truthspy | 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c

Analysis

max time kernel
18s
max time network
132s
platform
android_x64
resource
android-33-x64-arm64-20240624-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system
submitted
18-10-2024 02:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c.apk
Size

3.6MB
MD5

0366ae0abf0ada8aed90322bfe07dfd5
SHA1

2f0779ce64f02944e87674745cb446c5bc620607
SHA256

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c
SHA512

52f50f2f847628b1fb498784660050a6f189d8c7cc520c0d3a06ca28cc35ee4961d0a3daca71a540e263ab930ab629b884c3ff187d4abcd8f58549fdf87f9677
SSDEEP

98304:mD/SWbGiowrvH6Odp/9hBbW+te6lXhAyHtu:mWWbGjuvl9jS+oSc

Score

10^/10

truthspy banker collection credential_access discovery evasion infostealer spyware trojan

Malware Config

Extracted

Family

truthspy

http://protocol-a100.phoneparental.com/protocols

Signatures

Truthspy
Truthspy is an Android stalkerware.
trojan infostealer spyware truthspy

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.systemservice

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.systemservice

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.systemservice

com.systemservice
1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Queries information about active data network
PID:4343

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Connections Discovery

T1421

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.systemservice/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
d0ce45d17053fac3b158677e556fcd26

SHA1
6bee22e5609be88b3d366c3f084d5227c376fd46

SHA256
1897d56c5950157c267727a8ed163d2a8e95910be933dd8e0e9664bd7542df03

SHA512
1405332cff5c9b06b57e4777c173b963ad6ef2d4fef394139531716320c80705e51ba7ca8c844cc5c7b75f084dc7c3ab037868e35b8a7615cf2a83bca1a8b0cd

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
e8d4da896102fa61bf73ab5ce60ffb1d

SHA1
5f2be16075d8b07671dc4ef1dae8b47befa24b4d

SHA256
31778a5733dcdf5b1c56a0f3f61a6c41d122c217dc616f348f6aecde8bf2088c

SHA512
1828449c0bcb03405040cd632b31d2cdecc366578592efe337885a48124a9e45c0062ba028f8d29d19e77a03e00c444a21f1350c03f2f53740c91ffc9aa27f0e

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
52970a6e7bb2ba9b0895aa9e01a6c768

SHA1
98723ca8dc911bd5dc80d01a43154d59cfe10eab

SHA256
fd401dd559ba38a1a9c432856796a02ebca71c184230ae38b2daa9e3336e21ef

SHA512
586f77c135fd266745ad699b92c822b395648f10ed22faee7745e92d3d7df52e02b00621aae8386ae5f97a0414cf8a88281986e26cce51b4acaade1ad646b176

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
88590201c08cae9d053efa9892736679

SHA1
01f8931ad4de41b21917f035242e367196e93f46

SHA256
a3b177f185fc0e0c4e3a3ebde2780bf5d93fd5f98894917eef2c2df4672d0a32

SHA512
62b71633b5298349c11d9a7123249d9f747b6c9d8fa6f438a9b514a73f0da315db48d90e322d55d0f2017194b2772833f6e2fb8fdf9567749ca2452dd9aad935

Download Submit
/data/data/com.systemservice/databases/core.db

Filesize
36KB

MD5
045489a0639eee27bca52f48828cd93d

SHA1
436e7966e7c019273c44faa4d8c5709b816dfda3

SHA256
0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

SHA512
c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
62ad4a05cbdca7f47b3206b7dbda487f

SHA1
4f4044cef7b7b1e5c6184ed9025267fc92bf0cd3

SHA256
18b909096c7c61d51ab076ae8e562effb0d4ada28e2a4ecd0e6b88ef58f6b2a6

SHA512
0936531ed1b2b356a247123200739a43cfc765469ab47a424dcd6e3d1176092a212b0a28591d07f8c2d0cc9d2e0eeddfcea8dde314c2f9343783c61075b071a6

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
fdd07dcc4be1ab6ce8a05fb1149d78ff

SHA1
69bd759395c85d2a3238a7a3adc4881b03ffa2bc

SHA256
2c50a21b02d53c9dee9a3ae40d8dd40890d02664d4319e052dd9796da3a67389

SHA512
6bb68bd055f2d4cc5c3bd709959938c489e446e5f4ff9f8c480227ab09e798ed3fce4e7b681ed853e2132e436857ae31dcd46de9583a53348d1a95853dc4c463

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
ef64061c37b84f3f75f7427e00a99afa

SHA1
5cadb702ad22ea7d21488247ad903d6ac9763e11

SHA256
7005a4bc0841832850dc34462e90c446e05b0791d54d56d7e0e58930a1747f93

SHA512
893a3b34a3d052b318527ef8c3b59c8f7388ba5ee5b0d6f80dc583c592d4514cd3b0d3259308ec1a560189a336af3add4a792ce8ae64f412beb189f49a055180

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
5a7d58de01fd3e5ed43df6b88859cc0a

SHA1
049a528e1ce4c2bbcf06cbcc5f9f3a3ab83d25b3

SHA256
38ece495b12a94af3c5bc472d25d5c0d9f59f46677bc410243cd539b1533e3ce

SHA512
7160a24a0feda8b0f69d212553e7b59b6a42c7e370308dc701fbc19d2477531cf361404f02a8ce04705c031a7d8b87eceb9d8ec81d123ec2f86f6bee88f26bc4

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
1f833e2d86189fa189a3630cb189de20

SHA1
bd2544af30148adcd06f5ea8fccf99d7e186d9e8

SHA256
49824a69ff17d4797d96ed4a6b45b140bc795e2668b99044c8f178058ea9ab89

SHA512
1e4361a60b9fc8bc24c7d79bb27467f50a9f6c55f6bf8e68d686290c6697824564564dcd6eeb9373899e68e76ea85a89cd1895cfa33bf318abd343ce9346831b

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
e3f13c7d7678604e5b293f6672bc0ed1

SHA1
b16c998ac7ca1db79cd4983b207a292ac1d96e21

SHA256
486eb5bec4ec277ea7b334a0d0e431e5e62881d3462903e8294640edbe96b2e3

SHA512
b63bab85a373912587e78dfc9daf8b4168a223c7af08fb87de8140d66b9f35042052d2d25694e4ea7c9f2064107e5471318b6dcec39c4e3dc0aa352627fa09f4

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
4eec9d5e6cfba6d0bf4af189673e5b0c

SHA1
97a5d28c6d2017178abbd3b44f48190b618656fc

SHA256
f649f45fc399de14f51c5cd82a689f37cf9b89dcb9b3f07e84853d68adf42d84

SHA512
d083d7a519b2bff620b5fb84d7aedcdaa69e71aa87080c7e983ed2085cf3a19f0b94ecde334889e5b7f36181f6331d5cd048364d9e64e49028ac36a6964e8628

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
1619e64b65472927c1249c1d7fa9f2b4

SHA1
2fbc784a87e159e0d7da08e57f86e38bc4a19a19

SHA256
98ed4d49ec1507ffd5aa8a4cdc09e65a342af131363177dbb6f42346063247d6

SHA512
f84a30d6d026990a162bae0755bd541d3354d9c5536c8dd81a2722752a67973541ea49db9f27241479e770dac6330b028b801f96d7a6a241aacc3311e88b96ec

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
0a6616ca316b4fa904c1c30a1ab1d280

SHA1
76ecd83d3b55bcbe71e256044169ea6cec2fb6af

SHA256
95339f871470920cf0821ff09fe0cde9cf620c9c47b558add7fe7312540ec0d4

SHA512
1c749fe5d09ad942831f4c14359b798610b82f54b89a0d821c8713d9062a4232c6ff6553d3c3a1dd04d395c34e596d5521680b48a79719557a8747eec2e551a0

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
ad1e97f9f07fd9b422594d947bee5306

SHA1
d8e34dfc3fe78b995d44cfd9033e935d34d95f75

SHA256
ffeef7c55357dbf01dd8023689d3358cf689e595342f24256a5b33103e98823b

SHA512
a534bfe99c6b9506f579d14434a5dfa53ad3a7884aee12ffe1a5a73042cc5f857f097306578c8c8fba565a0f3201bd175b7c04a81036e02a22e502f30984cb29

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
c2f5ebfc61c3e8a7555556e750e36bb5

SHA1
7a55a3c0bb9b78b86a22dc6a5eee308ccb6906ad

SHA256
df8ca3e78218cd5b2afc236af2f2d7f6c478d1f12c605a72d0474546c80c5462

SHA512
e1998106b09922619822173faa679b768c38555d552a374fa452f11fd5f83ccff4673e5fa97aa526235e8ea242e05a502909b714029c1585d665f26d8d5d4f5a

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
ec44bf8c51e176c920f77f8c81adb471

SHA1
d60676cfa8415338e5e7f6cdcd237b3d59859b23

SHA256
23c8f1c7673fa8130d11a21c2ff99644217408926a6a220e7f42ff1b465db31b

SHA512
c19d7c191cdcc84cb847fcec7101f7240400494e4e4df1f043ae4ecd3676e2da7295f8421d5c61320c2e908d7a6ee547f817d22fe9605af5cd9588298ea2504f

Download Submit
/data/data/com.systemservice/files/PersistedInstallation171316197328337477tmp

Filesize
557B

MD5
af47e9b0fcff6c65c50b51e62b159e06

SHA1
773d4ff89d91f02fb2e6464d76e4772455d438b6

SHA256
8592d32608039d4961cd8f8cda8862566e36bc766c31ef03253c6a0ec8c25650

SHA512
afffe5aba8bb48d36894b165cb6d5cd7ef1580f09c456236899790e9eff0369267041059d2dcba4630ade9a24d385d92c8027837dd74e1d0c104df07d0b67a3a

Download Submit
/data/data/com.systemservice/files/PersistedInstallation3578737015484482024tmp

Filesize
90B

MD5
0453ca6431f86199e3e4cc4a24e59d0e

SHA1
5373529a2aae7aa0e56cd2313043442cc90d79d3

SHA256
0161291bac3aa0dc213711d33be67bff76709ecfd4932eea3a87e697942b0fa2

SHA512
f32d2d1d14a4d720e89778381f6cb770f4d76584cd9d9d36ab39aeb959224f683b20e6af239c11291a38650750c974170d5a0bde97fbad4fa26ec14253bb78cf

Download Submit
/data/data/com.systemservice/log/log4j.txt

Filesize
3KB

MD5
87d42da07afcb3d47edad69d112a272a

SHA1
ca41fdec73017def45fcbea047097b16bd0ec24e

SHA256
4c3b3aea23cab6f8e9023d8a6af6434a47cb4ea12fdcde534f20d56e1ae0e875

SHA512
9c776fab5b51ef356b77f891ac598a0010784b334ef7a25e7865dcf11b43e521bb4f37a7a8adb3e8c69f0d95635c354ff4a2b094d5863d03ed301a47143f6fab

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads