truthspy | 5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb

Analysis

max time kernel
22s
max time network
153s
platform
android-13_x64
resource
android-33-x64-arm64-20240910-en
resource tags

arch:arm64arch:x64arch:x86image:android-33-x64-arm64-20240910-enlocale:en-usos:android-13-x64system
submitted
09-10-2024 02:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb.apk
Size

3.6MB
MD5

d836feab9d4bf3c6cf086bdc14724c8b
SHA1

c837cf7b181679a0081165e5fe4aa0eb94f748f8
SHA256

5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb
SHA512

8c7801c5f1d8dfda39e0c65bdbea83feb8f217b41b69a245d01dd9e983a6a357c8b0b2be79123bed07e638655fc66ef3a093cc01be68c696ecfea5ab6c692dad
SSDEEP

98304:5s13ZL3Vf6JqeomaMDmQZ75ub8GoRJ6Odp/9hBbW+te6lXhAyHzwI:eTLVf6JumaMiQVWovl9jS+oS4I

Score

10^/10

truthspy banker collection credential_access discovery evasion infostealer spyware trojan

Malware Config

Extracted

Family

truthspy

http://protocol-a100.phoneparental.com/protocols

Signatures

Truthspy
Truthspy is an Android stalkerware.
trojan infostealer spyware truthspy

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.systemservice

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.systemservice

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.systemservice

com.systemservice
1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Queries information about active data network
PID:4484

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Connections Discovery

T1421

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.systemservice/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
8b5979ffc6a42c23977a407245c87efc

SHA1
d649f6eaa66c734952c6cc45a7be903602e6c0f7

SHA256
db2a9f15d13efb5ea4b80dc3b9b29df8922925fc8e5389089cfc5e48e46f7f9a

SHA512
d592c606590138ed2fd3b18f408a67d73a08e2f91f48d02181df04f4f05df3840ba04a21cb4707c21d03d3998a75b8ab3139b7ced576f3f0bed8738e167051a3

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
75a33bc7ec9b34bf3dcde41b11567e10

SHA1
eea222fd59272e9e646360cb0e63ec5529600441

SHA256
9ee308c8f297a351760562afe889de7b533c5deaf4fb164c37e5ccd5987f7a91

SHA512
05717765609c0cb6bf2512f6e852cb6a3765522f708b5554f0cdfc5afdafb1a7087aab631018994590dc0722efe7acb67170bee3af3af97a7d9190c66ca9a3bc

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
9cc1531ed5f896fcdfb0e22a141a8291

SHA1
a8171a845f2a5c99c5778d7ebbe5ef92503a3b05

SHA256
2cf19491ba7782270d60a96433b4c1ad89809b8e2e7763d09a9bc1c7e75c21e4

SHA512
37bd020d2d2ca99e4e12631ae3360b377a51d3394669030b3de2fc6ff56ef914f75f68d76f577e36c4221af5641ad91fd3e854173a333acd8fcfefb95d65f10d

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
f14bfd043ed2565b8ba0b7b4d7422473

SHA1
d3ddbef05a662e58a0a7d1b0aa78241e7695cf26

SHA256
68cec5953b9ba2f04b2e9380a5543e070a1ad8edd2109e28266dcc3d3bf85738

SHA512
e1f3bac0147b56762757023d5262e38b7eecbafa115320c7ab50b9a27e5accb0857538a4940a69e79a292dc7bfd71d8ccdde1c3b35d362b59cbb185eb1fd9e2a

Download Submit
/data/data/com.systemservice/databases/core.db

Filesize
36KB

MD5
045489a0639eee27bca52f48828cd93d

SHA1
436e7966e7c019273c44faa4d8c5709b816dfda3

SHA256
0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

SHA512
c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
62ad4a05cbdca7f47b3206b7dbda487f

SHA1
4f4044cef7b7b1e5c6184ed9025267fc92bf0cd3

SHA256
18b909096c7c61d51ab076ae8e562effb0d4ada28e2a4ecd0e6b88ef58f6b2a6

SHA512
0936531ed1b2b356a247123200739a43cfc765469ab47a424dcd6e3d1176092a212b0a28591d07f8c2d0cc9d2e0eeddfcea8dde314c2f9343783c61075b071a6

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7fff944ca27c3992ece903200008a16c

SHA1
ada6dbd82d6ebc5e65dd3fe816d3c9ec79c4cc3b

SHA256
390715c8b7b358f9cee46f81926beeda5cb69578309cd931eada21e44ea5ec7a

SHA512
06708a699b075b4781041a36633f5ee6dfbd21857f48eba4226cda9ca93fc5ecc669258d6cf0253392d10d0367fd823a5f52623db3f6e5c76f95e291e13671df

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
0b5f235597a888ab0b221d1b6255a9e0

SHA1
e6400a49d15c68954bfc482c7d63479aaa540c24

SHA256
f45f4c74af58c19d7a3a270e81ada9adc8330fcb0eea47acbbf4392574f342c5

SHA512
87df8778a9a0fe5ef2a80e8aadb64ad12aeff5960ddfa2a806b4076a068d3aea7ec39dbdd394392e4e573c524ea74c6669dfadf3c12a87f096777fc24be7c479

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
1e538ad35498621e08f02805260a037d

SHA1
7419c56afaac7f57bab573a2d13b3d81f3306a33

SHA256
c0150603ff50fb5bbbdb769d8d6d60618485f55ae6a034b684fb66680d13e4f7

SHA512
3c66634e1103cc8cca704ebf6e21239e650a80f11938b005166a148e8023ffb6e7a057c9b6a371ef28af9e21a71754b4ac9a258c9fc17b524cf44552394702d0

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
13547ff73d3be555962c3d5e2fbad88c

SHA1
12acf027a1186153d8f114aab124c72e30201a91

SHA256
02fba5954c8f97a9d620bd49532c3ae03211b8d9096f59e43daf1daa5bd7a165

SHA512
3dcd20ce0efac90cf815ce0b969791af399ae5d5135f5959ea0a9a1f4f4c5a8b655d9777b6974ceb1731006f660b68cee6193828e7bec7bd91bed5570f3c2813

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
e3f13c7d7678604e5b293f6672bc0ed1

SHA1
b16c998ac7ca1db79cd4983b207a292ac1d96e21

SHA256
486eb5bec4ec277ea7b334a0d0e431e5e62881d3462903e8294640edbe96b2e3

SHA512
b63bab85a373912587e78dfc9daf8b4168a223c7af08fb87de8140d66b9f35042052d2d25694e4ea7c9f2064107e5471318b6dcec39c4e3dc0aa352627fa09f4

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
f393feb9e6078f8d03dfa1e0aca437fd

SHA1
4774ba7b14d6da5f3a3ddc2229db0bd717fa1e80

SHA256
f035f42a13ad4f9a241ab0de9d71fb573f8e5c10f714941cadbb5a27e05fd850

SHA512
a4abce26f8499528c8f6c3b054d85ccf64318d3a5d5fd3cb2f8c84519c75e2ff015cac61d8fd7017bd2e515cb958789a88350d42ab7d8a18fa758fc9e681e815

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
d3681451d6ed9c59ea90618983a508c2

SHA1
455d26d6e1c62e46961a6c62a82e369ee1b73c10

SHA256
1dd1cebd64ffbdcb774a6bae88eadfb0f1b8e1cbdce909b468bfeefe1a7342e5

SHA512
ebdd255d8ab6ddfe13f53e7e2804277428b31e8fd9dabad02dded73bb220064d10c9492b4593c769068481d0dc44bd0ea91d0d97caf3f09a5f5606c98050052c

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
78f4341b609a5a345f973fce017e88bb

SHA1
b957753d326f244d4eded3c3298d226423360e21

SHA256
cd2c6f9ac465a48a80b76cd6786168aae485427a138889d86bff34a41d84acc1

SHA512
171478093f0a1303117d6c7334a88716d901c9260ad8efbdd97c1b62dfb2baafe706c9f9b3bd9c86fcdf09f154a9384f8154eadcb192f13eab5fd2aad54a77db

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
c3deb52fec1e1d0f3a49e339817aea5b

SHA1
13f6084ca12ac88d98535b98bcf785401401289a

SHA256
c9d62b1d92484cc6419fea1ab1d696d1b6a25d5cb5c0c1021749ef4d2db50950

SHA512
488ca56c4f3f478f6e925c546beee8e84940c4c045a1690857ff65b58655370812decbd73d734b04efe9b47e7841a975512d1c7b14d5f3ba0b46c259c9a518e0

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
4c07dde9b15e91c935ab764c4d6a87ea

SHA1
75c9330bece2a5a89209ae6e8c4a1efe78a78d51

SHA256
fb571aa566946165ec430194bfdb5f7452b1e1cddca7f21e8bdc5582c89bae17

SHA512
35fa1a090a340da87552d2e2a0592ee9d3863378d3be95ece0cb0c858a2228d1e248c428ea4c63186b68afe7768c2810c18b127070ee30d95ed35b3dc2e024fb

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
1e1d63484ba907c0bd58941cf0328fe2

SHA1
3b1a9d702be82d23d5b6280e366977b1bda7d30f

SHA256
23bf802fbb1a35e51bd0c34d6e05e4482e51ce3d97526ea4e0b873ee9e3b2ba6

SHA512
a8aee6d21443090a106c5abe895ed7b7fc4136aac00ab45d86afac3960985ceb420fcf41d5454ee7e046dd58feac3fbd9e9eea8b404b168dfffdc37a2b308a88

Download Submit
/data/data/com.systemservice/files/PersistedInstallation8167221137352964313tmp

Filesize
90B

MD5
84574914b57033a07de40347e3137ae8

SHA1
aa6ec5532638bac7e105763224a4e525ae0eb2f0

SHA256
54965469b88a91ad3bc2b413df1acf3fd126b918d11f1c5fa0a75df4115c084a

SHA512
2465e31434edee5274363be328c9ada81a768854113904c7e26988cc73e4629055f572ce33efda3af39192bd1f687a7d27284cbbb7bfed7829d1b16312dd2ce4

Download Submit
/data/data/com.systemservice/files/PersistedInstallation9177111138215773013tmp

Filesize
556B

MD5
1770678cce446a66cf15a6556c3cd365

SHA1
2c66723978e86aafabd6318f986c45c69b983ecd

SHA256
e7b92e67e67cc841a02ec3b16aba0e31290e7c7e75537412d446cbc5f7624e48

SHA512
123ca471491c8bcc87e53537c0a08dc9889e38344868bb89307a06c9c948e9a98ca252081ef17d77832313c3a8c583715df1edaf3b5c76ec4288e73c15136b3d

Download Submit
/data/data/com.systemservice/log/log4j.txt

Filesize
928B

MD5
59ac89c0d22e74a06c24a8a8b2a961b9

SHA1
f3f41257553618a6ae3d8e15c0149d2e7ad1f90f

SHA256
120382cee54c8820d78d4905eef39fe5a2b98eb7a9fbb2b2874b8d20e63413fd

SHA512
8e056e42db9713c87e55a4db79cd59141a5f321dea334e65505d70f2ea672c5a3b355f6be755723fa98bdf978b60ae52fa55b474b41b0840961a789415a72bc6

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads