truthspy | 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c

Resubmissions

24-10-2024 03:22

241024-dw319sthrk 10

24-10-2024 02:40

241024-c537ys1blh 10

24-10-2024 02:34

241024-c2p6xs1aka 10

Analysis

max time kernel
45s
max time network
41s
platform
android-10_x64
resource
android-x64-20240910-en
resource tags

arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system
submitted
24-10-2024 03:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c.apk
Size

3.6MB
MD5

0366ae0abf0ada8aed90322bfe07dfd5
SHA1

2f0779ce64f02944e87674745cb446c5bc620607
SHA256

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c
SHA512

52f50f2f847628b1fb498784660050a6f189d8c7cc520c0d3a06ca28cc35ee4961d0a3daca71a540e263ab930ab629b884c3ff187d4abcd8f58549fdf87f9677
SSDEEP

98304:mD/SWbGiowrvH6Odp/9hBbW+te6lXhAyHtu:mWWbGjuvl9jS+oSc

Score

10^/10

truthspy banker collection credential_access discovery evasion infostealer persistence spyware trojan

Malware Config

Extracted

Family

truthspy

http://protocol-a100.phoneparental.com/protocols

Signatures

Truthspy
Truthspy is an Android stalkerware.
trojan infostealer spyware truthspy

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

Processes:

com.systemservice

description	ioc	process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.systemservice

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001
Acquires the wake lock 1 IoCs

Processes:

com.systemservice

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.systemservice
Queries information about active data network 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.systemservice

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.systemservice
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

System Network Connections Discovery
T1421

Processes:

com.systemservice

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.systemservice
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

com.systemservice

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.systemservice

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.systemservice

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.systemservice

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.systemservice

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.systemservice

com.systemservice
1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:5158

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Connections Discovery

T1421

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.systemservice/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
88486df1789bf1054f340202f4e75e4d

SHA1
f98866a4b71288c5ea7b1308e9e4cae242412e75

SHA256
ce005c54d0d180316e34836d3d002d9bc710ace30a064010d4f3d4e161153e1f

SHA512
bfa6ef3cbb41a16b39629f1205825211be9f7b39b31f9437b75ab30975c354089257cee4273cb399c44ae3ec3ffd4b89be98d3f2053eca7e0998dad4941ed79d

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
4fed5d1b9c7fe8d28e80ff033c1c0af2

SHA1
c10fa7d84e7e4cfd93d5af709d06db9cf8c95090

SHA256
f5dad4730884d962c8246edf9627109450f9816a50c7e53410eb63bea409938e

SHA512
40c6f17f66296497865d7a6b46d855835a27e2e2646163799a8f2ff0918b68d7acc0ad8898ace8cc708521d59f052a9138d78777a81c2138e7406ed810309e6d

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
7c509d615a7c6b148c04a7949e5358db

SHA1
8650ebaff6e9389f8f3b08be35e4b3aaad11c3fa

SHA256
a67a02a03ac8203473d7d1b0313c6a381942e45adea86899cbe9212462d6e2a2

SHA512
faa16f463f6cf4f4ca80075354b0e00ee850d4f41d928fbeff6628ff06dbfb833ea4d77d344ad28e4cc55e7f6c3cc19c315625a8859793398bba7fcd5726b0b2

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
bee75d8759dd241219e90272a2c88f2a

SHA1
e776912988e625e8a87822caa98dd46dc38652ec

SHA256
59167735fbf86d94beaab750e535354fcc9379083d1b1fa124093a11148a32c6

SHA512
6ba429c08610112521008f171eaf856aba5271c5fe8d8df6540b5b04ccf9805be585ab6ff445530590666b469b4ea6484ae17eb4b16a722522425570735bd20d

Download Submit
/data/data/com.systemservice/databases/core.db

Filesize
36KB

MD5
045489a0639eee27bca52f48828cd93d

SHA1
436e7966e7c019273c44faa4d8c5709b816dfda3

SHA256
0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

SHA512
c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
eb52a90bb70b76e946b62f50b6f7fb85

SHA1
42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0

SHA256
48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4

SHA512
b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
beca69b90cb5e0aff033eb80c9c927f4

SHA1
2cac832d8b67424a39a72d15558480bdcfad3723

SHA256
2cc299fe36ba402f7babf04d4763edd64b3384c0ab1e69782d4e9deca8cbec20

SHA512
ccafee65bc057bee9389b540eb1898cdbcb91475d1b2bb641f610c825a1a947c050a623d03802705a73ffdd2a1de2b7951bf8f279bcb9be3d504afa7627cc8e0

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
0255bb034b8a133a27545e37bdbcf772

SHA1
a21cb8878fdadb9e5ed2819f914c79cb2f93c4bb

SHA256
72b3a34cabc69258525551395c261558cc74279d6a3a6e87eaee171c4e47fdc2

SHA512
fb2691089a3d6c53ce3431a5b78d4fb32514aeba99e4ca4716902de55c2297aa0411b641920cfc4a16c7751d55dc7a64d9f16722625c70acb0f452cd765bc50a

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
e911c1c504ab696dd30c730286ba2120

SHA1
b51105ff09e8887d26449d299b8041eb13c645ed

SHA256
fa79a48af3c57387e622c16342414967933bab61b6c6ba3b4d417ff736f3cdc0

SHA512
7e82018d4f65fa61080de66fa9504563856a34960e0a1422647f69f605189a3482e65308f135051189be254eb70efdfa6610d1eb8b246831ff36531900caa8c3

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
ae8df5d3722a6f62dbb9e75d883a9ccd

SHA1
a1c55abba2ac664f7447cd278dd95da766c23463

SHA256
920fd007e6d664b1914a55659d7af097e5ce809b48a253fa063a90a7b1210750

SHA512
3f321cde270203d8344190ecb89b52af98de7f5c22e2a32c54ffc23b7431678a5f3f78465ca031cdfea4522c7c79948ddeff92830b52fb1b48986f5c529dc45a

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
6db8138b06eef2566567d45744cfba01

SHA1
b1a802e4eb6f7d3084186699f015c903e7963327

SHA256
101e8f70ce43c3cf7227b0b26d78b60bb13753c2ea0d8fe07bbfcca131847d86

SHA512
98be16187534ab33d1f5ec1f189dc0b0a32a5b0634ab6bfd0e8c039f0d1626585ca406653ccde6bf07afff412cd7d7d89d654f3811429f694e5545f152b82bfb

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
46ce465205c1514319265899c657695e

SHA1
343ddb7ce08c00e43107eaa1d2b0a11352ec1c54

SHA256
65c3edbbd20601cdfc1614140ad7591f80855f4c237d6014cd1c4ea691e63b76

SHA512
71aa0966c23c062bd77b28dd3e112af9171d0661d8746a87de66aa0b0dda8dc7503b255e325af710010119b7b86855705ccf1015c2c60e9ddb4e3a8dd19a569e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
7f5935ef68519a7df544e1e8f04dc69a

SHA1
dabf02461708f2ea1b0ce075f2d463464608ea34

SHA256
9894f620e9a8d75f6c29c602030e145f82a5db675bfbd88c9a2e16849969c86b

SHA512
97274958fd9d5e095a06592ea6e08f09bc4e8b0697f544bcc3dbb9347369fe336bc23db2b752d6ff83e17f7ba2efd200e59ce931c0303c344c0e77f86fc046d1

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
4130a4d223bfeab9011cf887b89ff46a

SHA1
352ed9198c35d73e26291a5cbccfa205a23fb5dc

SHA256
d184704492e9d27b5c0416da348d431605d7d01470d947ea95512a28347102f6

SHA512
5a44e396584b26a1dec3dcbe6da83a47c2a0704f55dd03db5a906d82783e85d4053fb45a45b1078c862516799cc2f6a3906182558de56e4a5a790a913498d29f

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
9f80afde4299c96449579ad5c0310c87

SHA1
ce1d74679208ee795426373db24bff58c1b7b9dc

SHA256
a8c96ffb47b734a16129d85bbc76f410343dae042c0b4cf018caec4ea12171e9

SHA512
2426c3c831202fd0fb880beb2fd2051934a1df45666c647b9232e16f2839f25870bc374d7cd317195c9493b972e71a7cd073f7dda3aa21dbc4401c7b61a4f9fa

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
d97f6670e530790d8957e43c5656365f

SHA1
1aef660bc18f332e4e74ba14484f1b848d505a77

SHA256
a08658dc7e579a3b259891c977ecd538922aceb978ea6465ff0de5f2bda29301

SHA512
cee4a1e110083e0c8b3d0b341081a59745e61b2c003547e24a50513cb7ee51ada62b845faf5168b0a437a40f3938800990a673f2ffd636d782cc445eb3d92532

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
e7e83a634f664209afcec4d7ef9e6f33

SHA1
c3d86dd429d711f47f3f1fec82b421d327d69c4e

SHA256
f111f22ff2db9bbc297a280a612593203f3b57b12484d9027561926a1bab2836

SHA512
9b91b7fc75caa8c207d986bcc71122f3a17d43e4ac49087774d378ccc4de86486a1551bdfe4989d4b592f5b434df1be1a9047b9ca7a6824c49578e986ae8c915

Download Submit
/data/data/com.systemservice/files/PersistedInstallation6450162448772123333tmp

Filesize
556B

MD5
83fc49d7f6468c84b42facdb3a912a7c

SHA1
c6c659f08d2a4cbe17aa695ae69376cb4cce2d27

SHA256
2e0e8ff0702968d44cbf583d14b90405d6bdefa159786836b71d6baf20615129

SHA512
fab88a39026e48fb0c609f730b046899b979642244a5c86495453334ba9d86f28ffa6bbb74c04bb19e97b29b383c667cea6055ce5de2aef9cca4b7b8eef44ffc

Download Submit
/data/data/com.systemservice/files/PersistedInstallation7232232932163882011tmp

Filesize
90B

MD5
2a9d64a89359bc699b96dc439258e211

SHA1
d02c75853ebba271f6180ead70048a60a5bdc193

SHA256
e9bd2fe153ebb611396b58d538e1203ffc18b521eb930274fbc4512298e3feba

SHA512
f4a1f2d0a861b5b7fcf47a5f8e459d6be09436db045e22960ece9240588eae9d6dd402023b0b67562dc25403ce82dc6dce1dfc0b7d11b40b3fa8d58c48fb6c6f

Download Submit
/data/data/com.systemservice/log/log4j.txt

Filesize
12KB

MD5
499c348475f3806fb31b557a83e68216

SHA1
1d4537a64c99ba3f06799d6822bab46f7a26184c

SHA256
030eb811220552c442d150a844adc88f74c77eb5d8236c80c88bea411343bb7a

SHA512
676a9eb7e93ddd6622fd917156dcef475b42d0946f2049e10a4c5963867ed94fbbedf35e6c2246d4f3cb62a9a3c61dae2c3bf203517200ce9b752c81705e801e

Download Submit