truthspy | 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c

Resubmissions

07-11-2024 02:29

241107-cyssmssmbz 10

07-11-2024 02:17

241107-cqzk8avrbl 10

Analysis

max time kernel
149s
max time network
154s
platform
android-10_x64
resource
android-x64-20240910-en
resource tags

arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system
submitted
07-11-2024 02:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c.apk
Size

3.6MB
MD5

0366ae0abf0ada8aed90322bfe07dfd5
SHA1

2f0779ce64f02944e87674745cb446c5bc620607
SHA256

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c
SHA512

52f50f2f847628b1fb498784660050a6f189d8c7cc520c0d3a06ca28cc35ee4961d0a3daca71a540e263ab930ab629b884c3ff187d4abcd8f58549fdf87f9677
SSDEEP

98304:mD/SWbGiowrvH6Odp/9hBbW+te6lXhAyHtu:mWWbGjuvl9jS+oSc

Score

10^/10

truthspy banker collection credential_access discovery evasion infostealer persistence phishing spyware trojan

Malware Config

Extracted

Family

truthspy

http://protocol-a100.phoneparental.com/protocols

Signatures

Truthspy
Truthspy is an Android stalkerware.
trojan infostealer spyware truthspy
Truthspy family
truthspy
A potential corporate email address has been identified in the URL: [email protected]
phishing

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

Processes:

com.systemservice

description	ioc	process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.systemservice

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001
Acquires the wake lock 1 IoCs

Processes:

com.systemservice

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.systemservice
Queries information about active data network 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.systemservice

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.systemservice
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

System Network Connections Discovery
T1421

Processes:

com.systemservice

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.systemservice
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

com.systemservice

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.systemservice

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.systemservice

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.systemservice

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.systemservice

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.systemservice

com.systemservice
1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:5233

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Connections Discovery

T1421

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.systemservice/cache/image_manager_disk_cache/119240b5c507da9ad0fa1c8aa89526b0d3b318ee30c724b3db8c9b0913ea064e.0.tmp

Filesize
2KB

MD5
9cf30a13162deed4e46355f97db7b1c4

SHA1
6b8990b884da130c0a3a1fd7efd778eb1700f0a5

SHA256
c8eb81f3ad240ca5da767e3c02ca4280d90c81c9416bbbc6e0106c27238737d2

SHA512
64b86448554ad7035de3f87172d45aa0f8c3fcf6bf77772280b7c2dc69173ed1998664a4d4cd4bf42562f83428d337d34b54fde96ca380ea6d80b71cbb7392c2

Download Submit
/data/data/com.systemservice/cache/image_manager_disk_cache/journal

Filesize
178B

MD5
1491cbe29f4f76c20f1187dbbb6af7d5

SHA1
b861a6d3736f775f1debb5670c7c7cff38adf31b

SHA256
3ebe028851d600747296297c7cbacf682769e4e799a9da80e760b37b5b022c3e

SHA512
21cdf44af3a9dab2229163aa57730ef066b9a73803f01cf837ed6be9e2604b66083bca32b5f8a59dcaf4dac1373b95e7866cdde93dbeb56e744859c2d8a165f6

Download Submit
/data/data/com.systemservice/cache/image_manager_disk_cache/journal.tmp

Filesize
31B

MD5
8c92de9ce46d41a22f3b20f77404cc1d

SHA1
8671a6dca00edb72be47363a7071be65cf270373

SHA256
68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

SHA512
30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
604633f45fdd4d7d8b2551d165942330

SHA1
97474d7e174db7b5d3e2c057dd302b76bf1b9965

SHA256
9184ca1b6cede695a48db7bb4914b75324000028e703e6057b2473c481e84411

SHA512
3fc30f4e4f35d9091151fef99a7b3c99158e85375e583436693a4068aaacfea4d99e8e5470a664d83dd88ebe1f3b4ace83712605770cdccb090b97e9937c67d0

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
51d7b1725d6d166dcdfddf8bb381ef52

SHA1
cf68e4f3f89b7f927819982e4d45dc9199930867

SHA256
cbd3ce54c9d0c4a1fa89f967279b1c7583098d77e93e677df4146d49dfca7069

SHA512
c4540926ee2510c081e387407127c914bdadfa560a40728eee59efe3f201fdfc607b53e145f8549bdf10c15d5cc3517b9c043e528cf1efe449c730165f604ba4

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
19a3c06a8e1b259bb8b684a22f2ac478

SHA1
6a24bba7a503447fb997b7822191bd6b9cc0fd13

SHA256
f4a1074f9a93d7f3d5b4092150f8cee38d9db3bced5110fe6922a5398327e89f

SHA512
e6fc84a4cff1c6f3e58616c754873442c6181778c61e584ea4463c7a74c5ab653452f69dfe2f5215e8a0300f96de4bfe2747736e3551c92e0ad1386a48538059

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
0998b43988f49b6443918b80c7dfd00a

SHA1
4ce13fcd3dc9f6aec2fbe63969a6487f58abbc9b

SHA256
f0e5e29181e84980277d05c9332b4af2494e4b5e33ca6ca909ce1b48c177cef0

SHA512
a638ab4fc2a989f54b47bd41691bfdf2de0ea376b8139ece051f7b6ac7375cadc6a3266e8a8201cc090474cfa1b61b2ac74d3dccb2239b7c1df0249cfacc7625

Download Submit
/data/data/com.systemservice/databases/core.db

Filesize
36KB

MD5
045489a0639eee27bca52f48828cd93d

SHA1
436e7966e7c019273c44faa4d8c5709b816dfda3

SHA256
0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

SHA512
c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
eb52a90bb70b76e946b62f50b6f7fb85

SHA1
42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0

SHA256
48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4

SHA512
b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
80649923622e8b01dd2317577c0c6aed

SHA1
7860a5b7c5dfb0e9aadebe7b239019b18d9a344a

SHA256
be33a0576e0b0a072fecc8de9e644a7734df08dd3543f3d7b784161ce91847ba

SHA512
ba75b691fc3f33b2ae58ebab416747e4f2800387c4433edd2fd28529a5ca5b839b5d1967c4efeaab95df950c2eb31a7651b56c0c0011e8efe5321efcfa374469

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
e4cc5014faf8891d9cdb82bf04c82e3c

SHA1
e5aa0b1f077a77b1130c894fce4afb67b0069de7

SHA256
cc65468dc937912c25e20c60d14a8faf913b06533aec1f02c39967709854eebe

SHA512
166cc7c24d1ac35a38f3a66c3628c54fc2c9a3efbebcff440a262e296e54f3f49572ccca9dd56241fc15641f12c8b2f4bac6730fadebe5b1b6572b6e623ce23a

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
cc26a2703c663f6819daf00779515e88

SHA1
bf73d07cd6b82740a2a405738595db2024c34058

SHA256
189e4abe93b3838b6137b3057a2768f16d230b2f0de2a57ffa1fdfe0a44e77a5

SHA512
cf55b632fad7a64dc2319a4e5d18445d55303370b94b6cbc117baca3e3f0ab0495719200887d8412ac733416555ac04e88e7f688796b29f2e86e6a389b901172

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7c3578c3c048569e56b3d6a1fd00a5c2

SHA1
66cc9bc325e28b591572197da5e3113c6cae9cce

SHA256
da2563207128b51c6a5d1768b87b67245bb7da9172566fa9082035e753f74b9e

SHA512
e8523636f93b1e0458a23dc050df5debe929b2c16a3aebb7187ee4d21d484c046cbd8be83f5559bc738be7d16fc7fe907f00268f487dc85b037ec68270ed9d9d

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
a432498dac764c5597c3a0b95d870255

SHA1
0e433b5c9bd4c75e2ae218ccfb5c0e61a812bacc

SHA256
01688d77814d3a2e73a16fefe3182b51eb0a488f0fde1df278d09dd1e55832da

SHA512
cd2243cd45f310d2f03f0f2c0cbc1c9a39def7981b7a96601ce0971a66c986037e565c6981f43c8d99827fa39227d10089c14fddab6c9742c413a73ff8894f01

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
e553534f8c50623fde70e61438fa4419

SHA1
5889da2c7b42a04ab1e1148a723b6d9a57e30ce8

SHA256
9ce9db6d2b3c3dd0d68c17b647fffe2a32a64a65bcf6749a8fb69fc6a892e9f5

SHA512
13bbc32fca1227d3f112512ad8d0378be0e52dd10ffa85b79d67c7a494d6dbdd6c5a0248d75eaee73baa5e648aba6ab78a3d76ed47f6e348ec80074702373773

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
7dd0d707d8c0ad3ba015b158ce0a751a

SHA1
15b2cd9f4c8639dd4c1aa6b0fbf7d31a8bfb70c0

SHA256
55d4ccc1739379256c4a44f65ab50203282e5013ba7b8b5dc06cdc7a0656cd53

SHA512
2ac943747caead13cfc8fbac5dc967570b7346c94fbc27f36ae1170afb5b96d985343c0c304a021cd380576116acaa14ace87bd66a46bf9719abd770207c1da1

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
3d1323a903d0fe33379b77837d38b9ab

SHA1
5bca208927f12fe7b3da984f084dc07fcb3849e1

SHA256
9d0b96cd7cf9ff35c2874feb33408de10f99a771e3fde1ac86717f73d52459ee

SHA512
f15c0a7ec803b7ea2ace94fe9870af412f80ed6161bf190d73384bb1d75b410e178df8466f27b4d3f8b677eab8eb8571fa7590a52ba9c126ffbef1a4a7968e77

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
e6989f20bea62e2acdfec0c57fe50283

SHA1
113174d28aee976011295ff4d38e8619f7ab3f40

SHA256
e67250aa23ad85314b3d10ebe851ad554aa0d95d02b7921f572f9c9b700dfc29

SHA512
1743ef6bc01f30882876f2843cd1d975c0dccf125af4f0057c42794ef5e16493a662a9a85b3f9fd785ce7fa7555383e2c1ec2df6333785596b1dc31097527a73

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
950d810bc8a5a9b7a510527dbe49354b

SHA1
2773e449ee5da2cf0cbcd106f642590eaa247993

SHA256
dfbdaa489148f3fa038e0423ce89a2ca5401e015a23707ec5ff71333ffefbd5e

SHA512
3e93bf1850935d135202297e8a175969a09a15d2069eca1751429d07eb0eda8ad0e88ca6e0d6301bba999cb138499e6b667132fad51f0e787621f0bd006a20a0

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
e872f7b47c0e29fe05451b08a1afb7b1

SHA1
a3c186e7c4801d196e0178f27a3346a92983a810

SHA256
404dd28d7e846e26bad1b7997cb9b43f50d5c408885f5963285476a789a00cd5

SHA512
56d6ecacb03c988c023deae750e00343c07237db0bcdcd8ed464126f338a13b06eb34c5600a01aec0bd7fa945324de280d0597c13c8694d6ed213596b7e90173

Download Submit
/data/data/com.systemservice/files/PersistedInstallation2599911684281369259tmp

Filesize
557B

MD5
54fb74e9e7f64acda84612aa8c9fc3f5

SHA1
311fe572457065372c1c74a1a7f34c0a4f76d033

SHA256
03ba7ae922b09446e163a8125620011fa066c52b6a4b0e74d8c7fce890c981a1

SHA512
e5aa4c91b9e0ecd036edc95535036cd144d85d5fc62aee21eb94cdec57a830ccdb53577c86932a4e3294b1bfd9841d09f835b5425e67aa7b5c06aefb86cf717b

Download Submit
/data/data/com.systemservice/files/PersistedInstallation6569570304778862201tmp

Filesize
90B

MD5
89a66766289dc504aec358a9c0387b2c

SHA1
25f2646b93c6e414e62ffc50062311a8e575ac7f

SHA256
43282bb05b540e69efeb441796f977471ecec52d99ae3ebbd9372b4953a73b44

SHA512
1997b62e79cd7c2870a80b5d475506197d4faec7b80ba9f728861e39b8b2b66ff2de5447a3e0b10abb7573fbf587b0d330099fc6c4344a70925da0859cb62299

Download Submit
/data/data/com.systemservice/log/log4j.txt

Filesize
15KB

MD5
0b0b9f9f3061f9277de9d48496a00854

SHA1
c0ba8a0f040776fecb79d3009f4a8e9f9a839af4

SHA256
d1cc77f33652cb8ba81d79775f4056c91e76e742eec012a3b13ef5268c26b747

SHA512
3c9915a6664f3e155923d37a0c26c55239769d6dc54e2b83f87a925f172a051338782a68bb6dac1502b8b7ff931a0a215809c28596a6b7caba2a22c6f9f398ae

Download Submit