truthspy | 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c

Analysis

max time kernel
16s
max time network
134s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
31-10-2024 02:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c.apk
Size

3.6MB
MD5

0366ae0abf0ada8aed90322bfe07dfd5
SHA1

2f0779ce64f02944e87674745cb446c5bc620607
SHA256

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c
SHA512

52f50f2f847628b1fb498784660050a6f189d8c7cc520c0d3a06ca28cc35ee4961d0a3daca71a540e263ab930ab629b884c3ff187d4abcd8f58549fdf87f9677
SSDEEP

98304:mD/SWbGiowrvH6Odp/9hBbW+te6lXhAyHtu:mWWbGjuvl9jS+oSc

Score

10^/10

truthspy banker collection credential_access discovery evasion infostealer spyware trojan

Malware Config

Extracted

Family

truthspy

http://protocol-a100.phoneparental.com/protocols

Signatures

Truthspy
Truthspy is an Android stalkerware.
trojan infostealer spyware truthspy
Truthspy family
truthspy

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

Processes:

com.systemservice

description	ioc	process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.systemservice

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001
Acquires the wake lock 1 IoCs

Processes:

com.systemservice

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.systemservice
Queries information about active data network 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.systemservice

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.systemservice

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.systemservice

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.systemservice

com.systemservice
1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Queries information about active data network
PID:4470

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Connections Discovery

T1421

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.systemservice/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
dc01560ef585e04a91b2287a4d3d50f0

SHA1
62737f7f42313677a524ffa5103057f18a889b82

SHA256
64c7b548cafdcb9c4a9974d548ca31b51123d4c2c12f4d6ee378f9d6b1db0c21

SHA512
7f643e0c35e208cc751ef2b2a1490002569cc05f94b3cee3f928c318d1d392214f79fa74a02ce8bcd5926a0e54e2eacfc7ea8a008f68c686a808a8c2e5493cba

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
b0407c4863453b7b8c8fff354f4a47d3

SHA1
22ccee1acb4627635562c34c03aea940eaaf8d66

SHA256
0d8c391a18a32a7631bcc9d6fa103fdf228a2e1113b89e1dd1965f08750c05c0

SHA512
91297c9a273e68121f56b1fa88d1d3e82b23cee6088b647808a50a152a29d36954984ebdd58174fd34ec05d1647fe7f9c4fc4d82a691129b5c118b7fc1752520

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
12eac1d83872f4b96f8ad166664125f6

SHA1
fbc98808ebeb0c3df5a212b83e14fe498b805d64

SHA256
e8ac692d15faa0363633f7e70b04094134e6cae7d97977888d864ed03b783764

SHA512
67e9ddbf5dffef835b53902e276a2d1aca520217d56cf4b29aa1a639502e4da2956dbe8eeeca552208a870ce348a4029c5dd5357d0baa300c0818cff335a07a8

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
6269d688583efb8509c30688fed0f0f4

SHA1
d9d8f8bd7eb17a3bc7e03d8796bebbb0b7a1d2ae

SHA256
6c206d459755bb5d37755facbb30aa5b1461699a4dc57649e443f4d6f5799818

SHA512
8e1ce1cb44f5a27e5a38b685ff2745c2305ac8cd202655b973e86cd0126800db5d5a43507404c5c25f0f943ce0ee68322dbf8b433c69e2b4e500d87c91b3fed2

Download Submit
/data/data/com.systemservice/databases/core.db

Filesize
36KB

MD5
045489a0639eee27bca52f48828cd93d

SHA1
436e7966e7c019273c44faa4d8c5709b816dfda3

SHA256
0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

SHA512
c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d9cf75fdd1c2292d986f6c3d5d60f2c8

SHA1
07ecb1d3a26d952ae5fecf54f36699ab498510b1

SHA256
2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a

SHA512
442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
42cd72e613a3dce08fc1975d2049d429

SHA1
d9185da0fa5b02ddf7cbc1033898b911b6e9b8eb

SHA256
6e22de6e4276bfb6bfbe4704af5dc6e3b9c348bc8bfb46d2525815b3ad98565c

SHA512
77cff9309b381aa9ec3f8f84f6eb4255296834a8709fc17d2537bd45bc10638afc22453bba3b79906e00fae289fe9b443156d33199322d1045a8393bb2df9178

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
0f13d25d3a84fa73ff044d5f65bcfb8f

SHA1
75dec6a4fe4aa08b2fec0ff381efc0e30ed0ce1c

SHA256
7b125268a512c7548b98f9f1778873c56e5c91608e27d6b094d56b548096fc00

SHA512
7e86c8575ba19aa3d04368959fee6fe9fddd8ef3235a535774bc04dc963de5a321d374e91b3365eedd3a2fc3b0255f94d7b7c22179fdfdbf039a86cc20b77e92

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
11f31b7295ec40c2ac5efe54cc2db1cd

SHA1
7dd619a3509f8eff385aee9a485db135d15dcfdc

SHA256
2d10bf15f35480b1e69493c6e342e131c36f379257b0d9360a3261f6f75c344d

SHA512
12baf929d06cfafe6c3ec1ac9f716063bcd05c9728b5d0828d13588950c215409045d54b9ed2516c641dbe95ea3de06a2573f173ee6072bf37ac1a28a96ae934

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
8f4ed97265230e11d975f2303decb6a1

SHA1
4aa86d61605349b6dd9d71385ad8f6b4c14443b3

SHA256
a6097857139b43c1424a0fe75ae05b044727a569906f8a45a90a3fa158f20600

SHA512
54518123f19f2437117eafeab967762318dad276820adbe38bfc640f75e9ea2e953bd0d733b4f895035a3461e69c04cbfffc09d5687c9c5f72ddc6b46dd6859f

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
2238195eab25764b61f2d26ef6a720af

SHA1
d366efd0cc079f0f87d23c630ec8d99f90541731

SHA256
599d63ed390f7e8e81d82b379c9a733ffbf454bfa5843bd0c909737c8d40dfef

SHA512
478111185428119bc92f0ffa3b6d88a7c644108c4b1d9b14a53bea1d74278bc78e67752e41d464dd81e3d600de8b7a723d0c7fa0ce920250ffd26977f9fa3470

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
3094219c3923858e556096c5f9cd91f3

SHA1
f99985a3e254b4866981e344cf98e03e1f4332a6

SHA256
22c2e869a783c2159147956cf7e48bc8cbcd56e2cec36b1deb3ea305655484da

SHA512
0720af56933d35527387723ab8d514eb1f255d0bc9aebd9fdc45d44abac935c06cc1cb4e3d0d64a8e85871b5e5e1244174d8c20823da96147334c89200278588

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
eda67b2d26a9baf4f70308fa8baedb7c

SHA1
027e9c065517b82fd906d6ee25c06ef1908ab323

SHA256
a86c92b781af233dd9723f59755b7ffd37d8695e1407e450e2e00f0c9e91a1e5

SHA512
351213dd56a4890d34e1d289e2d5a561d3e3945922a6e4f5f65af414a56fbb4343ebfa71b591805adad56b1673cec5c85eca5cd00df5f417d8f77ea48f3fbfbc

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
00ba369105e56eb6096350ec0f4a7037

SHA1
7a439be43761708f678d363fe914aeea979f6a15

SHA256
21704581d19191686e6ee130aa6169ccb0cfba39dda68430b086a477d9377ce8

SHA512
27dc97b784d987e7703be485209a09f22accb52b0b877ab9cc7bc582adc0d8c821c8abfbf6dca2d78b1d7ca0dfd6f7068da4b65a386ac1ac7ba7fd3245730437

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
366734ae51c75e6014c473858a7dacc0

SHA1
47463c3ab999a87226937a02e181dcc4a7d98fe5

SHA256
569570b1e3c1960f9f7bcc7b1579ca3f74a7b7a56ce8f870a9e796b86b59e298

SHA512
d80b86abc88fccc4885035ac0c277559f89f602bd91d7157f8834f7a079f8383ac801763cb6691a52e3b023c09c85a9a7e66e9f87f9486133eeb13546fee66f0

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
8e4e9e40fd4d3bfcc73221a73674f937

SHA1
e92bfc79ec53c4bdc4829179b1e3babe512f43ab

SHA256
1cecadcc6478f1800eeeadff30a55a486191c69fbb55bbbb9ce8f2295f4764f0

SHA512
4a90e621ddeadaab9f755c77d1de6f04754d6153987bf310bba46ff4db3cb96552e50745764361e22ac6eeb25c27ceeb0599de70bed56804271079fd6901027d

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
4beaf7b095e2c03683c7090a3d990141

SHA1
6d43f9ca724bd3fa42a0c7df8b4767e6b246b347

SHA256
d393066fa0f791a32e859f6de1c75d3b2f9245c5ac8b1d9f264cef2327a9b7df

SHA512
18b5ae2ebc4a337fef15da5d2cd9cb316fdfdda390d0e336b0dbd2f93ac1a0335b401ce2bf509e2414584f9510c146ba5a889b5dff9cfba2d47283ab031da108

Download Submit
/data/data/com.systemservice/files/PersistedInstallation5509934542199661765tmp

Filesize
557B

MD5
72bca0fdca3290a2b78a2f3a6a6ba561

SHA1
75f0eb8c4aaeddf97d40ea62a99fc5cc2e5245d6

SHA256
41bf26f1e251699c34a9fabac749b6b8e4307acbb6db38133616f68549ba0640

SHA512
289aafac53b91206230e67390ec09c301570b0e57923b9d188477b7851a1996905c7432f15f5b75debaec7e868362924bceff84ae865143162b74dfcbc7b040e

Download Submit
/data/data/com.systemservice/files/PersistedInstallation5600085966871540512tmp

Filesize
90B

MD5
583d29f35bbed79b3b57265049476b97

SHA1
8f7a41a73569c3434e66f369d978cdfb7bfdac09

SHA256
bc6847a674725eacf1fdeb4a3d05b13762b02027f27ae70ca412846cd2b4f434

SHA512
ff32bd5485ce1212b0ba347754c4ca18ea47713bffb47da7703811ff6cda7a12376d03ac730bff4ce32f1aaa9f5551837d682aa905190ef070ed4f7fbb4d7d7c

Download Submit
/data/data/com.systemservice/log/log4j.txt

Filesize
6KB

MD5
ee995f63b380bbee4750c99f422fca62

SHA1
0936300c05a66f40944945323ecfe4e5518f7241

SHA256
b688c4244a551490dcdc36a1ba4aeee15d10d76bf368d3fac0cbbd89e0441021

SHA512
7d184471501a120a9b42abfc9c7eccf4dfe4cb769f6b1d182733604289de1f833700c1e770caab807521cd12ee44356cb89e22006d5f1cb8451edb2d22bd86b2

Download Submit