truthspy | 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c

Analysis

max time kernel
16s
max time network
134s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
10-11-2024 02:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c.apk
Size

3.6MB
MD5

0366ae0abf0ada8aed90322bfe07dfd5
SHA1

2f0779ce64f02944e87674745cb446c5bc620607
SHA256

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c
SHA512

52f50f2f847628b1fb498784660050a6f189d8c7cc520c0d3a06ca28cc35ee4961d0a3daca71a540e263ab930ab629b884c3ff187d4abcd8f58549fdf87f9677
SSDEEP

98304:mD/SWbGiowrvH6Odp/9hBbW+te6lXhAyHtu:mWWbGjuvl9jS+oSc

Score

10^/10

truthspy banker collection credential_access discovery evasion infostealer spyware trojan

Malware Config

Extracted

Family

truthspy

http://protocol-a100.phoneparental.com/protocols

Signatures

Truthspy
Truthspy is an Android stalkerware.
trojan infostealer spyware truthspy
Truthspy family
truthspy

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

Processes:

com.systemservice

description	ioc	process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.systemservice

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001
Acquires the wake lock 1 IoCs

Processes:

com.systemservice

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.systemservice
Queries information about active data network 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.systemservice

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.systemservice

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.systemservice

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.systemservice

com.systemservice
1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Queries information about active data network
PID:4614

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Connections Discovery

T1421

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.systemservice/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
fb367dda2e73e14ec868666f66850a25

SHA1
e39fe5d385aec72db2bedece3c642d662528cfd7

SHA256
49f866f0be4fe00b3977da8a404ac7007842cac423ebb3b1ca987e48dc344b0e

SHA512
8c5dacef6a4432d317cb9ebc00901e9bcbc4d604d14b4b13f44fe6496cf73905f79631696ac3bbf7c33c754d9b4724d7cc0d8f918f34ceec532326012f6ea850

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
bf0cb16af0b7090ae9fea87033735391

SHA1
bb8b0c8e9cca88780af2f1178d926fda89641639

SHA256
940a73c1d625035bcbe4263efcdb305e17ed8371278438ba78d3e823ea542830

SHA512
fd6127971e5f4957c4cbdb8039d374c90bcbea75907010c839d2529d8e795546509cd1baa3cd550f55f8d999132960311c8598169d7cb180293b36fd86cf974a

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
e86ceb16d98938ea37953a4fdb996b7d

SHA1
0537395091e13dece221115548923847b2c9a2a5

SHA256
44b13c532f0b4a4ecbb80a66df4df5499af5e75524700a8c4a5a0bb511d72388

SHA512
b96cdcfe8c0a13667d41f104bcf788dfa8f88c3a72c2d50ef62ef2c249e35e475964b95b3a9d4ca2b6441c0426d4319270d62ac5800b33c10482edbbbff47275

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
30a5ad4ea7b8ed8cf5bd0615bfcd9ccb

SHA1
ce5da2659f719c1b40987fcb4a6fcfe3d68bd57a

SHA256
0f13761977fb5e7b40da638828c9c724a74320758a22dbe3fd0990be9285a15e

SHA512
a8f4ad5016e73b7642c36710b3c5ff85cf34f65c1ab48c8bbbaf439cc16cddbf65a5604b29353c7b1a6f94718dd954cb5a0867d946445134445ea754627f2c7b

Download Submit
/data/data/com.systemservice/databases/core.db

Filesize
36KB

MD5
045489a0639eee27bca52f48828cd93d

SHA1
436e7966e7c019273c44faa4d8c5709b816dfda3

SHA256
0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

SHA512
c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d9cf75fdd1c2292d986f6c3d5d60f2c8

SHA1
07ecb1d3a26d952ae5fecf54f36699ab498510b1

SHA256
2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a

SHA512
442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
4c3c9fb65185ed24b1541ea924c1fa95

SHA1
dede30784f147c1db69e0ea322292f897d502e76

SHA256
e2b962c6d2f4918259020bb5a41d4d777dc4e9465a83e87f4de24d310a37f096

SHA512
2cc6cc88f7851d3360315060b15c9899858c753b3c3f0b44d4ef7f45dfa97cd84a5deaa7fe1ca9f581b9abfeaaaf7591be4aa000b1ac51448edc962e731a39a3

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d543e8b790bc500de893a0cbfbb298e4

SHA1
b108baf39a98751b8c54a702cc49b609f2c33e64

SHA256
4d255b2a971f471b9297d463d6970a488969b94534479c17e912717418ca0da4

SHA512
c0a8d8370a26243dcb541d42704a58fdb3560780c9ba461520702ba95d78a3b88e99760df3968e27853921360dfc8ed2ecac31b579d17922fbe6f3c070b0c3eb

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
37b4ec6c16a77f4b8ffefd2f2bbb4f26

SHA1
1df9873d9f7c4b2d942c0b61e776ba8c27b9ef14

SHA256
120104f2ec49636d8a9fcfe1f25cf02827c6337de317320e70d09014cc7462f6

SHA512
9a9e4a8b934cef8bb46dd15d78c528978caf3666aadaa8bc12b66263500f88c25c0e2e9f6a062c9e8c02d17f1ca7c896b438c059e9ba0ff5dda06d4ed7b7caed

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
4648a7aa1dcaf7a6e4582b1e7c8af7ec

SHA1
b2ae9d879f383b8143cc40866adcea5ec3096cdc

SHA256
0b664b4d4499284ff705af77adc341efaf85f402b2d94ffa5d21e6f431f49d41

SHA512
ff48704f888ea4fa23eb9f8f519d51bc99e85c1a1d86744f0e85de76090c32c0f2a9e7db15bfc204d6429700bf918b2043c9547f12403d0b7eb10fa9b9459818

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
2238195eab25764b61f2d26ef6a720af

SHA1
d366efd0cc079f0f87d23c630ec8d99f90541731

SHA256
599d63ed390f7e8e81d82b379c9a733ffbf454bfa5843bd0c909737c8d40dfef

SHA512
478111185428119bc92f0ffa3b6d88a7c644108c4b1d9b14a53bea1d74278bc78e67752e41d464dd81e3d600de8b7a723d0c7fa0ce920250ffd26977f9fa3470

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
398481bb032e6de2c991442082b07639

SHA1
682d3987fa6d2e2742f03cd2e0095ab454080556

SHA256
538ae44d7c464130c7a713366e5ec08d2ff5693c9abf5b5610b29674988a998d

SHA512
0d5d8f8a084984d5753047b0eac635a107aa216bb8c333eadaac5ee2967ea10e14e9ed84647b783e7ca5644a4803495a0cd1093200e8f3a6132ff086e409ed42

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
0be7a932c875e2322c6c1abef238a42b

SHA1
53ff38533fc3f406840ef8cc0a4a7b7c2a792885

SHA256
41976c47bd4c849d3e099852afbf6d9c4d2828fe77328682953ac9696e1c29ec

SHA512
922dcd5d455db6de317042b36b6fa962f1a8be5e7cbfe07afdfe225348791d213913e8aab140e5e4f40b0a5af4c647a65cbeca55bdc60e3b353611a158a10d93

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
75ab74f7ceb48854462842ba8dcbb87d

SHA1
2a2e0f0da1ebc40bfb084d4f5581682d930cec12

SHA256
3280a3bc83774adeaf04b2c207ef9de7aed952a30fcd7c6a525ced6c7a1a7e41

SHA512
11f5522d8c7722a9ee037a7d56b61ac99c16f0e3e4f386917a302ca0d29edf15c00006333d5ccf3e50f462d826cbf72f66b803e446c10cea5287881ecf378530

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
2778f87b14530b9a7697707a342af600

SHA1
630db6ad261421183772a9d4fede56eff3d93c99

SHA256
dbe87dda9d7f6e0db2a2dbb48fd42b4a5b437b970b252f44aba8cf56d4ddda34

SHA512
013f406a4e0fc135ad02b18d2b3d1023ebf2cd3159a3253a2d137484c9e2954b0d522bfd00f71dc459b54a813042845076154ef90572f53202dffae648acea7c

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
c8d48109296a3a82e6071c611f0588a2

SHA1
15a44f2e06e6d715d9d4ef0a63366523f2073ff7

SHA256
94943d76cf1c4770a5fe94bdeab5187848dd6679e5c7278e3e6299992d936c9f

SHA512
8c5ed6a675ce738784b08e5f0f905f72565355d6a9f019f641b36355734ec610bee0942e65acfb643a9333aaff1375c698920b2f76f6f1125485b5d22a88e326

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
7bbfa63e2a037b6bc2bec2c951d6696b

SHA1
2d56e8899312695d61f2fd139c6752a130168754

SHA256
5df001496ed5fc619eade9dc964ac7764d3d86d4290a37af7ccc4ddc5ab735a3

SHA512
85b4d67b85ed6bcb97dea7f910ccd226bf09526adbfea78eabc11bba86142886623c865ec4ae45f8ceb7fb85201a05ac59848ac2388ed4ec1ff1387406d6c5b6

Download Submit
/data/data/com.systemservice/files/PersistedInstallation1107189498569723943tmp

Filesize
554B

MD5
1acc5e66cc2a96c72b21db955d096fca

SHA1
17ce419e99ffd545e7c0e2d3fc631578b3bb8595

SHA256
847a80b9f121e27b49a08b98ef7d75fd6aa5bbad567542ed0311bfe356eaca0b

SHA512
e3be32778aa9bb99679f52c699d3e924c2a6bbb4e93b3cb452dbc7b380333cd9a6f4c51e89f02ca1742cd9fab97a83d342d2e2aab1d449a547e33ff968ed8bba

Download Submit
/data/data/com.systemservice/files/PersistedInstallation4092384327422777843tmp

Filesize
90B

MD5
1299a55e6f33cabf8c02fa850862d71a

SHA1
af5635b732a3138b36562640d737a3db3f2fdac5

SHA256
05553b8aaedc823a6bfbf5d73fff7667ece1b34307a822ec6ee7a17baa22f143

SHA512
1ba0a2e464f0c2242ac80b0d3226dd35267dcd6be8d06dc014fce71d3e9a9ac3ca2dbb78b3142fb70ba924df2e668899f2a8f852ff108b4bd7779adc097df691

Download Submit
/data/data/com.systemservice/log/log4j.txt

Filesize
3KB

MD5
9ffa92ead8addacd2bbb8d2f8cbf351c

SHA1
d447b34692917f7c2ebc55309ff759b2b5bfbd96

SHA256
da5750c25e5328b8e11bf325e1e36faa43009632542e8d712e5b0c123a10a943

SHA512
064d13a0fce00f6f61bc26e6a6c19dfbf4b2bcf4fe09ef30bef0b19dc5f98aa9b14994dae7f30919bdb7afb73b770da977590741a4429ede28e939b793d963c3

Download Submit