truthspy | 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c

Analysis

max time kernel
18s
max time network
155s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
19-10-2024 02:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c.apk
Size

3.6MB
MD5

0366ae0abf0ada8aed90322bfe07dfd5
SHA1

2f0779ce64f02944e87674745cb446c5bc620607
SHA256

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c
SHA512

52f50f2f847628b1fb498784660050a6f189d8c7cc520c0d3a06ca28cc35ee4961d0a3daca71a540e263ab930ab629b884c3ff187d4abcd8f58549fdf87f9677
SSDEEP

98304:mD/SWbGiowrvH6Odp/9hBbW+te6lXhAyHtu:mWWbGjuvl9jS+oSc

Score

10^/10

truthspy banker collection credential_access discovery evasion infostealer persistence spyware trojan

Malware Config

Extracted

Family

truthspy

http://protocol-a100.phoneparental.com/protocols

Signatures

Truthspy
Truthspy is an Android stalkerware.
trojan infostealer spyware truthspy

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

Processes:

com.systemservice

description	ioc	process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.systemservice

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001
Acquires the wake lock 1 IoCs

Processes:

com.systemservice

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.systemservice
Queries information about active data network 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.systemservice

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.systemservice
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

System Network Connections Discovery
T1421

Processes:

com.systemservice

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.systemservice
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

com.systemservice

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.systemservice

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.systemservice

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.systemservice

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.systemservice

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.systemservice

com.systemservice
1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4977

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Connections Discovery

T1421

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.systemservice/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
63e7d2060e2addcbc6b17afd2285068d

SHA1
e4167f086eb54ea21e2327bbf512945e7eb3d3f2

SHA256
0b596eb109de1c26c4781bc349698dfe736c7aff81f235a021ce3b456dfa8417

SHA512
4e6143940f851e3e45fed549db5a3212b9ba9bd9692751a370bca07344224a857c1dfc2a367bbbd3886f25e25aff2ab643982a4d727d77ac288af366acb48971

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
73f698544c0e9b78213ca46e63a5fc6c

SHA1
16dd477af4e5882352b94baea39945288c048138

SHA256
a6b45b2e474fe8cee81530d04f932866f267872a4c4d344a2c0ce417b6b90e55

SHA512
9714db5ca38b6bdec54ddf2c521fc3b5ed46b4e949fcfb22fd0c84888d617aa0a41b65601e8785933e8a44b8a19468d1d0406553a5f75d83613f961329e866af

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
345f20522d8bf034c2368523aa276d85

SHA1
20b1e658e6caf5d663d4621739ef051050bf8915

SHA256
b07075aeecd7415b285f5a776ee7e01dc4d202da38e6c0243e1d2da8ce09e969

SHA512
aaf35c6e0ecd3ef52052d80dcc3499f82d26b5e4858576fa72ee89d16d42d476cfe015365678a4f886dab43721c26e35d967f430f27d3f7a7f4cde0fea72d24e

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
90992d556fe21814e831b56a7c1f1bdb

SHA1
6929873bde99cfba37a5b196023318bf49bd7ba6

SHA256
2ee4abd94f8a26572b136ec8c2b45730ff9e225dfa9d864d9b49133a410231a8

SHA512
4f6fc49b61a3c5b3600a4cec63a3447c20c2dba93b0ed45b68a160ba45cdffb934827b003358d9a202da79451452bf781bb2d437dd81bede8f290eca75bae68c

Download Submit
/data/data/com.systemservice/databases/core.db

Filesize
36KB

MD5
045489a0639eee27bca52f48828cd93d

SHA1
436e7966e7c019273c44faa4d8c5709b816dfda3

SHA256
0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

SHA512
c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
eb52a90bb70b76e946b62f50b6f7fb85

SHA1
42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0

SHA256
48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4

SHA512
b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
fba79fe79c44b38750ce52542524e239

SHA1
aafdf0876fcadb69ad9f73aac9c5c0c91fe91ca9

SHA256
1db07cfa8e93d16f49164b9af1211d47508430f059e2b234bbbac541675c3663

SHA512
2f4f2f926baf702c3813c6cff50009c5d56e8dc69ee70d5f06e69281002ad3d02d6a7151fb7d9c2b33b875ea56a76412a67456c633ecaaf102880abe8ca6a200

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
157163b3d73b4e4482eddbb1e60f353d

SHA1
3e7197e4da7ef6628f7ea2a1a2b5471a588ccccd

SHA256
5543e3a7caf3cfea70b572c5b0cb1aa51f3255db44a8d8105b56ca049f2dc422

SHA512
c71f1bec5620a7092d4eb898e3d60704a53ec434c7be79f0c7c4a89acfcfe3ff328cf8c3372397a23d5e9195a8107e1497b71e6bd840e5b7fbc882ae7d41d2ab

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
6b03faeb6825b9206173e5ba4989ac08

SHA1
0561cdb983ccb328d2a9f35a53504b4e5d70f4e9

SHA256
85b7dcf6a9654a9ab4f60061ccb61850d2b275f710c9587e825c198a8e687dfd

SHA512
3db86d38fb2c65dc7a3c505dd86f0121f5c2b9c4513a34e773463dae6c8eb9395ea79d080821a05e5d01006b9844709a50859c06a1583ebc55cd3d09c07c623b

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7349eb926bde234641dc007dea6513af

SHA1
94692dd35b5cce4cc55c314086d15e7ff6654beb

SHA256
b2e23dbb6704c2837fe85609aed510d234a4cb100251ffc8ab263606fef7099c

SHA512
4689371df7b9e99ab73bc6c0442c5bfc88c62e1db40d9fdb21973424c4368302b452d830567ed613beb569dbe1ec728313ccc3ce0e883b4ab15276a1a5324e2e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
f871ff700510a56a54fdd56bc41b7541

SHA1
481548c8bc3254a00f497140278597b915460c48

SHA256
ab18f3bb605f3cbedaffc75b2d5a03fe21ab82179d268331ea907bdcd32c23fa

SHA512
12e3d348199566e137f02b63e4c8b4c722aa086128c0f1cea883d512075b8573d40d889d2b4452d9e3d9c02f523716da9775d93750c242a1a2d9e62f50f60fc5

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
b7b8a9e3031530cb7d2f05bcbafa9865

SHA1
6e46ee2909c98dbdf50063a2d719836807e34bc4

SHA256
5321debcfc8aec7063fb78e0a1cbf88e3d71144045e1e2949d7eaaa545c1e8dd

SHA512
5ea569fae828fd39220946579244908bbd5eff4e55ec4d081b8c097cfea10df2e9ba21b0d41ed42a403c08f79b088dd451e7ba757497dc4e784124015574286b

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
9e1b6fc7ab4f5baef29497cb28defdcc

SHA1
70859e63303b7f79b507c2d94616f02a9a1b98da

SHA256
b8bdb7bada908077de0a8df4bd4a05843dabb1f1aa5cccb62cbe1c4bc802c1e1

SHA512
6c71418b937ea8fb67f7284fcf3b5654e65e7634225e65717be931961e46f2c82447f3e919581d7ccc1969e097855b4170024cb2f8fb66f49962c603ad57b96c

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
e6054d573503dd59008e685a0b0de4f1

SHA1
8dab4afd214f07721d9c9317162257ec99e6d7a7

SHA256
5ae4728b58f45b45cb75d68b1c4a077a120aa569b3985a28541b90d4d50e715d

SHA512
f7baaacddef642d22c216f669a2ebbd7c475fa2a305ba0a36fde79e9e4024b26875f497ee81a0156f1b278ff00d03c16a6dcfc571c16c29424b3a77692f2409e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
7f8f385c023994b77c153887cb4235c6

SHA1
3a147ddfafdd51d195d4c0616c0b7adbdbb40c91

SHA256
13790383466569dcc6b75f621cbf248fbf0e32549b11b91341334c87e359c050

SHA512
cce788dbb5e49d9c9e32898d914712b8cbb54caaa06f14e1ab1a8838d2f86ac6446f1e93a87bc86fece9b84f1c43888c49a36eb3d472d5506924f84b1c42cc92

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
d932f6fc829edda1ab634e8dd7dab9b0

SHA1
ae76538a8f8e54e8e49beef0394e77dfeafaf101

SHA256
94c451b369ca2604161383c0ba57c88a6b6e5beac4e7e115619838d9da70ed79

SHA512
42a2857239c70a90ecd4d1d1941571279f8c0572e253b69e9a904229f0d7a8ab449f9c4f1234cd1960ebd38d6c07013d66aef671feb602f9ec6ceccf6ad86d93

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
652aa543505aab201c14ce90f6217e67

SHA1
e9e18646e6319af8575f14fdc9537c35375f1df1

SHA256
5c86ed004a8106f80196f2951d889a501f9a4e96113a226dcf08e824e2950550

SHA512
e5f32cd662794337574b41666a2b2a9eadf8a6c51e064a3f1fbe8191c17562c311e1ea1961d0f8e8ef050811c513e45ed81c58d17f45b6ff7c3daec46486b1e7

Download Submit
/data/data/com.systemservice/files/PersistedInstallation3932593671082269520tmp

Filesize
557B

MD5
ab267a70c25f8004987dee93f208d606

SHA1
791666b429b89ec23c14a3495a37850c0a0e0e10

SHA256
6f355cd527c313dd7170711d7d75e9c23d32e8add595b7c86e88328c18c73845

SHA512
f3750b04fa968b77ec1ae0dd81b68561d7cd020e218b831f101b10751be31b883374ba89627a1c4bc4b9c62d897cab9cee2446101758bc228217e40c8b1e5faa

Download Submit
/data/data/com.systemservice/files/PersistedInstallation4128838601100182284tmp

Filesize
90B

MD5
643eec02348dd0ada8a7133a3b609f91

SHA1
6cc133f9cc53f27820c45c32c6374fb415dc5e3b

SHA256
051eb1c11b809e97f657d7a5964df59a2adb89010bfa68e0d9676662f64dd128

SHA512
5eeae9a6910d872811dd0298d4f90b4434b13d9c0a8a67a29b15e483b9fcc0d265075281d72f3e3b90a2c96608f9a59540768d4905f7071e671ddffd7d7ba921

Download Submit
/data/data/com.systemservice/log/log4j.txt

Filesize
6KB

MD5
4d7dc881bcf57c191e2255fefde23f29

SHA1
846dc2aa3e9960176fa5a61b830e52187ff38037

SHA256
8e0b5d8ac3d8386f2aff4e8b581d08aa642eda6f01b7bff8db43959d6ac26cde

SHA512
e043429fcc9a52cd7beb0dd194a4640ad7a0c9538b74efefb6740ae72b7db37870ec3d8fcd2c69183d3f517178a5c3eb292e0d3299116db46026b3c3da0285cf

Download Submit