truthspy | 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c

Analysis

max time kernel
16s
max time network
156s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
01-11-2024 03:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c.apk
Size

3.6MB
MD5

0366ae0abf0ada8aed90322bfe07dfd5
SHA1

2f0779ce64f02944e87674745cb446c5bc620607
SHA256

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c
SHA512

52f50f2f847628b1fb498784660050a6f189d8c7cc520c0d3a06ca28cc35ee4961d0a3daca71a540e263ab930ab629b884c3ff187d4abcd8f58549fdf87f9677
SSDEEP

98304:mD/SWbGiowrvH6Odp/9hBbW+te6lXhAyHtu:mWWbGjuvl9jS+oSc

Score

10^/10

truthspy banker collection credential_access discovery evasion infostealer persistence spyware trojan

Malware Config

Extracted

Family

truthspy

http://protocol-a100.phoneparental.com/protocols

Signatures

Truthspy
Truthspy is an Android stalkerware.
trojan infostealer spyware truthspy
Truthspy family
truthspy

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.systemservice

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.systemservice

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.systemservice

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.systemservice

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.systemservice

com.systemservice
1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4993

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Connections Discovery

T1421

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.systemservice/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
c22475d5f48e8f08b0a6049fa1ac0569

SHA1
6c05e290992575ff4f8c2cc05d30eee68b02e81a

SHA256
6b4cac686df8f495679269d59a2423f027883458ff90497b230cd97f81ae5ef3

SHA512
10180798a39805104c83caeb779fdd441a61880e3bfe6dcb697dd8f1bfd5417854a4375d36a58218eea2c21bd40679e07eb1b1c9d7024f708f692b58701e1d4b

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
0e97b29a331c8adef306d76f96fd82e1

SHA1
30403258ad488082fd3a4d074a2544d3a4687f72

SHA256
514c49f250ad55d9082eb77905c1af1d569bd3c16688da93b074bb5823bbfdad

SHA512
5d24b55d55c666c126c8e5988095c7b3df09d528638867eb6f8dddcd3e68447139f61a3cd9f3b241a581c419f3a85e21cd4d5882f6e25f157e784aa1543cf6e1

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
7389d4c383ab78b53517e687742fb74b

SHA1
c70483066abfe3fad7c2431d3b817cb6bcf6d2b0

SHA256
b840ad6202a17273529fae63f0941d43db7d4bdddb4c0626552ea142c62f48fe

SHA512
3f451c6d7bb97e4f8c3f557d17790df32dd5d372f4906156d2af75746838f1bca0de598180c43765cd8a8fef13e991c035aa78fbe8f6e6ab500a389f1a0983c1

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
70aa8de68ff87b36b9591afc3186d0b9

SHA1
af05e5c06a31a96073ea2818c1e38429d68cc6a3

SHA256
37fbecb1cba2d15aeae7d6d77b20f5c218f4285b2dc1d4a42816e34306f4ffe2

SHA512
469baab9a61796daecca7ff528b37605acdf4e91e68f151b4a07ff20b483fcaa120b3df2dd3025d1b93fb0f50bee79be2c982418c381d06b2d9a62be4c44241d

Download Submit
/data/data/com.systemservice/databases/core.db

Filesize
36KB

MD5
045489a0639eee27bca52f48828cd93d

SHA1
436e7966e7c019273c44faa4d8c5709b816dfda3

SHA256
0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

SHA512
c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
eb52a90bb70b76e946b62f50b6f7fb85

SHA1
42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0

SHA256
48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4

SHA512
b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
105de0f394d1260f3e89c4e36d21d9e5

SHA1
e27ffb649e67b2d33f3efe1c175ca108bec72b8b

SHA256
5f671d6a38989639c746e7366468ba913efbd5fceea77b3dd7d4af7cfabe86e2

SHA512
dd027e2cc8181f8b4b7ee18d793a10ca40711b1a6bb4b4b23ac012475fc1db1b090b5817c243c1d35d2b4cd0811edbed30d12bb41e079073441838cfc72047eb

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
f608758d4401a2ed7691b362907e58d5

SHA1
4259f428cfa64df75698dbd4f3f9ae78cb3b0f56

SHA256
920121dff8ec5575887b87863ede464275fc6387d4b1408cdce7da6581beecd3

SHA512
715117dc674fc6834ee2c860e3a66de643ffe90eebd3f4b00a8232a430a319a5ca36c4623e66fce2379effa1ee07ae026b4ce98bf8473b59830401935a10e7f1

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
fe2bfb086835201bb78159128d4ec71c

SHA1
fc5ba22031ff6551eeed724a5e4bedd3348e0a40

SHA256
1aa2490b601ba14106c3f87dfc4fffbe40441f43dcd38a49ef0ce85cd8ff3c05

SHA512
19ae81ffe2e3a4eed1ecb655e30a912a6ef20c5e49c05eeeab292a125a31d01c48f5597e08d6e2e2f79454cd7034ee528be854e808261f8d164368003d40a714

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
9d1e89717faad8ff48c40f4138c65ecf

SHA1
3e199f064429d07d22520ee95a97b2b78010b2d4

SHA256
9d37e0ece767e7a7f1d052e184f392026008bb62484c37eb9c5d9f595bc14057

SHA512
c776beb27d65c513b60bcd3bae6a74419cb13b5533f3fd4639b2b6927818b63f8546eb26b017a2139ba877451ad18aeade5f155eb3e64c01306be908761a5302

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
f871ff700510a56a54fdd56bc41b7541

SHA1
481548c8bc3254a00f497140278597b915460c48

SHA256
ab18f3bb605f3cbedaffc75b2d5a03fe21ab82179d268331ea907bdcd32c23fa

SHA512
12e3d348199566e137f02b63e4c8b4c722aa086128c0f1cea883d512075b8573d40d889d2b4452d9e3d9c02f523716da9775d93750c242a1a2d9e62f50f60fc5

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
8af7fd1f822ce50c7d11bb0eb11114d6

SHA1
5b4348af95bf159bbb2ddacc2971b5b0e7b10700

SHA256
9936a68c077d9f2e41c5e69d2eefad121ecd592721cbd1c307d053cf6ba3d20b

SHA512
ff1fb58e1bad066f92c3ca5cbd70f0e9592504ada8a89949b8953a70e38c8cc0fe113e3838e48a8207f274e779c6d27ed8d26a6fab2efc77aae9e464de216934

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
e3e772538e6c916b693c5b3089532e08

SHA1
7c027d979d7b0c9869b9f96250ef6cba958ffdd6

SHA256
817b453a147980fb542c0f2f5c8e7a398e057d0a1eb438760b1429d238ea5250

SHA512
10590e761b589d1d9be7f3ea21684ba09dc0a6ba1cb3cb08d430451bc558c2b35d00391f965537aa16c5f891852e30a26e0aa0e8728eed224f44e4aa3359b4bd

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
04e2dd06a28f30b248a6ec3ae24341dd

SHA1
6eddf5a8104b6ba680066432793603a6e10c4478

SHA256
10bc46146495efe7f72c7121b85dd588a413fef0ef22996d9ab644fc30a9323f

SHA512
9417fc54e784de6c0eaf36ce7539841daf6c7cb2ca6a76d034e1359340ba440fa2cfc98c8717e6aacf790428492db24aa742d7a16074ee5099145c44a56e2324

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
cf550661de325090442f5eeda1e3bd16

SHA1
0b1b374decc2f4147f3794bea76ce165540119b7

SHA256
26717b455b0988dabd894738ce43860ce7ee3e3fff55d7107372e92f96488f17

SHA512
88d8f946152c07be6f4a324e49c4d224825f489f2c7eb051ecd56a7c7240f03577056339a0b09ab65cb24c038f4a4f11b12985bf5446bf71a1950b2915034961

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
b3713b05dae603823588ebff40c14127

SHA1
8502f9dd53157fb4a7de9e39109fdaf64309e534

SHA256
f517a871b4f1949bd5218921dbf6236a7b6c4140834245531dd4f00e2c5b087f

SHA512
8d7c5eec59e29d5d4d687a3b41247c81e548c516f6eaa991d2ce50044de7a94179a06535e4db354a2f1a6de6d93db037a99857da874e73b23f21c037e09d0a82

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
3785c0d6583b1638efd03df467560881

SHA1
b1221a5fc1fe40a7e631492eaad454f279cb8d2f

SHA256
e10e0f780548cb5ef22667e9e2edb6bdf0dd48246c6481c39fa0f3a8c5d8c76b

SHA512
b7c5630151953a2f28a93791490a9cb12f0d0cf5a65bc34559954397c31e76741efc21dbba64daad65d6f3306e059c71235937a439eb00abf4d015977fd7729a

Download Submit
/data/data/com.systemservice/files/PersistedInstallation4728293582993545450tmp

Filesize
90B

MD5
f9151201e74b91abb32aaa168988fb9c

SHA1
d6c48552fb5ee294bf47c59fb66b183d04db3835

SHA256
5a5f70569bf7c1ead609df18fc2fbbcca9dce01121790d87806a5765f34cab54

SHA512
76466ee33a997814079e661e4f18d725e68d4a184f1ef8e45c1e1924850532c4aa01d00d928ec81559798048bfc2567d236a55ca5a528925faeabd8aec6b4a9c

Download Submit
/data/data/com.systemservice/files/PersistedInstallation917775089527930739tmp

Filesize
556B

MD5
22997b7d802fee11022d98da4bab6fc3

SHA1
cdc4e589544ea1bdb60996bd30a2bbe00918f8e5

SHA256
c904adb5115ea5cd3ab5f4c1fe16f0420ecae8d6ada2d0df2e53906e1b012cc1

SHA512
bbf64b44397d85ad7d6ad10d816848cb61473a09025e69654e49023573df406a69fc390ce47e45633e87486f6853bfcfdc5b618ee57ad713151179c4def89501

Download Submit
/data/data/com.systemservice/log/log4j.txt

Filesize
6KB

MD5
a2b8650ed12e7984a143e040a8584836

SHA1
96598507f71ef4f63b9290c43930bfce8c65566f

SHA256
9b0732bd92bc4c1c761c1448b2d82b6d028c39e7d033d3833a11db87ea5c531b

SHA512
4af6b70e98fa91275f3b68effe7e506a67c136a3063dbca4f0bdd2001bcdbbb358a3b2ffc90a8ad94942d956e7ca7297a555812881ed4a7da609003a613cef71

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads