truthspy | 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c

Analysis

max time kernel
18s
max time network
132s
platform
android_x64
resource
android-33-x64-arm64-20240624-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system
submitted
23-10-2024 02:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c.apk
Size

3.6MB
MD5

0366ae0abf0ada8aed90322bfe07dfd5
SHA1

2f0779ce64f02944e87674745cb446c5bc620607
SHA256

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c
SHA512

52f50f2f847628b1fb498784660050a6f189d8c7cc520c0d3a06ca28cc35ee4961d0a3daca71a540e263ab930ab629b884c3ff187d4abcd8f58549fdf87f9677
SSDEEP

98304:mD/SWbGiowrvH6Odp/9hBbW+te6lXhAyHtu:mWWbGjuvl9jS+oSc

Score

10^/10

truthspy banker collection credential_access discovery evasion infostealer spyware trojan

Malware Config

Extracted

Family

truthspy

http://protocol-a100.phoneparental.com/protocols

Signatures

Truthspy
Truthspy is an Android stalkerware.
trojan infostealer spyware truthspy

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

Processes:

com.systemservice

description	ioc	process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.systemservice

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001
Acquires the wake lock 1 IoCs

Processes:

com.systemservice

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.systemservice
Queries information about active data network 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.systemservice

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.systemservice

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.systemservice

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.systemservice

com.systemservice
1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Queries information about active data network
PID:4312

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Connections Discovery

T1421

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.systemservice/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
900bdb0a13296670d881a2794bed8342

SHA1
fd6c3459b6cb707fbc7f58542faa3cf483062716

SHA256
10e57534bf7ed52d1ba72db208d2e890293df06540072fd4c8218b0f26c905c1

SHA512
5c207991ef57e63f8c352999f2dd193af8967ccdbb7fa56382527f9cd8b5fe7761476be321374f99181ce3c086afd2db9151ff995b18374927cc260ac26dad0e

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
30fb8f2f2a62b936bcc0aaf40b02f3e9

SHA1
aec135d9ee6d9071308a51236ea690211f3e5a40

SHA256
1c3bc65a1e9ae5639b95fd34e7ba4537b208cb840ea908dfc1365695c59c1760

SHA512
b6d507c9e1639173b14a57ded1e5e1475c11a3ce43c2cfa886d3cb7ff43dee5af855f42cd91e4dda0eb3510b782536fa386464a183fece4962837e46fce42f9f

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
d45bf5fd66716fa4652cc11837686835

SHA1
fb81db4bec85e7482822e0e261d42b01594695ed

SHA256
428dfda167069e7dda2aac8c329769e2b07ddd94a029e2733a4a641f830610b8

SHA512
c519e4920f1706d929512a8c79c0061e3c4e1686964156cfdf23a30b7e9189f17943a04c425fe9b2bfbe2821f95df764b3e6288d8027ded528d2fac4730ce14d

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
7da84ad770751ea8ce94780e66e326fe

SHA1
637e7607dda3a5c6bdb532d2820634436c55cea9

SHA256
a93e4327bbe6e3b96f580ce06765263ead5c4dc274951598d8bed4696bf2c657

SHA512
635cb24b8ff63a653228feef58632861cc9d31b2d96d73984a126ad21de1dd6887530f4b240935841d114a60111908ef44874ea5801088a6d5f3005fda25d324

Download Submit
/data/data/com.systemservice/databases/core.db

Filesize
36KB

MD5
045489a0639eee27bca52f48828cd93d

SHA1
436e7966e7c019273c44faa4d8c5709b816dfda3

SHA256
0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

SHA512
c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
62ad4a05cbdca7f47b3206b7dbda487f

SHA1
4f4044cef7b7b1e5c6184ed9025267fc92bf0cd3

SHA256
18b909096c7c61d51ab076ae8e562effb0d4ada28e2a4ecd0e6b88ef58f6b2a6

SHA512
0936531ed1b2b356a247123200739a43cfc765469ab47a424dcd6e3d1176092a212b0a28591d07f8c2d0cc9d2e0eeddfcea8dde314c2f9343783c61075b071a6

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d24c664107c559cbc87652395c7ca843

SHA1
eb8a0656e31f48faab4cc21a3a7b2f5e45a64cc3

SHA256
679ebc0421b46aeb8f452ec665dbdea9fca0e3ed2e064507143654d9c15fa07a

SHA512
4930b10e93a2d6093fd3196df63a5d52f08920115f787242ff2bcc56f4a0f0e5f0edeabf5eba9dae3a82a20f9be26aed402599417a29425085fbe1c0e8275894

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
08994c85a4b22105c0a776016bac4c0a

SHA1
a9fe798a7302d5dd90c1f48b1791652da0a3047b

SHA256
30ba39a35db8e6752de8a9115984a49c8a3b1fc66dcb3610a8e1060d1ad56021

SHA512
3bc6bd0a238ace91aef022470703d750e79c6d587e2a364127c6b6b15babad2e84dbda325f12c5e49fee33315cc1432003ae21da385c23b023cbd77d0df3e275

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
c4fe6fa19c39a1db297614bdc28d1728

SHA1
7bbe1f902f57cf4b87dc14a28054e13a0db0be65

SHA256
3f99334a17db048aa11d269bcdcb81e1d399202872ab186f4eb9d0fa4c051ba4

SHA512
b2d6f917432d8565bc6c1c1cdabfe78bb2833e7a92f77c5ba5202d06e0ed6582281fe5a9e1c0a99d2d3d60f2c6a2fa2a0928ba2d8385b51d91aaf26bf3381501

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
4c838828f39dcd185533c4567c139821

SHA1
32740464ef12721a55d66d3c0ea562ce68dac133

SHA256
7fd9ed067ec90d303be3eec4524c5fb93058087d35e3b3938a3e7465804d3b30

SHA512
2bda0cf3713405aa1c9149f6dfd5b41055443adef720ae9072237df1215dafa2b60922109335e1f00b8037eb9f180a34218371e1b5a73e9a43f3a4ef95a714e2

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
e3f13c7d7678604e5b293f6672bc0ed1

SHA1
b16c998ac7ca1db79cd4983b207a292ac1d96e21

SHA256
486eb5bec4ec277ea7b334a0d0e431e5e62881d3462903e8294640edbe96b2e3

SHA512
b63bab85a373912587e78dfc9daf8b4168a223c7af08fb87de8140d66b9f35042052d2d25694e4ea7c9f2064107e5471318b6dcec39c4e3dc0aa352627fa09f4

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
5400bcf89d3e4dd4e7c8d3580a9b60f6

SHA1
9642286b1a8a30b9e8a2e344da8e4831562bbb04

SHA256
3d79f41459e63c1afd80f9389987fac74be462a34bceac72af966694a108e352

SHA512
05614d590a81af511550e4bbbae2014bf6ee0e3909f2eb8013f08b8c350ffd78cec454368105e27b9931ed5c65c79090f05812a3d04a8f45a592c6547f4effd4

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
23c6d3a6530561515042201bf539deae

SHA1
4531e79733a394ea7179449c548bd498028dbe41

SHA256
ef523868b8049bd7ac4395eaef440edb0e753309a73a263259c93da409454d8f

SHA512
629bcaaf0e14e30eeb9982c20c85134e04c2bd5a8593018cb8b0d9767cd8553045aa36bd6df5c582f1e0311d8657cb1fcf2c7c05e5d7fedd119aa9063122ac0f

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
5ab7d44fa6132b128ba39fad359dccfb

SHA1
42553f7dba3a107c1fa0e913c9d234c693f979a0

SHA256
1129ea4fa3a8b12b866cc5c87cb9ecbd17a98c035e205bd7d01c17219c4102b7

SHA512
c026266aa681bbd060b09f98a68e1e9b9907f85612e14def1fbb1f4b5eba5b90c6aacdb416855c19054cb8e565fba688ae0d4e2305b209b9a6674a47533af13b

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
f83e767b5cf50a41f2e87a5d0e0dc900

SHA1
3412efa6ac80eb54996661b596b5b7251c42f9fc

SHA256
2591490b9866192f1f9e56a42bdace374e93e788b94126d2675d2b274d8b7aec

SHA512
3fa6e5cae93e4c7ac9571efa957274e6d2e1f0c0ed6788be4591f411d3f8d0ba639ed75aff7dd9bcd8c58bed81e85a7126f9c070dd240eba4c5bdc02f60a1f1b

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
801ba9726e19f68b78ae8e01cf5e0ba2

SHA1
4d0a60a44813c9306832f3aa43cd68c5538d91cf

SHA256
eeb778d0be212a3aa2925436e0e63d9ad651489010e41e7dab8f77e430ee9d38

SHA512
e6ed7ef084dc8387ad6788433a5f55830ecbf348868c3dff08c386cfe0f71ddc0bba2420f631103e6a468642bc92a24cceb2b9c1f6337f25c4c0ca9bcc80d6d4

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
553e2efbb4e898fd6f01392caa129bec

SHA1
c0d32b09680e947e63fd1c11ce4e3128f913d268

SHA256
08d2fbc21057dbfd3e7e62f7979592177058e7fbc3149a8da7766aa12b21b826

SHA512
99acc5670936e4cc0d6218eabe11568147998f1bc7eb927398dea636abde3df79a52e9685887360f70da7e3837ee39a21b1d7df6731e09cb382fdf8ff9d88c65

Download Submit
/data/data/com.systemservice/files/PersistedInstallation8060198265815819062tmp

Filesize
90B

MD5
297b0f88cf2418bb099cb32a32b13c3c

SHA1
0a0e5feaf48b86f167315b3b2374b0c5672f6053

SHA256
d4327a0c074fe2e2caac0389c974775376ab95badd79bc2865ac3f8638ed0fb0

SHA512
58ee5f83d0fba2548d59717249be416988df92d7f9b14ff65863e64bc5f5b914fd68646530d27c03d2eaa4dda8f28641e00791fb31d52d916892f75cb5658e53

Download Submit
/data/data/com.systemservice/files/PersistedInstallation8319748394048695856tmp

Filesize
557B

MD5
767cc017626fdd06dc874973c7b5ae84

SHA1
c0d469db28b07a543901d050538d6b3c366c306f

SHA256
f4aba50f881ee0d0e9058bd17187877d85f233ae6799de85594e3dff959a293c

SHA512
b396b92bc69f57904ccf3b187c9c9dae69e3633924b74d29fd6463d0717aff48fe56e02fb6f37eaba3665925f9d9bac53ee9b09b12350e10a1333fc57cab4467

Download Submit
/data/data/com.systemservice/log/log4j.txt

Filesize
3KB

MD5
12cda9c6ff6dac418284856ce931968a

SHA1
9278ac43ba2e469b43f242869a87091b4a6152c1

SHA256
1067d75c998f55aa015fcc1b4d9483327d52322f022a942e12dc1ed595b48731

SHA512
75c23a4038a20321f3466d3c080dcc9b1924e5f8d19fff8eecfcc729437c2c278f05e78fe85df9a9db8c0fb0f27432177f52846861aed5992f682c510429b50f

Download Submit