truthspy | 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c

Analysis

max time kernel
16s
max time network
134s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
03-11-2024 02:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c.apk
Size

3.6MB
MD5

0366ae0abf0ada8aed90322bfe07dfd5
SHA1

2f0779ce64f02944e87674745cb446c5bc620607
SHA256

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c
SHA512

52f50f2f847628b1fb498784660050a6f189d8c7cc520c0d3a06ca28cc35ee4961d0a3daca71a540e263ab930ab629b884c3ff187d4abcd8f58549fdf87f9677
SSDEEP

98304:mD/SWbGiowrvH6Odp/9hBbW+te6lXhAyHtu:mWWbGjuvl9jS+oSc

Score

10^/10

truthspy banker collection credential_access discovery evasion infostealer spyware trojan

Malware Config

Extracted

Family

truthspy

http://protocol-a100.phoneparental.com/protocols

Signatures

Truthspy
Truthspy is an Android stalkerware.
trojan infostealer spyware truthspy
Truthspy family
truthspy

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

Processes:

com.systemservice

description	ioc	process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.systemservice

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001
Acquires the wake lock 1 IoCs

Processes:

com.systemservice

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.systemservice
Queries information about active data network 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.systemservice

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.systemservice

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.systemservice

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.systemservice

com.systemservice
1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Queries information about active data network
PID:4617

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Connections Discovery

T1421

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.systemservice/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
96f9cfc7373d26b7a346b4a9d4f6c53a

SHA1
8699695b1eb2c5d40e54422df05f621a00f838c2

SHA256
30d0c05a0e3b741cd9f64eb85e4965c3def16018b7db9cda695bccbf0e8cfdcc

SHA512
6327a99a97404da6bf65f0caca171c8f4728f423bff5023783e7e66031327024618ce67c30ccff397cb4eaa3fc1ffa6f15b95bdd2ba07f1f3d883845f5162743

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
d95828c7279e32aa8b31a03e28f30384

SHA1
424cfd6113f25f9d4bdf2e83f9ef119dcf245230

SHA256
863c4e304c317fb62d29c9c33765a9e54664b62beef8d35268b6849c699321dd

SHA512
66fd3296535f54ae3852c39c76c3b657afffdd8b71dd6f4886dc3675af0f39f4cd3f1ae9aba57cf07555e50c6316cbbd7b8c8c4d56f0e6350a939ef0001c9e1a

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
4befd01b730cdf07e7e9140f983deb96

SHA1
6d55ee861c09ee7663f86e73578561c691b1f479

SHA256
64cd34fa5a2650195ab5c3087807107b5bd473c535d212a6c423a0b5a641e2ad

SHA512
c466791c33fcc56cfa5ca3a088879f3929661396fd2c1a788ae2e67c4c27c67c85ffd9c5509a3a03cff5a70c916ed65e5e81a7b87cd229a48ac0b3d6af883967

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
fbf83877912ad9762b33674bea0bb744

SHA1
0a9c1fcce489942e523a95844ae886f17c89ea81

SHA256
36dca1a5bf3aeaf9ac5e3a31cb97fc9dc2303b9e389f6171fba6148789f50b0d

SHA512
716e8e611425c4a7e32abda4d093b34448b67923b1b839fa2210b81b7fab5201141fbfbcc3b4c115f7b135aed645733215a62663fc56439ef8231fed4034ca71

Download Submit
/data/data/com.systemservice/databases/core.db

Filesize
36KB

MD5
045489a0639eee27bca52f48828cd93d

SHA1
436e7966e7c019273c44faa4d8c5709b816dfda3

SHA256
0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

SHA512
c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d9cf75fdd1c2292d986f6c3d5d60f2c8

SHA1
07ecb1d3a26d952ae5fecf54f36699ab498510b1

SHA256
2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a

SHA512
442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7463e0096470c81193fc428409070a1d

SHA1
a5f42e47107e472560cb97846e6175737e86b660

SHA256
fa7b754ed7f536378d5fd75a7980e1c1a6196ca17115544488b3fa0c27196e7f

SHA512
8541bca7b2e0ed190bbefb7911eb0e1c321a967513fb0e828ff9d4432ef7915e03bbe68c6ad36f67a3ab996fb193ec0abbd8b56258f3f0a163d45ab541a47a29

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
84dc3c629a7d70425478b455d1cc0b34

SHA1
769490dd834b6f545133625dd24aeba7843e3467

SHA256
bbdaecdb7ffa3fd65575a8e64238c1c7170f38c76621de0cc3668b1bb28a3c8d

SHA512
db21513b65edba38e7d86c435f738e4fc277a70b84a3311c0e98c822975b79135bab7d5e82c680f52da72ed72270b9cab3b8452549b6cee99c9b53283aa2312b

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
8b467437e8c2d95335561e30c7365fa9

SHA1
1b8fdfa7ec08b1dae06fd9e67a67867185a857fb

SHA256
791890516866c52ea3913ec0d5155190e0aff25b5bf43f3e8688e54af60eab25

SHA512
e6466cc0221e6d7b24671cbdd48dbe5765005e0a9480adf2789d490262283df30a0af5d01a5858439dfbbe3c81bd01c9931a2b8a1e54f7402a1d42b20edfee42

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d901c60fd0990f58d9dc1134262967ec

SHA1
579e17c7806e5f797c1d496ff3e185ec9955d2a7

SHA256
68cbcc239637515a3bbacc537ea85ffa8d94d09398fbb4f603ee503b8c028f6a

SHA512
1bf54a9a6f5d9503e4be47a9297ccb7d09f30e08d753c7aa0d98d4f4b3f96aaa926c3e2cc6784aa39f1a394fedf0271b51c3e992d862e83a465ad06c94be7be7

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
2238195eab25764b61f2d26ef6a720af

SHA1
d366efd0cc079f0f87d23c630ec8d99f90541731

SHA256
599d63ed390f7e8e81d82b379c9a733ffbf454bfa5843bd0c909737c8d40dfef

SHA512
478111185428119bc92f0ffa3b6d88a7c644108c4b1d9b14a53bea1d74278bc78e67752e41d464dd81e3d600de8b7a723d0c7fa0ce920250ffd26977f9fa3470

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
b4d76a9de48cb9b915c0029c13335e28

SHA1
029881217c43dba3116699af03e52eaec286e35d

SHA256
cd20c995fa6837aadf897c3b94da0fb317f8199fc473eba4df08dd38f9476173

SHA512
ac587c3add8dee7f29ba8efc7376d00d40e629ad87de2aee3aaff6da52ec3cb0401792983dfebed875d1c70682ef058edb1def7320dc05a5a0cef3f3af4ef340

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
6b7f7113769ef0b6ea9dd7687ad46807

SHA1
59aad69540cafd967f27c47652b8ae48ab1a7d05

SHA256
f1d73bf387f583214aae0a32127b002e0f2630af3f077021093c50d3c18acf03

SHA512
04cdd2629a47b168c08ab3e208c20e64d8f4ade9fedf35420c301e38a7d216b4ed7633fe9fdda6dd97cd1b714a9089302976d44f02fdc5500f87614edc96eda5

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
891557ce5ae8b0ca227eff4a218be888

SHA1
685055007120036b6e2d181bd6194f946247ed22

SHA256
c90b34390914be673b802698866c7f9c87f36ef21db844f2423bc0c959325aaa

SHA512
d63d0a0b2cc17193cc2a46417681d528ea7178782e434e3d6750e5cc8b393f19a9dd6297d6e2800bd9e2157ab14373218884612cfa2910f2e16b4a303133f424

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
bf15874123c1813ba7420fc3a0655203

SHA1
7e27e6950af35dcf6b2bf9a8be1a80e149556e2d

SHA256
12258a6140eee03303a25f3cdb1fcb2a5a5785132b51d467bd1c3d831c80ca0e

SHA512
6bf07163c541fcf97263dbcbba954d69a040d4736012c195c206cb0eefbebb05d83bf2be07c63286edb12574dd09902e85f17843efc7325f82f91d10d8a4ba39

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
da6e25e60e7e2113ff409662a77a125f

SHA1
f730c36a7e97bebd4f71c63d4dad1ccdd0bf7203

SHA256
c54a3146a0ba11e270cd27d9cbaef98bbdaf8b9e9b049177e0955d74e07637d4

SHA512
4ee087c297dac8aae0cb494d3ef6de661a81ed39131622c916823dc8f8c3703b2013ed0588c7de6bdaf0e67aef692865a622b6355fcd5a90f089aee87d860404

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
2a132779e3b6b3f20740d5084e34dc1f

SHA1
78b294f8d376ae0c24e0d0f29c9185d0581e8d91

SHA256
3bfbbe2930aec1448f7125729bd3deac91cdf71299236078214e1442be4a14a5

SHA512
2076cbd5a73c96313277e06c226b7e5aa7e873a72dd374778597522fbe28404a0c1e232e3717b12802d651a11aa4dc534fb9871d3f64d5c7a70247778a734c6a

Download Submit
/data/data/com.systemservice/files/PersistedInstallation1397879464099282928tmp

Filesize
557B

MD5
a77b73c661e9e5a046086a8c4eddae57

SHA1
6ce93e0214a0c0bcd638f8e4aeb743c36ed08122

SHA256
ba336242877f4daea0c720f1e692b9cb1e60a9326823efc74866bf88628be03f

SHA512
59acff72c163b124bf952e9b946c6c667e293d5b1fe5b686e6bc7a7efc9736ac24e852f897ad80ff93f5c24de4b7e9fc8f5fceb48d190398b4e3b4a18b41753a

Download Submit
/data/data/com.systemservice/files/PersistedInstallation6281839954423561316tmp

Filesize
90B

MD5
9fe5176e63bd820575ddaf3001827573

SHA1
97a5fe1f23eb9981a5116be2cc0ad07e88a6274d

SHA256
45f3d2aead24a43b38d982ef15e11543f46c519d690f1d239fef6c62c28656d9

SHA512
61a46bd3b79fdf4a4a17a94b960aeb44510a07b05a305034668bdc3d6f01a960ce5377ecc0e83d4ff6d391f6e79f52b3992b06b25e3c7bb16fd801b79fe2577f

Download Submit
/data/data/com.systemservice/log/log4j.txt

Filesize
3KB

MD5
1417de7114092d935142f76068b3793a

SHA1
36f4ae062e09a048313523d8f492852617249fbf

SHA256
7e82f69733a9d3f661cf7b244d297d98b529a5b5fc017f72b7898d63aac3685b

SHA512
b1d77d063014609ed29664fecf89a73841f151049bf4ec174a19f3c7480dad525ddc51daed1b83e0e58725bb25075c8268134afe2bbc80b06722e9b436bb9552

Download Submit