truthspy | 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c

Analysis

max time kernel
16s
max time network
156s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
17/11/2024, 02:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c.apk
Size

3.6MB
MD5

0366ae0abf0ada8aed90322bfe07dfd5
SHA1

2f0779ce64f02944e87674745cb446c5bc620607
SHA256

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c
SHA512

52f50f2f847628b1fb498784660050a6f189d8c7cc520c0d3a06ca28cc35ee4961d0a3daca71a540e263ab930ab629b884c3ff187d4abcd8f58549fdf87f9677
SSDEEP

98304:mD/SWbGiowrvH6Odp/9hBbW+te6lXhAyHtu:mWWbGjuvl9jS+oSc

Score

10^/10

truthspy banker collection credential_access discovery evasion infostealer persistence spyware trojan

Malware Config

Extracted

Family

truthspy

http://protocol-a100.phoneparental.com/protocols

Signatures

Truthspy
Truthspy is an Android stalkerware.
trojan infostealer spyware truthspy
Truthspy family
truthspy

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.systemservice

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.systemservice

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.systemservice

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.systemservice

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.systemservice

com.systemservice
1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:5067

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Connections Discovery

T1421

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.systemservice/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
09a06f984c1c68f21022c50a0d375240

SHA1
e041d0921ea27cdc8634560978dcca6465a09f3e

SHA256
13d1950265f43876dacb74a18f8a0c86f522104ca7fc688148d3703df66ced36

SHA512
60c8f28241c2261ce0898b1b6949f17d8127667895ddff3d3fff1e94183762fdaedf84f9f9f0af3fc16394ae38cf4ce2001309977cefc0b47fdb9e0b61bd94d3

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
a156072d4564ea6c17bad6ad1a30e49f

SHA1
6bce9f60f1c2a1c90f7daa425b572068c02e46fb

SHA256
218108ead96a35e87c08c0d143e3adf1bc1c1bd4e01ecef21e5fdc420084fa4a

SHA512
62e4061604cf00f4f8ffc63f15d7483ed40f8f9731c9bc7e9faeaf9c3b4e086053131d1109515aa3e7a2afc26578d5ef240f7640a933ecda05ebedb5ad40cfab

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
0cd6e6b7a6c45f021e7072b96a813eb5

SHA1
dcd06cb673f3d7ff9a0a8f5bd78ba536ced46b06

SHA256
a159d5d813613b202a71fad758a1aa8fbfcb23ae73025f3d3a9d84074b300206

SHA512
16821b00e10ccf19a7a7cab8644cc7dcbf13416c7b556090aeb1dbdc9a0ff2ff963047fed72388f36c0ab4462657de2b4a1ff8b820b7ef834e68a0d897c866ae

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
c74ba1459fc1f9fd3b821c22c94b1155

SHA1
f3ebaadd0d8689c24c46a57eb2d35057af0f2afa

SHA256
f85d242b165584190d94ae6a6b6fd0307f1845cf8e61796c9d3c1de349980c90

SHA512
b50676721dd167967df303e71e901ca972faefd313c50961a30a1014fbcd5c391d573650c525a099004b0a36bf2d04e995ca517e46f6741c716a907bf5c78b17

Download Submit
/data/data/com.systemservice/databases/core.db

Filesize
36KB

MD5
045489a0639eee27bca52f48828cd93d

SHA1
436e7966e7c019273c44faa4d8c5709b816dfda3

SHA256
0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

SHA512
c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
eb52a90bb70b76e946b62f50b6f7fb85

SHA1
42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0

SHA256
48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4

SHA512
b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
107a40d81e82dda9b069be873921e448

SHA1
eff897aeefd19667d4cc9a44f6effe63bffad875

SHA256
9fc1245a82e2892a0a1128b743b98dad4270248c09eb4811480cdb773faa010a

SHA512
34f6120b02a9a56fcc46d8a9219518fad8c5a6bcd30bd9f62842979823d1dd6195d4aa60c7d92ce7b7e1d13896ac16be49c73f396124e0e0a2899defce1cca4a

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
5759f85602cf4ee031124dc3fae0010a

SHA1
89c10f32d8c99c5f95e66eea2509c98c646e2021

SHA256
2ed2f6daf47dc5a2b55032060a174c5de30c135be17c3024f8ec83469bc625e8

SHA512
16adc181803fe950a2a35ae8c80d8622d7abc74c50e16e7d9731bffce760f23923793ec80b7cb1b7b5a0df829c6d493f9ae1cab87df32432fc9200ee04dcd95e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7440df20c54b72e32a23c3168e99b92c

SHA1
608646eddd457246e0cf523743ab9c3d72dd1fa9

SHA256
d4dfee20ded556a27e432f7829423194c2afc37f55ee7d64d9017d445eaac71c

SHA512
59d014475e9c4705485b2de3a70ebb7f85f9864d5f9255fe8408aefe4ab33b51f6665d5e00eb289098f61d7f7a0421c8ddc000c0bb5d3f7b1e36a8c3aef4bfd7

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
ad8304be55510358922a15964cec4e05

SHA1
395c4fc85920428d7cb27127978e7e903b6ba49e

SHA256
263f33f6092b81e6e5d8ae63e56f331598bf1eb131506626522b85f8cb0990e8

SHA512
69240a54dc9c5f842d00411ff6ca400de44e43da1fb78dd4db2cd9bd4bfde19694c74396c5527ea51302eea50b799d969bdd7fa103ebc4c35941ab822b57b1bf

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
f871ff700510a56a54fdd56bc41b7541

SHA1
481548c8bc3254a00f497140278597b915460c48

SHA256
ab18f3bb605f3cbedaffc75b2d5a03fe21ab82179d268331ea907bdcd32c23fa

SHA512
12e3d348199566e137f02b63e4c8b4c722aa086128c0f1cea883d512075b8573d40d889d2b4452d9e3d9c02f523716da9775d93750c242a1a2d9e62f50f60fc5

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
10c2ff142375650e8e419d7b4375bc89

SHA1
80d91cf7a566a0a49480502bc4aa0ca30d2fae62

SHA256
6559c5ff6314f78d123abf7857dde0e8c90e4646ebbdef530a68e60a7c9a5123

SHA512
1f700f797f2d969b388a0e4ac6bda395aee1a8954634b505e898150b219c0d08ab879ec217487adc7a8462656e080614b5e1d9b4518ba757130dc5b036ae65ab

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
ae7d9cab53b01a8de1469b4fced8a470

SHA1
77c21e2835c4e02c41d7182297c5737df57e0a90

SHA256
e3cc926defdc4066f9e2b0a2fbc9671fb3fcffa56d8491092dc8417d058cfaf3

SHA512
432ab37eb22b2a443d17d5d07e66fd69ff67974a476192d4fb7e3fc7290dc6530c76242775e58519a2ece88c70c58443a9136c125347cecd9a71c29de6de3350

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
ba039965c57faf8ed2869640132cc9cb

SHA1
d162c78e05e75974fd5cacbb2dcf8b6e24b7dd86

SHA256
4fae252716a0599da138e3a74d64ce2419b8e738625407cde3d13eeec0835a4d

SHA512
52d1f7c8f2f3c30a06fdef24cc7aeca2cc0fa49e0f1c9487e6cbbb3f8371d68444f41a865e36dcefdc89887aeca1f7c3683a27fcaa728484c481e411b08cea1b

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
cc7110d0ac44a2206bca68d0441873a2

SHA1
3899c55ef801a152513314c99615b2cb6a4d5b2d

SHA256
1fc7fe8e475e6d5299753e772472eb0ac70a8742e39f7e71655b01f4d514b05a

SHA512
d30367a28bb908b72badab458795b9f231d1fe513d8f23a41c329c5c1fcff1f275845f1e3bb9c162c39deac322c7473c3effd79eb396d1f8fb6cf9c835e3fba1

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
5b21a9c1345b2897ff8e664a3898a58e

SHA1
e1d80e8e6316bafb01a5d1aa4efad9451157fff1

SHA256
4b28c9675e0f563f8a7d2260371c9265eb718d2fffb3e8e8d5609e97cf490881

SHA512
1d6c9334cc82b7513a86c5d028ff692751463af30946ba05d9c6e1faeebca765ae00d20400aab9ec2e80b5b1b0559a0e1efaa65aa5d37753ed51b7f9d85725bd

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
f7bb7305dfa5c62a0006fd80723ff993

SHA1
d734fd19594a979d93000a5717deea9a4ab0d599

SHA256
e56304b680f4a41e586f6c6c7d7dd7ea0dfb55fdcf121a82f0a18cfb92e57b20

SHA512
2eba2b37072752531e95361259a51cd30f474751d630174a7be17e92bf37f3a4043c9e4875b10506cf8d3535733dae0364f7758d9cfeb7f536cee2250b274b7b

Download Submit
/data/data/com.systemservice/files/PersistedInstallation1461168358543670552tmp

Filesize
553B

MD5
ea57e31aceb5e8c1be3ebc757032bb12

SHA1
d0bdf2752f053bb7876ead71a2387f257de72936

SHA256
784568cf732e2c7032f15339af52413818b7800d82bbc1b4ceb0aa7d1c390911

SHA512
d2ab3a7addecdd967ffd4f555a68249d4a87879526cf72ff94daaf5819cfd6b20ffdf2333ebb2ebde7914f8817942c8dd51336573fbeee3e329c3f1412a4450a

Download Submit
/data/data/com.systemservice/files/PersistedInstallation1598447341744905467tmp

Filesize
90B

MD5
6d065f733814d36d1e68f1e2b367be7b

SHA1
c6880175ae607c2dd34866ffc6b6bec60ea4caa1

SHA256
da3d1760242145733d68489a1bf35c872c4eab4c371006d4e67832a4d8f2c4d8

SHA512
a47c3207fb15a3f14dab759d005a98c11054c30b56f6dea00fe47f6154899ff7d8a6824c80122aad5d1721754391820f14e1ee096d664e4425e328e44a1ff23c

Download Submit
/data/data/com.systemservice/log/log4j.txt

Filesize
6KB

MD5
5accb96cf54c69f3252721d699825caf

SHA1
0277e90e0d11e1bf8ad9a22518ee9c09e50808c5

SHA256
3157640e15672775dc60b999bb4791078f3ba594666e3bdd19d8d0e86bdaab69

SHA512
1059c96b721bcd144473a1f50e8fd16e3a5a99cbf6a5ee978e82487d4b0958c37abc1befefe00e01cb749173b732dfd42e1e88e6ea277a43128d15d3f623dce5

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads