truthspy | 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c

Analysis

max time kernel
16s
max time network
156s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
22/10/2024, 02:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c.apk
Size

3.6MB
MD5

0366ae0abf0ada8aed90322bfe07dfd5
SHA1

2f0779ce64f02944e87674745cb446c5bc620607
SHA256

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c
SHA512

52f50f2f847628b1fb498784660050a6f189d8c7cc520c0d3a06ca28cc35ee4961d0a3daca71a540e263ab930ab629b884c3ff187d4abcd8f58549fdf87f9677
SSDEEP

98304:mD/SWbGiowrvH6Odp/9hBbW+te6lXhAyHtu:mWWbGjuvl9jS+oSc

Score

10^/10

truthspy banker collection credential_access discovery evasion infostealer persistence spyware trojan

Malware Config

Extracted

Family

truthspy

http://protocol-a100.phoneparental.com/protocols

Signatures

Truthspy
Truthspy is an Android stalkerware.
trojan infostealer spyware truthspy

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.systemservice

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.systemservice

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.systemservice

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.systemservice

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.systemservice

com.systemservice
1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:5067

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Connections Discovery

T1421

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.systemservice/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
07f203d316a0179882890bfc2a62af80

SHA1
5a724a0d9c031b1cb0c58084497f338fcac821c3

SHA256
019837610fbea05de80e9cf2a5e06b1b1a31ebc6de984c1eba908c711d48c536

SHA512
39b73f3b1f077bd810eb849e582608bb40ac400197e990eded09d80281df18297acb49a7b9f237520052fe3e20551160b213f21e7d96084aeacc32dbd9ab6882

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
a75fea02e0c6ea6d8f4889b332163137

SHA1
d78b95a4d7acd7960f9f244dfe21b056ee2a9ceb

SHA256
0dea60053cad132544410f83f30b8dcdba2535200d3aca3c9070d6c0c2f5c2da

SHA512
a621b42c23dbd8d65401e9230051532debe04b2d50564ff2247e1fcaf7f46ef4fee1bd3775a04d9ade7bc881f88ac80139c9d35ed3655fc3ee7aadda2073d3be

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
e11ec6ae1dd4adb9beefc820409af6b3

SHA1
43ffe705af42913bcff8a31ea25a4b2406cd5ebd

SHA256
12721ab7c941d2b3add74f5b14bdae80568f30e5fa60b4efe89326d8e1c40560

SHA512
7301b451f1ba15cf7f74e914423607f1716ddb0b18ab7e518625e59551bfa4198acd45d4d2ca78d8242ead3564927de1cb3429269a5c7da32c753fe0176e9f78

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
6fabea17b139a965883fb1bf0a0b95d7

SHA1
1fad215ed6831b305e9b0080a56b41d786856e4c

SHA256
37838a56d3a5fb5a8ea2cfb252f11af635f95ff5c464459b4ffdeea06684b884

SHA512
7efef943fcffa8dce564ed03ad274ab6de16fc536fc1d78669ef1164554c061d396ac23eca14b8e8c44090accc037ad97478faa16fe0287060b1eeca8d5b442d

Download Submit
/data/data/com.systemservice/databases/core.db

Filesize
36KB

MD5
045489a0639eee27bca52f48828cd93d

SHA1
436e7966e7c019273c44faa4d8c5709b816dfda3

SHA256
0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

SHA512
c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
eb52a90bb70b76e946b62f50b6f7fb85

SHA1
42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0

SHA256
48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4

SHA512
b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
fa590b1af00f975b5ba4134927be5c46

SHA1
88e8190f52cc5fa3e9fa2cf560779a62006a70f7

SHA256
4aaf84eb64fe0957bcd97ddc8c1833050936234dcce88d16c56ff85700717424

SHA512
106100b6a2d2df38522d383ad2444252266e3919a1ad2e9c1b89558592b7901a6b84672b191710995c975c8a396495a5b11d9ce9d9279a8e47a41a67991bd730

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
de634e9e5ca4d8bb3e0e2cbb473fdc0e

SHA1
173cbee18e52b0c8c24a6d3b159aa205a32f6296

SHA256
885dd0eafaeefc95b7d6c95661f65dcd4b658d27d2fc2b1a90cd2ccff310e134

SHA512
2e43300532cfb0b9df8d47e576a1d3b62bd87ef61d4fb389c20bedd8df69ccceb5fd7a81c1a6e6b751c4d980b251d24da3797e074a303cab6e1f2fb0b51798cd

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
63a728d7d8fde1387821da26a7e4e5ad

SHA1
9d4f1be009fe297fa3ff9922b016379cc2c30f8d

SHA256
8cd41009cbe80959d5be8f19e80fbc8cfda83fa0e53b7f838ed0f1187acba336

SHA512
c246159fe6d7f20cac1b710ac5cb1bdb92a0c1764319d574e821a6b00d72190983d8f39adc930ba412f4cb970b7a0d13a40ff6033758f697227ffd91bd2efe97

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
f5205c966bae8560261681212c2351c0

SHA1
d35606d6a02a821b3bfea0d2f82a24719dbf27c7

SHA256
e91f333e7264723a5ab317fc8fb44677e34513ebc6e0180f8aabdbd9c989032c

SHA512
942dcf29b6a9c3569812723b7fd908674c17fab259616edd55d6a3361652d1ece080913c7df5f7d01fbb212e90dcdf94736b2d4e821ea997335d9a60a0a5b5ba

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
f871ff700510a56a54fdd56bc41b7541

SHA1
481548c8bc3254a00f497140278597b915460c48

SHA256
ab18f3bb605f3cbedaffc75b2d5a03fe21ab82179d268331ea907bdcd32c23fa

SHA512
12e3d348199566e137f02b63e4c8b4c722aa086128c0f1cea883d512075b8573d40d889d2b4452d9e3d9c02f523716da9775d93750c242a1a2d9e62f50f60fc5

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
25823c50e451ed574bbb2e7cd3d9f8c3

SHA1
622d0e24039972ae463b903dda7ff8030074cbc6

SHA256
f96738bec1fe1c679368adba2f785b486e4889bf763db0ecbce55c3ee65b9133

SHA512
3b93cb919b08e0e1e44ebaee129da5d757aa4e7a0c4ff2dbbdcad5a5704a52c81c957bda13b909dc7c2febb2920e429094aef9b151025c15490270cb59de3618

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
583ba14a75c317c806ed566eb6f88eb2

SHA1
7da6c6fa071241f38bff6218a55b54aa94c8829c

SHA256
586c9ae672eb4317ea931abb172d487c6c6f842e2fc6d9169c03b3984e57f3fa

SHA512
fafc00b1192343edbeba92807e700e6044aaba6f9dd66168477b5ebaea18013ed837e59008eccb2b76f058c34397acc93c25be4b6128e71987be33273a318aec

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
6a82fda88a5106987bcef9c764aeab32

SHA1
29608ed1f34128d64547c56990cb7f26c8c54c96

SHA256
c607e926b00cc1e841748c03e72acc6327b50b634476f8f83c92e64d2e355670

SHA512
d8563a791436a03d6b4607dcb62a6774fa044baab921294fa0996d76de370352b0ca2b719682ce1c76355b8ff61e7bb498ec86435816f7d3f5424fc176fe5162

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
053b23702c0a9ef22867db9cf0d2993f

SHA1
4f26f67cfe73f5fc6c8710942d0cf375a110f7c6

SHA256
b62cecc2589efcfd0f9e28be785ef3cc0c617abe10062bbf2676ff3035915e21

SHA512
6539a1494ad7266a90089a86b7fbb113c084975751856dd8d543c7f2cd52cf268727b317bbb6e56395f2beae077d8797dfa136c9b5925850e4a8cc2780310e21

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
35a644087172eb04260639a4c24d161d

SHA1
d6a4a760fa1ca239bbe1201c50376ca3af936d19

SHA256
319e27be9b663914938903bdc972d37731d7b39fd145f237bfc11ef79b6fbf84

SHA512
2b86478de034dc297c17ea15f2e234253b8cb2f7d84feb7480989466580f5ebdcc0d739b11f9f130f69571f7e4fab204bfc3ccdd7a96e844614c6678dc79937e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
90c05c9734cde0378bd42a43ff4184fd

SHA1
9f4e0a01ded63d794453d64dce6bd4bf40acf85e

SHA256
3a48d57208b399074ae305e8ea2b2e189973e23a348e2d5483e8b8cb4a5abe7f

SHA512
27e5385cf21fa7d8af05fd47420899ac325b17abf57a53117b867e74f06b432f94ffd0228fd633e6382b6394c03b0ae16dc456774f6ed7d5e53bc1fb4110fab5

Download Submit
/data/data/com.systemservice/files/PersistedInstallation1307478712884103225tmp

Filesize
556B

MD5
c29691163acde809b3b32187f99a0ed8

SHA1
69913a5f1fdfe055df1c245b53175118f995ea4a

SHA256
0d047d7993094f61ca1441979e2b57ffdf4066adf6d9fb2f264fd6f97ad8fe4f

SHA512
4791569f842e5e47b2fac8dd7c18152d847cd80e687ba85027f819a6737450654269cb9688009bd1303f3ec93b164c6df29d9a3270e8a5ab238060b2989714cc

Download Submit
/data/data/com.systemservice/files/PersistedInstallation6401349488358197873tmp

Filesize
90B

MD5
df1a5279b6783918997e1b624b57284b

SHA1
9bbc143ef91d6c96577b4faba0b99d57e524611f

SHA256
ab34432142357bb42f059ed227f13445f9d03bc6daf6e2b19ab4db6368423c23

SHA512
0f0281f3b6714d9077aa03826f36a959625bc1881162563d1b1b7e5975866e11f9110370c0b8e3c98f6b70604af1318cb5ca44c0bb07e928d266c5e8d9d27d13

Download Submit
/data/data/com.systemservice/log/log4j.txt

Filesize
6KB

MD5
d62f7acd60acf90d2c62e8eb9b9618ea

SHA1
9d2ebc679471be23a0ee64d1ef42fddf4863b049

SHA256
4d5ccdbd00851d918b81940db69a561acff323d226a4425dd1b4cbd1e2f0943e

SHA512
2e6ef3544b929bbd7c26fae46b00ec9d4ecfb8b8c7de95bf8106bc3c8b936f18887aad0801ceee17846d3fee68bb78ceb20e71cf5527ae407b4124e3c5a7dd4f

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads