truthspy | 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c

Analysis

max time kernel
16s
max time network
132s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
18-11-2024 02:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c.apk
Size

3.6MB
MD5

0366ae0abf0ada8aed90322bfe07dfd5
SHA1

2f0779ce64f02944e87674745cb446c5bc620607
SHA256

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c
SHA512

52f50f2f847628b1fb498784660050a6f189d8c7cc520c0d3a06ca28cc35ee4961d0a3daca71a540e263ab930ab629b884c3ff187d4abcd8f58549fdf87f9677
SSDEEP

98304:mD/SWbGiowrvH6Odp/9hBbW+te6lXhAyHtu:mWWbGjuvl9jS+oSc

Score

10^/10

truthspy banker collection credential_access discovery evasion infostealer spyware trojan

Malware Config

Extracted

Family

truthspy

http://protocol-a100.phoneparental.com/protocols

Signatures

Truthspy
Truthspy is an Android stalkerware.
trojan infostealer spyware truthspy
Truthspy family
truthspy

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.systemservice

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.systemservice

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.systemservice

com.systemservice
1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Queries information about active data network
PID:4626

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Connections Discovery

T1421

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.systemservice/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
b2fc446a1a22bfa39a0ad75386bd0e36

SHA1
064b127b90fc949b6473cdabbf947d3c6c80df44

SHA256
9c1fff60ba412d01d6fcf4065bdad97fa704367e2b113e18e7dd30e3eeb1fcb1

SHA512
be5ed23891136c8350aa893f97eced2b1c8b8205ef263265720b755144896eb9d071783532d7300a9ca75e432164f17b6652a128be9c8009f3e8c38e07fdb5df

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
e068bada86399765fd2acbef7661add3

SHA1
a8b008c2a6da29ab6bc2cd975ef2e16444d7bfaf

SHA256
60c35dab466bbef70c8e643dedbecf8ad26f66d8656b69191b87a185a56d377b

SHA512
087d9ef08d9ada42d5ebfb23836bb9d5094211ea8431aab44d3dc66898857922c75e7043635cf04dbce2d5cfb743f45a3fadd66ed67c96085404b28b8f993e1c

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
02b786ee95ad4117b9710d21809e7c36

SHA1
badf4a928ad1b54ce5697cf2f9af48d9fe37d6e3

SHA256
318b51386df3368e8b3b8b7ff93b92eb9fb29aafd0d3ca52787d99fcd84e12d7

SHA512
c6d7646181fad0614422bfc3f102d6a5a3be8c68c7083d918d16107686f7b3a6c9a3b6a0bf1123190aaa99969c0283055e3ba8365763669d375454c890f5562d

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
aca5b8ff7bad23243246af7d7f17323c

SHA1
90da78fdb22fba5291d04d63bb12e531614cc9b4

SHA256
8b1afb8317642ac9f557f356301cd951150e0c2ded4cb2a002535075b488b0cc

SHA512
c43af92d876917e0baeaff2ae639b100caa0e6dde88efc79562503ca8d2e26c4fdd1047235660e8dd585865d9bd4be18fd88122c25d669ecbb01f9c1e1dc15de

Download Submit
/data/data/com.systemservice/databases/core.db

Filesize
36KB

MD5
045489a0639eee27bca52f48828cd93d

SHA1
436e7966e7c019273c44faa4d8c5709b816dfda3

SHA256
0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

SHA512
c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d9cf75fdd1c2292d986f6c3d5d60f2c8

SHA1
07ecb1d3a26d952ae5fecf54f36699ab498510b1

SHA256
2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a

SHA512
442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
8cb0eb90086c67e4b238ca385423f62f

SHA1
3c05e6cc6a454b8740475211a9d1e6221f340e02

SHA256
a9e1e6363124e7c1e89a516b9358df2d0bda0df12bcf8a6d4ce1c0f0606f3d50

SHA512
9607c6023596ba5f1c01bebb347616d7c52c50781fdb6e2659ae1a62a83676e4fcd7fbf2a48e12d11bb662f1006d768ebfba30bce33a9def6c8ea37ae72cb86d

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
43e9180647ce60838da2bc374a362850

SHA1
3cd5741b5691e773b3d145887994fec587c1c13d

SHA256
188a29aa115f1b48ccd7d1c0f5f18f819f0c9cf5d9c316740382c2ffe35fcc8a

SHA512
067ee4d2455041d159a994aa08413de9b1fc40cd9bd6a5571a2d1c0aa4e70ad1d81f46eb4614578d36e2c48f19e424a12bda41ac5e99b2bb681ff6b20fe53417

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
700f568d5a6fdec5b45746e9263c0b2b

SHA1
400e67128b2338015d3274c5e19b8085569ebe51

SHA256
32f66fea43951db0cd08233177e1dc109808cb92e38c8ab729d0feddbabe2378

SHA512
d549b9a67481e19533aaa604603eab2840ab29535fbb1b7f6ba6c29df31c594d5158d74c13a233cb9a9ea9698761180a76e3d558b7d12a79a3e0e231987ac6fb

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
b77801def43ca98b3ba19c5c510ee262

SHA1
f2469e9e2026a2bb4d1edf11fd631b44c1e475d7

SHA256
8d51c5e094ecdec325f6c7aeb07d97b662293b57517c6740546df1f43b068824

SHA512
98a17f03496e88687f74c08c98ea31daad4009d06eadbf156432bc12d73cc6b6647b72989cbba483a30a449b4479ad18185d328ca7bf3f01cdaea261ea351630

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
2238195eab25764b61f2d26ef6a720af

SHA1
d366efd0cc079f0f87d23c630ec8d99f90541731

SHA256
599d63ed390f7e8e81d82b379c9a733ffbf454bfa5843bd0c909737c8d40dfef

SHA512
478111185428119bc92f0ffa3b6d88a7c644108c4b1d9b14a53bea1d74278bc78e67752e41d464dd81e3d600de8b7a723d0c7fa0ce920250ffd26977f9fa3470

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
842d9f7d3da2d19458270816bba6d988

SHA1
872dc56556f49f2b1a858601b48877b89ab0a59c

SHA256
7a4d9e753789b588859eb8cc88b627e1460eb2e29b143895bbd38970cbe4e30a

SHA512
319329e62c071aa9408e09bc89033b978f9a46aae2559af3e3b764bd8332e8a63c2fbe8a347ab2742097204f901cefcb53796fd01cb1c12f9b427235d8441eff

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
cf3fdcc516bc3934d418898e20eb8948

SHA1
e02ce3f9f45f9ba523a07f2f32884f812c9903da

SHA256
585338e135979dad674dd57a421048f0ab3591a3fd1a138f52b64f0e16201ad8

SHA512
c631d9190719cbd28265ddb477203551e23eb917ef721f977c54af158f918b7d0e269c36e4ce421167693be09de2fb27ede4e8fef2c7468e90499a96159a0e2d

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
b73d26a50e36ec99edf636f82c0ef493

SHA1
0c6be2a599b1fa4d4aafbe68f0e28006f0dcdd2d

SHA256
080bb7b06ae66b40cb437ac8aa80f185003696f1b279733d9666aad4535d4311

SHA512
4fd68d5595974e355de76152d07e0c78dde1d29d2170679d08d67edf1d3d4810d8163666abbad7c439ccedd394ac1292bfc4f59bd12923f19fbd2e33d0e0356a

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
044282b746367afeec80e59a8c86e4ea

SHA1
f4f3d25758904723ed7c21eb0d70db9410c2bb34

SHA256
c28e801519974410ab0c4efbc21b0c03b1a5fc566eab3e1ada5ad83713123fd8

SHA512
3c54a12521bfac8071df0ecb058e1a1d4140f6085b412e0deec5c8329da7d01fb60f0a957c6afbd1b52ad2aa493ec2866c90288b8c1f4ee1d4c5f73fb3dcaade

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
d00cb7167b5ad45892e61f69bcd751e6

SHA1
6d7ca268553d0bb2104e6ea2cd6a12b4cf842ff7

SHA256
083998545b4ba8925da0bd727e307431f2490e0c279a139c1ce8b1051394035e

SHA512
d81414ee981820d84de27b31692d03f8eca34e6e6f24eb38566447dbb0b8f9155da7a4d67a24b7698284b00e61d73d4560752d7cdc67f661989d6551ceff34cf

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
b6199cafb9fccfd42ee1adc57d6aaddd

SHA1
39099fe9c9c2220ff9266f3478bfc5175983a3a0

SHA256
13d0019b4bf9fba3ec60476798451aed9f610d3bc42ac25f70ec6dc093c11c1f

SHA512
65a418b16c2309b42a554309163a999becfbb8df487f87c329e16a4cd3e416a669ebadb1ff893c9b685d45fd40725adab29205f3e83c086b695691a38782deb0

Download Submit
/data/data/com.systemservice/files/PersistedInstallation1047773684428877094tmp

Filesize
555B

MD5
9bd94fa6d0336d1434bbf4e26a467957

SHA1
dcad2c13aab99c779737f9f01a6e3715cabba7f4

SHA256
6f6e38fbd28695ac6b6004b50ea6f783834533dc43d78824922c37a0a4b4ea4a

SHA512
418995fef347bfbfcdfb149d9ef5757503c9e249ee2f3441a2958550f2ae0a08141868a576d7693bc0e0dcfbc5ed646114b35cbda72e387adc949be5bb620ca3

Download Submit
/data/data/com.systemservice/files/PersistedInstallation8914439466279232922tmp

Filesize
90B

MD5
73237741f4ffa20f7118d1ec68c40c69

SHA1
d37f284a312b082e505f4aba1742b243b9bad48a

SHA256
d168eac18bd7c61207a28719ab516e22c6ea2aa2d97b745b73d4a3c3e4b4af40

SHA512
367be3cf9f380de851c49fef2401c73389b512a85571704d3a6d7ccac397fc57b73287acfc87719e5a31ae1a33c386655435b53ff7977d46142e96d9ec8dc5b0

Download Submit
/data/data/com.systemservice/log/log4j.txt

Filesize
3KB

MD5
90b1c59f4040ed8874c6ed655c187cbd

SHA1
d29351f5e99aaf1f2be25787dd986bd5135b394e

SHA256
5889e3abf2e733c20b9b45fc04f7c5e28104c6bdf4eff06023be81d3ebcdeae2

SHA512
cafc09a12e06716a3efba6bea450c36ab6e6b789eb959bcd7ec762ac1c4e7a259ed6f2added9b236eb4e9140e2c65e5ee85f2c1dd7d955e4c8328d6e199a62c1

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads