truthspy | 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c

Analysis

max time kernel
16s
max time network
134s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
02-11-2024 02:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c.apk
Size

3.6MB
MD5

0366ae0abf0ada8aed90322bfe07dfd5
SHA1

2f0779ce64f02944e87674745cb446c5bc620607
SHA256

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c
SHA512

52f50f2f847628b1fb498784660050a6f189d8c7cc520c0d3a06ca28cc35ee4961d0a3daca71a540e263ab930ab629b884c3ff187d4abcd8f58549fdf87f9677
SSDEEP

98304:mD/SWbGiowrvH6Odp/9hBbW+te6lXhAyHtu:mWWbGjuvl9jS+oSc

Score

10^/10

truthspy banker collection credential_access discovery evasion infostealer spyware trojan

Malware Config

Extracted

Family

truthspy

http://protocol-a100.phoneparental.com/protocols

Signatures

Truthspy
Truthspy is an Android stalkerware.
trojan infostealer spyware truthspy
Truthspy family
truthspy

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.systemservice

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.systemservice

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.systemservice

com.systemservice
1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Queries information about active data network
PID:4518

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Connections Discovery

T1421

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.systemservice/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
b21285da226a0efeef99b645c32f9080

SHA1
15abb7c26ebd5fb5e5fae01980875a4ea8b3ed54

SHA256
660c65a1b83789e74fc72450e44e0d3ddb050977229a9d62b723bec9566b4b2e

SHA512
e3a7f908301aee4d13abe0069850467500706991a7c28400d33294d3a69a97441e2042b226251ad13be9996fb581b06f0f90d72ec5b3307f7150dade1a60a04a

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
3c1df046e3253335adb0b8d893201990

SHA1
a292a870e3da17da2ccbede1431e4628f3670660

SHA256
10ad8a2eb34f080b1bedc2e696e225b634808e05fcd3d94f5f1cec665c971a7c

SHA512
7f6439a3f5ecda187664738e5d2472c2bab8a62119f8ef17bb334003aa1ac31db7ca851f9b70de2f0931bb8eb7c8371f1f0421ea8b6f0568801998487828f7d1

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
a6220841d183bfd9e936751cc3169d7f

SHA1
1bf6e4939ed250491c120e8a734daffc41224ffb

SHA256
c94d67d09acd3524c41e390fb900e8a0069330db63ec56503e58b0ea79401b5b

SHA512
cca7f71cd4c180015ad9a4d0ae55f795b0240b77904bd85cd032b4a71ee493cef8e01a80dadc7ab7e261115f438a99acdcef1709398414fcfed12615fb56d291

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
fd3e13919a0bae95eecd459b9f622370

SHA1
68a2415e025e3423fa9c389e25a043b690608afd

SHA256
01b835309571fb133816b3d2294dc5de6b0dbae3c8923c5be09b25522bc61385

SHA512
b85e3df06274a6b638f4c905989e5cf7080feea0542cfd6d7fbb11b65ca18bbd6d41091165a3ce92ba67b2ec9915b3b225fba115b4584e94cf3de3181e249ad9

Download Submit
/data/data/com.systemservice/databases/core.db

Filesize
36KB

MD5
045489a0639eee27bca52f48828cd93d

SHA1
436e7966e7c019273c44faa4d8c5709b816dfda3

SHA256
0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

SHA512
c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d9cf75fdd1c2292d986f6c3d5d60f2c8

SHA1
07ecb1d3a26d952ae5fecf54f36699ab498510b1

SHA256
2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a

SHA512
442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
10c41057d26dfcb5f3fc674cd5e3da7c

SHA1
d6abd26dbd6966d893b060c88ef405edccb7fbe8

SHA256
2a3f68a4295e79ec56dc4773b6572e6b8a1073e516417fc89dbcb2f2d5c52a10

SHA512
b9b84e71b2cc06090f4180a6c3ba8357785d82d0edd61d34d4a96e588b4fb42b49e7e8e4631d42b9644fe74e1e8c767e2eb867e50b8df826d660e641248cbc44

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7070968861e2856809e6984d3aefa4b0

SHA1
dc9eec34a7ceffa088a19acd3785b1579e265883

SHA256
2b9714b37cbec5834f69306bf07724d6640cec6af2002aa02c328b2e22434f96

SHA512
5b4d88021954dac429f30a2e4680b80f31d8fb3856f10b92b188e4a2a8201354f638e928384901f2f05074e141dd5c552a38d76db14fe3e2d25341f0daa90b87

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
ebf79b13a39061674d9b0bd9b14dd6a3

SHA1
54d7f7c0dfc8e223e3c6f8d74ed2113b7d6178df

SHA256
d12be18d71eb3253e59e96e2614e60548348b9729628f4c091c340b8bd87f9c4

SHA512
d9586f6c522ac64c40c9e723546717a27080100e091d3bfa52ef9e1ea10670d72843ca50b04cc00fc1e7ebfa8f0c720d58ab61d35029fbcc28b9abd616bebfe4

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d94b760af0d96601d7efef803df6d00b

SHA1
7a4e9441c05726d8ba25c9a99be856d01b28a4f3

SHA256
4c83914ab497fa9bf902ca04ebbbf005d16cf26e46227ae319c2e6772d8b3146

SHA512
3893af9b01061af4e699f30f8f11f326cc70018f411cff0511a6dce0d8ebf2d030d770294604c6670fff3ce780a4b894319be47a6fc87afe9b465ebab1afe938

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
2238195eab25764b61f2d26ef6a720af

SHA1
d366efd0cc079f0f87d23c630ec8d99f90541731

SHA256
599d63ed390f7e8e81d82b379c9a733ffbf454bfa5843bd0c909737c8d40dfef

SHA512
478111185428119bc92f0ffa3b6d88a7c644108c4b1d9b14a53bea1d74278bc78e67752e41d464dd81e3d600de8b7a723d0c7fa0ce920250ffd26977f9fa3470

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
320867be4ac2df61ea5b943c25187b98

SHA1
061e3199fea586b1a99cda32935397cdd5c62582

SHA256
3b954842361b16eecf34bc4e595c43255cd5cc0ecff9b15febe2df1a318fe494

SHA512
be8b134955838ed1af954072aa6fbbaeface9a744b6aca7ba25485efed45aeba59a25f239f05685656068c8dc3da6080f43c52fd5373a8d0fe7b30f8bc75e191

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
0cacf336762903a6efa44b3fab900bc4

SHA1
3ef68fb259b56991e6eb20832f41789911b424df

SHA256
ab59a3d2f3f20d1b7682d20b1341cd1f93de9f09657d7f527a1581c93b7c6410

SHA512
583d912943f4d817c4f6f92b76100cc100b5b5eae022766085396247a666819626c0f9840884b465adf3140dc57452e6fbb8d4a16d2d3e960bd6d5ab49cb9482

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
b09a5f6ed13d03625205a8c93c7135a0

SHA1
281f7612e44ed39accc7ee6a8962d86a72938275

SHA256
22efd78929997608ceceb31da5072f388f3d3fd9cd8ab2238866244cc10d08b7

SHA512
19da869a912ab1755433acb50937c4543e28ce7b5d5bcbb945b9d8ee54b0dc902f8bf77d9c985b2323097a2f338400f891ccf17a9e5ebec15f72af235560c7d9

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
241b1cb81f572f06580433ad1cb216fe

SHA1
8dfc39f86f4771ea8551d8e2db0b2dfacec8c217

SHA256
614e08045b65aac1e45d3afec42c5c15f5b8192c51e657951d50233816ca321c

SHA512
cb04d8051d7a067f51dbb037be49ba9a8787b1f8615e7d241310cf47b610f7beaff42115d33d853602b102cfa713cad398e7d59540e94e814ce38f95a90f8b3f

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
bbec6731dbf4f12fc113402df7749169

SHA1
026506e70ab0c3e6515ac6a7395bff441a3169c4

SHA256
05b96455e8ea3d0debeb962a344506f1c495856fcf43a5aa1ea49294365afac1

SHA512
3ccd4f568f3ec7145888d4fd2e73c7adfa7bbdf8dce223621c9d7ac7171732400bf3b0807c701cb306097d24ace1c87766fc0d58a336149f6393517142c431ae

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
7c59e64ffa20d62d1e93b53c5675e9b7

SHA1
4bad8b35dc869b63b0f96d1f9fc916a81b4c5589

SHA256
0a2c7de22e3d1fdacd815892d267cce639ddf1dc7674c85cf9cf2b01f8ef8ebc

SHA512
ca491ad91cc2ac69319348f32a79df2a1fa170540d508d92ab7c8f3fb617ab3e8f74514a3d93bbac30dc60d3b7b7b8cee992a88e45a2d50a121ad2482d0e3b1f

Download Submit
/data/data/com.systemservice/files/PersistedInstallation2065951748652131205tmp

Filesize
554B

MD5
89289b17b8fd49230083fa968f9466bb

SHA1
9044522ad3b2a99b771f8105a73d50c3607bc6d2

SHA256
5129ae67ffc13e2e999ad1af3d78801daae7e617b96d63ba9f3eb7087c593395

SHA512
87970907b1b37b1dd5be5b3c1dd228910daf4c175f7ffe98ab6fb9281c1b4c92fdc7850ef9fed983dcaf651e64057e71ab6949fff942a47cb0be4a85557a6faa

Download Submit
/data/data/com.systemservice/files/PersistedInstallation563716762904157426tmp

Filesize
90B

MD5
022d65a0d3257e0a4e3f1ab9a48fc829

SHA1
528d4a28ca81e3e1151e32dead07a7de52496059

SHA256
1c65a1d1f19ef48ce1b2f4151f33fa836c2c72f87fdc01fde753faa4f1b81096

SHA512
890489a2c916a9356939583c351382950d18f2c9a2de9a282e09121c053bfbe5e51178d0edeae4633d303c3b72919f40b1fcc48c78af6a73f1f63d7144cf8dd5

Download Submit
/data/data/com.systemservice/log/log4j.txt

Filesize
3KB

MD5
b4b661bc1ddb5e68d803d34d2980534a

SHA1
0521f3a2d2a52e3c5b6769d048ab5e28c1853104

SHA256
fc06e9e4303514cc27efaf8b30fd362429b64832529ccf7e963c1114cb7952a1

SHA512
07cad7db84151d72f4615540c495ca213efffd06714786f708d046842fe86afcbf0745ea1472cf2eacc4c0fafc73f561febdee39ba8da4ec41d62bf745931960

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads