truthspy | 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c

Analysis

max time kernel
18s
max time network
161s
platform
android-13_x64
resource
android-33-x64-arm64-20240910-en
resource tags

arch:arm64arch:x64arch:x86image:android-33-x64-arm64-20240910-enlocale:en-usos:android-13-x64system
submitted
30/10/2024, 02:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c.apk
Size

3.6MB
MD5

0366ae0abf0ada8aed90322bfe07dfd5
SHA1

2f0779ce64f02944e87674745cb446c5bc620607
SHA256

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c
SHA512

52f50f2f847628b1fb498784660050a6f189d8c7cc520c0d3a06ca28cc35ee4961d0a3daca71a540e263ab930ab629b884c3ff187d4abcd8f58549fdf87f9677
SSDEEP

98304:mD/SWbGiowrvH6Odp/9hBbW+te6lXhAyHtu:mWWbGjuvl9jS+oSc

Score

10^/10

truthspy banker collection credential_access discovery evasion infostealer spyware trojan

Malware Config

Extracted

Family

truthspy

http://protocol-a100.phoneparental.com/protocols

Signatures

Truthspy
Truthspy is an Android stalkerware.
trojan infostealer spyware truthspy
Truthspy family
truthspy

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.systemservice

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.systemservice

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.systemservice

com.systemservice
1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Queries information about active data network
PID:4488

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Connections Discovery

T1421

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.systemservice/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
b17cfff5d6c4dcc045933efd9849ff8d

SHA1
5502279fc685a17eecf732cf3591709082aef37b

SHA256
fdad3c1a00d871bd376b0f5e916f9b121da4c41a6ba1a8ec966a91a215c02c3a

SHA512
2c85c9edc6f01c12e5f85f3ff30e61807ec05353c0f624f140c7bc874e9aaecd628232c45dd151eb7bfdc137809aa7fcbddaeac39db7359fc4455f46ab18ed27

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
02c6b9f6a6a3d561c7e918edf668e4fc

SHA1
8c64e8bb1b6361199f12140deaae1a39e45b31e8

SHA256
ae2b89b48a66668eeec85319e2b44774b664a6cb6f87c0b5fdf12109d2c6349f

SHA512
6f5d272161b065c735dea3d3a85e7566b26916364e89967a38a0274bf4b2f2f646e0555449d8dea44944d5e86aaa5cb36836c122ab9c3e578b0d9f6ca0c5c563

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
6bae221754bfceec4a07e134264dfe9d

SHA1
ca18f5e63c79bd198bf50e514409ff36d52db29a

SHA256
89511f39263c6e0226b58ee10b55dd52101a79945b8aeb7f04d22448d7b70ad6

SHA512
81ec834034ad8a8d24a70425973a6fe86c552c97d194865f481c402f061f8c362fa6066c8014c40ea5d47b59fece9ed7cfc37d32105c0c0715971f5761c3d021

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
c1f26705e23837b003c3356e76b2b93c

SHA1
c7be9a0d6721b882e5f6e577f1f7b67dff7e8e94

SHA256
ffb632b532900e71d3fd7493840c923855d6512022b6c9334da5bec6b1b177df

SHA512
45f847d228bdbc8cb709497406154272ae7c8cd0e18e11278927788c4aaa4c001aaa3d64002b591c83745da65a09986247796869f0634e724f869b2f56b27a02

Download Submit
/data/data/com.systemservice/databases/core.db

Filesize
36KB

MD5
045489a0639eee27bca52f48828cd93d

SHA1
436e7966e7c019273c44faa4d8c5709b816dfda3

SHA256
0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

SHA512
c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
62ad4a05cbdca7f47b3206b7dbda487f

SHA1
4f4044cef7b7b1e5c6184ed9025267fc92bf0cd3

SHA256
18b909096c7c61d51ab076ae8e562effb0d4ada28e2a4ecd0e6b88ef58f6b2a6

SHA512
0936531ed1b2b356a247123200739a43cfc765469ab47a424dcd6e3d1176092a212b0a28591d07f8c2d0cc9d2e0eeddfcea8dde314c2f9343783c61075b071a6

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
88009a1f151e043e40a24c4a04e99bd3

SHA1
4fdd4e8c688c223fae58964b841c38ffe96b6035

SHA256
5277d577ae27fd7afaa25ff08fec71057d5b216aef157a97ec61d53d4af05e1c

SHA512
03cd83924eb4ce7835670a60502cad1b75f29fa0673b923e0f234586e764bb045b350c21e2426232a5c818736ceb557658e60fbfd64e5c5f1b3852c664ad8811

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
4a94fd8a93b4b4d2c7943ed55fb06dfa

SHA1
60ad0abcc860826ef2bbeb32274bb96dc50b23c2

SHA256
6650705a5b0d44da79cf45b335f068522c6b68481991e5540355c7260861b30d

SHA512
4140b8f87f773a0df3c176cbedb0704280f47aa4e936b2d9003db3ade34f2b875150dead6e640954abf1ffd6e431799120573a536bd1c4f543b4ea4619757b9c

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
f9b95cad61319546652d8c21558df5bf

SHA1
b5f6ba310e799ddea21bb830b62bbc0067364200

SHA256
f56ab27e1ef3b63fa052b7fcb7ce2009ee93ac6e1753f895334f4fa7e60019ec

SHA512
b8e66a1737b17d81862a0454af7104ed3a6ecdc3379a2cfd423b2b91c32daa15226f1bdeab5eaaad2d22bc3bae06e516b929e3388485c1a79c0cedbcf72f1c0c

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
8b28950e3e4745896a494f08a04d024f

SHA1
f3652127c22492cd40d8e8ee2800922f75f1b35e

SHA256
0e6abe0c25b71b526ca63c1f5a4eb7b19ad3a7169920ff1dd777e1869f2c708e

SHA512
8745b1415aaf2019f510ff015297ba5c500d66695e1c13b588b89bc0a8bbb90ebea2a2953c74984830d3a1c32b516c99255f993b8cdd5c3c8b9570353bd72285

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
e3f13c7d7678604e5b293f6672bc0ed1

SHA1
b16c998ac7ca1db79cd4983b207a292ac1d96e21

SHA256
486eb5bec4ec277ea7b334a0d0e431e5e62881d3462903e8294640edbe96b2e3

SHA512
b63bab85a373912587e78dfc9daf8b4168a223c7af08fb87de8140d66b9f35042052d2d25694e4ea7c9f2064107e5471318b6dcec39c4e3dc0aa352627fa09f4

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
08618617fb67ccacd7944443fbcf257e

SHA1
87ae4a1373f5a34a9e75a79e43719f9aa890f8d0

SHA256
11d0f2a4e39d4a85c8ee051b693734269ae9d69ae5d10669f777a74bcc05e4bd

SHA512
1485fd2cef9c280ee9aff634b209b5191518313897808fe80e516de9476e58c5052840135151b8f6257de5d151c4fe1e92aae06c3c6cfbb76aa102817fdc1d58

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
33bdd6a87fae5b00e0eba1104ab0694f

SHA1
aa1aae9da4039b6a0837cbe509d01bad611c6554

SHA256
39049f9ee3302babbb8353a0001658a5594941f7fc97849a9fe5de21d8ab0c20

SHA512
6a48d3a5b893e2be24dafd12efb47819975b25c155013b493fe628f892ea69ffefec8e1f5281358cbf1a3ec965d6306a05a742886c8b4260156fcab692d56726

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
c3f002b04061e61a3bfe336792916e99

SHA1
b59850ba86a7a0d48a01e253ae1515abf2c1ebb8

SHA256
d4c4e35ab2d2d8339c921c9edfc548ba6a7295c4d3439ab63552a4f64466cda5

SHA512
9b90c7343be6f6458e528ec3dc08347e1722304fb2295f4323dd195fcf4adc0b903c1e307fe3c32115ebd15fc57b03dc030996634e291b1fe2087b433aed595a

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
2c1cb873c3eda44510988ce12fbf0e99

SHA1
4631a7f7555572bec1e3db39b743f5951dabf837

SHA256
2bde30fe47fbe619461d7e58b92a683e804f056090b9935a03fb4aa9f23b4a36

SHA512
79b779de33965bcb5eddd3c7f87ad12cc26719d20c5787ce1237c39b6f0e92c67936dac8321d266efa2d9acfedcb3ccfc7b5320e92a7bbcd21be1fd9ef0ecd4c

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
ece41ff842517e801179abb39b52793d

SHA1
8704ffcbffdef85b489eed67380ce39083fa7d14

SHA256
b6dca9a8e5b32ca189ff4e79914b5cb5e5284e8d26074d7d2ebf86a3679008f1

SHA512
3202d9bef6147f8d1f44666e649984577cdfee4c0edc3c29137a4618f49fc4f0a16e910a6cbeb62d0914323111df42b25ddc411ded46fda6b7b7d2bd6fd189a6

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
85baac27cd136e624931f6f8ab9ce337

SHA1
37c4276a9ee9f3d4269e8c3f3b4c263a797f1335

SHA256
e84de2e1551dee338ea2bc612865bd0033a42ffb8ae02e3984c6c109030c5bcb

SHA512
04014a31b987c4d8241a119481e448cd45ec9329638e4d35f25fcfc62b7832cdbfe6c044cdca522f84860fbadc0877efb468abcb03c475760e147117c195641e

Download Submit
/data/data/com.systemservice/files/PersistedInstallation3570824816975071325tmp

Filesize
90B

MD5
d1402bd5b8f9139783df5ce8c855b654

SHA1
28296b8d709988673a2bd6a6ed29c5ff082e635c

SHA256
a7ff4d1433ba1585a2c770d427036d1114f700aa65ddb17e2f1036e7d8b181ed

SHA512
3b605f085f724ef6475c6cabebbb3032cb890e2e449769a8978d4d260689d663fcd0cee1409b6eae34fc0d8ad650ed885479269c8fb8c424174ca163c8e69bc8

Download Submit
/data/data/com.systemservice/files/PersistedInstallation8263740771770968064tmp

Filesize
555B

MD5
6c17ff8c76835249fe6684bb37313fe6

SHA1
dd26c1df42154d2322807b077e45add127c68f2d

SHA256
83fdebacf8811209bee1710a04aca4aa50219dd1236cb8f891c9000033fdffd9

SHA512
01fa9cd7706b3f6136224ed99b5516b693ad69d2cdedd373a786cf1cf114f8b8863a26f2c632731a8b755e1c1e10325ae89825f9e80e18114de8a18b890b2a57

Download Submit
/data/data/com.systemservice/log/log4j.txt

Filesize
3KB

MD5
457ff57b303791f803e20734e7a1f7b1

SHA1
3fe9dcdf60918de9a8556360faf04cb1a6377f56

SHA256
ed7f851f0d14805dadac6d1abf8ecb9e400ef9db31118fb7013b2cce13df10b3

SHA512
96ad8141260967f7881a27f622094d3e25b234c15eee1738497f9e4ddf727b7933b6562793604e9eebd6aadbaf2a76bc174a629acac3a69f8c3ff56271d74e39

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads