truthspy | 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c

Analysis

max time kernel
17s
max time network
134s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
16-11-2024 02:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c.apk
Size

3.6MB
MD5

0366ae0abf0ada8aed90322bfe07dfd5
SHA1

2f0779ce64f02944e87674745cb446c5bc620607
SHA256

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c
SHA512

52f50f2f847628b1fb498784660050a6f189d8c7cc520c0d3a06ca28cc35ee4961d0a3daca71a540e263ab930ab629b884c3ff187d4abcd8f58549fdf87f9677
SSDEEP

98304:mD/SWbGiowrvH6Odp/9hBbW+te6lXhAyHtu:mWWbGjuvl9jS+oSc

Score

10^/10

truthspy banker collection credential_access discovery evasion infostealer spyware trojan

Malware Config

Extracted

Family

truthspy

http://protocol-a100.phoneparental.com/protocols

Signatures

Truthspy
Truthspy is an Android stalkerware.
trojan infostealer spyware truthspy
Truthspy family
truthspy

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

Processes:

com.systemservice

description	ioc	process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.systemservice

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001
Acquires the wake lock 1 IoCs

Processes:

com.systemservice

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.systemservice
Queries information about active data network 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.systemservice

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.systemservice

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.systemservice

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.systemservice

com.systemservice
1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Queries information about active data network
PID:4491

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Connections Discovery

T1421

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.systemservice/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
f65ec0a9324c7c42e9d76c22021ba15f

SHA1
704ddba6c9014550dc343a300254795b57f12b61

SHA256
ed9fb84b4bbb87c62e8e90c745127dbc8d6e3a8befb2d8e32e797935c8c525ec

SHA512
8a66f542362df74a8dc2b323add1a867dab483859bd8ea64c5e425fa31912f67cc437428fc78e337221969615fcf2d9552ff883a9aa7cc6b34dfcd0c646902c2

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
2b3766631017896845ac3bd714ba2877

SHA1
d0308653a74736b05559a29e39313e773b3af0e4

SHA256
87eb0636c87c60210bbdbd9f90b59c28123b5169ed2927bff727d55011e0386b

SHA512
0bd808ec1fdab48f769eddb2db3a9fb9338f60cfc0fc523572e88e0b5a193ca2455d15cdba5315a726cfec4eea11b92f7cd6cf9789eaa461d3a264545e7b3ce9

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
e307f9feb922c0bd3300f55a5708d9b9

SHA1
fbdd32b230eb9f4954d77b4a67ca2172bbd373cf

SHA256
162743eaa24610df63a9a3dfee26fd35175dd1a7907d3eba87b43e07df118e83

SHA512
e6a2f5c87915879ef18c1882872d73778c381256fddbab91fa34664ed37ca2e69eec39ce298a1cbf4ea9290bf17b8faf733de454c396c2edfe23d522d2f22aef

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
ae459eaa98947efb026a4bf377ccd79b

SHA1
7792d96103285ab13fdd055371f499521eb25be3

SHA256
1079de6ea595a935b294dffca2ab0bfb761953f3f0459bdb2920d34412cc8107

SHA512
448f9d955188d30989729e7fc06c3574db4b8dd5722bf8d479a1a04c27bb35253862ab07fc1d2883532dde835810e61a5d5543f3cf649b068a34a9aef985c29c

Download Submit
/data/data/com.systemservice/databases/core.db

Filesize
36KB

MD5
045489a0639eee27bca52f48828cd93d

SHA1
436e7966e7c019273c44faa4d8c5709b816dfda3

SHA256
0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

SHA512
c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d9cf75fdd1c2292d986f6c3d5d60f2c8

SHA1
07ecb1d3a26d952ae5fecf54f36699ab498510b1

SHA256
2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a

SHA512
442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
c61807f4c52122c4884ad137440ae5d2

SHA1
0bebe12f0157adce1e7dd879957bf6064b66d2c3

SHA256
f72f22df021dda9cb51b18bf7da93cb20af96e43cac9201cda87ce4ef5e78b39

SHA512
3134b11013ea0bfb682d7759bd4f0cfad9cda3af340aa69401199430d094673b2ce4127ea0f4f2bafc22df71543b65b88cc9db8debb27d87d7d09cb890ad847e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
edac57cfa5bb7b0e6db8915c35ceae66

SHA1
c29913f2d414ee386c828d96c1a4bddb466af587

SHA256
d45ea8b034c52cefe80d775371e9c30fd72e99e08dc4f4d526c7ce8202d73d86

SHA512
e294dd65180e8754cdbf24df7803d8c15ee235ff494431d44d762e99d8071ce6afc40703e9e6e874210c79c37cd872a0a65953c926b14bfbd6aa0a997c2cdc2d

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
684507008f2da37e4983f3cd8032cd8b

SHA1
e3c362d9da0aadfca94f5348a3091ec53b274b6b

SHA256
d3006e1d8c84858bfdecfcdd100a828ce071bd5755c72c5c3452ffdd22513631

SHA512
31676e0bc6693fc23938e92bd148dd4828482afa7117fc2fd609578c2c55e20aa355f2a58beb1939ed5e411557f601f2035b369fe298a097dfe32620e72cebe4

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
aad78bc385c0ccae9736db436fed6011

SHA1
7fd519974dfebf869210492c0248df27affb13ca

SHA256
2260335941058636a724873576b95ed4f55ddd620cf191e8b65e9ab8d71d1799

SHA512
466be71b763e48a220dd795b79aa1d875a301cb8586f950320912c18842ed7f14c34d201dfea70885ddfcf7a2e9b5c3afc5efa21ff714f9dc28032ed14c78df2

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
2238195eab25764b61f2d26ef6a720af

SHA1
d366efd0cc079f0f87d23c630ec8d99f90541731

SHA256
599d63ed390f7e8e81d82b379c9a733ffbf454bfa5843bd0c909737c8d40dfef

SHA512
478111185428119bc92f0ffa3b6d88a7c644108c4b1d9b14a53bea1d74278bc78e67752e41d464dd81e3d600de8b7a723d0c7fa0ce920250ffd26977f9fa3470

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
98baab660389386d4bf8cbb5d9cf38ff

SHA1
2d38d57af18e5f03d962d2b2ac5259073c5aa2c1

SHA256
ee5ea185f50bd777d63805846ff98ed5970fdfdbd7f84ed95af612c1083fe6ea

SHA512
080b72009b2c3f6647ed8c1557c1cf2f89ad4ea736a80bc41cd29c857f48d270ce387d2d60bdeac9ebd9fc9011af1faaa586e518e3bcca3d964b465cb9d93f83

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
73c0a21cd791a413fbd47aeaa5df6862

SHA1
772cbc0bf429eab26a2de6fff20e698e9be2d067

SHA256
717ddbaa45e7193640a45ce4865db0242b57495e946e19e5270885cbd8260626

SHA512
1b90fdb60a7644f823a6cf0b508246a9e53aec70e176fc1d8e1321a4158d19d00492a9ca2ecac6eb27dd62790d793997479cf97b69ffc557f6e8d7c6287d6c0c

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
4edf9f9e4a40faadc2f4f8df30aee1f2

SHA1
c3030b748f039f7caccb7612c891e13264cac7f7

SHA256
6c32a3103e3efd67e37117316ec6b53f18ff4c2274748a8036bc2450bac761f5

SHA512
edf5d5fff52ceb1287cd578fb4c55a83006569974f052821eec3f1b3fe8d3909c3db8dfbf6b9c98bc99787440c0cec8922707db291cf7ca61b509c5b2d5d9d9b

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
045b39fccf819a53eb862383cfdd1cf5

SHA1
b39685ad1e2da2c3bf7188d1c5fd5f92abeb95f3

SHA256
62e91981011e1f69697dd346f79a2645fd14952aca7ee9b21506256bec15c58d

SHA512
390c6818742d102e60d973b26092aa21696d0a5fe7a25959bf89525ad4371a79c114cd76d5bfe90456984acbf549f8f1271fe5cfc08c2280eb3d9d7743ef1568

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
e53697ffc08508cb5cf469ab1cd2ccf9

SHA1
a61284e92c602c356dde1f85afcdc8daa3adb2ec

SHA256
99d7caa5c7bd42ba2afa34d0d44299f3715c04194e72fd02d7049b585f3446bc

SHA512
987655f76b8f0aab6017293b17e876f70676f54454839ff0aa688832888ddace4f3448c38e33896e4e09cea476ca1401e35dc51429ed9cfc2dcb8800f7bd2f52

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
e9e0043a292fc075ba49d4459284e3af

SHA1
e7a66a5daa9cdcfa27b50e8f4c41f6bae07b0569

SHA256
986e9a29ff861c102bf45329da85d0620826f1ba63e5a74278d4cf71a948b824

SHA512
b5cb1c152a5a7d07fc85d882ed71304a6009028f6fb6331f2fbed52e67bda7a226bd6c6bcddb066e8013840d7edfe4ed0c65e727be75d616ac82a7040a41e6e2

Download Submit
/data/data/com.systemservice/files/PersistedInstallation4240269649745202854tmp

Filesize
90B

MD5
77f396c89fc09ca8339be75720c24e31

SHA1
10b92c97c2d04caf1031ced8b8c37e1a5c49a7a9

SHA256
8b6478b6cab5d4ef559d8f15d13587a5c48e3de43ef9bb2e03d7bc0f65eabef4

SHA512
ffa377238664874179b62f1664cd21d9fa428d00da9a6f6e9c6431c3bf219804d4564f45ba5dc229016c7c7aaf6f2beb7fc2564ddff01f3298c2bef97d0b966b

Download Submit
/data/data/com.systemservice/files/PersistedInstallation6242294431356202549tmp

Filesize
556B

MD5
c6bed7916e0735221b3f2850a97571fa

SHA1
e0b4f833a2aaebff631f2303851ee2986be9bd27

SHA256
2ad56deb877ddc28218b5515ded4b757c2fb07d235dd4ee24a13e074d6c97f94

SHA512
0a5b40a4d64226b888c679cd2a111a061e43af9c59177ac09378a63c1becfa6190735d8c77017766d5c08d34ec6f8ec4e48766abe33d661416352dcff5f4d7c0

Download Submit
/data/data/com.systemservice/log/log4j.txt

Filesize
6KB

MD5
dc085c1d045363e85cbed77c5d9e3751

SHA1
48428f5b8c820e73d4e2798ab136274d370749ae

SHA256
7e65ba576b5d9b091bb23b267e968bc7a13544212ee1f9d1e2594c7750878c64

SHA512
59815102910a528639acae42cc07ac511c012b294dc0a97aa9699a39414354123f7b975748c5ef84750331830bc28cee93837281ecd3fc55101fc1d48f191404

Download Submit