truthspy | 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c

Analysis

max time kernel
17s
max time network
132s
platform
android_x64
resource
android-33-x64-arm64-20240624-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system
submitted
26-11-2024 02:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c.apk
Size

3.6MB
MD5

0366ae0abf0ada8aed90322bfe07dfd5
SHA1

2f0779ce64f02944e87674745cb446c5bc620607
SHA256

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c
SHA512

52f50f2f847628b1fb498784660050a6f189d8c7cc520c0d3a06ca28cc35ee4961d0a3daca71a540e263ab930ab629b884c3ff187d4abcd8f58549fdf87f9677
SSDEEP

98304:mD/SWbGiowrvH6Odp/9hBbW+te6lXhAyHtu:mWWbGjuvl9jS+oSc

Score

10^/10

truthspy banker collection credential_access discovery evasion infostealer spyware trojan

Malware Config

Extracted

Family

truthspy

http://protocol-a100.phoneparental.com/protocols

Signatures

Truthspy
Truthspy is an Android stalkerware.
trojan infostealer spyware truthspy
Truthspy family
truthspy

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.systemservice

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.systemservice

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.systemservice

com.systemservice
1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Queries information about active data network
PID:4345

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Connections Discovery

T1421

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.systemservice/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
030bf4a969aa6287b946f1091914153f

SHA1
9a2f3f5a5ee538f8c322fc75c23e9c1127922a83

SHA256
18cff7ccc6d677dda2294e2bdab875d8bda760007d0c1a6c35f7d12be0a30638

SHA512
31f24ac12cd11337bffc15bea1bb77a75e1f97c16b0868f4a9c9c52bc0fe79947b9788a63e82b134fefe0d78058f4bc736259934e239dcde60deb57928d98267

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
1fc8e4831ef9d9b5b072fee6bc4cceea

SHA1
6ccf4a0c86ec4dd845b77b901be8e53b292479ad

SHA256
092e9989bc77c300df59e64466adad44666e1d31e5b1f4b16a23ada8e4886c07

SHA512
063ae1eb59b200b7d5436e51449d63ae1b13e1bafc2cb84c183f5ff7fb0b4a94d5c192c1b80acf8094fb1cc02fdc6ca7cfdb55266125793d4f06d311e85e4282

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
81442ddcd94172d513b02cad6314e0a0

SHA1
a58d6747b71578b10da333bd2ffaba6b407a2633

SHA256
f146e214610e3c1c33b49251552c0e223d34f4caf8ab6605ff473858ff6fac93

SHA512
c3539702b135fb509581960dccecdc7ecb886570a41c2dcc9155a0b37c1d068408d4a23e1fb84015be968b109d93d13a8b315a880f5c4c09db107c9d797fcb3d

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
2f606e7d2969ffe76538c20da3c9c990

SHA1
4371edd420eaacd90aa3208cf0f0928a45ffcb60

SHA256
8c2703552445fcad9b57e2a6a701cbb0cf4bb577454343f27ea3ff1e37ba259d

SHA512
0be2d5f34a5405cef8d170ba7cd69f5945571e3dd7460f2396f847d389a2e486fcbbab4104c7fba7a29d049cda1e992ccc8ff6e49195a6ce006b768e1838702d

Download Submit
/data/data/com.systemservice/databases/core.db

Filesize
36KB

MD5
045489a0639eee27bca52f48828cd93d

SHA1
436e7966e7c019273c44faa4d8c5709b816dfda3

SHA256
0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

SHA512
c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
62ad4a05cbdca7f47b3206b7dbda487f

SHA1
4f4044cef7b7b1e5c6184ed9025267fc92bf0cd3

SHA256
18b909096c7c61d51ab076ae8e562effb0d4ada28e2a4ecd0e6b88ef58f6b2a6

SHA512
0936531ed1b2b356a247123200739a43cfc765469ab47a424dcd6e3d1176092a212b0a28591d07f8c2d0cc9d2e0eeddfcea8dde314c2f9343783c61075b071a6

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
e03772893d35c84faf2acac2b42bd402

SHA1
bebcf5603968010140114e048f89c6fa0f778e96

SHA256
3f5fb6337675c2f5b24a3397064a7cd42d181c4f8cee1f47e8b60c2614e85114

SHA512
816f1e277f9ba7427484b160e01c82500ecf76e74b5c16849b524645d4e271292f4829ab9091e3f84b97a8499c25a64e3779e31a53708cb2ee8df9b1f82f3467

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
eb7f85f2fde0ffed8d40103990787189

SHA1
667d0821bfedee2ab92f67745ff1f6374503950e

SHA256
50760216d63d5f9b0ee98029bfadf7649fa514cb924a2f9539d9aeef1da73bea

SHA512
7a2ed543ede80695cd956a30b7df94aba4358a71187e6f5a49dd8eb01818c4e4fec1a5050ab7531a7af6a6b8fedff65083999112cd5112f522093386d6aae168

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
f59f7ec8291a97e78e2aff9ecc9040bd

SHA1
cbe6bf49c7cac7ceb448858213716311f933fe9d

SHA256
1836265b149fadcb37c7bf2156c1da03e13114a44e013e5ab9938c78839d82f2

SHA512
2728ca4015a1d90275fb5a37c6ef253ce6c9ba007d7f61e978f389c40e3c77e3cb9e7ac73da3330a9b158d82512ee7a4295be13b948d40f9ea75db58b15e567f

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
ad4ac21277e1e17e1671223a5068b91f

SHA1
6fdf9ae9330197225b89cbab37d93b9f7ecfb975

SHA256
1ae3e21d625fc08db79edfc89e2896afd36cd85ce66a57d56478a1d6fcc92315

SHA512
03ddc2b4b124f7227a45ee00a5b42c241854e43051ddc2f4f526fe70dbdd13d218134a161c900d3e39ffbd35236aff70d22451771b1b375cd87299f96d78cec4

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
e3f13c7d7678604e5b293f6672bc0ed1

SHA1
b16c998ac7ca1db79cd4983b207a292ac1d96e21

SHA256
486eb5bec4ec277ea7b334a0d0e431e5e62881d3462903e8294640edbe96b2e3

SHA512
b63bab85a373912587e78dfc9daf8b4168a223c7af08fb87de8140d66b9f35042052d2d25694e4ea7c9f2064107e5471318b6dcec39c4e3dc0aa352627fa09f4

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
13a9d7bedeeb60b52873f45aa3974136

SHA1
bff83d56422d648c30faab9d94e728fc59e100c3

SHA256
2e391a358368118956777a0ea39f038eedc74f14c35c2fd83201d31c9b220519

SHA512
5dfd3b844fe04beca1923c7a49d9ff09a321fe9f2157c939f8550c36b902b9ffe792b88766b719cac21ec382006ee96009cd0fc3981eceac664ef117102f463e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
a44cfcf28f7feb3e8860d7e271e5685c

SHA1
013126571674e721bff2c75280da5063de6d1cdc

SHA256
a5b9499d7dccff7ad41fe0de87ffd6c29161d9bd348c8801dfec2a6de3a55210

SHA512
91688705e9a5f8d41f84d6a8bdac674b04418b78edc3311e9a230b02ef34f0dc5cddc7e4d3e1d632dcbe4ce0530180efc67bfcc5bb8be37d095baf1885ccd5a7

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
82aa2f37eb90e99a31a78b8311ab4577

SHA1
85c9dbe4e6026ab268344c77f43f5a9aa6c0c4e2

SHA256
92252e2e111205673276aa422ad6f0f1a73d948f4a372a2c408052ea6939f58d

SHA512
2f5bb87050bc8d8530894c20b1abfebccdd96112165549642ef69d17f6813c186f2c01bb2b931d3b5cd9b19185b67e5c02f6d8df496b90ac3e33d2b9bcdad93f

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
79dd7649cbab28764f967a373aef237e

SHA1
ab47d65aba75fe58f30d4e9c5fb291e61830e47c

SHA256
f972ea2d04aeff777d670e63467e1aa0d5f004d7ce74d9231dae7cae62fc0adc

SHA512
7b1797a557dfb0b19a0262b4acc218198aa20a75186e432a98e1949abc78fa1c018249c9b502d0d563adf420ab2980e3cf55aecb6852f1231b3ff1ba00ef3a21

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
fdc7b84e805c0dccbacfded670731a49

SHA1
fa166cc7c0ce76419da4b5a7ed2673ed6a8624e8

SHA256
f238403b10e39a01768f7d6481de9a2ebbc6d2cd018790fde0ae1448670e6959

SHA512
e5bcfa2bd66c8602bb4ce36b721c4b1d587f5787dd7a32700ea836b5690eba778073446770abba55368721b591a1c9136c3d41f62a338b3bffbfe4cb8f4a9a1b

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
c6909f28afeaa13e1ccec4a6339336ac

SHA1
9fb24bf68007797db843a5c22eab24fe6c837ec6

SHA256
89f6b356178e219a7d8906dde5e4aa9051c0442fde954cd0ed88116291ce3aae

SHA512
5c8b6b905c7fc6c595b6168f039c0a4090e055cf0e41f1fcc3ce65777652e36e6741949b56193c3f51f78c82fa40cdb3b5fc05febaa19faef3fe8ad27aff7993

Download Submit
/data/data/com.systemservice/files/PersistedInstallation7956976288554896420tmp

Filesize
557B

MD5
40bc76b35425ca9e2e9117045c590086

SHA1
28e320e9a69f4fecf5c7f22b4963d4dac11c909f

SHA256
acba3b4b51189f1237715f25a314bdc54e73516b7e2941afcdd4a83ed5fce4f9

SHA512
875fb1539d01cfdffe05cfec41291209dbfb87db251e27f69f403d338e49370eb6f39ae94da2d13193dbb31a9e05aa600a113281a6c59c53008c49bc5ab9c681

Download Submit
/data/data/com.systemservice/files/PersistedInstallation8349658284826927106tmp

Filesize
90B

MD5
93051fb2d0030658c21076970cd4fe0e

SHA1
5138ed17ad8a08aa335e3fa88feaadd58859f457

SHA256
7aa9dceb407807265ba5fccf2236e1e6fc3686ab9de0904fcdbefd2a002fa883

SHA512
8b15f1d96684fff14e45dd4dbed33e41d8b680bc68b751bbbbb63162bd974c2abfa9661a5a1405a3dd2c1937a134273597718f4478df31bd74c73dc914fc6053

Download Submit
/data/data/com.systemservice/log/log4j.txt

Filesize
3KB

MD5
f63ac13bfbfa018859649a16f211015e

SHA1
35b3d9c755b79b394de880c00edbae5aca27d28d

SHA256
dfc13fee5d43b5d9125837add45964a03c1c1b38d41e4c739d82f27eda66523b

SHA512
748fc79ab785daf9ad0a50766220383de05df0f2d2c2a5731afd00c3a1ab101010cd47d450f7fc46cc31465bad91b819be1181abfe16effe981f438ee3cd6d25

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads