truthspy | 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c

Analysis

max time kernel
16s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
11-11-2024 02:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c.apk
Size

3.6MB
MD5

0366ae0abf0ada8aed90322bfe07dfd5
SHA1

2f0779ce64f02944e87674745cb446c5bc620607
SHA256

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c
SHA512

52f50f2f847628b1fb498784660050a6f189d8c7cc520c0d3a06ca28cc35ee4961d0a3daca71a540e263ab930ab629b884c3ff187d4abcd8f58549fdf87f9677
SSDEEP

98304:mD/SWbGiowrvH6Odp/9hBbW+te6lXhAyHtu:mWWbGjuvl9jS+oSc

Score

10^/10

truthspy banker collection credential_access discovery evasion impact infostealer persistence spyware trojan

Malware Config

Extracted

Family

truthspy

http://protocol-a100.phoneparental.com/protocols

Signatures

Truthspy
Truthspy is an Android stalkerware.
trojan infostealer spyware truthspy
Truthspy family
truthspy

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.systemservice

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.systemservice

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.systemservice

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.systemservice

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.systemservice

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.systemservice

com.systemservice
1⤵
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4260

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Clipboard Data

T1414

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.systemservice/databases/com.google.android.datatransport.events

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
0d6e6af479a40d8d614b4c64583f03e6

SHA1
16cef1f4e14b49a307dd2161f0919463e6bc2569

SHA256
d9c432adae24c69407450f60e32dbd971c10ca0f022c45a194b1fc0ae8036b95

SHA512
80fa22fdbed9a560fa4f3638b0a4fe983f6d6ad5ac3e9eec3f04e68e3c0f7633ebad0005eeb9b1b82513597f2d60020e233ddb9b2bd164e5ffa75b968dafd76f

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-wal

Filesize
68KB

MD5
66928862f943f39243a449781d39ea3c

SHA1
d73f57743b9bf03b4c55ea8692283368469689b4

SHA256
c25e7207f89ef5b951350ac9043dffb8da853d2ef5fa4d78621bd4fdd1195aa5

SHA512
821fe8dc18f6a43acffff117a60a27f4c381c259da803b4c5b90b76545a4f830b50f504437a6c5db1ea2eca9c0f56dc7264b6afd224863d084a782854e62586c

Download Submit
/data/data/com.systemservice/databases/core.db

Filesize
36KB

MD5
045489a0639eee27bca52f48828cd93d

SHA1
436e7966e7c019273c44faa4d8c5709b816dfda3

SHA256
0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

SHA512
c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7237409e0640cfab7bdbd429bf821a3b

SHA1
4c3da934842f8d4835dfe2a9c275a300e5123309

SHA256
5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

SHA512
c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
263876c7f4b9d8275c15c7a63469f3ea

SHA1
2b92765920bf6b93ac9eed47b89a2a16c3f0b282

SHA256
798f65ef8565cbffaa7404b38988afa1b2335e0cbb400c10adcedcc78244cb0d

SHA512
559482dbfd3cd1ed1ce39a249beb1701a6c22adcfa45e7c1ba63a6872558853f3dc823a40bd0038fdbf1688b376639f9767554501d6ea559875bb54bed45cdfd

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
a334173f5324dafd39b3bc52081b01a6

SHA1
ece5801a1b0c23804e2c0c317d0d01a76ade102e

SHA256
f5fe30746ad64a859cd55d780b640c5db7098bbcaad6ae8dc804c4937a15e66d

SHA512
61d9fbde1ab017882b283af6e46f2bca332070ce7acf69e608f60123b87fe2bd9e9bffe19eb4e171be43a47e6a67a0b30a416d811534b15d09a6c5cbcdf362ef

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
3ff55ce314360182c1b7644bdcaaa3e5

SHA1
233488ba87e416f5dcc8381ccb36ba1f334c3ef5

SHA256
226b94f1eba34fcbf359869c5753342f5f0ff45c5874ff1734969b6ccf26f23c

SHA512
d11fb261439d87445698ba5734203a5851634cefa63b391b4f143b9c8e4e2e365ef6129e088c0182aabe72f1f38ccb9ae23923fbf11c91fee01617e67dab55d8

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
6a5b728644ebe4018261bca3325b9699

SHA1
ef521769cfe354af5aa2c20ee24387c27e52013c

SHA256
d371c949373ed020ea33c7c2203230afe2b9d39b292dd43f4622b538fa37bacf

SHA512
b280f04c00866f3c2faea166a04e2d08a6a4d1e2ec7c1ddf797919bcbe19075e50374ab5d3f3f36db64d1bfd5db725f86147314ceeb8f8a55853c5443a8bbc4f

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
835cfc7decf507cdc5e54f602e3f9699

SHA1
4a55d424cb32e766554672cb2d0b3804fc47552f

SHA256
29257dbf2b37d226ace65bd68d001398801235d93ed830a35435bd4bab4de852

SHA512
2ab470c2200d97b545693a4cdc661100e46b0299f3d3890773681bc5f22f29eeda6b6a83a5c627fa22119726f3ce78d40021362a3f018a4f3afb4a08476c253d

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
5c72beef9334a3580c514564b724d3ce

SHA1
1b5a82aaa7598bfec673d88b4ea59c1bfc8a8934

SHA256
c1128502fa58fcf7cd6b16457ab7e235cc478fca76364af29301e4bc8cd2cde9

SHA512
efddbd44091e4940bc852f99ad80141c0cd00aed4876db7699734b93cd2c213c4035504500ce76c5bf2dff7ec5670b96935920de10766990aba9dc6d7127b8c7

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
2e1f8782e5c215d898d2d7a5e6e0a4d8

SHA1
8fcf8d39f1cfd3261feb4b916f6f472952daf6aa

SHA256
567127a2361bade452fa5d68f5e60153aec6d93a0f5494d386b2845c8718b0cd

SHA512
244c3de5552e2eed99ab4c4500e5cb716896ed7803eed0792c7503c86792bb20b175967edead71b3beaaefe29c7d0874962c4ab55dcaaa5846050bb808d73a68

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
b5aa5919a0156a3a81e5114fe824080a

SHA1
031b46df92e434d4c17aa3cffae1c2ac0ee898a2

SHA256
379e740cea95d756296ea507351ba7e42724d07f3a5561de6fa93666265f1aab

SHA512
e33cfccd8b572cf6f8b68d37796d629c66b22000518c3499f99791671361914ba58de2821c19e2a927128724060a7d39af0c3f89fbd2e84655dbd0d57bfa6f86

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
4bffbd196c38b4d49d5b84879ca9fe8c

SHA1
5d59693831a2b6ddbd2ee41c20f54c7daae64353

SHA256
aeb347d1d77f70a98ba6329dc7fa07799d569d98080b6c2610a6bc2df686bedf

SHA512
dec5baddddb522c292ec62b9794c863ac947f660b4133e8c622f8f4fbafe8c66157b8c05db84af4c77e31f32a14b3834bff45b76910f22fdf207571a193f5d04

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
72928806104f15d1672823df47cc6b6d

SHA1
e97deb92202f1807e5d1604ce5dda70ee68e4755

SHA256
e05a818caa01e94d207abad2ba098bd9b337da2bbc84df9c106b0b6636497928

SHA512
160b7f5d2290b9f224ec31b0d277832053f34254842f84a5adb4a470da6b91f6a3d41666c2926cbc28c7fe06fbc3408ac58abe7d0ca5dc427e3ccce150cfc591

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
3253bd680fa284774f124b79e66a89d1

SHA1
8d8dabc1f1e18f6d467600b9e93821025ab392df

SHA256
3e8c7ce6e7eed610230ac77190f40523adfd3b6be7a4838474bc147fcc86954f

SHA512
037e18ba5ae70e817f428c06506c8a37d9981cfc3c9f51953a7942a85de0cd002cd29c841a8110ec91cfec500bc90f4e68cfcb1e742746826968b1fac9164211

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
a1a134f96d3b2dfdbe03eccfff938459

SHA1
1b5cc89507ce9b1063fbca3887aca6934978d8ab

SHA256
52555e09357fdebdf341e876d68bdaf15292c3584cf12bec6fca9f4d9d743502

SHA512
955a2b4cbca55444bef00f918fd6269f69e0bb1293aba604eb671452c2d18daf920429e238257b90514fce1c010851d3d4572da453ce7e9b534334276aa9bfc7

Download Submit
/data/data/com.systemservice/files/PersistedInstallation4035253769401789935tmp

Filesize
90B

MD5
04c4cdc81f9c008bd5f59dc8de7f12f8

SHA1
42277d132e69c3b6519fc58986d9fe46665955c7

SHA256
5b0c77c5e72d520de566285b1e3a4e2dbc3ebcd9b31f70aed964e57ef8a0038b

SHA512
9fa5dcaab0b2bb68b6d244402839628ed2127d9687a26cd4c8bfc7a901e928940516aa9f88ccbbb4d09e5af8042e9262eb629d0f8061e351706b11d75c018554

Download Submit
/data/data/com.systemservice/files/PersistedInstallation4532474452032320035tmp

Filesize
556B

MD5
b66224ce277a52f48e221a05dafa9f3b

SHA1
97e2ff12620d89b2f93787e7ecd9e532af2ccf22

SHA256
304646874c8dc81e4463152e25101e512520ff44073ca2db43186e3fd1fc48ad

SHA512
97d60c4f23a44a67d7a727462b03962d6e9af933cecf118e55b48cf05ae54da78327857bf956e78f08e756a86aa8cedfd959ae2be3ad96b63c82ab48614f1375

Download Submit
/data/data/com.systemservice/log/log4j.txt

Filesize
4KB

MD5
b896803ae8e889b2d4a4f3783bee32d4

SHA1
40b4060b311e3406d5cea60914c5cf324abd1003

SHA256
2966a1ece10b459bb9a4c97b862d228c204bc6e102fbaeb095c53b76c03ea03e

SHA512
fd14d379a3f4b31f87998df4f9a969e859394122968fda48891df685d4c751a6123e3cb0d70227488e384980f2c9aaf8e20f80253319fa8f0cd0e6fbe0f8a9fd

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads