truthspy | 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c

Analysis

max time kernel
17s
max time network
130s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
28/11/2024, 02:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c.apk
Size

3.6MB
MD5

0366ae0abf0ada8aed90322bfe07dfd5
SHA1

2f0779ce64f02944e87674745cb446c5bc620607
SHA256

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c
SHA512

52f50f2f847628b1fb498784660050a6f189d8c7cc520c0d3a06ca28cc35ee4961d0a3daca71a540e263ab930ab629b884c3ff187d4abcd8f58549fdf87f9677
SSDEEP

98304:mD/SWbGiowrvH6Odp/9hBbW+te6lXhAyHtu:mWWbGjuvl9jS+oSc

Score

10^/10

truthspy banker collection credential_access discovery evasion impact infostealer persistence spyware trojan

Malware Config

Extracted

Family

truthspy

http://protocol-a100.phoneparental.com/protocols

Signatures

Truthspy
Truthspy is an Android stalkerware.
trojan infostealer spyware truthspy
Truthspy family
truthspy

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.systemservice

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.systemservice

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.systemservice

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.systemservice

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.systemservice

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.systemservice

com.systemservice
1⤵
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4260

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Clipboard Data

T1414

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.systemservice/databases/com.google.android.datatransport.events

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
48ac6b7d641760cd582043b27d0117f7

SHA1
e3b9aa105353f44b11780ce00304c6d881300416

SHA256
2091d112c5fac41b20e012550c3e41428bc856760f8ea6b82fd4e9459a832e33

SHA512
cfd0590a42179f4387d284b031f0fb65c5f0c6f2f75c1664f979ecac2929c5ad7e570f8d78576c91c718277823a5bd285e0c38f4bdef7ed251b005b36ff3563a

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-wal

Filesize
68KB

MD5
dd22621359cca59f728f9fab0639ebaa

SHA1
84e265a2c5860e3342e7aecaf1f51b4a5e739710

SHA256
cf76fb28bc169ddcaaca503b76ba173ed7a1231364cd2b531e5590212245338f

SHA512
6199d32cec5156ae4b948d9c0601c99e91288d89822b87369d5cbcd3b8f959a3f874789861a99f405f7e4722bb15d68088cebd0be78a89b8b79cfbcf31fb5267

Download Submit
/data/data/com.systemservice/databases/core.db

Filesize
36KB

MD5
045489a0639eee27bca52f48828cd93d

SHA1
436e7966e7c019273c44faa4d8c5709b816dfda3

SHA256
0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

SHA512
c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7237409e0640cfab7bdbd429bf821a3b

SHA1
4c3da934842f8d4835dfe2a9c275a300e5123309

SHA256
5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

SHA512
c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
b0d46de8787d94ab06b90d5df6bba78a

SHA1
4b210a717126f1851d9bcfd60d82a95596646645

SHA256
5cad0168df248fb70e7841e32ffc634e5f2b929a1617676db745c53c17858a9c

SHA512
9d70c0721dce3c1e292b1c74818eb95b937685075a881ced6c04d94eeddf3d88539ac0b26bf45a4ed95294f893eb162a2b2a99f407bd46388a6da2455f26c69f

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
404305fc5fb1cfa997a2a71996d2e5c0

SHA1
4152f986c115b9064080bf585be321d693201f42

SHA256
c1e474d4e2c75370115df189858042988dd5106d0e7e7d43f38978583e0bc970

SHA512
cffd63cd791eb9d328adb3a6110b3a6aea8aa17b8ca6c2047a6cb0459b758b1126d7fe01f0894ceb66a2a1b6c970e41e41893df9f7986587cbf309dbe9d4789a

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
f66b92139304815c7d39d25a58a3318f

SHA1
22423fb62df6e245185d50849866b2c2cd991bd1

SHA256
6971bb15c3819eebc02b62737054a56e826310142227fb583b3680ebbf951f47

SHA512
d7771feb4e810af40a46f7f5dcc4727cdb63b6b82f7c5d85c2d5d20aa782692240d9ba1fabc4deec28edf32e62f3390a4ddd978c42d3595f1d0f4a932a0890f9

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
1e2386e192c882f4057fd653d7cec66a

SHA1
7df448ce6b263f5f1fcceff3ca9daf981933bbe6

SHA256
9b3a2fe45b1163b21b4e55a14dfecb4fc50c2ee9ad821fa26f3fc368f0363759

SHA512
0688ec72d8054a921c148fd594a68dcf8a993cad3a2351051af2bead67c4e1c02e12b8dd4605cf83701c1da95992d35b5c734e4d11de54a8d92df9ea697b2fe4

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
835cfc7decf507cdc5e54f602e3f9699

SHA1
4a55d424cb32e766554672cb2d0b3804fc47552f

SHA256
29257dbf2b37d226ace65bd68d001398801235d93ed830a35435bd4bab4de852

SHA512
2ab470c2200d97b545693a4cdc661100e46b0299f3d3890773681bc5f22f29eeda6b6a83a5c627fa22119726f3ce78d40021362a3f018a4f3afb4a08476c253d

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
5cdc9c0aa2b4f5510d443285295a1de7

SHA1
cbb176db4c72527c9e1b4121f3a3d61e3c4dfc97

SHA256
71ba5b73b09b84a3cc4ec15371ea7b9646b21ac640e4841d72b4eeab19384624

SHA512
bffdbf55c5b33a788dacc655d976d88f08bd282a71aa19a3523bd726d4174d7b39bf80f03eae034f6eb6a8971baefc8b8dec3517c63f25fdbac56dfc8de9fff4

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
6e931cc0757b103882021170d48fe407

SHA1
662688003a7545917dd132bd46f45dd0464b53d0

SHA256
d4200c7098803b97fa02e0fc929f89135beb4c38d12c93aa47c0dbd7ba7809cf

SHA512
b5c518dcf7f4c99fd1988f7fe5cc269bf1d9f956e466ba2a8913e002a8ae7bc5a72d96b8687605163e9da3e49765b25b3b9a0dcf4e50c864aad4b1adfe92f0fe

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
74698707526d7df097d2629a34f68acd

SHA1
2745c03c903e99cd6d25ce2211873adf3b24d035

SHA256
89adaf2bf8c819f1c407f5c4d29d31b69fdebcd391608188fd4808db2660468c

SHA512
6192287be719f81ef8a57e7fc298a723ef6fcb90506906f064ea809fcd8b7d67c066ba03cfcaf75bfec3333d73cdfc796bc373dff69689006f7e7471fb56adf9

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
6d4d1131e6a56423a61dc47302268922

SHA1
f62f746edc9e3a08e29511e30eb9bf80d3a4e343

SHA256
ead3389ba313c4a493cf755a008fd509ca0d94c356985332038fba2a35832f9f

SHA512
04fb45f7a37797d6c302e2a9f5ca118ad92c46b9308ef97ff60dee562183cea9b5944f5a7679a22193ced04effec91d88a061fff627754ae3dbf122bd48667ce

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
762c86e51b41b8597ba8547ca11e5bab

SHA1
675ad12c211a9240fbf5e74f2bad900470e6a121

SHA256
f6672be38cb29b49bcff314bb21af437f6e6244502f11be06f9e0cdbc79d1e56

SHA512
a97bf943f48309d6048ca5aad9d12d3d1bc15e62c34eb0ba72005bda14a04e3a4c6a6afde9e90fe2527954beb59d9061f04e87af860d265dc858250e6938ed09

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
78e05da0cf3e5c7046125924d5ded1a0

SHA1
080209564dc9028d352661db77c0415d5096cdba

SHA256
c91740a170879720f7203120dbda21426d36d16b08525c321a18cb06a4f336f8

SHA512
555f10b72a211d3263e1c1f005268f845f6f34afb2b42d8ce4ec0f7249fc6af483fadf6519e8ededdc88da10bc2ded590c13529e41d1932a78b334adb8b7eaf6

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
95b0f4a3fcdb8e857feb5cb6f3eb9e23

SHA1
2283d42abf770e4996ac4f158628b1d46e762f33

SHA256
1b02be00dcf42ed9f4794a99343e96057f5e1423284c9268284e1724d86d0051

SHA512
dfa957dd34145a195061563878a32cb075864be4c5f53adb1b215273cb31ddf32d4cdb777aa20637f1ed29f4ebb8027d7d41b4d1c7b987ab1979c9a45eca5bfe

Download Submit
/data/data/com.systemservice/files/PersistedInstallation313673342182266460tmp

Filesize
90B

MD5
937e86dd8d161ede129e8b01264844e8

SHA1
5a7b25775841ca5e674e8ca9bd56219008e2a4b8

SHA256
99556b14ceea7813412ace1da3ba58d86053bb527469681acaccdfc4a7658596

SHA512
d08f47cf0cd620ba163ddcd421993b82c9ceb8f5eaa7f7c93865dd2a4665495dfe18d14eac6aae03241df71d2ca940512a3aa67bde1bdcd2108e130cd419bedd

Download Submit
/data/data/com.systemservice/files/PersistedInstallation6728016108780093433tmp

Filesize
556B

MD5
348dfb283cebe9f84701bde49659ffc6

SHA1
ab8df53703c0a90a13b9dc6281888d630113cb82

SHA256
75ce977868e2114525baab9f701e1c85cc62f5b72dc7c88a3f49d0ff4e666b9a

SHA512
c6b87f1d26cb18c05cd7247817c5c4ac85701165385e8c533a63806746d4ddfd21596bcb01c5eba6544a3937891c64dca456e79e16e557e2773311574ca0b7f5

Download Submit
/data/data/com.systemservice/log/log4j.txt

Filesize
6KB

MD5
c159ef76fc9fd7b0641759e88244c2c6

SHA1
c17aa1bc1472d68a72ebc2719ecff1872b1e570a

SHA256
e6d900ce8969ba03df9de157ac403afb437d0335e0da932cf5b85d329a15b43a

SHA512
9547d0ee0bdb154e075632fffaea8aa4eb2a0b5afeeb78ef944da7ffbb6cbcccc5887cb26f88ee7fe84c2922b0fbe402bb13e272892fc0068d4a8ceaa3537273

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads