truthspy | 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c

Analysis

max time kernel
17s
max time network
132s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
05-12-2024 02:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c.apk
Size

3.6MB
MD5

0366ae0abf0ada8aed90322bfe07dfd5
SHA1

2f0779ce64f02944e87674745cb446c5bc620607
SHA256

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c
SHA512

52f50f2f847628b1fb498784660050a6f189d8c7cc520c0d3a06ca28cc35ee4961d0a3daca71a540e263ab930ab629b884c3ff187d4abcd8f58549fdf87f9677
SSDEEP

98304:mD/SWbGiowrvH6Odp/9hBbW+te6lXhAyHtu:mWWbGjuvl9jS+oSc

Score

10^/10

truthspy banker collection credential_access discovery evasion infostealer spyware trojan

Malware Config

Extracted

Family

truthspy

http://protocol-a100.phoneparental.com/protocols

Signatures

Truthspy
Truthspy is an Android stalkerware.
trojan infostealer spyware truthspy
Truthspy family
truthspy

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.systemservice

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.systemservice

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.systemservice

com.systemservice
1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Queries information about active data network
PID:4469

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Connections Discovery

T1421

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.systemservice/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
c1f3881ddb609b71f0ffc3481ffd88b8

SHA1
8196253f812038f1562f5e49d4262974b4b05875

SHA256
c7e976031cfcccfe1c308c5efa2a7ab9f4dd23da447cf41e245200a3fb94537f

SHA512
f8a510492547c0be15546f55ff237261517477fd6ef3bc14e932515c4627ff91500d804caa224e374c8c91db6a72dfa1c7121d53939175fee8cc9234a6b667be

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
432c07deef82945f34973b3eb015719e

SHA1
b67e86d6651dde9b112c439cab14fe37d1f8015f

SHA256
4bf179b4814360342d1a80fc45b91ff21329574d9f6062c46dbeed2ed05ccd26

SHA512
c2f3ad9697607180ac5380850efb1ab4229ac73678e2f243127ee68f1c098b77fa886e4345aa264cce4ae618932b7afd45879b7ae307ec96d877295d824e468c

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
619635e8b2190c45ba1ced43819d0d76

SHA1
0cf389aa7da3239a0f742e5153a4f52a077996a4

SHA256
658176948c444783d7a169450730ee30440c2c740583d7cdc99bf49ff26425b0

SHA512
f900020c776e0c6ca0e20243da97292f40680920eeb1f2fb1167983c470d00fed6f412e5800936dc4ac9635d8724eb08345ad8819ba6f01cd416bda7078ed818

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
05e362151c0d3ccb48c6547fe40009d5

SHA1
fbdf8d13c5453c5bbafb87ac3e05dd9cfd8c3556

SHA256
8084520236939ea92204c308e847d33d135a7a7e77c5ffc5cea1daed89a5e5a1

SHA512
360c01afb5259ee7034efd4ff1e6c3a0e2a31352403ac602cf056874e9df2e49ecd2e5fcbed6651c808dc846d53491130d8aec053391378838a54725a2399e7f

Download Submit
/data/data/com.systemservice/databases/core.db

Filesize
36KB

MD5
045489a0639eee27bca52f48828cd93d

SHA1
436e7966e7c019273c44faa4d8c5709b816dfda3

SHA256
0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

SHA512
c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d9cf75fdd1c2292d986f6c3d5d60f2c8

SHA1
07ecb1d3a26d952ae5fecf54f36699ab498510b1

SHA256
2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a

SHA512
442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
4dfe7faadcad27976bfd735c4c67d65e

SHA1
26289df0f39f79693afd126d9dd459ff1e89cc03

SHA256
155fafe7845a8fe867c112d262c97753f0d8b1b87a9c88408df62370c180d5bb

SHA512
097e6cfdcd6bc1ea9c6b0b9a508d40fdf03b390fe9b9e8bcd7e7708a342e853976acac64d9ecae52626a980e4557115f6cbdd25e49cc009f89dcdcb004726e83

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
b7fe6b598abef97af44bafb844c01cc2

SHA1
ac7008150a7e53f0635e6ecc8a6aa6a8d699e83d

SHA256
4e27117ea4d7897c9b5db1544b66b281f8b79d95966ce035beb8b3c7b3f77bd6

SHA512
6139afc05b28c3eae2c69ebfdfcab13cc95e245cd3a885c36f1d657189a55798aa6725c7a0d515bc0c0115fb4da6dd2d36d66e7e46615e5c2f81846183dd5d5b

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
0b0616e074092775eae8b56bc08e8d83

SHA1
098396c65155c0a01649dbfa08e77c831abaee8c

SHA256
71e207bc02f2b9461750f696ac1fd8392a3d70d56216b73ceab39da962704989

SHA512
a32eb3f8183c53061ab7ca7d26a7800cbc3549f94ae15f52026460afa75f8549b9fa2147e0894ffac8060e100c60872ffe99579615b7618bca61cddbb19d5f53

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
8dc85fb563674a377616cd853bb35c34

SHA1
b2f7011404c585eafcfa6f220ea8a2f9251d44cc

SHA256
2824760a4a0f4eef933753155698f5e48ea53eb245d9cc8cb01fb2199d4ec1af

SHA512
881da051b45c0bbc0d3d27d82e51a23273c2a8c6603b97d8e92791960ddcb85b2df2b89b53c16b218814ef20a207de8dc9b2979c2b94006aa9c57a9bdcb37136

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
2238195eab25764b61f2d26ef6a720af

SHA1
d366efd0cc079f0f87d23c630ec8d99f90541731

SHA256
599d63ed390f7e8e81d82b379c9a733ffbf454bfa5843bd0c909737c8d40dfef

SHA512
478111185428119bc92f0ffa3b6d88a7c644108c4b1d9b14a53bea1d74278bc78e67752e41d464dd81e3d600de8b7a723d0c7fa0ce920250ffd26977f9fa3470

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
8160d038b7911425724488a643b37f98

SHA1
c14852177bb6b7e888a6ecb131ec4e8b5b18149c

SHA256
7a1c34b363b2651a1bf131009cbb1210f156b31cad501a9fbdfcfb0524a54bef

SHA512
57f140445a7599322ccf3674375f96bb152d6df6dd2de728c3bf2ef035adcf2241bc015111ed2004428f13135ae26b9944b1b0c0ce7dc6384ed8532ca68be557

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
228c1491c1295a4744aff0d87ddecc66

SHA1
87af758bb5766073692420198eda03e500d644d7

SHA256
9423570087c43401e6c17cb4cd2ead11a96e813c44b242f29bd9388cba8e5923

SHA512
f9f18eb788e8a56c586ae5c866e73cf41614075cedfc8bd273740475f9a38f831278663ab6fb996267ef72089f4a7feb64ae620b62056f4f79ed4cd7ed2b1d2d

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
424b80710aef3b94fa14a8989113decb

SHA1
d70e1426b8d8c924d1b544ce861492dab8f71526

SHA256
5aba6b44d9103866a9824acfef342358852da92d0847e4f4d5948bd7b49fa5eb

SHA512
3ed44f2ddc659775b62a20738a6b98facbf16a6a920b4bd807b43333ddeb53208bdca13acabf6cc8735a6907e54b2ea71b4554f2ff1dd236d7171f76c7e7abd8

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
1aa6fef8addebcb80a9f8b77154dae69

SHA1
27b5cdee836c30642ad2479504caf1ef3d256a1b

SHA256
08dedd6da3948e22e083171af531aa3825ba14cce3cd42c6760be074b6755ed2

SHA512
e41b0ec8abdc6c32a876fbdd4429607066988203a8e7d2b40c4e27b095b39ddbef3e6b9a963cc7cf182a6f69e50c8ffc7213037d4014ec59003a2d7ce3891872

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
78c9600eaec0c164bfb49d891ee9d2c1

SHA1
b79736c38278cb38151b56023cf4a3286fa00cf3

SHA256
110d8eac91a375db957c5b710c5fbf5946e63cb0d0fbf6f3a959863d4e2b57df

SHA512
ecec15f08d8ba719671b16ab38ca507a59bad6660fe21952a6149d131a1e6886045e4e1404a7588f165618cc9b2042c0dd45390ccd1d74fa3fd2feb8620bb775

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
a72efddc700bc40ce1dc311ff534831c

SHA1
00a3636ad38118d0fdf761a76eff5eb1fa930c60

SHA256
e308b06cc20fa50b37f06cab24f6a0449a8b6345b8e6cd50d590aa3f8d0d9d58

SHA512
e0ec0ac55ae625b57c17039d998143d0ffc10d3a43a7f2947807d1a105ffe08a59b96d53542401025ed13279d23768964af9bcbd42f8836855e4e971744c11dc

Download Submit
/data/data/com.systemservice/files/PersistedInstallation1485476743638425272tmp

Filesize
90B

MD5
2d9dd95eff86c4232e4f447e3d25c5ca

SHA1
7984d3192a25e5c4edfceba686ecd38c2e7eabae

SHA256
44d1cbe69696dd36cd626b9f318453af68d93830ccaf43bf3a45c44b184900d5

SHA512
f5e507738f53ac01069d4422896f0bfb6166434e653d42a7864a6c95f06e0b884981387fe386fdae72e18c0e16101ef193b7e4e033457598f17906052b4d0525

Download Submit
/data/data/com.systemservice/files/PersistedInstallation6620396183075761502tmp

Filesize
556B

MD5
75419e6bf1cf4994da455bfd31dcc96d

SHA1
e77be265fc7c6ac1d902bfa223055a3e43f906ec

SHA256
37b7a7854c3ac9d415da522829824eba4115aa0719e181ecfdb649ee74264a55

SHA512
9d82e11d29354c938ccd21ca65f0ae77ea11dde24ea22cc470bd1d40bca39b04b004c3f935b98015ae134fda9859f08c78b5089691df31853cc8a5da124da663

Download Submit
/data/data/com.systemservice/log/log4j.txt

Filesize
3KB

MD5
1d5e5b91d94a5046b1eb936b359298c5

SHA1
bb5154f2651bc0ba4dc8450deff39f503c9187ec

SHA256
50c2ef66c2cc0a0e9797e83507ddc65398308600befaac985fe6889ac792b830

SHA512
81daf0d7e9ab5dcc6274abcb7a0ec37fbf8d06dae4fbc5d6077249cb7444f964f394e28b4e1adc075e64356b93d84e64fca5260866157e4cead04b03e1dec743

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads