truthspy | 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c

Analysis

max time kernel
16s
max time network
97s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
17-10-2024 02:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

.apk
Size

3.6MB
MD5

0366ae0abf0ada8aed90322bfe07dfd5
SHA1

2f0779ce64f02944e87674745cb446c5bc620607
SHA256

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c
SHA512

52f50f2f847628b1fb498784660050a6f189d8c7cc520c0d3a06ca28cc35ee4961d0a3daca71a540e263ab930ab629b884c3ff187d4abcd8f58549fdf87f9677
SSDEEP

98304:mD/SWbGiowrvH6Odp/9hBbW+te6lXhAyHtu:mWWbGjuvl9jS+oSc

Score

10^/10

truthspy banker collection credential_access discovery evasion impact infostealer persistence spyware trojan

Malware Config

Extracted

Family

truthspy

http://protocol-a100.phoneparental.com/protocols

Signatures

Truthspy
Truthspy is an Android stalkerware.
trojan infostealer spyware truthspy

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.systemservice

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.systemservice

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.systemservice

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.systemservice

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.systemservice

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.systemservice

com.systemservice
1⤵
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4246

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Clipboard Data

T1414

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.systemservice/databases/com.google.android.datatransport.events

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
05631b7a0c42d1152dd743e8e7bc5eb9

SHA1
23ae8fc4b17c0a676d073086f88a60cef26d473f

SHA256
ac87b35d31f442d6720e9251f1f8ddd1d3708ccce9421bc070c1cb5410e18306

SHA512
5a9844d4f49d10f9466802b312d5841aba327492cddf7b7a814cface29c16322edcd078659edd12b79d58f167c37114562ea362c5fad80e5ea6ff48f18166d34

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-wal

Filesize
68KB

MD5
601140a105708cb368711700d8fef5a9

SHA1
6fdf80bef84b4b607e1b92866faf19032014b23e

SHA256
9fa2a9cccdee05c7c7f3f2241e91d48e8d84bc1897da82544497f4398d87a480

SHA512
3c984c1d351ec07cd65e1261eea38fccd7852bf223759cc8de6bbcb83391616e77944e8c9f968982673b9e7b26281cb2449df5aec72e5610af9afca250a1bf19

Download Submit
/data/data/com.systemservice/databases/core.db

Filesize
36KB

MD5
045489a0639eee27bca52f48828cd93d

SHA1
436e7966e7c019273c44faa4d8c5709b816dfda3

SHA256
0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

SHA512
c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7237409e0640cfab7bdbd429bf821a3b

SHA1
4c3da934842f8d4835dfe2a9c275a300e5123309

SHA256
5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

SHA512
c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
b0b8eda24fcdd8c9890fee0983ac8357

SHA1
5537f98b8c060bb2eba202465ddf1d6910d37c08

SHA256
a5a5cda6dd345812842fcb5b484aff254350bc6dbcfca7d5e81e86b80fe31628

SHA512
e6084465eb919c09c31559fe4366059de6473c28baac9fba5d122cf370ce9e1026534baf367fa10428d05168d361f71152923dde625bc7cf8f9d8d9b0937a3e0

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
f20eb0c8218255afce5eae4fd8dff02f

SHA1
5a4143cc74a6dd38da6765dc55f3c42f301705bc

SHA256
a6d32a4874240fbf62af9a12df14260d317c0848cc174fad1f64e018089dc29e

SHA512
6045ee6ccbe8d3b3376aa93d849e1ad6276146a3e24d2bd30f610a7711a077bc94e4d1529090b715451a0a09b023239626f748864bd4861b803b321472239ab9

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
b9c8c8b6557bc081ae01cb09458e9cd1

SHA1
e53beedc5de4d8137bf6201ccb5d552c9c06d124

SHA256
44ca4ad58ade64682d1ee8d41505430523672f9b44970bef65506b34d5aa1742

SHA512
3a3ffb7784efd670d52e70c5f0bba6e1f8308f68eff796c66fabb1267ac3e9893b8b70823b8cb1bb90aba03b07aade8ed99de800759d2543bccfe1e8e22a6d94

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
fa66b7477fc3e6e2ad0dbcc13d1b8b4f

SHA1
1e380bbd43c77e17acccfb1d1253843ea6fc57bf

SHA256
ebcd9202b9047af48c6cfd3ec044e940ea7459a745ae37cad8f1a4f6583582fd

SHA512
814afc6bfd9c2947cabde45db2978d071e76efa78bac38c0d881d417086824f95e24db42c6a2cb74225d93642e8a76bfe48d9ee3247424a92e3b1e5541691079

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
835cfc7decf507cdc5e54f602e3f9699

SHA1
4a55d424cb32e766554672cb2d0b3804fc47552f

SHA256
29257dbf2b37d226ace65bd68d001398801235d93ed830a35435bd4bab4de852

SHA512
2ab470c2200d97b545693a4cdc661100e46b0299f3d3890773681bc5f22f29eeda6b6a83a5c627fa22119726f3ce78d40021362a3f018a4f3afb4a08476c253d

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
2948617a41bc9fa648d07025d66c45e7

SHA1
4f0abed5c6d1bf188e6c699dc3256d756739f98d

SHA256
b1ded1a2e3d2a48cd35b29bf3467b746151bbc569728de6f07f8b0c1fa454240

SHA512
4e60ffd2aa2837529f1383f81a4b2725855678bebeb00123a64d64278ebf741e063b71dd13eddd61a025c4557140f5fbd29d5e58ee4eb55831db8a84c117c0bd

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
b342dfa985c41e1147525eeb61017ba2

SHA1
1063f77db0b96587cc0dac1a3449496686265b03

SHA256
003513ffe61dacc3968095aa2c2d0fa3580488d5964df8b80fd54b2d85a63834

SHA512
2454c5c7cdbd7c0f740749d843c08937906c0a43f05dcb457f8d7e8b24f753e4c7d1a1009da1b8af98bc25c1288575839d84b31fe19b228fc284c9e65633ec3b

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
83d3aa368ed9540c0f5d770580fb6012

SHA1
c3b4b259f48b73681046a8eccc79d14163a573e3

SHA256
71914aa771e25628eb4ef26b8d07d5b002205ef4d103ccd5a38d6a859141e955

SHA512
add4cbc61f75bf2ae64cf394e6b4a3f26f2444b57849361f31a5c357a46badd247a1973130ea10457de8333bc98f5b81307d0178f65c7bd7aac931dd9583fc64

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
be1357140d11d629d8a126ae3bf9d499

SHA1
6d24cd0bc7487114943ab823f00ccd1d48aa0c38

SHA256
70ee306e10d41f22002d87ec9d5f4145cb2bb19d3720723e8b1d54461c83fff1

SHA512
7565580a0739594b57fbef91f10c33f26010b4c7605b5f1d9987cbfa457cf7025f38b2c46f6da1f5d2e9d880a0db71706d2c6b8cc2dc06d3c8a88f5bc19f9370

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
920e2418dd9e795305db9ce6c6f42df8

SHA1
c90c561658cb1db7e212435f087b461a7e3c0560

SHA256
6c9da5ec54395097a71a50b15d7b8759879f7d88754469c2a92c189bec8d9291

SHA512
7f07e74bbaf455a1352e32d2b0be2a8d8b355c85a244026521f2fc78bf38de0658bfda7ecbec3446dea4aa5053bde3f3df8e97dc52d09908c3de27628f3b8fad

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
025e84e7ee48bb27ffde4dd3e98ea013

SHA1
1a22c254f851d008ab59bb3d5a03b0f3d2378b71

SHA256
6b015e204af24f02c1cfe97e288c33c5ddfe114bb3e9fd29f725f2313bc69f1c

SHA512
9344479ed8d9fa28e52b518064240e14ca9d45a4b39dde92f239552aaba4976dc1e9d1782f2cc403ccc395fceeabf07fd7f2655edaaa1efb3e1bc9226c81d9d4

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
899d9f2a76313f7c423803580c210e29

SHA1
4cda7578ad159ccf35e9ad57f96767bfaba49c3d

SHA256
14b2852be7357c127aff92fb54d520b5d81722b7e984524c49631e7926cbaf6e

SHA512
0366280734b7010629dd56f2c2f80b10d2eb154926bfec911d8057d1059e131540eeedbd1f8261939e872a1c4e3f50a133afe5ed52a3438a1d6ecc298004ff26

Download Submit
/data/data/com.systemservice/files/PersistedInstallation1527860045375878841tmp

Filesize
557B

MD5
aa3c29de9c3d01e96e4dc286cd713284

SHA1
2753a4ab5a7bfe4bb62f7aaf090ba25e06d77b6b

SHA256
54ad5c81b579ca52d62f25c285146e22013d48c7fefc14d201cb37dd98b64fde

SHA512
17f0f81e34e9a6aaabac0ee4f59c9033cf59a57a32b8e74efb1a26dfd190e76f8dff784c960e24d319230ef486d2b24bdb358ed4416ac84e015e023837a134c5

Download Submit
/data/data/com.systemservice/files/PersistedInstallation2716051767049318672tmp

Filesize
90B

MD5
96f7d785694fc67344a67c671adcab1d

SHA1
beaa522e88d8204a5c3e9df9eeafdd7a60c3ae37

SHA256
9ac30ef85ed2f36f1cc32e3b5f0c931e4f70238a18ba8fb4327342d2b9b1cb11

SHA512
ff568e748dc5b3720fbe8e9be566651eaefd5e18f107e3ebb9a50dc7e8086228b34f093498fd7dce10592988b9c5437c2089ae2ed6bae4f4df6a72adfb40f7f7

Download Submit
/data/data/com.systemservice/log/log4j.txt

Filesize
3KB

MD5
4b5bd82772a3318518f8a946e2a22932

SHA1
5da735dae566609e248f4c14bfd64b828c2cdfbb

SHA256
4534e7bba81373b8b173ca167a28ac2ed266a9a8be17ba11edda323b1f2e4d34

SHA512
ae12b2f4a3eddb59b21fc87aab0530af407f8ebf7aa53172aa9d356185d4d8a9c70a225e51cd7811307e62f2be1a593f7c3d4a1102e1c999f66ed30f3298d478

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads