truthspy | 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c

Analysis

max time kernel
18s
max time network
134s
platform
android_x64
resource
android-33-x64-arm64-20240624-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system
submitted
27-10-2024 02:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c.apk
Size

3.6MB
MD5

0366ae0abf0ada8aed90322bfe07dfd5
SHA1

2f0779ce64f02944e87674745cb446c5bc620607
SHA256

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c
SHA512

52f50f2f847628b1fb498784660050a6f189d8c7cc520c0d3a06ca28cc35ee4961d0a3daca71a540e263ab930ab629b884c3ff187d4abcd8f58549fdf87f9677
SSDEEP

98304:mD/SWbGiowrvH6Odp/9hBbW+te6lXhAyHtu:mWWbGjuvl9jS+oSc

Score

10^/10

truthspy banker collection credential_access discovery evasion infostealer spyware trojan

Malware Config

Extracted

Family

truthspy

http://protocol-a100.phoneparental.com/protocols

Signatures

Truthspy
Truthspy is an Android stalkerware.
trojan infostealer spyware truthspy
Truthspy family
truthspy

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.systemservice

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.systemservice

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.systemservice

com.systemservice
1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Queries information about active data network
PID:4317

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Connections Discovery

T1421

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.systemservice/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
19682ca1e9198766817f9f6b7c4426b8

SHA1
6cd9010f88bae05089e7c2c907c2b7879f85a7a7

SHA256
da327a2cc8967b6e0ac54e7c7aba162c24cb2d4ddbb186126b81a73cf7ce38e0

SHA512
c3c5a912ca02aab8711d24b539f53b9aa36dc3b510b7724cdaf317d3694415788c3d9e7a1178b64e935a0efa8fe8fa28bb987b94ba15c17a5576fed9c02f82ab

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
1679a36908190507109815f4393bbfef

SHA1
8b8d3e979947b84e949133d50882146b51e7408c

SHA256
1d7dd935a5faf19d1d58a91970cc0e795856be850e3cda4e9801974d6e42f402

SHA512
dbf8ca13696008d256598234e1b00e075d52f6a0f062d2066482b3125d0395b3bd99ac614948da010cc82fabd4e1fe77c9f0540998c4ed16efce6e418916be64

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
462b5ef0d1e72f482e63319fa26b0dde

SHA1
37729498553955f9e934a820944b9c450e4b50d3

SHA256
bca7f57009b3ca1ee1607c030af53b2c7f8781de0e86bbe4c371685667bb8c35

SHA512
73144e56ce59eef5f0e898d83aac5122c1a2c17201ed1e6f6c79609956827b1663ebbeff0f3ff552c096a5f51491f229bf8d38699c71097b9d51f20ab1b185d9

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
11831248850b32dddb88e1e04bae3b10

SHA1
331522f971d9508956908071484c848f3834cca8

SHA256
82385f9c47b715f6e9a2b179b2bf98cd31aa445668e0989b322d2e3211dfffe3

SHA512
127785fb80156d4cd7d78e779f88257fb359c4b9bd0fcb4adf37e639c7fe5cae7ac2d2a510a0b314a326be8a3f016e5faccb785199ab911d4f46434483449505

Download Submit
/data/data/com.systemservice/databases/core.db

Filesize
36KB

MD5
045489a0639eee27bca52f48828cd93d

SHA1
436e7966e7c019273c44faa4d8c5709b816dfda3

SHA256
0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

SHA512
c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
62ad4a05cbdca7f47b3206b7dbda487f

SHA1
4f4044cef7b7b1e5c6184ed9025267fc92bf0cd3

SHA256
18b909096c7c61d51ab076ae8e562effb0d4ada28e2a4ecd0e6b88ef58f6b2a6

SHA512
0936531ed1b2b356a247123200739a43cfc765469ab47a424dcd6e3d1176092a212b0a28591d07f8c2d0cc9d2e0eeddfcea8dde314c2f9343783c61075b071a6

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
e7b5647911a2f0a1e280db384be2afa8

SHA1
7e12cbec211100ec0150e73484dcb07a69231efa

SHA256
2672f4a62b5bcb2e6599512407d8cde68b3cc394ae4f88c17d2fc66c0bb9b708

SHA512
048c4b46074129f33fc9595704dda09ba8211562fbe0ac73a45aef99ee60c7c190e7261420eb0445a4c6ef210478ebbb2d075f392df4a167381c144fed1ab5ee

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
79031ec76a94dd36484cfc2cb9f81d9c

SHA1
ff674a31a8008d4ab723f4a14dbedc2de4e2f5cd

SHA256
2560d4e1b699bd377caaefd518a8022258f2a6f40e0afbfa338de3f7de5893f1

SHA512
f9338f9e415abc09e4ef3a07ad40dd89914c3f0ee8d319108cdbbdea823db66a6b829ede4c706e8139cc75aecbcd7dbad47cfdde4f6a4ff97a62948585e52cbb

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
9ba9ad2e09a69ab32bf472782a5e7684

SHA1
dee9d8d1b4ced9fbfdc96fb3e48e3729c6be3d25

SHA256
2015e19f4f77ed404d6f91ca32aca73bb5313cde722ebae98d7d3a5255d6599e

SHA512
30f0f0d673a6a31c03d7dd946bd46e1106bd3cbdb6f91cff1eb4d566dda5ab2d019295443ef3152c51856a79ea64c4c6f076d463ea957f742f7ba0631546ed7f

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
2ba1c2603596b1285247540222bc648f

SHA1
b2b94aa745c1da322d435b6a81d514f62702c83c

SHA256
3e0959224923202099bf18d2ab7593db18a4785c87a8088c7ec7a9bbb3a0d4ea

SHA512
5d2d6fe15f6e6156d81002357959359328e95b6ecb0c910b8c3e5ddf481df86cd788382897ff6d7f49e3b95e1e605316b637f11fc4ad4f28b2fd20c26a49c0ca

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
e3f13c7d7678604e5b293f6672bc0ed1

SHA1
b16c998ac7ca1db79cd4983b207a292ac1d96e21

SHA256
486eb5bec4ec277ea7b334a0d0e431e5e62881d3462903e8294640edbe96b2e3

SHA512
b63bab85a373912587e78dfc9daf8b4168a223c7af08fb87de8140d66b9f35042052d2d25694e4ea7c9f2064107e5471318b6dcec39c4e3dc0aa352627fa09f4

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
b4f8acbeb13247019415f5732f6cc01b

SHA1
c1427db546037a0aaf3c89baa07dbaa41a8b07df

SHA256
7fc76d27446bca0da7a1ea805af2a0a3ddf3ac0f74eb99a9580fad772e67beae

SHA512
83f36865b1379550b199eebd49e9a732507a1a8b27eccaedb246509348ed5e929a729cc92a4ecb820500601f4c923634846c04faeefe71a9abb9ee42f407053b

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
bdeb97a27ded66b7c46926fbb1c07ff3

SHA1
8b47debbf421a8b696e00c3e91ee91441b5c0f75

SHA256
8815db3e0733a3a29647c48e4ebe8f8e78bc5179e8b8ae47bc2482f381493dfd

SHA512
51e7a4a4c925f40b8af700f9b81003a3fc7b3f55b6ca8face83ed83789e9b44fb97c9287752916d7c48496d375f295aeea43716ee8b347ca6d13e2f1da22b8eb

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
60ba0406d6cf8b3d9a9fd3749727958a

SHA1
94b1f17f9bfe9373805cfba0cc82da998956cb64

SHA256
be013ad43d3b9e42c9880384314de3a0ba1e3b0de458cdf90f983925dea3a157

SHA512
5337c29bbc029cb60ef33b244f194065c9a190ab62e44333c587b86815a255a6789e76735a3467858a8f21039af3bfd5b925feca8eb8cc27d20a7e6906c0e0b6

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
db1d0894458afc793e0216118dcad7a2

SHA1
d863a040b7cdbfd4a890f188fcfc82e883930f4d

SHA256
1b12250efbf940913d62f81c8c8075825b26365267264a0ea502a85be311447e

SHA512
e39f5571046b15de8cd9f3fba783a08b52681096a72d6284d166a4f427e4a24720d2d741b108ccc9905fb340be28816d077b7a3f73fd91368ab9e061c38839fd

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
e7853dc340f9ecb2a97f6eaba42cc932

SHA1
cd94f7479f10f3424957e3f08b65db27661522ce

SHA256
0596d36de7f172c811941fa3e9b1697ea3e66b1d007c15f8098ac6d6aecf87c6

SHA512
010fa017c768a4edcb28ffae1216731f17bacc98a8d649ff563ccbc38e61c851916c5c1223589446ad04c66c769fc1a2c2bd615cb80b81c56ed2fe18e214bd43

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
3f8aa23bc5d5fe6913ee87ec7e25a85e

SHA1
91e535b829a8fb9a8df6b2d58ce1a965a971f4d7

SHA256
3c96209328a723aaf27d490614be40afc14db6a84b139abbd5584d8c140c8db7

SHA512
f0444835e40317b6816672e718b57a85f72e7b85effa79ef3715b41ae43003ccce5352611d7d9b7b042abb6d80fd84b065d8f3c352193c5ef7460c777240d2a0

Download Submit
/data/data/com.systemservice/files/PersistedInstallation1888743583663985839tmp

Filesize
553B

MD5
c1307c104d6c2c0fdafcc210d749994b

SHA1
7e4e18dee42c595e343e8242a482105a238b8436

SHA256
5fa129c45a4f2b84db1bc6b840ed7b879be3beb2a6a498d7176fd2cf5ea961b4

SHA512
4bd027093b46bb28ef3fa4be1c6cb2d157eea30dca7d443ebdccf4961c78e0937d54e18538de7c3ecf910419acc2cef58b3a8945eec875016e5f6a13d8672957

Download Submit
/data/data/com.systemservice/files/PersistedInstallation3949426215068150893tmp

Filesize
90B

MD5
a03dc8d3b2d87de4e11d04a7b889391b

SHA1
2d2af66d48743d7809f47a53e1edf04a07a05f77

SHA256
669da8298aa0139cf6986947870cb3d857547bb91b3dff302704efd684308200

SHA512
7bf82ed38a58bf43cd224c69ad0641eff04f820523ff7970319c33d57403b5a472065861e4aadf74ee0d0b50ac642f2ec70f6947ab849ffe0bf0263fb7360c01

Download Submit
/data/data/com.systemservice/log/log4j.txt

Filesize
3KB

MD5
af7221e4a4c913a815797c02c9bdf8e9

SHA1
df2fbce193050db514589dfa3015dd71f6abdacb

SHA256
0bffbf497ac24fca437e2189f5dc61e31031153461d12e37f7a4352d608d6c55

SHA512
16edd612527dd7fa64d7985fca88ea8e5b2909dc0bf47fdfbf36dc57d934663598980ac88256e472f8ceca7ef536502e5a7d5f1020a52d5797197120c22180a6

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads