truthspy | 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c

Analysis

max time kernel
16s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
17-10-2024 02:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c.apk
Size

3.6MB
MD5

0366ae0abf0ada8aed90322bfe07dfd5
SHA1

2f0779ce64f02944e87674745cb446c5bc620607
SHA256

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c
SHA512

52f50f2f847628b1fb498784660050a6f189d8c7cc520c0d3a06ca28cc35ee4961d0a3daca71a540e263ab930ab629b884c3ff187d4abcd8f58549fdf87f9677
SSDEEP

98304:mD/SWbGiowrvH6Odp/9hBbW+te6lXhAyHtu:mWWbGjuvl9jS+oSc

Score

10^/10

truthspy banker collection credential_access discovery evasion impact infostealer persistence spyware trojan

Malware Config

Extracted

Family

truthspy

http://protocol-a100.phoneparental.com/protocols

Signatures

Truthspy
Truthspy is an Android stalkerware.
trojan infostealer spyware truthspy

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

Processes:

com.systemservice

description	ioc	process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.systemservice

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

Clipboard Data
T1414

Transmitted Data Manipulation
T1641.001

Processes:

com.systemservice

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.systemservice
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001
Acquires the wake lock 1 IoCs

Processes:

com.systemservice

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.systemservice
Queries information about active data network 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.systemservice

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.systemservice
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

System Network Connections Discovery
T1421

Processes:

com.systemservice

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.systemservice
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

com.systemservice

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.systemservice

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.systemservice

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.systemservice

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.systemservice

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.systemservice

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.systemservice

com.systemservice
1⤵
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4257

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Clipboard Data

T1414

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.systemservice/databases/com.google.android.datatransport.events

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
812cc254311eef282cdfde5ceca375d4

SHA1
1c0b073bb6d99c422e5d4b65de0863ca65b7448e

SHA256
1ea3717730045a3b3628ccb9cfdc1c4c7305bacc84182c5e0fd0e04ea57ded0f

SHA512
04d7c253e7776446977f31810439810d66a7979cfb3b486e88df86c4b49a0b1e70f1265d773db6e85cb60084b3e2b80e63c5df7e02a26baf5f50e641c256ab75

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-wal

Filesize
68KB

MD5
b6039f04a568242798909befea9ce144

SHA1
4465ffbf3b5ef93ce943b772313c85ae43aae6a8

SHA256
c4b8e6057b457a1be917aab6989134b693a3e57b0de3496cf5a49849de417df3

SHA512
f93dfd4f926ca7ef9ca62db5bcbfba3e5d1bbe78f4aeb3f831127047ebf45c3a48be1b7ba41aaba286076e379c72f878753280055e2de73e7d2426ab9eea527a

Download Submit
/data/data/com.systemservice/databases/core.db

Filesize
36KB

MD5
045489a0639eee27bca52f48828cd93d

SHA1
436e7966e7c019273c44faa4d8c5709b816dfda3

SHA256
0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

SHA512
c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7237409e0640cfab7bdbd429bf821a3b

SHA1
4c3da934842f8d4835dfe2a9c275a300e5123309

SHA256
5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

SHA512
c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
b7fd12d1348047ee78ae86eae8aca53a

SHA1
3b5d0b51b4b5565274d212882f1cc764fc2ea5ee

SHA256
7fe6e867f7e40c5bf4ef5c7e128c96e60bdd36fa3f50a685cbc87e23afa58d69

SHA512
0c9b9e79dbb66776e193606f2279de18e4e29286d0594707fbf3985e1d1e482c1aeb1f001adbf1129343df66710980093650c53c2934f03e701fc579efb0f3e0

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
5e54650e44fa38d9e40f8f37759b6361

SHA1
b23542c8feb240df4d8d72cd1f5eb130c4c3e1ca

SHA256
6db7e4b6fb55da566e1ee4e98cc842019014d6bd711fac6ad352194e5a6c6b37

SHA512
ad60dd9565890b5fef3e2647ff1a52e88e211acd4cfd3ba3a0aec5d4390da3a38efcc1cfc27921aa5f47dd246a92e2251eef248b5d92aeab5ba2cf71280957d5

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
572eea018545a9598c620aa0bccb89da

SHA1
b0ce2e568b0b73a3860e87fc23d140315aa9a2c9

SHA256
c776198303c72b2fca1477dfc3775d8dc9c7a45d8aa3d84c4627925eb7db4b4b

SHA512
9ebf1d6a280e38a78a93a77a6544767cc5797661136a97d0bb6a087a53157b03183211947523915b05a63c97b3a5e39b7a914c461233dc22993de7eef75ee56b

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
3f710de40469dbd9b9cade3c7447c156

SHA1
33b51dc6a6455b0239e3317bde838c29b5ff4fbe

SHA256
86c84906f76a6cf10874ca4463bcd473442433dcdc8af982ff46a1bacbb278c4

SHA512
89161b16c54e6e8d5884e6ab0f97c8c7cebdc40c53c846c4633745c2b166aa7e195881ba340209fdb00a376560d2305580ca961ba3dd8947f0bebb4d7f641c83

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
835cfc7decf507cdc5e54f602e3f9699

SHA1
4a55d424cb32e766554672cb2d0b3804fc47552f

SHA256
29257dbf2b37d226ace65bd68d001398801235d93ed830a35435bd4bab4de852

SHA512
2ab470c2200d97b545693a4cdc661100e46b0299f3d3890773681bc5f22f29eeda6b6a83a5c627fa22119726f3ce78d40021362a3f018a4f3afb4a08476c253d

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
b4892ec7abba3152eae9471b24652779

SHA1
c4df1e1912f745ec2346bca8c2e0a919c57f3c88

SHA256
c126de2e010d30a938854eb8794e386eb890a36574598e5188b49397661426e1

SHA512
fce2eba32db12e9f35d887dd82439d78ac0f4d67441d228b2bfde778eb83972add7cf2f348b0674335b31b29b2a2f650e83af1540583a229156c5bb61e3605e7

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
5097319f771a980fbe8de33f695e0923

SHA1
54734f477ccd83e3d804c941eddec8243f5e91a2

SHA256
16ae7787f8e10cf1c65a9e44429ea001bff9ce50c403adc68a2fee2ed4cd75ef

SHA512
358710e6882718a82a924a33cc2ba47b0945722779f876e3fe39247f20dba05453ae806d51c40ae09353226bf460ff73e66b619e7775da7aaa1c6c025b4c0103

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
e48da65c5a739be5fce23c78bb4885d9

SHA1
e784ed0b7a1a9a97d9fba232b726849be3bd26a2

SHA256
d5ce404155bd8b9cf82c02ca2582885b5a1a4ea8a5840e4e49bd1163ea37b48f

SHA512
f80c4d82cd407e9bc02c99276d19f7b8009fec29b681e53eb676197c1022a8676e24dd829a1d168b6a00d23d62d11b9cdca84b238931a4fe681c1a2c50b75cd1

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
3b9c6f5290c4e06e6c6426100ef1653a

SHA1
74f1a1e414e292106617c10d9bbafc1630650f9b

SHA256
d706728b832a393f150a73bde005768cf69251c25bce61d77f46e275b9af62ec

SHA512
739db793c76598cdcc46fdfe8bda7b441cb1fc32ad66620b0ecf7c3c055a73d8af63c52b8485e5494e411bae13004bf41f90f2d720432945ffbc678deb58c30a

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
83657433f9934150e21b817eb91a227f

SHA1
6d180afdc25ab5102f9f520495b6afca4ffb76fd

SHA256
abe3e6f177e48b66d38be834e328884f2b96a05516744bb6641022f5380d1094

SHA512
240a8ad21787f264860c54669deb50be607a1e7747850d04ed041e60095351dc7d4e7c3fddabf0f2d18a28b1611be742d0ad44340782c8e57b94e4c19e3ca890

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
a43d4b95cb73193e09f4864ec2ab4f82

SHA1
3cecddf080773b55579e385e1dec1c88a41d1e0f

SHA256
ee72ec676b308b88aae3950c63f59ebef04fd622e0486f192ca1ee25f891ebdc

SHA512
0f001cb9b870c6e223af31200aec5bf0cd949b360146b4ce41f736fbff5055595a1de4493b5a6c74336bd99ff6fe846b861bc81d2007d27ed09224b58f6e9233

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
5e13430e4a6fe0dc9b387ac11526c54d

SHA1
9af5fe50767e99c7b3216cac2eec6967d78fd16a

SHA256
77bef22005eb568743036ee5a24ee7230f3b2d4fb331892b982829ed2eec9520

SHA512
1f3dd3bac87b3e5dbc9683ebb755f56e32ef07654a16e69284965cc8b189d8604082b904582d4c0cd48c9b4bda208563a15f1f2b6e546e54875205ff468973f0

Download Submit
/data/data/com.systemservice/files/PersistedInstallation1641724695154600557tmp

Filesize
557B

MD5
564d8cc6e402a72b01d593b624ea22e8

SHA1
1609f03f43f71033aca731df76336d64be1beef6

SHA256
13d5f08c4f3cf0524b912fb8c877d5c30aa51919590428b343c35fd5b5c93ebc

SHA512
1173e5b4b318974a0ba06c40de4aa3871915b9a7bb94529c11d4573c820ed2950126ae93881a73b5fac11bc32a501a8606506eb939d90561867408d209b2f20c

Download Submit
/data/data/com.systemservice/files/PersistedInstallation1975936414751408460tmp

Filesize
90B

MD5
073d25f08a803e75aa1c1b28b42b9eca

SHA1
7c03e45a12a630d8b1d5984b95fad55fce3249c9

SHA256
ac56521e4504e03683e2dc3c3342aa44483fc16c7aa204e9668a16d45cdc4229

SHA512
7aa032129ae5bd46dab78777f3f40b749cd90e9b9de7e1197eef206d0ef37506311cfcfb6fb0ffacda9e2c5b5b1475db5f4234c9922f54f4975d1235542a3f47

Download Submit
/data/data/com.systemservice/log/log4j.txt

Filesize
6KB

MD5
ebc11225d2eff1f85bb0a7593244e7b9

SHA1
6d7083f5f1bfbe4360ced3a966a4a7a322f48ec7

SHA256
ec6ae70e9a5dc1e66df2db43c3eb0d51259e9f77672e4ad5e33f6e0a331d4309

SHA512
a1379e47295ea786aa0efba9346bf84b9b82a9732c6df5a4124266ade5cecbba09a18b842df9c250d68c7ea35f5484e66b130951713231175a58ee11d2658149

Download Submit