truthspy | 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c

Analysis

max time kernel
17s
max time network
130s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
30/11/2024, 02:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c.apk
Size

3.6MB
MD5

0366ae0abf0ada8aed90322bfe07dfd5
SHA1

2f0779ce64f02944e87674745cb446c5bc620607
SHA256

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c
SHA512

52f50f2f847628b1fb498784660050a6f189d8c7cc520c0d3a06ca28cc35ee4961d0a3daca71a540e263ab930ab629b884c3ff187d4abcd8f58549fdf87f9677
SSDEEP

98304:mD/SWbGiowrvH6Odp/9hBbW+te6lXhAyHtu:mWWbGjuvl9jS+oSc

Score

10^/10

truthspy banker collection credential_access discovery evasion impact infostealer persistence spyware trojan

Malware Config

Extracted

Family

truthspy

http://protocol-a100.phoneparental.com/protocols

Signatures

Truthspy
Truthspy is an Android stalkerware.
trojan infostealer spyware truthspy
Truthspy family
truthspy

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.systemservice

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.systemservice

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.systemservice

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.systemservice

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.systemservice

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.systemservice

com.systemservice
1⤵
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4249

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Clipboard Data

T1414

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.systemservice/databases/com.google.android.datatransport.events

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
eb8d86efbd9454bafd2653305bc25503

SHA1
272d82924f4fbe906ca7e2aeff5a2de96dca5026

SHA256
fcd028da55abb6408685c4b4eafcc915b191e8ab575e751483cf54769df89d19

SHA512
79a614f0a65fc7e04ea94613485dd96c3a9453024033358098f73a83e0d0bd95bb14039bdd1787952d77efc0c161b7a354f7030a8d0114b26e557772d8c62d4a

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-wal

Filesize
68KB

MD5
0492c2da5115528dd4c41fbaa7816711

SHA1
76630a772bf5a57279adf8292de7a3148488b69a

SHA256
8023578694e2deafe4602914b407188936c13542dd1f4eaacdf79741cf26e5fb

SHA512
b9faca1ce9b18985e8f89392c21d947c0949c7858d53f249c1222afb0d7315a3a0f73dc56b85c303580b1479312293a5c7ee38bf9bd0f2260cd2105cdf7ce311

Download Submit
/data/data/com.systemservice/databases/core.db

Filesize
36KB

MD5
045489a0639eee27bca52f48828cd93d

SHA1
436e7966e7c019273c44faa4d8c5709b816dfda3

SHA256
0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

SHA512
c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7237409e0640cfab7bdbd429bf821a3b

SHA1
4c3da934842f8d4835dfe2a9c275a300e5123309

SHA256
5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

SHA512
c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
6233415cc45e7dea7967adc0754ce580

SHA1
f49a535851733a44c187582bed8bbbd795fdc9d3

SHA256
b35772720cbfae68105f1d9ddc5cac46308e3f618eb0955019c018da7abc5c23

SHA512
51993864d11cf02a733475c0d1113b7c45d64770623100ec212cb5d312ce77cbf2788bff81e1f2bbb3ca12f852c673cbc97cca14a4ac405cedffb01c1b1b3f03

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
108a51b573ee77981893b225964cfab3

SHA1
53a015fe9d939a231caee20ab5265fc45f5712c4

SHA256
225db945fc8d7cbbba21acbaa8c5c96575a640c4f353ae41952181abb59bad10

SHA512
3fea95d36fa57a36cfb0f6404974028c14a3ac41ed5e0bff10234245a3a25c4c3d5bf768c5cde85cfc0fb916594e9ca62d1767bbea08b3d57c6d121adc5c6475

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
9585582f8aa2f7b80554136b23435ba3

SHA1
2e760a2d23de71f9e6c037fb5deaac1e743240f8

SHA256
80978219ac7933eb6798331f99f62c64fb89d0b4f15819aec08705dae1e7fcc5

SHA512
8d0ee4f55f889d57c533457e111993f4960badb9ba7ad358bd7954bc63313ea5c677c8889d30a1aad4ba3898b03253a0f5be0427ae7cf9029ceb10b2c5338be8

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
c9858928fea3c620cf208ad26cf14874

SHA1
75a196f02aa5f0488efa255bc6d044fdf3f598dd

SHA256
cf129c7f1831e3018ebb00337858e381d6cd1c2db654d5173e2c61f60f7282b6

SHA512
7ef0470018521990b4a0bf7eb823e50a1a1770563db4ee98b3fc7940ff8846df1a43c592a25475cfe88b8d4ee3cb6c208309389342d03f01de6e78827f39d059

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
835cfc7decf507cdc5e54f602e3f9699

SHA1
4a55d424cb32e766554672cb2d0b3804fc47552f

SHA256
29257dbf2b37d226ace65bd68d001398801235d93ed830a35435bd4bab4de852

SHA512
2ab470c2200d97b545693a4cdc661100e46b0299f3d3890773681bc5f22f29eeda6b6a83a5c627fa22119726f3ce78d40021362a3f018a4f3afb4a08476c253d

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
52a13ed9fe214743223cbb7f92daf683

SHA1
2eeff4dda10fb406bc30623c8984b28e9a96421e

SHA256
ed64e58ae6bd5aa1ebb45291d3be47c75d989bb2c389978e129809c079077ed3

SHA512
b916b824fbfb9179f242447c719b9df09e83fae8d04ffd961eb7490baf7d3fbcff51e3ec842e968e84c33f8997ef62ad8c2015cfd90091a91b6f77f9e34e76b4

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
069fe47f89ed36889e2109f5e324317a

SHA1
ff1635098b33a2df7ce053d2ab943870c5b15d3c

SHA256
e12e88a53c86970d1d7d6f8d1f3276823ce81972e37c2739f63ac84fc36d6cad

SHA512
f72b7752a455be50e725b08eb01b23b1839e8452f81d24d35a3d15ab7d62e3cbc96107278b53ccab33aea51872a0078d3700e44535de287ef36a0cd76305d232

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
0e74b9c688e6a4a4b38a6d2284123a2f

SHA1
6ac08c5ae8990201b0775ddc9835ebbca0c8f61c

SHA256
a634ad08a24a8af8aba1ad7510b148efe5355981b844ab3771f4b29469da6cc4

SHA512
6560404649d06495ee8735eb7f379c05c35818ef938500c1409704cbad46ea55675d8ee8831f1150129e5d2951f53a258cedb8c105a1c547132a945372dab0b5

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
e1748cc6778f577926b60aaea6d9612c

SHA1
99d26672276effd9a8e132940084ed5db0bed71d

SHA256
e6e48f0ed9ee752933617063b3316cfeb68cd9c0a4e6e909f08228c8bdea2216

SHA512
a776b3e19f04e75f607b7d4947e847e943b6a408a91d45f36b9bbe9ba71c03c9e0144b9cd21e44f3b46f2ad6aa9cf610e082c9a97a2112edc7c346b414a8b8ac

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
c229203eb2b43b3068e65872a0123a20

SHA1
8011420ca9119a5d030d1cc343023aad16ca3fdc

SHA256
d4d11c9c6d31614d005086140063395e5dd23139275af95170ff297e4bd395da

SHA512
f4511bc6692da4de750fb793d36dd33b589dccdf75b7a8f76a24b2bd0456be15801aff05fb65236b01c2ede1cf60ba70e935c23f9ddd9793460b31f1505787b3

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
3baee50bbe3c5c66b7e582e479743359

SHA1
557929a7ef10562e6b45a021860900453e465392

SHA256
dbb9c4ba7b3e83b2155df496a400d26e5d69a0bdd86564a62bba1843d93cb4f2

SHA512
c2946abf28351fe80536dbdc8a95b62e9d08f556fae5be2feaad337b1b98412f24401899df2e980a9e0dfec7e0ab3668b471d62dd2d140f760302844a184074c

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
3f06a647dce2d4cdb10bc44f32558ce5

SHA1
15739eed147554a6aaeaf023b1ca42d1554c636c

SHA256
bf258b1bbb5f4b917afbc166cd9dd7d3940b7932101cc2c23811313ca16c8a31

SHA512
5b8db48c7c5bc48cd9da6f669209ff932f5caaa8955d43de88cd0f1e612aa78b7c9b12868ba4fc98ed3aa42045c8643f04aba9e625c82ebc2ce04c1f18269a42

Download Submit
/data/data/com.systemservice/files/PersistedInstallation2618368914418236495tmp

Filesize
90B

MD5
6fd49dd98df271c2bfff148e63ebf065

SHA1
f7062623cbc2dc0442eb82c502517c7c39ff96d8

SHA256
62732bb9c344bcae3d836b7e2369b452c43c0371d9737c325e19579ad3713dca

SHA512
ce66cbfa367ccaf89fd7e3049469fe8bd10bb8e3da05ccaee71d36c8a68e4b8cca25e6cf715ae658ad779f77bf030c8e1d7c30e243b5de50899fe5f91959726f

Download Submit
/data/data/com.systemservice/files/PersistedInstallation5069117452637830677tmp

Filesize
555B

MD5
92c2b89561ad805fccb7fe37fc7a7f6f

SHA1
076a332821ea9e9348b4e7ed9a93d1253d5d348d

SHA256
fe918e6b5240e0f5846257e84d0a5f5dc1c0de7007d244a163c685f9ee69540e

SHA512
36012b83599eea6b71ee9065ffddf1f60b6313f05fa122c0764cd4b7f302c9fad6dcfcec60c304d210da16478c6678bc170bbd549dc436e8e2f34350dadddd25

Download Submit
/data/data/com.systemservice/log/log4j.txt

Filesize
3KB

MD5
1ee8a2cdf9029d6f4f70e60a8ab61bd1

SHA1
0ec76aa202bf02b8d1078ea28b2a11e1cf586d02

SHA256
3a5e7ab816ada038025d80cc4d082191eaeb58a142c87344210a0b25fd6805a7

SHA512
7ef38486b2b3533de71e03d52fc077c8419c04b15c179a3f0d1a0d95bc58beee08dc4b9be2b9f64aa8c5f6325eb3593906ba8e2c6e6ed7d59c5d0920eeee9731

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads