truthspy | 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c

Analysis

max time kernel
17s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
28-10-2024 02:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c.apk
Size

3.6MB
MD5

0366ae0abf0ada8aed90322bfe07dfd5
SHA1

2f0779ce64f02944e87674745cb446c5bc620607
SHA256

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c
SHA512

52f50f2f847628b1fb498784660050a6f189d8c7cc520c0d3a06ca28cc35ee4961d0a3daca71a540e263ab930ab629b884c3ff187d4abcd8f58549fdf87f9677
SSDEEP

98304:mD/SWbGiowrvH6Odp/9hBbW+te6lXhAyHtu:mWWbGjuvl9jS+oSc

Score

10^/10

truthspy banker collection credential_access discovery evasion impact infostealer persistence spyware trojan

Malware Config

Extracted

Family

truthspy

http://protocol-a100.phoneparental.com/protocols

Signatures

Truthspy
Truthspy is an Android stalkerware.
trojan infostealer spyware truthspy
Truthspy family
truthspy

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.systemservice

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.systemservice

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.systemservice

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.systemservice

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.systemservice

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.systemservice

com.systemservice
1⤵
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4265

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Clipboard Data

T1414

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.systemservice/databases/com.google.android.datatransport.events

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
bd7b002efdda9ea1cba73966583d4730

SHA1
70a98cb5bd5d4da0716f155c9d95ff217eadca4e

SHA256
4e6d2c7d57b9b82fbb01c58a7440e26d37c16f411e49b707640b505450ae62f0

SHA512
223a4a8db4687c278b97bcb893a234409dfd8cdb8bbb5ccc4ae730a588b49a2b0721af950056e4b2941ce1a11546140426fc2a3f4e1d578f1886a777b62b6240

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-wal

Filesize
68KB

MD5
1d0e749498b55ff6af75f52a66bea129

SHA1
d2249537255b17aebcda351c976e93cc52de0198

SHA256
085d961321d0226011fd08411df6e55d7c34b6c8fd80fa8df96b157f69dbbab2

SHA512
59f154b827a2d8e6b393b27e09c635707aa11dc2b6dfd632399427c01dc88104991c5bcd4659375312185be1cd1b777f55ebb13ce189067f88ea14ccb5b28e4d

Download Submit
/data/data/com.systemservice/databases/core.db

Filesize
36KB

MD5
045489a0639eee27bca52f48828cd93d

SHA1
436e7966e7c019273c44faa4d8c5709b816dfda3

SHA256
0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

SHA512
c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7237409e0640cfab7bdbd429bf821a3b

SHA1
4c3da934842f8d4835dfe2a9c275a300e5123309

SHA256
5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

SHA512
c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
c4457fd32f7d06da0486822850db207c

SHA1
eb8b52419cec02200a25965f8ba01d7dfdd41d1d

SHA256
03e977ab6c72cc716c2cd5c7f744fc75f86afe77220e3ab38ab3329e4379d2ef

SHA512
7b098fac8d1d078b36c1cf44fb28095612548aed9c603e78f74b2185cb999b67760ad0ce2e4fd84116396fa7910405b15566db524dd3ac4f7a711cdc6b5c803c

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d8a87b88907f8a98f3c8fbe5b31d786a

SHA1
7553d5fcf0b7a091c556b63925788b5e468ef286

SHA256
9f71a6d0e8ead1b0e20933d4feb0d04719eb87345bc6cd223c3531f06dc29bad

SHA512
f44b798051d61a29300409705291f0b4eeae492157aa6d04fc548859ad28506eab40d3ea2bbdaec2601881c3c06d32a3108c7b9165cc6870a41f277f13de1b88

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
f0691c00813f61c34b6ba1094963e028

SHA1
682de322b1818941e566930423e635aef1fb421a

SHA256
c7adda49f3764f6c53cc34499698414907fe81d51c7feebddef48114e47b4144

SHA512
e17224c6de3712175ef27bb88234f924e3fd2d735ce6f1b07b4646847c14d1b9a0d738e2c75c609b62b667dd7b76dd9e1c80b8d420b5722eb8399bf3e955ec0a

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
e36224d28d6881cf8cb469fa154eda57

SHA1
57dddb93c28e489b187a9bacb41570ef585d4e21

SHA256
06a80bb6f391627e489fb178fccf34fdf60f4d43f299572c70478405cedeb51f

SHA512
f9a0e0c95d467e4a52411dff91b3084de68ddf7d02403b2875683e4f805f6ca5745dd8782325a4d688a1ddebc834100fe940cdee69a223c39f1567d607705ad2

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
835cfc7decf507cdc5e54f602e3f9699

SHA1
4a55d424cb32e766554672cb2d0b3804fc47552f

SHA256
29257dbf2b37d226ace65bd68d001398801235d93ed830a35435bd4bab4de852

SHA512
2ab470c2200d97b545693a4cdc661100e46b0299f3d3890773681bc5f22f29eeda6b6a83a5c627fa22119726f3ce78d40021362a3f018a4f3afb4a08476c253d

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
4d8e2032601741617e4daae7f7ddfca5

SHA1
b6fe7b152b1828152b033c652727057a4517d511

SHA256
8687e81ffa25e69125a366673d80a9c1f5697364abd238734fc3d2d90ebacf29

SHA512
2d06723bf39e5ac94c3bd649f310d92c783e326373bd3b82a0ab5db09e261a4d6120d0721fea7a618673e7c215e43ff03f3b544863a22623d35d921aa189a762

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
13f9015c977ec2bc7ef3a029fb6ff6fd

SHA1
d97e3266df608c804827ccf35a629f12d167e480

SHA256
d39ca7697d203005aacc309022c3c841467943956644e7252d108560f3960962

SHA512
b652cd129ae3b76c658f71e19d8ec56f587eb9b51f206938231cf2817a53da0101db428f7f3d302c97ab2114fb11091ba1942d95751f7296058cdc5e20798b92

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
734eb06eac656354e1786dd4881b8d14

SHA1
e42b895a5a1afefda0988a3810cc55bf84e01a50

SHA256
fb57fa700159575c2734c7d2477eb32a0c4c2c305b0ea86d4771d2e581325323

SHA512
c0656cc4f18f8abb1a099db16a84b806577fc5e8c7a282bf05faaabb655803eeb877362cd9fc06e8afd978bb4a11255e29a6e994b241196087fe1a45b9c419a8

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
092e6ea11dd36f4e7b2c6314d37a4993

SHA1
6545749037f415378affa66a016b3f6f79741c74

SHA256
24d1d47dbe7f4dae61ab543112598011b4ed4e37298491d77eab260ee1664111

SHA512
13c2693845c808ac05a04de0f026011d16c6811ff0e860ddfa8dac8bf75ad3818402a4db1d23d9152b4f797eab7532112e4b91431803107915553643da9e3f51

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
abf948b828c8517715bc2ff1b4b41246

SHA1
06de80e0cdba671b35254629a811241abad88b30

SHA256
ae22ce5f123111d3df89c4b2573cf7b31d8e4ec1a9674187460903b4b5847701

SHA512
99989caed126e031ca0382c3a386a66a5741364c5269ab4809bd1082b8bc78bb0b7d3cd93887e0727cc69e6865571d741709afd6b3d9815c37bc51b79b2731d0

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
fa260d893357db85101093812735ee87

SHA1
4110db846e32a2cec94c58f6d077c1f4ed09f8cf

SHA256
041b5ec158281145365e7b1c4fe3b17cec632062cbc6fdfee181349fbc226c8b

SHA512
ac126a619a8b7cc58b890517ea07b4d62199bfff99b3821950f1e1cc3a4756e1f1a7134da4f0a951b5c57f1be7b18ebc563051eee67b1e172ad56e60558a50c4

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
e932a2f572881b7232407d42d3a13ea5

SHA1
11e5fb6ef763bdcd82729fe3c712928fb3d1ffe1

SHA256
f1aaa6f17e4d8827285bf95cc2fce754e10d657da1897617ce5325da8ea887c1

SHA512
cff08f1dc919ae314be4d227de815283225f1ede552545db1113e4eed78c6ff2b5dd9efb526fa2d32fbc6e8eb3defa1b074fc73cf88afea19f2026077f23c432

Download Submit
/data/data/com.systemservice/files/PersistedInstallation3820257198537032318tmp

Filesize
90B

MD5
fe8e4ecca8c5232f8f5bf725c9a9c1db

SHA1
db12d8aedccdd883e1f004a43822ed50fb61cbdf

SHA256
4d1ddbeaeec5ca242b50f64307f3e31326b683070408bc5e42ef93227346f757

SHA512
d635674f46a304e309010554edb79aea8fd0e389933432d519564c8de16506e1c9f3e7fbbd27c5df5ac545d92dde80f66d75c7b759ebd16db07fea148c6c96ee

Download Submit
/data/data/com.systemservice/files/PersistedInstallation7363853583137129359tmp

Filesize
557B

MD5
1721265e3aa30a1a53fc4ddab14be5ac

SHA1
0af370978417b4175c2e383e43e093367ba34772

SHA256
4f3bb4bf9e7b2fb88cca971eb038b5a90eec0cb4a3937ee283bb0e28c47a52ed

SHA512
edb5b270c96dd0b1616745c002ae47ecb26b6f0fa06c2ac405fa7a43c68de4dfbd0404a5fa0096040f65f0528f950a196699b1c60f51795fcc3bb7377df2f003

Download Submit
/data/data/com.systemservice/log/log4j.txt

Filesize
3KB

MD5
6c793f1dd7e7613589eb4bfac1a39d54

SHA1
416fe303a551f26c9ad3b58061d9b72a27843b85

SHA256
6c84579c061e491e245697ca8560f6177a95d7e5613d8f4c10b414b3b3b8e09d

SHA512
ff5ba93a0c670b6e3d85799acb4da908e904880c3d92b7b3b5f682342d54c38e6ab489ff031817430bcfcff729bb6f9d761d7f5db9c006bb9bb5d61b07210203

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads