truthspy | 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c

Analysis

max time kernel
17s
max time network
130s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
22/10/2024, 02:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c.apk
Size

3.6MB
MD5

0366ae0abf0ada8aed90322bfe07dfd5
SHA1

2f0779ce64f02944e87674745cb446c5bc620607
SHA256

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c
SHA512

52f50f2f847628b1fb498784660050a6f189d8c7cc520c0d3a06ca28cc35ee4961d0a3daca71a540e263ab930ab629b884c3ff187d4abcd8f58549fdf87f9677
SSDEEP

98304:mD/SWbGiowrvH6Odp/9hBbW+te6lXhAyHtu:mWWbGjuvl9jS+oSc

Score

10^/10

truthspy banker collection credential_access discovery evasion impact infostealer persistence spyware trojan

Malware Config

Extracted

Family

truthspy

http://protocol-a100.phoneparental.com/protocols

Signatures

Truthspy
Truthspy is an Android stalkerware.
trojan infostealer spyware truthspy

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.systemservice

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.systemservice

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.systemservice

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.systemservice

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.systemservice

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.systemservice

com.systemservice
1⤵
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4317

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Clipboard Data

T1414

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.systemservice/databases/com.google.android.datatransport.events

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
acab608b16dbd08f3b7dd83ccf2c52d7

SHA1
7fa2e39b2a1b2e4d8fb212f5dc3e3998268a3532

SHA256
4172f61733cfdf085c7c029d7f5909adb6d72870a3fa5187e2d45e90065eb2ec

SHA512
0d8ac2de9fbea6352223dfb0e66a1823b41556f2562461eba64d9887b6e54a70a327a66f4714a33964e768c5118998aba8533fc295cafbb263ca8294627b82e9

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-wal

Filesize
68KB

MD5
24fec13842b9d35a4a5283bfd1168e30

SHA1
e967ab9c065dd9b95c69986f59737a1db27659aa

SHA256
27e9ed55bfdeedaa2be740ce039e0c8bfce59b60a3472f056491aea9e5620610

SHA512
e560b07bfa754c35c5464f4670d303a7513fd638e941d7d47c01e7443f79d94247a2d7c3880179815b8914133e76f246edea267fe906097cbecda26bdf8ccb25

Download Submit
/data/data/com.systemservice/databases/core.db

Filesize
36KB

MD5
045489a0639eee27bca52f48828cd93d

SHA1
436e7966e7c019273c44faa4d8c5709b816dfda3

SHA256
0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

SHA512
c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7237409e0640cfab7bdbd429bf821a3b

SHA1
4c3da934842f8d4835dfe2a9c275a300e5123309

SHA256
5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

SHA512
c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
b55f8f90f94930478b9884345048cbe9

SHA1
fd8a0cd1a6d32e9b015574c99d0c86bdb18671aa

SHA256
63d22a3b38748c36a5d90555b985e2ca0059b7a0758e5a43e0b3fd1b2bf68305

SHA512
8da180facea8375fdd6d51730c8d11367f035c3103823f17311dce561f5fcb8bd20b3b6aff7035f283ff2a5583a554c0e7c3fe64ae2008d7042fd9e68c520135

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
c36dfeba956ece9fe588217d255a6fa4

SHA1
07dfe20c3720fdb028106ce44dbfce95375ef15e

SHA256
c8c57b5f8b69749795957437d3e11fb6797d9a33f4b7db5706e48476d5e7e802

SHA512
837fc6f701e196ceb542ad0feee999ef4e78f2640610054e6f2cddc495a516182cc86f12694069bfef55a1b10da00452c156725538977bafcbdb823976ca64dd

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
6682a7006dc7d20e46925e059e0ab589

SHA1
c13543bc1aa44e2641c4716307d9e508fef3ad34

SHA256
a353f02dcbc2d61b8efcd9ed0c3e8307053880ff3c23a661255b08e07e0fdf40

SHA512
a49dab2b359c9da6f0424e31396d14d3f830664f17727999715f97bb5ed7c2671b97faaba9ea9863330655e13e7e18d3a02695d9c1d4392ce7990f0d8e5886c2

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
ed21745fe1c67f8fab4188f06b15c240

SHA1
240631bc82629c4ad16074d390cfcacd6b616537

SHA256
b63da73e222ec1fe6890c001c75baf273af10f67b18c0ac8f538c242ec82006d

SHA512
acdb3a93a42207a6b86ecdd3fddc2dbe71c1bcf68bf98c4778f4c9bb7abe05978b29bca3e4ecc81722c6af474a479101abe9102491f59737cd93f5ff2e1c5cc5

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
835cfc7decf507cdc5e54f602e3f9699

SHA1
4a55d424cb32e766554672cb2d0b3804fc47552f

SHA256
29257dbf2b37d226ace65bd68d001398801235d93ed830a35435bd4bab4de852

SHA512
2ab470c2200d97b545693a4cdc661100e46b0299f3d3890773681bc5f22f29eeda6b6a83a5c627fa22119726f3ce78d40021362a3f018a4f3afb4a08476c253d

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
fb2ef1165ddbf852f4e1758259b3b8df

SHA1
f9e371908ffe424cdbf1c189aadf918ed9dd9d3e

SHA256
d05b0b9b61d05d174d847b897d1141b6ef20eda5a3a0affa86d63e42b9691b39

SHA512
a6e35743059418638fb105b554e45dbf08a47afe206b66915c51d696e8853a7b90ccf230ca6a16638a6e94b4ccbe79b8f1842ca170715db56b375f7721622df3

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
cffea81555ebbc9e66f9d7159b0d1be1

SHA1
d4a1e2f1521148155a740b0d02992d4e2071cf8a

SHA256
e3a74ef2461966eeeb66178f3a3819163d425b3fab54894e2e01a92eccbdf4c0

SHA512
2bd613dfc324004b24ee77fea9c3967c7f3827776244b897d9e453060db4702cf270afce296de8672d97d4022d04732d8f8c22b469ba9269d15f186fb96e7015

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
3bb59f526a19565086a99a838760c800

SHA1
a671e6ef08dea24cf7625c0ff860da4d56a6fac2

SHA256
8843ec37f5d223a544b49605a6ed549cfee93bcd1642671a56edf6576241e8b8

SHA512
44b3a5dde8b182f7bab1200f895f9f30d34a0f4f954767fe92ae005ce24ec6c3a335103ac52f4ac4a82a7e1bfe4db1bc71ca8cf54d81c677c6f29f40e410147d

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
fd3e144c44ad743f196e4d6d653d7cc7

SHA1
a4680ae07c09d29111e65a0bf0a079b4e1ee8544

SHA256
a27194852406468dc3e691b566cf76ced6f7866891ccf8520ec1fa27c8c2405b

SHA512
33dce0ed11cbb3e4562546002fb25751a87ba18ee1c4155da9f904fc1001209398ad3c5700823afef50d7d5ab3745a7504547eece17785149795723766631524

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
dc59fe8f8f23bfd73fa588e958ec8c0e

SHA1
aa22380eeae956c31c468e0fda3d77e19168367e

SHA256
ec2ea70be3cb107b61587554c4ac2278844ffc509e6d48d1f2f499adf31b6447

SHA512
03df6d897971f2682c23082c8de80834f1dcb8315baf92b916ccf52caeb8522efff51d49e72db27538c375c93a720206edbcf86930cb499cf719e3858f2e8a3c

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
e9c45ec154220417924fbf09a42268d5

SHA1
a58c3ec1cc21f84b3df6de100eed7038ab3b5400

SHA256
f3563c11afb95d7ea2ab646401de6302ad43599dfd5f6a0a91afedee3c76921f

SHA512
efc056e3d1e32473478579be98a0745b5b3bd3e3b91678aebe4dfbe5636ada421b44b967c9dbf2f37244fcbc36339360fd7035cb165d9749e19eb5f263305e28

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
3b0e7898dcc15d1948159e9a7fd8c8d4

SHA1
c7775582c2c37e615aa978c69c74001f9a106c1a

SHA256
0c16de5d13ed148e896ba70dc1a8501523559aace3a9b7ada71ea4dabfa4800a

SHA512
7655d07bfa5803a5ac9580a232fd20acf51fc008d5bafc1c09d2a506ee095ba1546ed5bc6dc000c59d1f8cf1d55257406572e5f0dfe3d756d1cf95ef444fa0ea

Download Submit
/data/data/com.systemservice/files/PersistedInstallation6738456214885615353tmp

Filesize
90B

MD5
7025e017ff464112e709577c273dbf7f

SHA1
3b11345810256c12278617dde39a205b1c7b9c9b

SHA256
886bd182e784dfde44fdee1b1d7b787e43074f4accd2d1141ae3df904456fc3f

SHA512
eb315d55347720af7535a5dfba1215217e4074133ebdae42b0f5c1f3ff1dc12f77aaf875a1edca153064a43fd0e8050b1670db9e72cfe3356110726505a908f5

Download Submit
/data/data/com.systemservice/files/PersistedInstallation8924935490666921877tmp

Filesize
556B

MD5
8753d51701149bdbe8da35ad13b9dc17

SHA1
521b8503d1cb512212930aa7b85842c57115f337

SHA256
7238ec0b1e121cb0fdef28b8d03101d55d9b749ceba7cc3ba6305da02efadc38

SHA512
496516e883bd6b2ef32e18955d1efc11f7a465ae7a714cff837723047228cab35f45c078e6ef760778a4551ba43a1eaf6e5409a4894affd3b9278c869a6c18bd

Download Submit
/data/data/com.systemservice/log/log4j.txt

Filesize
3KB

MD5
3952fa6e8a928549ed50081057d96b03

SHA1
4a57f1de049923db8ebac2f34cd07d940ffac610

SHA256
6286cc0dd367b9f998626da9255dca71240edc9f2c85bc3b3c496ced9a3ceaa1

SHA512
4f27e9ec7e85065bbf2df3034472bc45eaf5e64614e51c41b408b2540c03e089fa2f09fb7e13a13858157797d80d146454063fa5727d5802c65413ae4bb0cd68

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads