truthspy | 2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc

Analysis

max time kernel
17s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
09/10/2024, 02:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc.apk
Size

3.6MB
MD5

39fa2c58237de702fc3458251f358cab
SHA1

16e4e5003046f5d07a0fb1eff0dad56d9ce53be3
SHA256

2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc
SHA512

023b77900582d0b6629d587f7411ce5153124cd3870b9533cf9afc5304b874e4353d8dabb7adf8a199768992123e707bc6a87ee682463c3bdccecc8a060e7126
SSDEEP

98304:kyHTjmHgJcyw+WoeX89z6Odp/9hBbW+te6lXhAyHmz:k+jmKcyPsXMl9jS+oSc

Score

10^/10

truthspy banker collection credential_access discovery evasion impact infostealer persistence spyware trojan

Malware Config

Extracted

Family

truthspy

http://protocol-a100.phoneparental.com/protocols

Signatures

Truthspy
Truthspy is an Android stalkerware.
trojan infostealer spyware truthspy

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.systemservice

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.systemservice

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.systemservice

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.systemservice

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.systemservice

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.systemservice

com.systemservice
1⤵
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4265

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Clipboard Data

T1414

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.systemservice/databases/com.google.android.datatransport.events

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
06add35d519eeb8645dacca93a02a66d

SHA1
64ef3782ec5b26a499bc20bbd6cca18950a60edc

SHA256
4b69a1fcb17d24d4f612db53449f9287e9e2b45cea9e1183e5270d4eb1a4c98c

SHA512
67adce082d7a78cd40b5becdbaed6c615bf63c3a46524f68f778a6508583ad942b2311001692b321c2ddb79ba712720d7cc05e1eed8caebef9896adabbae1a58

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-wal

Filesize
68KB

MD5
2604c5c30a795d1a8c8f67e7378c9542

SHA1
d3c89579fbdbf571c2dee4dabb1620eb3b308825

SHA256
0122845efcda114c6b991b91fd824079209ccf73d4723273d9021707bdb44f8b

SHA512
72bbcab2fd4b227ee01a8673de23b02d01ccf4245d72a02cf491a40d8de9b521114a763e4d1ef44721138a8489f093a336dea0500f380fea2a64075f479a4723

Download Submit
/data/data/com.systemservice/databases/core.db

Filesize
36KB

MD5
045489a0639eee27bca52f48828cd93d

SHA1
436e7966e7c019273c44faa4d8c5709b816dfda3

SHA256
0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

SHA512
c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7237409e0640cfab7bdbd429bf821a3b

SHA1
4c3da934842f8d4835dfe2a9c275a300e5123309

SHA256
5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

SHA512
c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d72e7643cdf71ca307fbf058d62d2eb8

SHA1
4be26c41c3a3cc0c42ed527d9671f1ec234331ad

SHA256
58028c1ec1d0497c3f0b928c8eb4051e356c251a3dc55cc91c9cd616fb0f5f58

SHA512
f7bab0541e0572690bf0b90f05faaf73b98c469b87fd7167384e5ac2fa015780392b35ce88f6309a949d22694151e0b7e42fe78f8783d0bae44c8ff3cf71060f

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
c44f9b3d35ccbf16ef7446a290c45fe0

SHA1
4c991b1e6182f68ce9f02ffe6b4014392f51e99e

SHA256
50391ffba27192108106bf45bf6c36be3d577c0f97af8eb16e8533240646ad90

SHA512
f54b54a201dc752834458814ebe2ad1359ff651e986cd7828bc8ad03a859a9856cd825363f43dd0dfd4f7fae57e774a9d063bb97ba712fcce04037405cf2e33d

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
630255d78003ce58562966b768ac3799

SHA1
13746c0ed437462c6a73b3bc5623fc742629d561

SHA256
bd29b714f3f4c8da3e8a8587e55201690aae9a10e405b759b070f32d6a534fad

SHA512
1304e6e2f6ab5ce3aeb3bc93161e7732338fb86063c0e424f5d6cd9253d21a887f0cab8978516379378c6143812b1d00fab518a72bc0f1114f8210fe785d6b13

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d8dbc4c1c27baf09d794d9bb6bdaef2d

SHA1
788ab4b421880ed14d3bfd8a473d13e10a408a25

SHA256
a36a4ce28112365da2098e9e3d3c9efba2b3f73790d4e1a4a19711dd630d1572

SHA512
57ae750a7cf709f35d02cee08d68f8b3a2f8b5da439bfe60d8163284986b6a67c8ab28a229c93f52513d4ced9eec8bc689783f423f264382e4b4db437f103483

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
835cfc7decf507cdc5e54f602e3f9699

SHA1
4a55d424cb32e766554672cb2d0b3804fc47552f

SHA256
29257dbf2b37d226ace65bd68d001398801235d93ed830a35435bd4bab4de852

SHA512
2ab470c2200d97b545693a4cdc661100e46b0299f3d3890773681bc5f22f29eeda6b6a83a5c627fa22119726f3ce78d40021362a3f018a4f3afb4a08476c253d

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
426e375eb81cbb4110657e033e6c5af4

SHA1
1bebd598da5d71e2f1b805a9e3181c3205a5c06c

SHA256
1441b0f373a54d68df6ff950e93543f5ece73313d46ba4137afd5fe0dbedf252

SHA512
330a78942a93d626989ef1b15603fffd27c0cd40de7ec2ebfea37cd998d40a0401c9dcb7585fccad1d84e6449b90c5a92adc6719de21888113e58ac458f2c874

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
0756968385564c46da325f3c2cf42ecd

SHA1
f8035b7612a57e5386257364d9a599c9f21bf8a8

SHA256
40242f4bc11c9d898942e2ee547d49d0090e5b55a86ffe269ba6a37b294c33e8

SHA512
2b64c4845b65e54e1268f0031c656d16aaf0cfe839525094df08c529ae97e586d0b3027465c5dfa0cf1a693fb14e35f40b4865c5521d106e4f805026889e1412

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
04df30ab72fa8cd5f0ba7856e671c686

SHA1
993920dd8133ec55ab167b314b4ef2f867b57bff

SHA256
ad0600cae849affcdd220c998dd51bed8977c0431074bcf2e8b5a4853771bd3b

SHA512
dfff82228d6b4ce0e25a107e739bf402472e0204cbb34987d1ff042bab353abf4dd9260dc8cc03546b288f05123e1aa6e818f24ae810e8324e922e5cfc3e9cd5

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
9447af0a0fea650f04700626791d8b28

SHA1
83e4c3a260ac45a1410786a876ae6c78607e7905

SHA256
c37c0708ca0cfd9950b6594c5abd30471c86ff8ba6429fa26a4347a7f2c351bb

SHA512
458e9c591f2c364797d483cd7e4e478a4dd98a2ae012dbbed55baa9e1af9194db5d4c001b5f44be843c5e059dd4ffdc3237f4829572b4940e26192c7cb419728

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
aa63e022efeb018c7367ab59cf59cce6

SHA1
879f540a15b87fc3e498befac418eb99c75e0372

SHA256
3ec8d8d0c0b28675913437940f3bad5c03589fbe0b265172c9eada8f20d06c1b

SHA512
398136f73e647741fedb30c414e4eb33ca679925c55b414217719f26fa890b1dacd2ca5521bcfc55db0ae64119f0bd0a245527c99fc417fa43e33a3184668a5e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
030fa2554da99f8b4b3042e74c8f9ddf

SHA1
22c7c5bdb1cdfb7d775129343369d072192727f3

SHA256
66df1fb228e7e812c7c25ef9ba3490f33a55303430e73fd2d613a97567a42b1d

SHA512
7ebd51a2d03c02fa550f3d1401a39917741b999f3411c4ff7bc4435ca5ff02c8f7626b1840f4a0136c444ca67213c923e85e2f1df681219c6a99380925824b02

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
a1f78fddc25352d226e24a89c45c63fd

SHA1
7f2ef2d3d0feb3e16f37ab0d0a62402290f8ce95

SHA256
e436d3d8a512fe800925bb75edb8d99525eb6318cc820fc204cdb89d6aefcea7

SHA512
b896f574709e5d5ae1fe614b9832ba4b864b5b9e941b32f53614127f3f19b646f15052cc812de087813d3d10c24c4430a169106bc604a8756f58a556a7d36d82

Download Submit
/data/data/com.systemservice/files/PersistedInstallation2341253343758093644tmp

Filesize
90B

MD5
c0be9a6a226401b1278af22cfdb6cd42

SHA1
afe088578c5bf29a5e60465a64cd66414ab78e7b

SHA256
e4093d42f163c224a309f2bdf5da98863b5f99acb23b729b3cc098e24583b39f

SHA512
bf1ff02959dd6db9fe10840ced3f8458ead110c9d7f8a74ee4547ed9781e1fc356001197dba75e9b01c52b72056bb304247b8481a1920975ce2d2dd5e3b0ce30

Download Submit
/data/data/com.systemservice/files/PersistedInstallation9042042476459684014tmp

Filesize
557B

MD5
656e5fa8f6013be2589b50fe15b79ee2

SHA1
4e7d27e413ee14765fb7cd37840b940e562ffe44

SHA256
cbc4ea0a97f5007990a999ffa1cdfe254702766ccaa677a694336ccbd067510a

SHA512
d5864faff179b98a2b0a87e8c2fd53840ce07a75590d0daa2040b6f5ca2a3b4cc1b9a6a97a3e83646f1f4f478218e45a0b89c581a51c607095040dac54fb1059

Download Submit
/data/data/com.systemservice/log/log4j.txt

Filesize
4KB

MD5
709e3cf6d68b14a47046f6ac9ba21167

SHA1
ab8c2a98eb05eb8359d0985fef24433bd0cbe2b5

SHA256
9bcc534b4de93d6e3ccce663b0c6f047a25bc0caab168a9f4070ca3279409e14

SHA512
a900da723ed36430b7bfd8a478e9dc9bf7f422de4a4e8f32327cadee10a94d9eff319b11b981ee793d03bce4cf9574e770174bd0001b4d4b07b858b3e26602a6

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads