1e5

SHA1
31fc7efd86d696c304210d306e96a2b4fa0ae508

SHA256
75add6e6cffa65eb77b7b761b5ae28c93276a565f550421c2c0b1d0e80ebf24f

SHA512
37b4eb5e0f291081368d84db6416f921c349a8363a19601635c395b8ac703d0f9b5b903a85dc402132a9990ed37874db8d97894f774f0147ed9db59588232710

Download Submit
/data/data/com.systemservice/files/PersistedInstallation5058891959376218380tmp

Filesize
90B

MD5
77e55c36477fe0ebb66d68e8b21b2d0c

SHA1
70a45e0e6d8dd6488769996566a81c42affcd02c

SHA256
2dd325660834a3c68e360cf1dc03c5eb15037ed6bef8368c87211a8caa4521d0

SHA512
271c1e5664cc753857cad3e0a85c10337b443b6602c340fce1e6137800a003c2eb5e74d4d6ff5abda7c50e7bcd87b8be07350f8aecf53390e603704be1471cc9

Download Submit
/data/data/com.systemservice/files/PersistedInstallation6369981330297448078tmp

Filesize
556B

MD5
cd8d4a7f9f638f1ae5a9cda4448e40c4

SHA1
592160917925a56f9ed953cdc21d82ed409a53d4

SHA256
2afae864fbfeb0715b311bed276e922f299aedb021743da4828fb2323eea71f4

SHA512
b15e9c359bba38072af54865ded32be0454e7fc36b8109b6ed44909af2b43bfe0b8c25627d40a69ae92488ceb12dfb2363a549af12c60d5d55439082d151dc25

Download Submit
/data/data/com.systemservice/log/log4j.txt

Filesize
3KB

MD5
caf4331a7db33614a57d764c5b3a77bb

SHA1
9e0008c475e7754b273fb52d5b2928f4692f1c7c

SHA256
6861934d7c141eefeed601b9e9dabc29ca1c0639d541cab20cc74071f43f9bc2

SHA512
305188652d8ea2cb2d14b9daa56e745ba5e30ac85adb1ea0009c8f9e442dcad70d78338717154508146a3cdc5e1d06b5b7897100aef343be03ffa55dcf153701

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads