truthspy | 2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc

Analysis

max time kernel
19s
max time network
132s
platform
android_x64
resource
android-33-x64-arm64-20240624-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system
submitted
07-10-2024 02:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc.apk
Size

3.6MB
MD5

39fa2c58237de702fc3458251f358cab
SHA1

16e4e5003046f5d07a0fb1eff0dad56d9ce53be3
SHA256

2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc
SHA512

023b77900582d0b6629d587f7411ce5153124cd3870b9533cf9afc5304b874e4353d8dabb7adf8a199768992123e707bc6a87ee682463c3bdccecc8a060e7126
SSDEEP

98304:kyHTjmHgJcyw+WoeX89z6Odp/9hBbW+te6lXhAyHmz:k+jmKcyPsXMl9jS+oSc

Score

10^/10

truthspy banker collection credential_access discovery evasion infostealer spyware trojan

Malware Config

Extracted

Family

truthspy

http://protocol-a100.phoneparental.com/protocols

Signatures

Truthspy
Truthspy is an Android stalkerware.
trojan infostealer spyware truthspy

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

Processes:

com.systemservice

description	ioc	process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.systemservice

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001
Acquires the wake lock 1 IoCs

Processes:

com.systemservice

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.systemservice
Queries information about active data network 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.systemservice

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.systemservice

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.systemservice

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.systemservice

com.systemservice
1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Queries information about active data network
PID:4352

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Connections Discovery

T1421

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.systemservice/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
f7331c78bb30cf7e56c8f4a4acb60c68

SHA1
fe43fd2e734adca4196b2bef646701983ad0d598

SHA256
b68632c5a60863d82730ac92a5ef84c54b995a05ce9b9fa49561ab37baeb0d3a

SHA512
f45d36962861e369a72326e9ca5e674bc7043d7e7538a91c2ba45bc13cfbc785718845f46b059abf849f53c25e74927a32a93931e59c99faaf1e8f96994b8f66

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
8ed71ea2a256250e392f4e0102ad5e76

SHA1
8cb8ae8078947c7346fdd0856a78b23781213350

SHA256
5ff36a1d9262e37b622d8e7348882d16bfad38490e211064c2b8d432a6abd4db

SHA512
31130e1f041c4a7e56d4cdc60425ba8f78d4d9312e9c7a7862ed8bedc546146142a3761f877396e67416f478215908faf460f1e8572e8a41441460fbb6d3ad04

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
5662c5cdf76e7567500a41451f6f7a45

SHA1
d0996dcffd4a738c66346ba25b764d1da68ffbb2

SHA256
34559c13fcc2db6a7752993c918ad92fdb03d1a470bcbd3e0401b6d77ac8242a

SHA512
139d8f6d25313778b687a4502dc329aa6a1951c424ba49a029c369bd363a0dceb1868451c404b9c00e492ded82dc644c0c056735e791f731d2533ec072a31c2d

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
c219de913c5be7d5a715f75348a0be60

SHA1
b1a791e641fdb844461d4b489f119811689241ee

SHA256
24a8b125313733d1f861c5682ca293708c404b62c859273b77f8d2eff27d625a

SHA512
2025c8bb62607cd17346fcd41e652f5cdbd8c40604a4922a06ae76a149238f21ae1dee5f803bf88b0c1750c08a034d997e88e317be51f74a78fac28efc655378

Download Submit
/data/data/com.systemservice/databases/core.db

Filesize
36KB

MD5
045489a0639eee27bca52f48828cd93d

SHA1
436e7966e7c019273c44faa4d8c5709b816dfda3

SHA256
0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

SHA512
c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
62ad4a05cbdca7f47b3206b7dbda487f

SHA1
4f4044cef7b7b1e5c6184ed9025267fc92bf0cd3

SHA256
18b909096c7c61d51ab076ae8e562effb0d4ada28e2a4ecd0e6b88ef58f6b2a6

SHA512
0936531ed1b2b356a247123200739a43cfc765469ab47a424dcd6e3d1176092a212b0a28591d07f8c2d0cc9d2e0eeddfcea8dde314c2f9343783c61075b071a6

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
fa68234de7b971061f05359c2937dc73

SHA1
c01b7152839726822c4e7ea6cad122f3739b0378

SHA256
dd1bc1126b164724c63a38c75d035879b00f9a286f8d9306e05aa9a083b25f54

SHA512
cd15413ecce594e854284b2325dde45502741c4474b0796d59d572e1ea4819874a455923698406a7797a67c99d4a10faa150e35c7921c8528f701800e2ee0c05

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
575adf4669ebf57427c3965852115394

SHA1
80b654476e75a4fff51385e29800e631d40de33d

SHA256
ef860ee58acab7a75a425822198520452e10519797c275602d88379a7a03967c

SHA512
8b6c5549b2d8bf5bb521aace75832e945d258be290416fea814b0044af8cd7f2666e28f3deaa9985aa013d1085afaebf142afc285a886f7b64baba44389f6b7a

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
0dad91d5c0dbd887d184bb67a1992e17

SHA1
0af39f8a496937ee825238a3e651c4486f4c2054

SHA256
5cb15194a079a9dc472bfd166b710f913fd60b35f6b554ec69fba2e867749462

SHA512
144a9ccf77b4851b5a77b8e422c72cb614f33fd2b8eca2f3c2e20b29148a9b888e93b772dc2e38f68c0b0bf682d8068acd54f9f8bb61c76d58c9375f54a49b61

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
8423986288a0cc99a3e794e287de1457

SHA1
2c3b0a31fc315da4e3ecbddf7023e0c8a69e0692

SHA256
f253a5e3b339aa27fa337dba2645eb97fa691ed1f8cb0bb690b0d892a35044fd

SHA512
5053f7b129d09476f521683abd3ed32e33cc2084cb03b1d9bbf0a64c0ad90dd4641e1f9a075842beb3a2e801a9f0f962a60eec1118b85a828e0436418b0ef733

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
e3f13c7d7678604e5b293f6672bc0ed1

SHA1
b16c998ac7ca1db79cd4983b207a292ac1d96e21

SHA256
486eb5bec4ec277ea7b334a0d0e431e5e62881d3462903e8294640edbe96b2e3

SHA512
b63bab85a373912587e78dfc9daf8b4168a223c7af08fb87de8140d66b9f35042052d2d25694e4ea7c9f2064107e5471318b6dcec39c4e3dc0aa352627fa09f4

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
88fc81e0f0e959aedd317dc16f0a8443

SHA1
a0c3033bb3292d34aa50de9d1fe51aed1ea7f2c0

SHA256
9d69c3c341dc62b921e0a7c75eb6bd3bb0e8429a3208c506810ffdac01aa89a1

SHA512
5edce00e8029c03025551ea63f35801172676cc06824a42f0ec2196b490424a9686d4a3c44b21f246afcb00c336bfb652d91c1c0da4a80da0870409355ae34f1

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
44723f8c07bff728f66b2cab5562f199

SHA1
d1159697ba839341a3d18ecc690000dca206e1a7

SHA256
7a8d523bb55b634216efaa12d20cd535c4294227aec51865d94f62c3793dd955

SHA512
8f758407cea9742b96e535e4ba5a246f8c9bbd7c57356948efdd9c52b6f449bf2fe12348ffc2f3b686fa30b62653a725fb92118f3f1975df56a553237ca8c1fc

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
1a07928207e04676e327cfeecb326c94

SHA1
2c966ffbfb8f87174a9f8e3131e61e020cf7b822

SHA256
19385688c1932719fd2499636df385fedaea5b3c4cdd05553c4378107731c7b9

SHA512
c701608ecb51658fa2994f735d00a26eed249b20cd1085219580c4152595273ac26b5a7f67af1843ef1b0e4e408f27916df3d8619b93def76529ca558cb30f9d

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
8881f9129d77f564c995365eac391137

SHA1
5270697a8eb7ff29c95c748ad6b259f5ac67bdb0

SHA256
9ddee0d97529e63f4add0f25ba8b687001758367bc9a25158a5078204ff7702b

SHA512
a42d5164b91fccc241903c5b87cf661909af79992410f399db7aefe5763c1b33bd166b6e4ad841ade799507bf9d015e09cc52e7e1c5e96d1d114d8d691f854d6

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
76962289151e6ef2a1140d4c29fca4e6

SHA1
ec5c3e77689f1936ae1c267e58c8e182e9a6bf3b

SHA256
9781c6465d0dca7521b5f1d35ea09cd4813b4b18c6532ff04ec92b5be800fed0

SHA512
1a0dc97387ad017f555c2c5dd68407a9c7cf836e59a380a09b6824028a0126b6d07bb4457fdf92396bced20bfb60a3dd62a2c6bd10dd528f949fe3c5fd3e600b

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
23cf6b3b2b713392f9295adde439372f

SHA1
956bc983d661037ed6c6c08f6cded90ae066bd58

SHA256
a067e373229a1a0f7f121ba113b97b078a360ce6ba025cc718ecabf361d691be

SHA512
c9d8ce6b5bf2f86d87cfe2a3873c7baacca4ad1caac76fd24c2b1f42a985d5349a6645bb96f110eece83e2f9966695060b32f667c4048eb59c82e40bb2c8f6f1

Download Submit
/data/data/com.systemservice/files/PersistedInstallation1374441163174137861tmp

Filesize
90B

MD5
907f64b58e0c90d539e877204597ec83

SHA1
ca1b60df95a2cc633f7965e86ea40712f62d644e

SHA256
afcbd550e2bf343538339e873b572dcfaaffc5fa0ceddfcca1e43bd9deed37de

SHA512
52ef03d635efff621bc072672181cd26101023f4fac8e308e79abfa2d69b7b930817cda6b5fa1c6d80bbdb83d1a7a3c1f9ea25b1d4c2cb228c96cf8bc772d0c6

Download Submit
/data/data/com.systemservice/files/PersistedInstallation1740912823504380315tmp

Filesize
554B

MD5
d1653a1d9c5ca4dc4bb039fd7c6753f4

SHA1
8d68712e65d2e38e678c0c4d852199d5c76d3578

SHA256
f896a904b987ae5e40223f6f87ff70af6a8f2120ba5349caf432a40bdf2e662f

SHA512
c678961d54ce9b76ee8fda6ab846a891f18dc0146ef1580bd1ab6946e47ed7cbeac1100a69c612483506b61cbe06674df5cf72c471e83ca10e1c41e2634d1ae3

Download Submit
/data/data/com.systemservice/log/log4j.txt

Filesize
3KB

MD5
7b4f56ce291e27f695382e7b0c8267a2

SHA1
990a651de9d10de1887ae9c31919bee7a832b993

SHA256
8c30915fdda11b386d0a2aeaec4f493497dbd487e06abb52246ad34e554c092e

SHA512
fa7a63f57c498cb63334dd651405f4c9f2518ef81f04a3f2fdc24049831c2ae35bec55523c05b99e7839e3db03ef0d19fa283ccc76911000cd370777c5d2e5dc

Download Submit