truthspy | 2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc

Analysis

max time kernel
17s
max time network
132s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
11-10-2024 02:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc.apk
Size

3.6MB
MD5

39fa2c58237de702fc3458251f358cab
SHA1

16e4e5003046f5d07a0fb1eff0dad56d9ce53be3
SHA256

2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc
SHA512

023b77900582d0b6629d587f7411ce5153124cd3870b9533cf9afc5304b874e4353d8dabb7adf8a199768992123e707bc6a87ee682463c3bdccecc8a060e7126
SSDEEP

98304:kyHTjmHgJcyw+WoeX89z6Odp/9hBbW+te6lXhAyHmz:k+jmKcyPsXMl9jS+oSc

Score

10^/10

truthspy banker collection credential_access discovery evasion infostealer spyware trojan

Malware Config

Extracted

Family

truthspy

http://protocol-a100.phoneparental.com/protocols

Signatures

Truthspy
Truthspy is an Android stalkerware.
trojan infostealer spyware truthspy

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.systemservice

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.systemservice

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.systemservice

com.systemservice
1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Queries information about active data network
PID:4490

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Connections Discovery

T1421

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.systemservice/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
a4094728c05e6c4e23d5a94a71726086

SHA1
d0767830c324902eb401e8e81fd8f4188e67168b

SHA256
f3d5eb0ce344644be7f35b025672ccfffe36308ef7ac70d797f38fd047abf7f4

SHA512
85f9133b99973c47a073e8ef97e42e57725a1c5e8a999e35f717ffa3d575dc3a567f726e82c8520387e2e91576a76448d446b446256a294fb6752e5f59413c0e

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
f14a680cf0fa585b98aef4170aa3240e

SHA1
7323021d15873d2e1c27648a084964b405911c0f

SHA256
6ca88d683cfff91ddeb176682a1f9e49351b580348dc13b0f791c62701837dee

SHA512
3a82ff8961e7742a92421217253ebd4133c09b0262b395fc034de7d4b7a9229e20347ea86106f2cc214b1b27a491cebf450c30ee383ac54a2032518ae59f2f02

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
8fe2340e781de986a21fae54acb2896a

SHA1
3af0ee46d5055cd15d2f2fd07620f0e18a883752

SHA256
4106962f6bd4951fea847d3658ca4c8ff92c31066beee9a16ad2a67ee36d158f

SHA512
883e0af531ac7cf9dfaf7539646ac47bfa3e6d4f87bed2057db5879aad68fca6871755dd82e932f9d630b972577b8f75fa0f25fd99cc3ceb158bd7606eeb903c

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
425314ef049ef6815aad2b4d9716e95f

SHA1
6ac5e2d87b39f14e01271e181e9a48d994c571e4

SHA256
32541c212ecbf5435400a8018ac4044ceb899b2b450c79bd90dc68535c0609d5

SHA512
9ad3e5e1943c1a7bd4c4aa7c6fca93c07087ab695556b9b33200c4a820f93202c5408da6019e819d611dd672e742e0d7a0739c3591f043db996ae378035a610f

Download Submit
/data/data/com.systemservice/databases/core.db

Filesize
36KB

MD5
045489a0639eee27bca52f48828cd93d

SHA1
436e7966e7c019273c44faa4d8c5709b816dfda3

SHA256
0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

SHA512
c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d9cf75fdd1c2292d986f6c3d5d60f2c8

SHA1
07ecb1d3a26d952ae5fecf54f36699ab498510b1

SHA256
2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a

SHA512
442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d0fbf2947e7213c6afb6332b485325fd

SHA1
7d2e7f5a4ba4c4e9dd254f24ac982f065e278445

SHA256
567392073fe05982a967ecf7bf25a293c03f298dafcb06e7172e6ef6d799a238

SHA512
5b88e2d2a12b18c15b5f1a627dfd2ea4950bba7a604dba9dc557916ee723ab0ec350981d5bc65dc294f8a4cca25b99a1237926a7be0c52c19a92c5ab323b395a

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
1116074a8ddc2b95fcd10c0183d7cc73

SHA1
9143e8362ed8b0d39bcc4eec8112b8b206151b7d

SHA256
4f0f96061e35cd9469f3538c61500c45a191401e1623dc9bb19fbad38957c11f

SHA512
e691efe4c3666b8fb8daf4923658f1faa9ee8cf6ac814d2a67953cdeec4f633b1bb9a4959d20eeef4a2fc24be042262db2788561541077f41ced0f1116706d68

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
30765036e7552baa9dd5dac2bb1ee333

SHA1
ae17b6f680f93850acb77390167e4799ac08714b

SHA256
27858cd92608978f7c7b635ee7cc649e91a8c30ae273c37b3f0da2caa9098972

SHA512
49fca70eac0f385737e982499ccc935a27c664026e41985e9a197abe834227a4c79eb7e14b7b38dccabbc21417306f6371b0ebc5338559fa50164270cd3aaabf

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
6e4b32f9850b97eb33fc2e2973a5034e

SHA1
d74d1222d43e356d05ac5b4f922cae7aa79ed517

SHA256
1057197c613f382d3ed4065dcbd39d1bf8861428d06f9da1dd5bf344d1ca55ed

SHA512
b1f81f044f1700dc94dbf1c67e1d2a1a5bcafea76a0f0e80158221245e204e255a2ec9ddd9400a417f0539a49d1e9f9f010bdbb382ceb3122cf7586ebf74eef8

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
2238195eab25764b61f2d26ef6a720af

SHA1
d366efd0cc079f0f87d23c630ec8d99f90541731

SHA256
599d63ed390f7e8e81d82b379c9a733ffbf454bfa5843bd0c909737c8d40dfef

SHA512
478111185428119bc92f0ffa3b6d88a7c644108c4b1d9b14a53bea1d74278bc78e67752e41d464dd81e3d600de8b7a723d0c7fa0ce920250ffd26977f9fa3470

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
ccf9ce77c5d1af939a1fe1683ec56a88

SHA1
b1835b51c68ab54ef8b22b3e44034b1f4cd57cd9

SHA256
45ecf1fae779c6911da88114c601c95b404c21c6cf2698fb7d1a3783430dbe27

SHA512
9a9a4f55846c1d59997df3ca69b80fd267514283575df525b7afc91385ecc954c2ac7de525768bc10729a06ef2c86097b6cb0d7613b6dfaa92fe2acf7e517b32

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
621d27be5e1d080e64dc6bc8bb155a47

SHA1
b463434c54141fcdab14573a8e676d8f3f10720a

SHA256
edabc7e2285e93e911a53235f727c230d6c88e916547d77eb7290683736cd935

SHA512
527978a8ccd3535f7f306384b3731ede94520e01f64c9ea3f540fa45f828b5de91d7eced404981019e56666642d37f2ad99767fe98f8edde4c0e3e508c07169d

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
9b8047ea72eb44f4a6fb60ce37d5969b

SHA1
359c11d1090c15bd054bf163680876f589842efd

SHA256
3cf81e16aec575d83ae9350d76668e04428ebd4ebbdb7257d3b8638c3ef77390

SHA512
6111c4f3cae2d65a8608cb4b735ca15d5556e65f45485acde44b4b22bfe441413ead7064b079977942a929a64d0b1835b4e634afa6ca5c5e652e0b562a4dafef

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
aa8a33fe8c215dc16b4e299aea59a475

SHA1
461b1db1f57886cbb23c8db3c59d38fc71dd7c33

SHA256
1904fd345d5e54030a841efc46b0b31d59ca2da7fbe59159f5d24186b514b643

SHA512
02309e053841d9c1cef7b08dfbebf1999c90d1f01b1081fbef147c79b170848ff56054daeb6adf431b9fab0aeb5b10cb061bfff18298deafb6dd974f1c1183ae

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
6a6b60072bfbae004d17e62f06290f45

SHA1
446469a94d18ec5dea39c138b3000e888349a333

SHA256
b445f3b1e27be7d470dba1ad6743fe5a2139f05aada0469602e20d841abf2b4c

SHA512
26b6fa4d1b845aab6cf6f5b327d3ba0af4ca1ee8eb86590512a7a762e38a0a2609c09a515e997bfca026c093961f73077374f1e75849a19e9ab00867c271fb08

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
aa4b5d74990e270db71851feaf284c10

SHA1
bc071e436fada5c30f0ee89e3885c849e7836c43

SHA256
a4bda7194c376c3aea0ebfecf300badf1c24a9401229185a043e4ad2607b965c

SHA512
36f2c186e91f18ae30f70024a192b4019ffcf1fd0bca400b04aa65293ad756d6fb631d844297702a617e8fcce991550300ac002ac94e77b1d8d4f1f5c74714d0

Download Submit
/data/data/com.systemservice/files/PersistedInstallation2797151445516981300tmp

Filesize
555B

MD5
d4964ded49d94e5dd9ee846241feec98

SHA1
4564765ad72698505309ffc977776c16584b4ede

SHA256
fb282849ecf482b05a1cf95c11f3a6835c8168eb312e37b3dca5a0b79126ecdf

SHA512
5e120a95b8781e6c0a27ff91aa9a131b9a23a296ebf4a79861c3340efae2b9021a4d4794af996bac1956f5ed582fadfe0ab4279d119b8c023d5284d71e5618bf

Download Submit
/data/data/com.systemservice/files/PersistedInstallation6808075514398675129tmp

Filesize
90B

MD5
87cb142de8c50428ace2532943cc3798

SHA1
e7b076960397ac4e227e6cb448a980ca22836c77

SHA256
c3868074267bd241d29339eaf3fc740c9c892bbe5d56474f8e97a5c41f9abb8d

SHA512
0ee738f12c4bc1a9b717280328405979061a3868e65a4babeae1e60eca8227cbbdd54bca82689ede7011529668d932c648f478d52c2a1854321ca0fd3707be3f

Download Submit
/data/data/com.systemservice/log/log4j.txt

Filesize
6KB

MD5
8feffb7679203114795d44020acdb21a

SHA1
989ca01c97e784ce428a7d413a4597d97af9bec9

SHA256
d1da766df36835e494b3148a4b0d7dcf7adfbe2506fe0b55681793b3f3ad9409

SHA512
326562093a0b52269f1dc3039f637ec8dac7068a3a6a31f69616e9bf212724cd787bbe9cf32cc8f15f5ad7e777b19942d33c50ce26c444632242c3d46ce2d359

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads