truthspy | 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c

Analysis

max time kernel
18s
max time network
132s
platform
android_x64
resource
android-33-x64-arm64-20240624-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system
submitted
03/12/2024, 02:47

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c.apk
Size

3.6MB
MD5

0366ae0abf0ada8aed90322bfe07dfd5
SHA1

2f0779ce64f02944e87674745cb446c5bc620607
SHA256

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c
SHA512

52f50f2f847628b1fb498784660050a6f189d8c7cc520c0d3a06ca28cc35ee4961d0a3daca71a540e263ab930ab629b884c3ff187d4abcd8f58549fdf87f9677
SSDEEP

98304:mD/SWbGiowrvH6Odp/9hBbW+te6lXhAyHtu:mWWbGjuvl9jS+oSc

Score

10^/10

truthspy banker collection credential_access discovery evasion infostealer spyware trojan

Malware Config

Extracted

Family

truthspy

http://protocol-a100.phoneparental.com/protocols

Signatures

Truthspy
Truthspy is an Android stalkerware.
trojan infostealer spyware truthspy
Truthspy family
truthspy

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.systemservice

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.systemservice

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.systemservice

com.systemservice
1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Queries information about active data network
PID:4328

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Connections Discovery

T1421

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.systemservice/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
ff2d80a538661eecce4676839f34315b

SHA1
7f6de23660a92d881af6d9101b7978b53b773789

SHA256
e9ef903d38dc9db4985fd51301847a8f36966d65edc13dc12b00644a64f91ff2

SHA512
9dce341cc185d9a8ad08e2cdcf2b6687838e7307cfe3e1808ed11cf4a4f46918fe66e774d780d0f098c05126aef24cf76f93deebe663fdddbc488a6f8e3fef44

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
bb477a1275a2538023b81d33445bd0bd

SHA1
22516df3cf2abd49005718ca5b92f1d9320161f0

SHA256
aed599fb08d8f0e1d0f1e2f88ddc96e99ad95b1b906ef140d0241792e8bc2c13

SHA512
1845f82f0053fcac9906569521feed66b74bc8d15577926c481a608fb7fb013a90bd5834c93c16c23ba39e1443634f2f347d4a790c05dcbe19ee0acb9cf585b8

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
d58940e3e4eb944d6752e9a49a03dc89

SHA1
b9d62cb018e2d44ed80a204f584fb13a7adb5990

SHA256
ea1ed0e1fc61be23add27e51e60b1f2fb27721726c156b2a4e373661d8caaccf

SHA512
f2cf159fb5c74c09278db03b877fdd8865755b9f15cbd394b9726316e475a406a9a9de9bc20e582829329a0fffa5276de6df1345e97601ef9b34d36a327809ee

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
13a5fe43fa92a902413ee3756b8047b3

SHA1
aa145d4aeecc31c188375c384495f88c527227b3

SHA256
29151c9c042d76712783b42408f82ff5306bd82521411b44563bf62838ff6956

SHA512
736100259542db2147fe40b1f626415e9f9333e3637d26f2bbea2ceb7bf7946ec0d2a5aed95be64a3705e5bc3ae5e6cc414477d3a84e1ff40ce857266d0b25c4

Download Submit
/data/data/com.systemservice/databases/core.db

Filesize
36KB

MD5
045489a0639eee27bca52f48828cd93d

SHA1
436e7966e7c019273c44faa4d8c5709b816dfda3

SHA256
0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

SHA512
c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
62ad4a05cbdca7f47b3206b7dbda487f

SHA1
4f4044cef7b7b1e5c6184ed9025267fc92bf0cd3

SHA256
18b909096c7c61d51ab076ae8e562effb0d4ada28e2a4ecd0e6b88ef58f6b2a6

SHA512
0936531ed1b2b356a247123200739a43cfc765469ab47a424dcd6e3d1176092a212b0a28591d07f8c2d0cc9d2e0eeddfcea8dde314c2f9343783c61075b071a6

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
1a8be49c5f7aacd6fb9fe429697d9b1a

SHA1
b29080f59914f3646f087f6f9410f7b9de373f69

SHA256
e3b86fa64bcb063d18ca8cdec8524d00797c63e0acdb1052470a71c42061700b

SHA512
d7b44c766b9a4bd07888a0c878dbe13d4295f3d1397b2ac84fb59af8e2106c882a74ea204d0f8e6a91839ead5fd1dacc2347875083d474956c01aca03ec1dd42

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
8007ccceae4c61f88380fee54baae209

SHA1
795e98d92fa61cca896a02dc25b810f16811c826

SHA256
6d961a26b5ab5b2458c6f714275c34f9ea5233df0e093f4abca3efb40a12ed3c

SHA512
4bb53988ed9d487ebe4817dae3f1752b024cf985873d72e0c5189c4ebf267cbf034e0257ac293b2ce8cc9f3193269c36cffe65b064b9b587145dbdcdd3ce6c58

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
fffd2bd51f0e877d4a90e969f44f6e95

SHA1
fe8314b1c1e45c3869e4ac10b08355c0ba2b6726

SHA256
f793db16bb14a2b36d3726ce82e9ab43df943132d8275cd6dbebcc770ad815ef

SHA512
62900ba2d551863f32ac6b463eaaeeac376a734537a4b5b244ff94d63af2ed96f358d007783dbf642823c9206e5266c0f673f62292075dd014426d363b7b4155

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
6258195bf8b0cd5ea7f47f18897a09dc

SHA1
a51c97d30216bcb7311b8baf41414dc7f609738a

SHA256
2771f4a15bd47e270555e7f193c569bd29981a3802d2a0a8f3d59811106e45fb

SHA512
19849fc34d611d26e1870b6ac14e71bf2423f8f7742382640cc999402285c1ecc8f2dbd9d2bf06204e60dc61c807cd8aaaf35c35eb1b593d94b008ae899f593f

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
e3f13c7d7678604e5b293f6672bc0ed1

SHA1
b16c998ac7ca1db79cd4983b207a292ac1d96e21

SHA256
486eb5bec4ec277ea7b334a0d0e431e5e62881d3462903e8294640edbe96b2e3

SHA512
b63bab85a373912587e78dfc9daf8b4168a223c7af08fb87de8140d66b9f35042052d2d25694e4ea7c9f2064107e5471318b6dcec39c4e3dc0aa352627fa09f4

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
fce634a4ee4dfb324b242b41939e1bc5

SHA1
9264022e389b6147125f019c5604206f900b4113

SHA256
9175a0be928b4fdc5f775605f165312a8aef44ff2cec3597f1027292d6d8ebe6

SHA512
e8852ba0ca49062de40c8e1f1d67e0fc0e2abd4cae0fe817b1680df5facd1e7ed15fe72e82908d91183622df140bf61a15a850e84ed68f5671617a21f8baa84b

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
5578edcccd1f7327625bb8d9a2266fa9

SHA1
e6b0991124d8c09f0328570f7e06b779c095ad6a

SHA256
401c904fbb840b596cc2b0b465591a3ee6eb5a526e1bded375313bfb197ec2e2

SHA512
0fd6eddf17ea6d1315f70b0ea3e7c426dadc096d4b592082a0ff936f7b616c661463d049b598748eedcaa1158ff5cca3afa6034a91e5c5e46c9e6a44e1c9d31f

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
7be39dc0411faa6e89a205d5ac90739d

SHA1
fe841ab1e45f6d232a6e941a8a50f3dd2ca09596

SHA256
8327462585ce62e0983c3d80836ee3ec085a3f47d31e7b889e5a568615dedd00

SHA512
788d506fd3dd404c52a3d480932733ec54274f419fa7a86ee9718d2d48c065f0c69bacaac2808640dc850fcea04923f1cb460e8d8ac4af8b7437a9fa0c7b1afc

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
2c0f34455cc9469edf4690780ac98a76

SHA1
0292c737e169ed22b64f717b7ea9eddb1789d127

SHA256
fef97046082270eca65d14b24a99a2de1907cb46380a8312db993395a195700c

SHA512
122761cf97e9c54061b6f7a370c60c3209c5b5c804307cba6b03bdf0e7ac0df1dfb4aa2f27e8d22afe4dd2b91e5914139abbc94c3f17d91407110b1ecacca6f1

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
9a76c3ee81f9705f1102eccad66d93da

SHA1
97c680cbcf332baf7b77cb5ff08808ee13514a33

SHA256
cd5a0842828b6ec08b96b87406952c381bffcf4ca1a3c1b78bea1fa346cc946a

SHA512
572fa6316076431b21cf7dc52fe3db3abf9137c2a3c89059a7996a49ef1d8e27303c754aceadf9a4ef2e5e4ca817524109e6b5f3d53e473b3b206fb61549c913

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
d37358e74eaf2bbf6fff8699e87da924

SHA1
fca0b1d4124a09586817977c2b99a60f0502b01e

SHA256
601177f95e0bbf995554a236c816a1faecbc762522abfea6aff84a018c7193e6

SHA512
7302c2010e92e32c750c2b88fb7fe7f94136dede134dc1ef0dd9fa658fa4452bf3af3dd513908c80a9ffc1c2755220570d8239b611fd02be58cadaca8697cf60

Download Submit
/data/data/com.systemservice/files/PersistedInstallation1809399016770347658tmp

Filesize
90B

MD5
efd34a547b342ca8a2f7b276e5108326

SHA1
c01734bc6fde77abdb9b74f8fd348f4a73449f9c

SHA256
c92fb450009dfb3e352aad92951395d2080d4ab4178019fc0752a4bb57b41f6a

SHA512
37b816f49339e9aaf6f87d42154c305b283faf11893dd7080ea6914e89c6ee925e3c748744c1dfb4fa01b5a373b93045ff04e9b9e676508e2a3b542f7dd9c1cb

Download Submit
/data/data/com.systemservice/files/PersistedInstallation8879989997731634341tmp

Filesize
556B

MD5
b0a625ddebde1e7cac395dbe885430b5

SHA1
af1565e4d2edb83f11d67b4827db58874f2377ed

SHA256
15ed57cb8a8083ace1ad1426b13c8a0f1ca8f718c5cf73e962c1e842390f48e6

SHA512
63d46f1f6c31e1caead8bdcb3a2812ef43d9730c8f6894494ee4f4e7b987686b74c0255176e48385ec1fe24ed1ed83c20d7aa420a950e70df86485d5eb7d1867

Download Submit
/data/data/com.systemservice/log/log4j.txt

Filesize
3KB

MD5
469e419f9b067d923371b94b8c4d42b5

SHA1
a8a322915f6e34a50add6f7856e72235fc874925

SHA256
0603f73d6e40c4aee82a156bd4372e5d2fe6e998fe8a2cd42667df191ab72764

SHA512
765a789953bf134488d2bc611be9b489ad4e1cbf3e23d23c9270d28e2c991723a1cae60e5d270740ab3a2e805a3e33917550d24eec16f8b1b33a9611d819ce1f

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads