truthspy | 5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb

Analysis

max time kernel
16s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
14-10-2024 02:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb.apk
Size

3.6MB
MD5

d836feab9d4bf3c6cf086bdc14724c8b
SHA1

c837cf7b181679a0081165e5fe4aa0eb94f748f8
SHA256

5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb
SHA512

8c7801c5f1d8dfda39e0c65bdbea83feb8f217b41b69a245d01dd9e983a6a357c8b0b2be79123bed07e638655fc66ef3a093cc01be68c696ecfea5ab6c692dad
SSDEEP

98304:5s13ZL3Vf6JqeomaMDmQZ75ub8GoRJ6Odp/9hBbW+te6lXhAyHzwI:eTLVf6JumaMiQVWovl9jS+oS4I

Score

10^/10

truthspy banker collection credential_access discovery evasion impact infostealer persistence spyware trojan

Malware Config

Extracted

Family

truthspy

http://protocol-a100.phoneparental.com/protocols

Signatures

Truthspy
Truthspy is an Android stalkerware.
trojan infostealer spyware truthspy

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.systemservice

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.systemservice

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.systemservice

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.systemservice

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.systemservice

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.systemservice

com.systemservice
1⤵
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4259

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Clipboard Data

T1414

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.systemservice/databases/com.google.android.datatransport.events

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
d06b4625312cd6a33bdf43053abd6113

SHA1
0be19510f19505a8e349929c9c03e6e2c199b0fc

SHA256
467a1310e9a10b63c9c316c5b568f3e0e1043aaa4c69637e1d33ca7e6169ea70

SHA512
2ab117d7a4b1e0b2a453abec34e314e550b207a42268ed6455ac09586a5b01b48cb8247df4306194f77d6ace2fb4838bd482643ad0dec110336e17c3d5d494e7

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-wal

Filesize
68KB

MD5
41493479d253ba6f6ee12950d3526dc8

SHA1
be953aee124bf179a247b18aad1f42f2b71698a2

SHA256
25c36598ca37afa28aac98219ba4153b58818f7082e4b6e72239f64470645e5f

SHA512
9c8293883e8502b00426a5836da87ef36f26e959af4462dcfffc9df9bf0dfa91112c8232420461339b1ad86124016227b27aaa62f6667ccd2657e39cfa85d2f8

Download Submit
/data/data/com.systemservice/databases/core.db

Filesize
36KB

MD5
045489a0639eee27bca52f48828cd93d

SHA1
436e7966e7c019273c44faa4d8c5709b816dfda3

SHA256
0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

SHA512
c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7237409e0640cfab7bdbd429bf821a3b

SHA1
4c3da934842f8d4835dfe2a9c275a300e5123309

SHA256
5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

SHA512
c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
ea8f473151d58d5f8514cb01f820932c

SHA1
a2a1c6133a1a9c773b4207bfc2708d7c4f290555

SHA256
4e026c3f96babb3db28c9f3a2c86e8e14b1ebb3d9cb0ad712c930eb7a7f0522f

SHA512
4f5cf70a3f28e5c32cd4089fbd13cdc00816545cb42b68b4328418323f9badb6689c9cc3d989eea09db2afd10bf09a220ff061ac5791612a456d6ebe71ed5f92

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
133063760f61b13c5e899f2c2172938c

SHA1
dc6d0c875d87fbe1e82cfb5c7188142a167b2478

SHA256
0c74c2c3399f58798de60af9f37aa2e763b25802ed454154d11bdfee124a68b1

SHA512
8b30e47ba8ed6f42992199f33527e176a44b75c142a0bd54bd6c9a4af3125a1db059fe260d6fc21d849dfcc1f91376b8cff3d45e24fc3a8fde9900cb59698c10

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
da4fd1c9afbfe4a8add9f51459020d58

SHA1
287412ea7215d747bb5872f776e6d9e34bd1b399

SHA256
17d28635d7854050c7603ef3f1692ffd930e5c6e0c55e97041948a2795d0497e

SHA512
dda95c2fc64cfba8e656c6610e4883f2c0ca17810acf58d803c5115e7355fa7701607cf738c1e8dbb32184c835251f2621008fdddc69cb239418dd12146e9b45

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
b9fd26a902a9eadb046e654859052f29

SHA1
858d21c9e52c9b236d8ed70ac0bd1bcce846ccfa

SHA256
e167620307d486a3e21993cace2ff16e9ca2330b1fa57805a355ef4104db8e60

SHA512
108e19dcaff62e6c9468ae068683bc819a745193b4d3c2a5a8b806bcca6b6a7bd54b00508730c7acb7a4d536de184d8583f1664169440229d73bbf0bdf150727

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
835cfc7decf507cdc5e54f602e3f9699

SHA1
4a55d424cb32e766554672cb2d0b3804fc47552f

SHA256
29257dbf2b37d226ace65bd68d001398801235d93ed830a35435bd4bab4de852

SHA512
2ab470c2200d97b545693a4cdc661100e46b0299f3d3890773681bc5f22f29eeda6b6a83a5c627fa22119726f3ce78d40021362a3f018a4f3afb4a08476c253d

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
a553f58476328dec1eb8c1ced95e5cb9

SHA1
5963c84085aa45594c1aee9cba76332b7458ac8c

SHA256
b2b5b6a0341aa25461c464646cbcd6c60b13304805213b65869eedd430c2bcd5

SHA512
70ab1cbc4048af10b6323345ba583500223c8ffb1aace807226124bd7ec26ac67ca3eeac690ae9f5e846cea6ca348702e30f02c29be77815824db456bbdd6706

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
2504e4b182cf9e3914f981193b9041e6

SHA1
eb44540a5daf5cc7a01a811f5e79204ab63d8fc5

SHA256
44c93d7e6213764fad63f013615c2d025b70999b4d14238429116e6e54d658e2

SHA512
642818a8004d55cac4c32f8c2699fe60e5a7f963dc44ddc8a4362aaa9623996c14947de2c6dd961c327efb4828312d0d7385e8832bca1d0fffb9e0ff20dba1f3

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
7989af3b06ab403deafce8f6e98a1bc1

SHA1
77e841425b9859e396b565c565ce426d44456403

SHA256
93ed97202525bb7830104f2e88602af96b300abc0ed9218bccf0646fdcfa4f9f

SHA512
f5079ce091f82d7d8af9d17a4b6c1dd3d42408557302e3caf6623a8a8e9d05ea9b86fa28af7bf291b941b592355067a2289a8b5dd7598ad8c862a6dd3baeeec1

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
f5c8321461c23bb41f40bd46f2e65443

SHA1
b8090ce1befe852cd311993a0aff642cbeb0996b

SHA256
d0c65447ab9532a644036a575b77bd382687df8085c73e599e20976d587028ee

SHA512
90b6068a170e642f8c489bbbce5a4751c245732f1796a64691808a5ba923813ba20aba1db04bd9cc23ddf27786ccb2568c7a743a39584eb2418e58fb13387ba1

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
fcb270cbdc0c560d35b41bab9458af36

SHA1
d80353b173628def2e4335ed0706217959711bc9

SHA256
4368147bbdb4d8d0c66754b5d6e93361612734e28ef80fc1b07052f06fbb4e1b

SHA512
1b95e1094483048ea01099b2063a1e6ee66c2e709f3bddc423051d6dbbdce428ff0cb7ea991600ddef6cfff287d79390f962d5a0b0aa60c2fb9da5dfe73ae37f

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
2be9b6b71bdc510ae45f1ef980f27800

SHA1
b16b2e44b099cb985c6a50fcc89b5792d0a2bbbe

SHA256
7dce5ff90cc7ca16bdc8a6536784f893090f7e405da310a3a52a6ec71775b70f

SHA512
3085170c565bc1bee7c2c0a5b4d56560ac3d460a99e9dca977fc8c34a7197fd529a42b4f00931a5e48dc3c234c57de38779486c49aae2f7507028b6db0eac07f

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
d3ccee1e1a204668ffb87392908ef05c

SHA1
d309310ae4ad6d8a170d748a06952d5803569b30

SHA256
96c36dcf1edcbaad8af823f1bc76f22c7988b76e0a41df93e23be2c9f3a86fbb

SHA512
8d85560bce5368c74134371165c0c3d7f340093e877872df362a77ced7db418effdab5cb0bbfb689fac409eb385810496169c3a2d267e054deb7a95e2316ef99

Download Submit
/data/data/com.systemservice/files/PersistedInstallation3671946379077915979tmp

Filesize
553B

MD5
1dbd35247a3d85f1f9c17e3cb5d581cf

SHA1
ef7a306798629e0e9424ae4620f35002d5e1abe3

SHA256
7250373f0a0ccc231b41fcd755733287e859d9787a8cb11d50d6adbca6cb75eb

SHA512
cd9d86b2d43af0ad6b45b69a960bccbe5e83f36d7d4d12e5c6645bd50074eda80e4654f5d8fce891aadacfe429faf2b7d024cefcce544b46624a02961f626021

Download Submit
/data/data/com.systemservice/files/PersistedInstallation7783823999868984188tmp

Filesize
90B

MD5
6969709c98df6aa7f1d3bb8b7b223f53

SHA1
d5a2bc87ff8f5a95354b1a1acf314a6f135c45e0

SHA256
75e2eb4336ed9c1d9264393285bf83f9c748c4c7de620d3c7d1dda7fe15f173f

SHA512
4d7f67f702dcce3a6e72fa4aafb9259da67dbff19cbe97b40050b45145ee43bc4495839c6a2b35becf55db7e34543662e796cc61f4056d6b518060a4b56a1e74

Download Submit
/data/data/com.systemservice/log/log4j.txt

Filesize
3KB

MD5
fa2b4fbc4910c85628ab1bccfbdcb127

SHA1
511a7ffee2322586ef2276a7a7701afae80d2619

SHA256
36d39cbc185d0ade25efaa96c5daa85d9dcf949c152b74c59b5333322d2b2944

SHA512
f23488302595cab205daec67d4df944e477513f81c7ebb88f4ce6acd77f8c4881f82b3298043d5481867a7738f44c32e70239289650a2fc2cc2725c3a6ec60fb

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads