truthspy | 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c

Analysis

max time kernel
17s
max time network
136s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
01-11-2024 03:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c.apk
Size

3.6MB
MD5

0366ae0abf0ada8aed90322bfe07dfd5
SHA1

2f0779ce64f02944e87674745cb446c5bc620607
SHA256

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c
SHA512

52f50f2f847628b1fb498784660050a6f189d8c7cc520c0d3a06ca28cc35ee4961d0a3daca71a540e263ab930ab629b884c3ff187d4abcd8f58549fdf87f9677
SSDEEP

98304:mD/SWbGiowrvH6Odp/9hBbW+te6lXhAyHtu:mWWbGjuvl9jS+oSc

Score

10^/10

truthspy banker collection credential_access discovery evasion impact infostealer persistence spyware trojan

Malware Config

Extracted

Family

truthspy

http://protocol-a100.phoneparental.com/protocols

Signatures

Truthspy
Truthspy is an Android stalkerware.
trojan infostealer spyware truthspy
Truthspy family
truthspy

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.systemservice

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.systemservice

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.systemservice

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.systemservice

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.systemservice

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.systemservice

com.systemservice
1⤵
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4261

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Clipboard Data

T1414

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.systemservice/databases/com.google.android.datatransport.events

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
f2742b4b349c608544b56c382fa27eef

SHA1
931fd4c028505310a865b9dd4591c4cde99c3e1d

SHA256
c8672151477332c2a6e77839507e492f3938987b3bc989156d3a884d6e65292e

SHA512
94c3b1941c17ec76d52de653ad64d6db09c9c3c9b878709a7aceb32abd052968d36f6648b2d1ed990d9a6089ae049f4d1bc4020bcdd74f536a688a4e89b10ee8

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-wal

Filesize
68KB

MD5
d57f9d2153d29558aea650664f80b295

SHA1
ae6e372616d146449a4f767995c77c41956b11dd

SHA256
9d791adca92125b52fae25c510d0f43960877e80250bedfbe9b6540c24531d1e

SHA512
eaea77dc16fda051bb2f9c8f3f0c4addf1dedf3dea24a198369953438cf32c343cc173dcacd607d8a9fe333b4a8e0d8203dd38ccbc527757c27a5b593c32af70

Download Submit
/data/data/com.systemservice/databases/core.db

Filesize
36KB

MD5
045489a0639eee27bca52f48828cd93d

SHA1
436e7966e7c019273c44faa4d8c5709b816dfda3

SHA256
0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

SHA512
c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7237409e0640cfab7bdbd429bf821a3b

SHA1
4c3da934842f8d4835dfe2a9c275a300e5123309

SHA256
5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

SHA512
c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
df6e59f584240a2b3dc96ed5cfedf629

SHA1
911c762a00e15e707fc2654c3e1376a1c2c0d429

SHA256
916ef62f0ba72210f33540e167fdf369073710db457da04d9bfc72a50e370082

SHA512
070a7bd6c3987c4ea9055d9a43cca865048d9c4c8900936278b896d2d140a83cf06e8081e673ac8961de3ddf83a1a8a34d55b75d7ebe95564f32c78c3178b324

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
eac5ddccb03e48d23654e0211d22d497

SHA1
e7b61fc7804749356700b8301d91873bd524599a

SHA256
b465c3266a26820ee69be9c3598cfc3b999212b70a88fbd8cc1fae2e20a58279

SHA512
731900a81bf02a9d56789f7af610e6928a162aab4b2d871f76f738c3e3e33df4c37f023949cebc2e0916fc2c866e0648f15853549c14e71de9982a14c6c9e5b0

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
1b09f380949b0ba49e433b48a620d99b

SHA1
52092bf29760d1dbfcd11f01967748cbb7551b93

SHA256
e703b02b3c64da950758a702a78108013cf3c995c35ce441dbd689b1e2b0567f

SHA512
fa9184035a982d58028e9b77934946dfec92cc54cc7dda24a3d6f9fcfaed88c47cca2a9e6e369017a3ed93ac30b9432335d2085babc0d7ca0a1075f278583866

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
b0805afb3eec07e7bd62016c05146b74

SHA1
dfad7824777b802c6d43903368c7a357b7d8dd14

SHA256
e67b6abe1019ab2078da25788a3bf9d1b3ba3ae6eeeea96b448decfad97e420c

SHA512
33ea05adc6073c2dfeaf22b6142f309ed585608d36d35fe0d42df42a63ca146a6af8fd14255cf946a92eccdd086f17ee6a2b341d342ef6206f46d3644fdb0ae1

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
835cfc7decf507cdc5e54f602e3f9699

SHA1
4a55d424cb32e766554672cb2d0b3804fc47552f

SHA256
29257dbf2b37d226ace65bd68d001398801235d93ed830a35435bd4bab4de852

SHA512
2ab470c2200d97b545693a4cdc661100e46b0299f3d3890773681bc5f22f29eeda6b6a83a5c627fa22119726f3ce78d40021362a3f018a4f3afb4a08476c253d

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
05a139acd58faa13134d5fa99c86e425

SHA1
a0b77cef62b4d64a65f72cd103a6d517e45be54e

SHA256
717b3837048590206043279d6809530a89dee98a33f186de169545a7e6ab80f0

SHA512
fd6f6885148c870b9db8817adfc3aba1571aeac7586d4d76419656d120732ad2e64d3fe2e7fc66a37167fc6fe401358bdb67afcc7cdc54ffcf2b8e2e24868549

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
53378cd218de40783a99da54f9dbca6a

SHA1
bb2875393d6e4e98b3fbdc5cb2e1f6abf7f6238a

SHA256
d2c6eb1e8f8019dfbaa9aee281f9ce816184f9b7ba3b8b6d550d39e4110fdab3

SHA512
f9b69db3c1b33bc0381ae9cc2317cc93642fa3ba86c58aa970c029a2b2b7918ba5ffe07762b45c2cf6eb771e285dfe7b24325b4adf70b5e7738b7b44c276dd3c

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
525e8c597ec353040bde582416e9f3a4

SHA1
10cdade1ac66c4e92566296de427d2317538ae8b

SHA256
3df5310e60f4eac2a36a55af2d8621485a688ae4b7f45c92656e8c14dc316cb7

SHA512
3a23004958c283fa8c0b752777083ac7f165a3d0530b2e807f0209c4f828e348f9d7411e98213bdd49113c4ca4b9f66c3f01e12ff85b178da96e80e716169111

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
6a22f5f5774e061bdc922096ede291f2

SHA1
6f7b714e2b05eb13e6c7a898bb0f6b62c6d7b475

SHA256
20f067389d268c0ecd85c0adefd48c654ed8e1baf022eec7507ef161b40f6b90

SHA512
aac2b322496765825d5b192c518a12b5857c261faf6352b5fb813ba75025970765a66fe275de3f50861c5d072258c257c56b5bd9660e412f72a3baa2f6a674bb

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
eed3eae1f99cd310b0b1fa53cdfdf097

SHA1
bebf5b237afeec62dc8efd1012bc1b0e8bfcf6ea

SHA256
bd72f5c9d7522f9d0a73922b2f752c1300b5f3e808d955540bbe297015c08b98

SHA512
01d569333618409afef87912bba2cde35f0b8ca7c08e382161ef4e3c16d8d8819c828f6d1279202db3e43de86077cace32bd07120e567557cadc0b40b4af2ef5

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
e60aff7efee8323a73c16d06c4f0fbbc

SHA1
e065a42ca35b0a812cce35e0e04525f8814263b1

SHA256
61f4dcb8ae705ac66a9b2502f388f6877078630937e2f0b2e36efaedad5e0292

SHA512
d2388a08304cf7b69e76162de43df76849c946681074bb3a726761efc5423b8c98ac98dcdbd972159ca70d658d428bd0c0addca56337d7f4e08a7f728d835e6a

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
2f8fcd40d68715cd64e928bdb80ffe2b

SHA1
8bdffda5cdb77e1e1bfb4d65daaffb08fc42b2db

SHA256
1cc73ea0f0d79313e7e7b274e25f458416a837bb63a88471171630f81bc5eee1

SHA512
e7d44aa5cceb88ad3b323b78586a84724861d34c90e53c28bd80e2476462e99811b9cf1031215115d6d014b469f352f3b0fcbda1295d50812c2ee433e32338a1

Download Submit
/data/data/com.systemservice/files/PersistedInstallation369096995183945572tmp

Filesize
555B

MD5
c217c6b331b43076f38d7f746b505a48

SHA1
77bafde3f1ecd6f3ba1e2814f6dd6f9958bf4c04

SHA256
064b8d8f25908d4a81dce0c639631a41da45cc02153ff09305bcead48675806a

SHA512
60f911ad5008eb9f38407f729ac05cd25642491a15cbdc58fdf6195e3a81924b34c84578ab8037bf22518b007ea82b2b893b94dfde86241e544fcb773c044e85

Download Submit
/data/data/com.systemservice/files/PersistedInstallation5128194693229796276tmp

Filesize
90B

MD5
36ee575f1c9f249dee00db3476cf0769

SHA1
9a7f67628acb697e1e8c5efab4c5939514e04545

SHA256
7521cd9c8a5caeff9e9ac89197cc3787a0074a63341e4308a83bfe8518a11df7

SHA512
f92be227dd8a73b7a115f2eb70e6f408bcc670d0b6681c8fd60917d133304dbf6f3d87e21d2baabc42a22767d0870cdde19f6a21ae448f15ec6200741c3f5422

Download Submit
/data/data/com.systemservice/log/log4j.txt

Filesize
3KB

MD5
7d2afbba2fae4c4be2739064992803e9

SHA1
4b1d52fc72660758f77f901dfd8652c5bb9dc114

SHA256
7d4f562b4b3e6c7d2418dd338205939275db88f46c22eee0b92a9e92d2b76ca6

SHA512
a7c1f8ddd4cbf49583785f9606c7666f3abe64134ab68896fce3b63eee2a989080d3d245512b525524d5ba330f46071928a7e7f3e9e146424d9514d4e0f5c39f

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads