truthspy | 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c

Analysis

max time kernel
18s
max time network
132s
platform
android_x64
resource
android-33-x64-arm64-20240624-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system
submitted
30-11-2024 02:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c.apk
Size

3.6MB
MD5

0366ae0abf0ada8aed90322bfe07dfd5
SHA1

2f0779ce64f02944e87674745cb446c5bc620607
SHA256

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c
SHA512

52f50f2f847628b1fb498784660050a6f189d8c7cc520c0d3a06ca28cc35ee4961d0a3daca71a540e263ab930ab629b884c3ff187d4abcd8f58549fdf87f9677
SSDEEP

98304:mD/SWbGiowrvH6Odp/9hBbW+te6lXhAyHtu:mWWbGjuvl9jS+oSc

Score

10^/10

truthspy banker collection credential_access discovery evasion infostealer spyware trojan

Malware Config

Extracted

Family

truthspy

http://protocol-a100.phoneparental.com/protocols

Signatures

Truthspy
Truthspy is an Android stalkerware.
trojan infostealer spyware truthspy
Truthspy family
truthspy

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.systemservice

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.systemservice

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.systemservice

com.systemservice
1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Queries information about active data network
PID:4322

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Connections Discovery

T1421

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.systemservice/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
951fcebf376646bf5c9ed9b27ca4a689

SHA1
21a0392db4c4b4c250481e0098bda9326caaccc0

SHA256
4fb67e95faa40a18e90f0c45357b1dbf63ea90b0f54c3227b5e984715479f852

SHA512
312fb493619643893dc878028d3740fc67d6ed3418ac1e3e454365eacb6fef83d4ceb0cf426bbf27989a823ac327b743baa273949d1cbcc9a8a2ebe7c37308d4

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
abb06f6f8421af05230df09ecfa82ec7

SHA1
9e8709b6dd664755cfdf543328620ed3f8c86dc5

SHA256
fe6e75a504da31ecc6addec546280eda015adae1fea2c62035274a6002652067

SHA512
5d7b2f876dc0f24312d6b7cb1cc8cf8230c3cdb0e3dd674aea0df39ac7aa5aa4e2ad7936050cc513ecad85d77ce2cc135dc5d7eb780afbb4989fd2d2c3e1aba1

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
1b65d01653ab0ac24225bfdaa0b1269a

SHA1
b9072600a3ba7c1185f8053d37d88d439539bdbf

SHA256
f408ce0dd670470eb07b5e8faee06f83e108cacddf1e2444f4d9aa01a4bc28be

SHA512
10b81ec31d2fa134441a682a18d639448ab1bf6901cdedd26ed4529c5303eeb403198ed51e5a44171afa81b442b0dab899847c0564ecb766fe119cf50bad3553

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
d646afe23f666701f772d21a2e66650e

SHA1
3aa2c076a7a74a2944961c71b42531715563cb10

SHA256
94965d08ed2e1860fa87d2310c8766ab39653f345d3f4275982c7b41900e150b

SHA512
f5c3781aa71207eacd9713548c432cd06f68a7d3097792404a7121e96dd8af309af29ec3d2caaf6cfa5ad44276a28f368b7758282ad65138319404c713235370

Download Submit
/data/data/com.systemservice/databases/core.db

Filesize
36KB

MD5
045489a0639eee27bca52f48828cd93d

SHA1
436e7966e7c019273c44faa4d8c5709b816dfda3

SHA256
0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

SHA512
c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
62ad4a05cbdca7f47b3206b7dbda487f

SHA1
4f4044cef7b7b1e5c6184ed9025267fc92bf0cd3

SHA256
18b909096c7c61d51ab076ae8e562effb0d4ada28e2a4ecd0e6b88ef58f6b2a6

SHA512
0936531ed1b2b356a247123200739a43cfc765469ab47a424dcd6e3d1176092a212b0a28591d07f8c2d0cc9d2e0eeddfcea8dde314c2f9343783c61075b071a6

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
83a7da036098c448cb2cafd90620d400

SHA1
6488665319fc66c392ba678cb2888ff9492bbf38

SHA256
aef9a02014fc6dcbf9904ebc2d9acb639db27eaa0dc2a6252bc7d0a54eaa43c5

SHA512
50444d1f1949526a0abf9d252df79968e936684b594209c83444fde0005d25e46a2eeecbd3ff5b9e9f5a0f6f81e635e4732de9498093485f035c978c938b6e0a

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
97530499639957584b00c0b72d6a5e15

SHA1
7bbe7fb5f333428db014369d6c2cfdcc0b652ea2

SHA256
e4d0adf448de7431a70853d1d9fe9f6a07254dda915fffc5fa303727853f388e

SHA512
f3de4dcc473db8f298ce9b63ccd546425f2b7dac914418fc264e478bd27ef8d9affe216129b51ad8939cac7d27520d5b4b3c2f216f5645d2aafdac101dafe422

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
3331647532b017ca4be8e6180ebfd287

SHA1
4829e9e84fcf2be0e90c7e28c71d80d929a44781

SHA256
5cfbd8bbd8d1fb3b1cb5bad63d5463fb5b6887c5970ae1190e8bc882f97a24ac

SHA512
7cfefc48fbb7fbfd275d479e8acc92491fae4754695c394bad7da7b4085fc0c32a63d1be9217f3ca2dcbf1566af7ea37339d2525ee89586a8de791d7230dfc15

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
28d637a0336ae52ac74313710049598d

SHA1
f91080e1a2d985f7947d6fcf639807c34664d73d

SHA256
a4efb4a4bf9552d16154042123c5df6527be416cb08edeedd2b5a42802658560

SHA512
77e108dbb437ba8e42dfc335e67d09b0dd7439fe831f93c7686eee7ac7e635fc651ecfdb21911c912e67c60de011eef06cce3fa900568b1efcd2f4e59136fffe

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
e3f13c7d7678604e5b293f6672bc0ed1

SHA1
b16c998ac7ca1db79cd4983b207a292ac1d96e21

SHA256
486eb5bec4ec277ea7b334a0d0e431e5e62881d3462903e8294640edbe96b2e3

SHA512
b63bab85a373912587e78dfc9daf8b4168a223c7af08fb87de8140d66b9f35042052d2d25694e4ea7c9f2064107e5471318b6dcec39c4e3dc0aa352627fa09f4

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
39d08bfff8a2fb3e9b55f96dddce04f6

SHA1
65072f89db8d3403e6a58fc1782f3409c556f556

SHA256
7df19b11b1ac05a0ef28cf499487bada235a008bfc153a495c263538511eee56

SHA512
14d333bc9fa68f8fd8d7584043a2802567e1bcecf860df6f4944b0f34eb02305159a53afe463b9c154ca41b2baeec377b19ee2aff3be588ac9ad243852e3d833

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
2e9d7d761c6c0e7c92d739761ff956f7

SHA1
70b96abf71f8a6ea75587f00ebfcf1a4d3ca5ff3

SHA256
beef2b96ac6a6bfc9ec04458b614630c672ba997a3176803d0c4a5bc741c20e0

SHA512
40e0b9d3e76d573ff1e406e3a19081c7e00c4b4320324fc830cee7ecf08e22cab76a1a722cb4537ee47949b17f5bbb24dd9b4446d02d1a17377706fe5d649800

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
ec7dbdefcefaf08b30a9773106ffa903

SHA1
ccd8b889576784c500c87458cd6a911f939786b5

SHA256
9422b84c493c605307e18090dbcb9091c55bb59ef101a72fb71c14a4523bbb59

SHA512
9bb696ccec242106d4908cc5a7c57787f706543ccebf37f9a472ac205e505aece70b483af24d15af4d27f61b333f495e5ace3d36183266f22800c1209743b613

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
de3ec126042f3dc9596e7da3ca838a0e

SHA1
45d65181f338fc19cecfa0c081e6770134d0a55e

SHA256
4bc98ba07d2ed21e0630de6370bf0b7f8593f20425a309579ea362fb6526f299

SHA512
340633618f860371d3251b046f3a36c17e0379aa2efd8ae63e5e298cc8973c9c7419d0f8781eceef67b5ad118605be4f3b9d53c7a30558bf5eda468145346daa

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
c699bcce15d959cebf5e8442b36ac536

SHA1
fdb605a293828cfcccf847408718702908774752

SHA256
144588081f64f22a3b037a840f2f935c770b573b352a488fa45fb0c3bf56150c

SHA512
cdde4112140cd0b423af858db76e7f61ee3fbfc30e2d63d6c79092f500b1ea391438a99fb183c12925a275245085f853839081b49043a2e81487ffac1c502481

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
711991f79a818ad7cc013145a1250eb1

SHA1
1999354f7557207787a5319fdc503f8b27e3a49e

SHA256
1d4d71078b855809cfdb6a22a86ec48a16da7cba039d6085fa4004b7c71bd5f1

SHA512
1c13f91148178f365c72b9e301bf2a97a3252f3b147fbc572efed1286c84a1962d897e79c6ed9809ac839998f9a46d13f15b56f8da55528f72349b40eed3b5d1

Download Submit
/data/data/com.systemservice/files/PersistedInstallation3249617778069480350tmp

Filesize
90B

MD5
2a80cc6b85aac82569956f3450121954

SHA1
dfe6554a37444dd29f72503b5dc90fc814ec0cdb

SHA256
31de63448e792fe2d75ee13550653cde0214ce8f6f5cfab6058ef2a8d929a668

SHA512
d22f1a0aba4e997a6d665f50bc5e455795e8c3467808cbc64bba32a87685d0aa7234b37b708a284136941228b48c77836178e5d84318e489e21f32f84762243c

Download Submit
/data/data/com.systemservice/files/PersistedInstallation751829993362434527tmp

Filesize
557B

MD5
7730b7c07418a56f4a863411da7fea5b

SHA1
84ad8d96cb387a7ca9c0360516943faa6da149d6

SHA256
51b87b3a944eab59eda90f4fe843cf770bccfd18b7e42fa60e3636504293394b

SHA512
a29ad833ef70bca0722148106e25aa4be94f06fd14b4fcf4e563ecc0785ab942b220023dae92bb6fdbdbd5085604ccabb7bebace08d3c8b2823537b703502e58

Download Submit
/data/data/com.systemservice/log/log4j.txt

Filesize
3KB

MD5
0e4b718df380b88c6a8d6cf8f6baac5a

SHA1
f7d7788d830b46be1d01b679be97975feae3c28e

SHA256
9da1550e635c88172f44488118f030a206e0bf58127c5d42ca3129f7275991c8

SHA512
30e88a3abe526016fed037f27b4707dae92ddf81456475578f2a535dbff60a0124603ed281966d6335ceafe0ca03e4b0e2250945ac8f70415dd216acd114f793

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads