truthspy | 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c

Analysis

max time kernel
13s
max time network
158s
platform
android-11_x64
resource
android-x64-arm64-20240910-en
resource tags

arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
submitted
13-11-2024 02:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c.apk
Size

3.6MB
MD5

0366ae0abf0ada8aed90322bfe07dfd5
SHA1

2f0779ce64f02944e87674745cb446c5bc620607
SHA256

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c
SHA512

52f50f2f847628b1fb498784660050a6f189d8c7cc520c0d3a06ca28cc35ee4961d0a3daca71a540e263ab930ab629b884c3ff187d4abcd8f58549fdf87f9677
SSDEEP

98304:mD/SWbGiowrvH6Odp/9hBbW+te6lXhAyHtu:mWWbGjuvl9jS+oSc

Score

10^/10

truthspy banker collection credential_access discovery evasion infostealer spyware trojan

Malware Config

Extracted

Family

truthspy

http://protocol-a100.phoneparental.com/protocols

Signatures

Truthspy
Truthspy is an Android stalkerware.
trojan infostealer spyware truthspy
Truthspy family
truthspy

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.systemservice

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.systemservice

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.systemservice

com.systemservice
1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Queries information about active data network
PID:4728

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Connections Discovery

T1421

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.systemservice/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
8cf678306ec6f70eebe93a669a91547d

SHA1
268a2c347c894e7b994d75aa4996055398039d67

SHA256
319fe74e569494c6df7b81b3780e6df082669c95154f558862e66d2fc2896a09

SHA512
54d35e250bb7b77a55879ff8c827c592b856c22894abf2210413aa899a6c24211e4705bdbdee0aa16ad405f8b5dc44d7d20844705eb7caa0406acd5850029fbe

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
8906023eb058628d874aaedd8afce942

SHA1
c07cebec5860cec2306b8d5aa830a34095187ed7

SHA256
abef0b043a3576981bb2b014044ea625b515b3ca42c6dba2a3baa553436fda94

SHA512
bc12ff34e94709b532874ab59ca837ee91870e76f51909f05c1846362faa1a1270cfb527f3d054f36210a9bbb92fb95b02b808226ee9b5d8f75b24e2ed55a280

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
787a391bff18d5689008d5f86dec0246

SHA1
249da45ca7400ca60389456aff9d8f8bbfe3e941

SHA256
3dbaa380c2845eae8dd25700ac349880e02fbf1e0007a5cb5f8bca5e52e34b89

SHA512
56ef706e478f3ce2d75d8316b224618c32d4d3365342c77785737e6ce2d589a10e15cbf8b351d49f223a395128dc1b24a3d7aeff064054256532eaa9a98916b6

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
56b80a99b8cd4b0d4abc3687125b63c3

SHA1
d81387590b82204c0633d111a5055fa1414f6cb6

SHA256
6ba3c09c944f20756492cfae3025ea5a556b71805f4ea8fbb40519972481c14e

SHA512
249c470aa6fdc928649df2e22cf12edcf418167c6a5d6eec9985722da4aaf61438d77f7d2eacef13a162281f12184acd20f459496ca914b9b2810da05a9701b5

Download Submit
/data/data/com.systemservice/databases/core.db

Filesize
36KB

MD5
045489a0639eee27bca52f48828cd93d

SHA1
436e7966e7c019273c44faa4d8c5709b816dfda3

SHA256
0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

SHA512
c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d9cf75fdd1c2292d986f6c3d5d60f2c8

SHA1
07ecb1d3a26d952ae5fecf54f36699ab498510b1

SHA256
2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a

SHA512
442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
3b5c5880ea2bc0c1e3624e46173a8d5a

SHA1
46dd53244b3979ee4f4fb9411110d4a9ccfe3b4b

SHA256
8f5154ceb5b7c374ae1e2c05745b0f0d888414b111c7f62e9112a06b581bd950

SHA512
2639910482e6f8155d5cd08b084d3f0afa71ca29bba68a8f63ded1ae8ea39419c054aa79a299e90750fddc70c15737df149867616a79511346c7fd2691e97119

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
585e158a724f97957e42265bf78d6ecc

SHA1
7374dfad31c3fbd9ac026fd306b63a75b0f25c2f

SHA256
1afdea6d14d52bc6810788f7ba5e518489928a0528c1f40bc7914f503b4b442e

SHA512
020286520f10ca9c9f716dd65f4546a18d22759fc66a2da1fb6bdb302d33fe5657fac3f6263ae8b53632d2308a4b2cd3a369f7af1d037571213d76c87f2a0c65

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
0039e0c573646ba2823083fea1f46aa3

SHA1
0f70a2e1c6da6c31d5a19016fe6ef4302ee67769

SHA256
7f00b78dcd38af06763c6b8ff2c504e4c67a17e170cd1980037a0c381ad7fa07

SHA512
0edeccc94b1cd6885044c4d42b5c9430d5b89447238fbb21bac69c7081701844019ea1c146d21bf89cc02b839cb91ddb10b7fa9b6031b88cd3a5044338aa3778

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
fe2ee572ab8e2bf5e492d9f00aaaaa88

SHA1
9a970e53965b3b86bf72085ee2276f077b14998c

SHA256
5f1fa02b704708a17a9f07999ee9d083d242604fcd84dbb7b970dd338549b96f

SHA512
aa0c0972db2de8bb38befd84cd47a9fca9ad860566f0a0881e8bfb66217fe34d66f3da436d715fc35438c3da043a7b1a643fc5a6f8129c7ae272933d34903ee8

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
2238195eab25764b61f2d26ef6a720af

SHA1
d366efd0cc079f0f87d23c630ec8d99f90541731

SHA256
599d63ed390f7e8e81d82b379c9a733ffbf454bfa5843bd0c909737c8d40dfef

SHA512
478111185428119bc92f0ffa3b6d88a7c644108c4b1d9b14a53bea1d74278bc78e67752e41d464dd81e3d600de8b7a723d0c7fa0ce920250ffd26977f9fa3470

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
7d2660ac7e09a519cd2afa93203dea00

SHA1
32980cb17b47ff719289ec4e5e272662f497cac2

SHA256
b5a56dae91b42c95a2ea7aaec9b03a436ed0a65fc96c362afd14923ccfa6597b

SHA512
86440455991b4f9e8914cdda36e98a106b3917f4295e695ee6d973c1fa00eb8f3a3ef7858502c57a59f6d37952aa6d1fb030627a1cc841931c41fabd4579795b

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
95b1652f7efda1bd552236d4455ecf55

SHA1
b9f72660b1c5f92db420ccbf9f9226d5b92ac4ad

SHA256
743dd0174dac6941051ef3eca694491a5784b23c7b39bf0b5e1af64455c1b627

SHA512
9e476339bdd4fd47220cccbfd9e16c5c3ff26f56bd99f654210b2f0c3baff636738b93f71e3529b54c18792024a6caa3e1105c05410c5c91e0aedbba2366a1ff

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
7159797e916dad3e5aa53556132b1bcc

SHA1
dc67d388ae6a984917fc158952136fe28ae05572

SHA256
0bbf81885f2a9ea53e2cdbf86c20e889e7cdbdb52b66462214554325b660516e

SHA512
2d9dfa90a7be441abe1f7f9f5f66d93db1c2ca6bc6ad807616698d1ac46e09284cf4a827ad7110975bf6a82a4f075518e7038f890ce8702ddfd9e8641315580d

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
268ba4124817f0e0f35a87344d5c0d85

SHA1
0776a7c1c47bf12494d5fcef9fda23d788e468b1

SHA256
fb48e80958acfda5c872bcfaa1cda1349383e400ef948c4fccc10c67f61ddb85

SHA512
cb39c0f761d78d49217bbb5b36c8a331c69107418d36fe7c2c35fe87e21e609256fcfb0197652701b2415e69ef3f60fa1e7900be4e472070b5d2a44633d950ae

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
2d9dd5ddd17026609d54e0d0f0b62642

SHA1
045911e09e55c25be7d02e4a0da22bc9e10dc11d

SHA256
059afaa1052767d17c36f3a3fd9dcfaf2d516b4fd657669c81c727b030c0d98d

SHA512
548720a78fbc2ebbf3ee518ef430d620818eb47033d528e9cfd379195c22198ff828f0a90ad9e0e9a5129a29fef160eeed59016a8a6027d9ffef3a518fc1baa1

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
a3d2e2a5f83dd82bf1ad98adbdc69b80

SHA1
e8a7bbf945745e53130e25f33b702dc412713584

SHA256
57cd7b1919a5215359f10c2c4f4ccc0080f8ba3d2c63a16974424f898c282f69

SHA512
ab382de21213ecadb590c29ddfc40565ee793c00367b41fa76b7d6eab6ce68953a84f7cd26acdf02d227954d5dbe05a7e52ff87c4bc8cff25e0ee6d7fed52df3

Download Submit
/data/data/com.systemservice/files/PersistedInstallation8374200557858561052tmp

Filesize
90B

MD5
df999e08d60b0ad92f5ec83fd4bbb7c4

SHA1
eb7087c029c5cdde3dc445755b5f6af9b8da84fb

SHA256
e4b0c9babcd48af3ba369e17b3b64bdcf1fd6b4af696ebcda3150444aa37ebef

SHA512
a1fef6f178f5e06230861cd0932b87102924fcd28f8a7ae21be590bf70fe27437e49b58e42ad879bfe2c1fdbe3659d78123e73c6971f35ed54596f106572b801

Download Submit
/data/data/com.systemservice/files/PersistedInstallation898427596326411651tmp

Filesize
555B

MD5
9018d16e50e2b4027e97c118f6ac70bf

SHA1
9eaf5a70db5f7394248a92244a8c68fbfb51fef6

SHA256
afa37af90dc83de53f9bae3b29f2c054a517543215abfb279a63b8e8e804582c

SHA512
6ab6bca69df6c6de0a06baf519528eadc9c764165b3aafd50e435a0a6ccf625cebf9964c431534a85a2f09ac9c0af69d23712004b2547fd76c4c4bb9d54363a2

Download Submit
/data/data/com.systemservice/log/log4j.txt

Filesize
6KB

MD5
300df114b42286f3307402efa36c77de

SHA1
a804cbec83a0a5980ec29e005d1a6854aedc5957

SHA256
9ee224579eb66f6e1d0f56edf9bd5065e17a841d4ad17e02415a0eebfcc87807

SHA512
ac3b04d90cb873e38738e9e1c6391daa2d888b1b5ed074e5dace3c5ad1741e983e0877c21b1322228e8c106ba4a3f8638f05808b2652667d9b4101f831e91321

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads