truthspy | 2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc

Analysis

max time kernel
18s
max time network
157s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
09-10-2024 02:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc.apk
Size

3.6MB
MD5

39fa2c58237de702fc3458251f358cab
SHA1

16e4e5003046f5d07a0fb1eff0dad56d9ce53be3
SHA256

2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc
SHA512

023b77900582d0b6629d587f7411ce5153124cd3870b9533cf9afc5304b874e4353d8dabb7adf8a199768992123e707bc6a87ee682463c3bdccecc8a060e7126
SSDEEP

98304:kyHTjmHgJcyw+WoeX89z6Odp/9hBbW+te6lXhAyHmz:k+jmKcyPsXMl9jS+oSc

Score

10^/10

truthspy banker collection credential_access discovery evasion infostealer persistence spyware trojan

Malware Config

Extracted

Family

truthspy

http://protocol-a100.phoneparental.com/protocols

Signatures

Truthspy
Truthspy is an Android stalkerware.
trojan infostealer spyware truthspy

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.systemservice

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.systemservice

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.systemservice

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.systemservice

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.systemservice

com.systemservice
1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4946

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Connections Discovery

T1421

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.systemservice/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
62efffcb5664d0738ed6aeb22a889f55

SHA1
cfd368d688316737e11c4fa440ac9b6bedb8aafb

SHA256
75adcc6fa9cb04226d6aad812a6088d18eb6b631213afd9732545bf4b12a729b

SHA512
54d84b29d1bac355f81fcf26a026bd1d7dfe53af8bac5fe8dfa27307c6b47db28968025701c476b8e3535ec9a9c226b1aa13c3a2e83efdc30ff2aeea3bf752e2

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
6e6386b28e23bfad0d81601196b44d2c

SHA1
8c5db733447f26e521d5d200ed14e2d475674428

SHA256
2ffa88162b374416ac5f4c6393f0f18fcf4d901ffbec7fbad2ad30c1dd36c1a7

SHA512
e0fda15b39cf4cd1b18a3553081f73dc6f1ac8974c5f09fe651c24347a2cfb75f2b3a44f967be464d748e316f58ef7f347e76fb5dcf34354e250e46e2a3c1b20

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
0957dc9081566cb49f482b56db14c149

SHA1
99a1aff975d4930b979330d8d83453b0b8596adb

SHA256
7e37510270c4b186859bf02e5156ce9141fae5b5c7af31ca5937fcb4a47e3be8

SHA512
380280d181ff92df90093008387ae75c2045c2738b7b2da5b55382aafa1c52332f9f70ea82d606a71b8a81abe04f0d77d16fd75914f332165de71aed03a08351

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
ef2b6f12f780b46caa0f7a4f4189cb1b

SHA1
750da4fd5d5237db98cbde0bbd218f625f3f08d4

SHA256
6cf49bea286acf4d620c0a8ad8c89aa77e77920a11fffc1fe048b798fd1267c9

SHA512
72213931a1583a8e5ab5cdab1a3efcc1cd14ff64e40a4018e8a6ecc94819ee4710db66333bdce83e5677ae5eac65662fc1f19204a400f63bf1f1b8b2cda51eef

Download Submit
/data/data/com.systemservice/databases/core.db

Filesize
36KB

MD5
045489a0639eee27bca52f48828cd93d

SHA1
436e7966e7c019273c44faa4d8c5709b816dfda3

SHA256
0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

SHA512
c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
eb52a90bb70b76e946b62f50b6f7fb85

SHA1
42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0

SHA256
48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4

SHA512
b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
e7b04fd196cf7a338e3b37d713c01494

SHA1
f76303323eb66fd26c76570b98769ea6be88a539

SHA256
f71c2c7fa55fd6b648fe42b722fb55c613f6097416bae0b0be03918f9fd3fa4f

SHA512
cae520de461c038c43dd2fea799d5a13491f3b2b9a249c5b59e0dc4a94a36903616d9d20e72c58f70a5e3233169098ee917f4c99703f22cdc67f17ba7d64fc88

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
23ce344634c74ae1f600ff54008df06b

SHA1
6ffd4edb6c3750257ad46ae0533ec5f79f7c439f

SHA256
e6067169499a0fb3b825039ad62dbc742046cbfcd4a14825510a366e8ff7a93e

SHA512
2bf92187f6c744f6e17d73782981117db473d3b562fed22c0730dcd3b36d398b7cca22b0c45a39ee06b8617686ffc655b99b048417b9c62152fa7012dcae178b

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
3fc646a66c418a0d52f96b48de0a9920

SHA1
0f174fe9d8c1f4d077f56efb3cc0b68e1a149ac7

SHA256
db971fb5b521041942478cb86f18797831653fc3e2415ef56da345de282153ce

SHA512
9c207124ad7af31e1a15e565715f184da9d387d172e419cc92caf9d4d6bb6ae51b30cdb90aebe34b6097f3b76e8e992b0f737a9e33dd051d3e497a735a3dd390

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
e1c9007f639920cf6904bfe934af3b63

SHA1
3cf7fdda50a480745b8ce938698734116a03ad23

SHA256
bd3ba3ed6f6472c8db6ad254afc9aaba1a2775414b9d14013e2e5105b849676b

SHA512
981742e24f619f57233f26e2c8d2d6a5e7b482b6dcfe8ed6bed32b5fa036246556143cc07a466bd2b6d80f5db7cd920ea0a8b25f6ee01a767791e2e5d7d2ff52

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
f871ff700510a56a54fdd56bc41b7541

SHA1
481548c8bc3254a00f497140278597b915460c48

SHA256
ab18f3bb605f3cbedaffc75b2d5a03fe21ab82179d268331ea907bdcd32c23fa

SHA512
12e3d348199566e137f02b63e4c8b4c722aa086128c0f1cea883d512075b8573d40d889d2b4452d9e3d9c02f523716da9775d93750c242a1a2d9e62f50f60fc5

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
de840cf51eb4b622503aea1271fe40df

SHA1
1fbe37b9087eea48e3e99ed6269576936ef3c6db

SHA256
a116c401f2e5e287697ea5a56eb31b3fbeeace13d218656954bdfd33ebce5088

SHA512
2d49a7be525f9f0ab6e9a7168753b56c99ca8eff09ca570743dd86f0653f94be70a038067b769b3c60d2431dee4f47d7f8e8be4535e905325220ffb844065842

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
b80e955ba650f02c52443a6796f2a778

SHA1
dad93bab128d05f9945d71a1096710b17704d851

SHA256
6e970ecd01ba15301508f6aad2776b999def0bc49042a3575b284444f3a9ca86

SHA512
b6a508995c69c10b7032935bc739d2737c3be9dfbd1d73227067c32abd4b269874f4d2f440890abe8ac66dca7d1ec61942850eb21a2088ecb56940705039e738

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
3f414efcb910c05f6818623e6e7e7fe9

SHA1
ed4923380401376d4543e77797ae3df675ff97de

SHA256
084d1fb98458e34d4b49d37af61fbed98881b5cb80933672aba9da452083a875

SHA512
35db19be7fa9ce53d5ed152307a353f73cf75271616ce164ac724caf862499dab123b374462817964ce863ccafa7466ae981ec292849aabc5daec03986ccdcfd

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
5accd90a2e499b865eb973f44e3addfe

SHA1
086de82300ab243642722abb5b00b1a832134fb2

SHA256
6c902768664000d3a7388bc4f04ac238bb021158f62bb3e915b5f2195712986a

SHA512
92638187cfae779847ec4f012c3076c002798ebdb0cabe7d3f586274d2c78a5d989589fbe0b95a4bb6e0825eff6d477578aa0db3899f730b415d36431aa6bd12

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
ca56ae93d1326c3c616482fca6a515d0

SHA1
485c8286cf937d25c0977c62e43df4c424e5a22e

SHA256
39c2faf31ce5d6f52fa33b8ca758cd8d81e09cc87828a03d4cf006a685155147

SHA512
27221efdf2af057d4b5bb35dde2cccf29dc114deafe7890ea02857b53b96d29c8ae7b4fda61a92c6bb6e7e13218cdf892ecacf047fdcbfc67b40a7ae6c2285de

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
c8d89d2c0637190d694fd9eaf2b920dd

SHA1
4e060e4162532eb1d96a9114a7cad34118b7a160

SHA256
35bc13467cb1d434c4a79203a009a4dbd9a037aace750b1f52be0992ec76ab50

SHA512
52ab4f7c0d24f10e3d820520b3d642ac8dae9bd752afa62371cb309cc7efda41501e2fa407d2e2fbbeb25b261241d4832b1ae0fa3dfd514e85cfb8046011c54a

Download Submit
/data/data/com.systemservice/files/PersistedInstallation2920255533151542581tmp

Filesize
90B

MD5
cec06677ace8326f7b72cfde44a66ff7

SHA1
ceee075ca7e590b4286b5fb177e813d3fec93b45

SHA256
4d3d160fb4b6715b20d86168ca986f8ba8856a5e525e2c7bd75b43075b9475c5

SHA512
a557909566e3a4e5e175d34dee5f6f66322d290a4c099935df0e5a86d80968aedce63a4ba6a58caab201908cd9734818fdd04ed754f45dfc52ae01b61623d32f

Download Submit
/data/data/com.systemservice/files/PersistedInstallation5894248514233645263tmp

Filesize
554B

MD5
06fd22a196782aaac28f213efa9049ca

SHA1
792eb3ee40a8cb0de7759a845e3dbc7c0f713178

SHA256
b1ea6f1c42706bbc4d80f9c0c668b94e82f374c061bad0676e79e6c9b0b2474c

SHA512
87b53c2afbfba4a330909b4ef798da0b1dd903e198a16735d2195948c69efc6b634d2105d9bfd1d40bb129132a2c5ea417ab638ecac5533d69824527b9665b87

Download Submit
/data/data/com.systemservice/log/log4j.txt

Filesize
6KB

MD5
efc58aaf97fef25478ffea93e0064397

SHA1
649b51a07f61d61b322cc96fdc303c7c8cdfe73a

SHA256
077625cd3e88e148256d353caa13b13b586eb603d798e2053f0ca8fda96682f1

SHA512
27bb6e9b9cc0efcc71d930a326970c5da4c9c18d169acc15b2535801c61e14c460ba8587d7a32f8ac7b077998a52ec8823258c8349861f0e765fc15fa67f36dc

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads