truthspy | 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c

Analysis

max time kernel
17s
max time network
156s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
28-11-2024 02:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c.apk
Size

3.6MB
MD5

0366ae0abf0ada8aed90322bfe07dfd5
SHA1

2f0779ce64f02944e87674745cb446c5bc620607
SHA256

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c
SHA512

52f50f2f847628b1fb498784660050a6f189d8c7cc520c0d3a06ca28cc35ee4961d0a3daca71a540e263ab930ab629b884c3ff187d4abcd8f58549fdf87f9677
SSDEEP

98304:mD/SWbGiowrvH6Odp/9hBbW+te6lXhAyHtu:mWWbGjuvl9jS+oSc

Score

10^/10

truthspy banker collection credential_access discovery evasion infostealer persistence spyware trojan

Malware Config

Extracted

Family

truthspy

http://protocol-a100.phoneparental.com/protocols

Signatures

Truthspy
Truthspy is an Android stalkerware.
trojan infostealer spyware truthspy
Truthspy family
truthspy

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.systemservice

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.systemservice

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.systemservice

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.systemservice

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.systemservice

com.systemservice
1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4980

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Connections Discovery

T1421

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.systemservice/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
4bcc40e71ded19474b632579a461b35b

SHA1
b96d16526386ae5c9764dd505b69aae5361caa6a

SHA256
33ca79e6c863bf3457b5e9e377902ca2811567b38ba841e16414fa4a32903a94

SHA512
57963b6af7a312cb382135f56cd9d21b1bb5ee9f13810fe396ad45a897ed8edcfe19066ea48d24af6d520df5b9864f809ff9541f2be31f5af80fc432bbe74cf8

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
a46f878bb18e4cdb36846764ac58116a

SHA1
abc0c729d3ae29eeb2fa43b70388a2876ff3858b

SHA256
9fa6c1eb3e7bc5e574fc2096edb1e969c84e34e8c891d7f1e23adde5cc92afab

SHA512
975659b843cc90199ca7cc7937cf7440a0bc5abe775ac3d3d059721483562c7588e47ca8900e273def3fdee3da984a2c7338ed2dc59d277d1b65ffbba3c7c8b2

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
f66706c78ce29ba176d641420c8e7454

SHA1
ed8dfc0415c86491e754e985316e59143b47335c

SHA256
c921af9c44698022672d9bb42b44246d00555c515ea8723f3081b1c595c4f8ba

SHA512
4c5ffcb12d4fb3aac55e1de660abd6697620412e9fa73afb83a6dc69cf3706ede534a417dfbeadec78a9514bd92d06219f7e28f5bd6f74d6bd5b69a4f1a72f9d

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
9367e955b8b1d2418559263cc75a3676

SHA1
b91256ca877c7eb587eed97eb73cc9aa5ec0e139

SHA256
94425a981aca6ba00ce734e03a12d905958023aa9c1e9cbc9cef47f4033fe6bd

SHA512
2efa5afb783f757a13b734f4362af5669448e67e316c0667ca8a820a285744a9c7e848e874b3846a8e715c0d17e189e5cb645545ec44c830a57979a5460701f0

Download Submit
/data/data/com.systemservice/databases/core.db

Filesize
36KB

MD5
045489a0639eee27bca52f48828cd93d

SHA1
436e7966e7c019273c44faa4d8c5709b816dfda3

SHA256
0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

SHA512
c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
eb52a90bb70b76e946b62f50b6f7fb85

SHA1
42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0

SHA256
48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4

SHA512
b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
20b1052fbd0d1a400850729acd077620

SHA1
0c178536b7d063df5a30dca2ae6311e70da1c372

SHA256
1136a822d6986636d5df35d895088e01e4d1375eb19af4319a326f6358609c37

SHA512
e076e2c47aa9fdacaa0e5ef6d4e59d49af1ffd1bc2ecb54277a307d583261dc65af6e67c9984d07ef7a77ae974a0d651042baf584442e8ec7ff61b75707ecc89

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
c6c589a65dfb50e697b525a134a84f2d

SHA1
7eeaa70cc816272f9408374bb05bab402379ea64

SHA256
c088d97e938f4aef1f73bbc7d962571e98644f68d79908e30400cdc858e60069

SHA512
bdd54b29e83cb6aa50365137246028e384211414f47c1da5e5ad278c19f29158293d76db6bc4c6b6ac53d623ef922826616960e5f5103bc0b2987449e5c0dcb9

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
41b4c40117ebb4f1ec5d04a80b077a8a

SHA1
79261f6e99ff73c407e4697e6b2a25fdf230e11c

SHA256
884deae1f68276925f0fb39bc14c7cf286c02a6e67b4c9b8d9380d423c267a6e

SHA512
f01b95a7a3057bac0283ac18f389b5829a0403a82cc58a4175a10f12187c5c35fa4f2727a1af4b477b7285b0984c6453409590f8b350389de1a205bdc954c937

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
96a67fd4b5e374c6ac1f8955c576bfff

SHA1
c9cc688eb3bbe9774f9d3f07457c5ba54c87f415

SHA256
ac75de07f9c0ca492d3fd9735ab25ca6bd1a643c06634f7dc20092f6aacfa0f9

SHA512
26f9a585ef9769d2e9e8a1bbbf8d6ab144157edbdc55c83ae3247e0ab635a2fd6ac2d7d180b192687f0113dbe5a1549d9aec3e8c82351ccde973790fe9723ce0

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
f871ff700510a56a54fdd56bc41b7541

SHA1
481548c8bc3254a00f497140278597b915460c48

SHA256
ab18f3bb605f3cbedaffc75b2d5a03fe21ab82179d268331ea907bdcd32c23fa

SHA512
12e3d348199566e137f02b63e4c8b4c722aa086128c0f1cea883d512075b8573d40d889d2b4452d9e3d9c02f523716da9775d93750c242a1a2d9e62f50f60fc5

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
f559081b9c7dccddfafb6c9f770bccc2

SHA1
fd0c44306189ec91e96041b72a401cf837bec7ed

SHA256
a8d1ebe37ed327f0e56fc46b58854cab6066ddc3cea000d28bd3e9fbc9d452fb

SHA512
a73b2d1afa0ef16e746140fae061950a9ce3584532c4e46e4907b8b914cee7b5eaa496bb573cdce919f53009fbe3d311ccc89985f8555978cdca042889209386

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
65001f8bdc5e3310d8acc4f38078e430

SHA1
d7e88f5655c013d37b59041ba1212ba8e0bd66ec

SHA256
c9ae93265567f94c5834c7fbc30f3383f10d33a6e0b54802922abb81738c7f57

SHA512
51f9fbf44a282a43d5e09bf8b122307c9eeb4f81b8cbd08e461a2029ef5d34c8fd7302b296f8d0ed40dcccd832ce5681fac0a3e1866e926034f85e4d64ca4461

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
0e77c6708bdfbc8091b594646186cdc7

SHA1
bdae83bbd4c25ca937a56d7dfbaf6954699c02a2

SHA256
74442768bc2e26a48c14279c140ed3798396f12454f5634fe87bc3876cef4ad8

SHA512
5c2c7b7ca069f5e3e90532b3c7b2a8371c96f314c2026ec4edbc3b330d2758e2fdd38f276794eceefbeb3d21063ae75b0bdb6b12336994b931c8b4a9fb60d695

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
2c19f34ed65a7dd96ec80ceec3072e14

SHA1
46b792e1bcaf444bc5ae0124bd0986832437caa6

SHA256
db59d376a8e8b3b42dc7754bacc09e86d9bd03adeef4f3d5b1458a37f0bd7316

SHA512
6741b6146cea41582e6d3bbb0f23581eef13bcbb12ac15b4bacfb9300f42076e903cc7f82af578d27cde6939b8fd3ac39a8b59b625a0e7587ac28002c16f52d9

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
32881c545ce43705ec348d8e8ced3f56

SHA1
a2debe1b8f83afdd75b2a4952db2feb97d42af7c

SHA256
f7b97fdc656394ae6aa1bd493e7e7cf72f348171480afbebcf76cf2a8978d7c5

SHA512
53f4322217287f515df90481d8176f4aa18bdde5daf49b482c5810cd1643d3a1195094be5e302df8bc971895fd20ec9488de4b7f9cbb4685b0a9eaa16efb992b

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
b79f9ae9df4414721fc03be313a6901b

SHA1
49192ffc0ae23fc616012ee52b46be36248efcb7

SHA256
4e04957ce74ca9d76e6f2fc643d21eed92e6b26fc0c0f5400a68fa96f45f4336

SHA512
f89385580b0df5c87ea6d91e0af66abfc560823d3860c475b01886b86ecfe0b287d61e60a07f5b8936622dac532ceb75ae7ed79bcc6653a454cde172f869c4e1

Download Submit
/data/data/com.systemservice/files/PersistedInstallation379772700914402654tmp

Filesize
90B

MD5
256a7b1061dde74f7c3b7ac0a6188efb

SHA1
6ff90f145242559ecf0bed4a7c8113fd3acdb0e8

SHA256
47fb9d614a12fd8b60dcf3e3e529e09a6581b4772644016cb4734adc55249a1f

SHA512
a6bbf1c575c6dc934ca8335acb54d02f6c9f8536450ab83438d4e8d735f75aa9509715e91036af63b7afb9f0133822056b16511469ab60c286a91aad52097013

Download Submit
/data/data/com.systemservice/files/PersistedInstallation7693202938466132248tmp

Filesize
556B

MD5
23a1ba7cd0bc73a6e9d598d641647dbc

SHA1
6270a6af99bacf240f7488e57f21a7b338f8d657

SHA256
24a5a397015e295ee6f7e8eee4cf02dcf3c7e13075b0161ce82372e9cbbda680

SHA512
5cf2ba5cdcb5894b4645b387dcc9723124ed15673d429cfce38bff7c899160030106bc58f6b101ff8c2bbe81fc4eedd74f9ff8e155b5ae54f44fc0904d373b65

Download Submit
/data/data/com.systemservice/log/log4j.txt

Filesize
6KB

MD5
4659b9422b0b86e7677d7a4e1ca828f5

SHA1
fecfb76c6972a64841e4169c02c7a516753708ea

SHA256
059e6276007c93920a3aba62b3f7382e0603cc9cbd4a70f5aeb0144cfb05ab44

SHA512
fb604323d95925e9e808a2a28d18d705940d5fa2f509cb45a9094c6998cc57901f55545f9b3c1db609ebdf67f9fcd9bba402796a2c2e7ab7f28365d7661db02a

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads