truthspy | 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c

Analysis

max time kernel
16s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
18-11-2024 02:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c.apk
Size

3.6MB
MD5

0366ae0abf0ada8aed90322bfe07dfd5
SHA1

2f0779ce64f02944e87674745cb446c5bc620607
SHA256

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c
SHA512

52f50f2f847628b1fb498784660050a6f189d8c7cc520c0d3a06ca28cc35ee4961d0a3daca71a540e263ab930ab629b884c3ff187d4abcd8f58549fdf87f9677
SSDEEP

98304:mD/SWbGiowrvH6Odp/9hBbW+te6lXhAyHtu:mWWbGjuvl9jS+oSc

Score

10^/10

truthspy banker collection credential_access discovery evasion impact infostealer persistence spyware trojan

Malware Config

Extracted

Family

truthspy

http://protocol-a100.phoneparental.com/protocols

Signatures

Truthspy
Truthspy is an Android stalkerware.
trojan infostealer spyware truthspy
Truthspy family
truthspy

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.systemservice

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.systemservice

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.systemservice

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.systemservice

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.systemservice

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.systemservice

com.systemservice
1⤵
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4258

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Clipboard Data

T1414

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.systemservice/databases/com.google.android.datatransport.events

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
8f68b7a6fdb6f933831df111f586d0e2

SHA1
cbde3ad58c5a7a84698197e9b2ef93e8075f2052

SHA256
3021cf18e438402f48ac2353a10c25521b0417b15bbe0d5ee9a26aae8f96161e

SHA512
f98f06b225417d0e943ea98c8603b936a38f4adfe124202ca4acad6deeca1bf5b92851e7353c0e4efc6190fa89d4e5a6548a0fc97c3ab643dbcb50c29044d5ab

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-wal

Filesize
68KB

MD5
1213dafbcd468c0cd6ccd4e6f52da830

SHA1
784ce223d46ced01706b87d18fd4e3cbd403c6ce

SHA256
87cd7edbe048bc006e40902b9dcc5407c1f976bb0120477f1ba54e9eb8d1b46d

SHA512
73006d004c93076ba66ac887bfe97c187312b914f222c45a598b082abf738c018826dfe3e0c84390e2633e0c17e6d342161ccdba69feb8f99155dbd648a294e1

Download Submit
/data/data/com.systemservice/databases/core.db

Filesize
36KB

MD5
045489a0639eee27bca52f48828cd93d

SHA1
436e7966e7c019273c44faa4d8c5709b816dfda3

SHA256
0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

SHA512
c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7237409e0640cfab7bdbd429bf821a3b

SHA1
4c3da934842f8d4835dfe2a9c275a300e5123309

SHA256
5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

SHA512
c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
2567b1bd72c2b6f56d324ff4bee83c1e

SHA1
fb92e9b681b65af0e2cc94634c8c25a03108dd3e

SHA256
0a8d65d275a9084216aa31964a48af8a5bbc0f1d3d2e6855e128d6bd648bf245

SHA512
54844f1cea9984b67b4e57c6e1f2e2314d454f89e4b0300595944cf8652e7c7bbd8c9ad98fe507210b4cd05b064cd236d742e6a07e39139f815f2c65177600a5

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
8cb549edfde88bae4dd2d0c08a8fb2ac

SHA1
0ac53449835f62a60a780cbb3f76482fc5a7fddb

SHA256
4b9f2a5fe8b18555fa99298676a4fdc60520c6f122bbf7ca6de42bcc3e9f9e7e

SHA512
9522cef5f7618dc0058f3ae7307bf4c7d815cef6a9d0885b76828180b4f28b48f19a3d3f5b1baf8789e03ced5a7bcbd3487e47366e3a96c0fd3d8e609cc7ae87

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
233b850335aed7526770991f4d83d61d

SHA1
7ff913cbc8da59df71ea9adf57a52eb31cc3a04c

SHA256
32218c02186ebc90a67cd6c45058c5c273ed75e39aba52ada3b5262d24027fcf

SHA512
b9fb94c43dbb8c622ef8800f6c56a3c10a4c0e9f8d30362bd0d2da415c7f41232ee4772bf5b6e7e0d8ac5743c1bdfa0549915fc8424e928f2f07420cdaebf615

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
1592f1ebccc39488b91f40875d6e0c0c

SHA1
ca851f33b6fbaaa6eb67b8f77142e05ed18cc6b5

SHA256
6f2c28a2ac081d7d821125beb29a9e633d36f2f92433acc8fd391160246a7010

SHA512
aa71ee7f07960adb88801f4db7ca4ec56969cb65bf1a469d468553df8e4a49d8eb31c74015de88b91694e0281159f752366f185abdf8df73a6090dc469871873

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
835cfc7decf507cdc5e54f602e3f9699

SHA1
4a55d424cb32e766554672cb2d0b3804fc47552f

SHA256
29257dbf2b37d226ace65bd68d001398801235d93ed830a35435bd4bab4de852

SHA512
2ab470c2200d97b545693a4cdc661100e46b0299f3d3890773681bc5f22f29eeda6b6a83a5c627fa22119726f3ce78d40021362a3f018a4f3afb4a08476c253d

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
fce69373f50b48fe88d829ccf52a53a7

SHA1
bd2a9c03944d81d777c614d20ff199643001370c

SHA256
395658a74a515b471cbbb6996a182a324cc73c0e70b9477f5611e74c6e23ef43

SHA512
eca5c59a2297550bfe9aac5505122f7d209f1b7624602f347b3bfc8c0e7208e2bab8845caed6db7bddd7b03e955ddbac7cc74e1cd1a2ae941d29ecddf49033fe

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
a48c9aaedcd56a3b97ea6e05d5653b1a

SHA1
0a38b3b35d95f4e27968a964df105ae8a82b4dd8

SHA256
011056af80a2224d9626c4501dfa83e6909b754dcd7162f92c70f1edc0b07352

SHA512
3a42d24615a8d1567b4c983eb58b6c10e62bf757b3813d5897a08af58defcebfa182264bf2516f701e642489b1055d162c9b17734c0272982bf826a0a1a76d58

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
36ffec89b50a82a610335b1c5fd7d67a

SHA1
e0fe77bfddcfb3735c8377c188f1fb773eff6d36

SHA256
7976d75312b785d5e1263f5018b96f3bdf5bb0fafae728e34270779d3d9f8550

SHA512
00d51d64a95bffcaeda0c6de0b1aa6a9e05c4a25b2afb0ac858244205b0cdb8064680695c9b9fe94093ccc76349c15d88d3dae73aeadb4b71c3b4226a3c58583

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
463571f6527f83817baf746bea21e718

SHA1
051d79db9ec9edba51b992c800ec904fe97d0256

SHA256
0b020032cea71bac4109df4933cdf81d699a75bbf98ff7b9f7771e0295a45b71

SHA512
45ce843923d3b330cf8a5e1800dc62825781d4a58280d2efe28a551d9b61fcc8eda54f092603187b3165980d105a7cadcea2c14f18d6c784fa619c1d87fb97a4

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
1376ae1ee4589cc89b80e0265e6fd0b6

SHA1
b227a0f2ab172eea06c2ca30a1cbe4c6af1fe6b6

SHA256
892bf43515265c3e98f2aaef85c43c191e029d8822d90d2663f67d65e5e0dabc

SHA512
07c127cfcff8042e03875b2fa67da6ddba304c5502551cd5426944c4919a49270958c52a18caa660b3ff8f261bf90bd57da47b2affdb883965384105cebb2d48

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
5a1df6bb2cfd27eb287e9c5adf62b8ad

SHA1
a23efb0083b9901feadb0d32230108053e578f5d

SHA256
885454d6c149e3f090c857bd3572a9932459fd8546ef3cbfb5c9b2d6f21fcc6b

SHA512
896ef37eb9d4b6d28a881df2f8116ca87936448a836aa4bb6b414369432243e5ad10ee897d2f65ba6d8cf3f0c486c05418ea41e6d7a9b9634fd2fd022ae32f14

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
e5ccc8784810942a71f78e9d0c360ad6

SHA1
0a73e9af6b298990a8ad8170ab17be90f6d53b88

SHA256
9e69ceb1c23bbf9e8de88e00f15a10cd4311cfe404d9955305e964d2f2d7e27f

SHA512
52085a2ac83d84e30f11df74feadf784608cbe3d90734f30201171ff617cca0401e24fdea256425ba8c3b2048708ffc971c27fd66262eae6284427f2fb980b21

Download Submit
/data/data/com.systemservice/files/PersistedInstallation3618228433229295416tmp

Filesize
90B

MD5
413e68c9eb0115689b891625ec5ac4eb

SHA1
c1e55be2b2252c7f04bb821e4030e1de81476101

SHA256
fed6e0a04d1593be878edd9e2a8f6c44776287f99bc75382fc7641c5b4a09a00

SHA512
162857b1a56852b8556cce4362461b71388b2771ba3d5f6e00293d9cb41133564350d6e73e62dccdcf72ad69f7246310d85289a0b742357a0389cf0bbd395f64

Download Submit
/data/data/com.systemservice/files/PersistedInstallation6142583964527907927tmp

Filesize
556B

MD5
5de925bd017f47b4a80107782dd56235

SHA1
ec9930c0fe42982a97b1d14ed23294ab2662c50d

SHA256
558a79f130d7c9d4caf2ba15cb45bd0abf3bb23078da3cce2ab0cdde207c8009

SHA512
a5872dd5b8c1897961f424a243ffd77a386d19595cb961cd9cc76e49e67f7c4a02d6a2fa168adb9657ab1678221e1669cd6ecd84d93fa2bed5cda8f54bee9e99

Download Submit
/data/data/com.systemservice/log/log4j.txt

Filesize
6KB

MD5
22a3b548239bedb7ab33800620bca2d0

SHA1
fb72922eff1a3da25faf3b026096a00c2bcb8af8

SHA256
9b4dafe54c1f5498ee45d27125a721ab2106b18503abfc11188a8814e8370e4e

SHA512
9867017fae26100ca626a80cc50de1a1cdf4d59438d1f0a3afa3c1ca3d9061c4758de6855ed2523111e3962a0cfcc9ceb99cc42fcf6f32a67cca3141c741e68c

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads