truthspy | 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c

Analysis

max time kernel
17s
max time network
132s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
06-12-2024 02:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c.apk
Size

3.6MB
MD5

0366ae0abf0ada8aed90322bfe07dfd5
SHA1

2f0779ce64f02944e87674745cb446c5bc620607
SHA256

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c
SHA512

52f50f2f847628b1fb498784660050a6f189d8c7cc520c0d3a06ca28cc35ee4961d0a3daca71a540e263ab930ab629b884c3ff187d4abcd8f58549fdf87f9677
SSDEEP

98304:mD/SWbGiowrvH6Odp/9hBbW+te6lXhAyHtu:mWWbGjuvl9jS+oSc

Score

10^/10

truthspy banker collection credential_access discovery evasion infostealer spyware trojan

Malware Config

Extracted

Family

truthspy

http://protocol-a100.phoneparental.com/protocols

Signatures

Truthspy
Truthspy is an Android stalkerware.
trojan infostealer spyware truthspy
Truthspy family
truthspy

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.systemservice

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.systemservice

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.systemservice

com.systemservice
1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Queries information about active data network
PID:4471

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Connections Discovery

T1421

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.systemservice/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
af778afc0f68cc8e1d745b8c65a8f1e0

SHA1
083e0d21bef4a0a3a53a40c94931a64503700650

SHA256
68f72dd40694dcd76aafb5c51127adb771936e74c4942772581c62f4c17640c3

SHA512
86a7bf7b97589c854d181ed0bcde72bd016de321ef9aac1d717866ab7637998a770f5d12cffe8851a1eca2634ce261752d20e5f29068aaba11afb629af4ea2af

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
f49452c532fae59823a6446cffc40172

SHA1
7472a74b3ec712dd458b1249bbbdee7ead5ad70e

SHA256
61b820e19a05f103961ccac35a3305d298dafe793f2143456fad7949631262e8

SHA512
103c37fb1ea1bbba84bdecb67e830d97970587a043bdfcd21afe8fcb96ea548a0cd5883b77a3a15f1db6ebdf484592aafe177702561f8cba799a9b94dd869eb0

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
a694cc918df768f7fdb44917c6639027

SHA1
c18f1f1d6b44b483f79a240632cbb72f943d2bc3

SHA256
3a18ffb61d0332bd6e5a1eb84286a935d22354a0594736d20e6f7d9121a77a8a

SHA512
0a47c58d5e3aaaf657ae4daf31d6027d570a18effda305d9beced5c87f493fe9b66ba688285aa88a5b121a4f195be90fc50f0890d16689e6ea5ed006ebf3c45c

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
85c95c5e040d6fde0ecd42f90ce6dc3b

SHA1
c78571088e04f7e0ac371cbf32b70ed767d9d885

SHA256
3abd2a8957f143ed4e178cbc49fafffc061cef484d23e08db5263614fe8b118e

SHA512
a433a1084312e32579a541413ba4ccef516c2ac5360f9f8e1e1ef37c811f0b5a5a615f442933a64e40c94427d6c84c2a555938c228c1d30dbda64fb52a5d2abd

Download Submit
/data/data/com.systemservice/databases/core.db

Filesize
36KB

MD5
045489a0639eee27bca52f48828cd93d

SHA1
436e7966e7c019273c44faa4d8c5709b816dfda3

SHA256
0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

SHA512
c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d9cf75fdd1c2292d986f6c3d5d60f2c8

SHA1
07ecb1d3a26d952ae5fecf54f36699ab498510b1

SHA256
2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a

SHA512
442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
3c11f90a7628a786f31f77a703e54908

SHA1
b95db5c7bc5c8055dec9b14c5a9378c169586cbf

SHA256
89ff08655f32645cc49eb3246fe7a552a8416db22cda1a84b58f31421bec3467

SHA512
a560bae958ed2491fbbab86bf131e25cbfef86772e1b888e2a0e1c001b735485bb2eb65d8b79dbd943fa444a64fd4192c2f49b7375b2dd78cc8b4194f3fefbdf

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
8286f40638581563bb9408d800771dab

SHA1
0979466dde49c6b4a73dc4b944cdd70143af9826

SHA256
a663357bc7b7081060afe35d7e2f3b2f8dfcf0d98d8c26c68b6fffd42cc16646

SHA512
99a5932935ca8a1445ab54bcaef9e0dcc3de74fdd866432e6c327a5c5c1ef56b3154b6cddf755444b8fb131a9cd85fe9829b985b8b381a064a9b94218bc823b7

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
beaa5802c105e95820dbb225f49526ea

SHA1
3184a5cab011d16c33907171a91a6a2103cd76bc

SHA256
812f398614543389e1368a1a1f8a66bfb5d0199ed2bfda2494b4367c02169b11

SHA512
38d1f41af7d49967aaff361264316e6cf5020197d24975bd8a97e725ef21bc92eb8f1df9ea211bdcff17108a2dda235d82de20dedff1ac460eadbbd09a4aeb33

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
36229f19b17791f7a385d42c211e764f

SHA1
3932c75edd79d4ef3c3ad130f04b3ef1b2813504

SHA256
22249cfae1aa1586df2e730d050648b2f470cb05b97011590ebd28e58a9348d0

SHA512
1bca50f6988efc9f0ad4d39e8fd44e147d05b0f595cdc1a8a08f853d84052ba1baa37ec2bc4a82aa936e43879eef5c9b7de11e30d13ffdb04221837525452912

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
2238195eab25764b61f2d26ef6a720af

SHA1
d366efd0cc079f0f87d23c630ec8d99f90541731

SHA256
599d63ed390f7e8e81d82b379c9a733ffbf454bfa5843bd0c909737c8d40dfef

SHA512
478111185428119bc92f0ffa3b6d88a7c644108c4b1d9b14a53bea1d74278bc78e67752e41d464dd81e3d600de8b7a723d0c7fa0ce920250ffd26977f9fa3470

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
d34acc5c319ba70629333bee7bba5d02

SHA1
285d0e63a3906c06900736443ea851cb777276a9

SHA256
01d931be780ac736bb161753e420104dd4a03eb32cae3064cb5adc2e44e8a78e

SHA512
83ae084a09867c654df5ffb8c05171188031b3a3b9039c46e35eac0b607a21a3a551abac026a08790b16261e9c0caf975a8abc336897da6a4a465bee3186040e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
0aa16dd4dbc7a74b0d18395421ffa45f

SHA1
c6307414afbbbe3e1d9c81abb0bb3b9aea5f0563

SHA256
cdf21118f616e73b9f01867f823616d7c4011760bf1dfb0215106a16a36e351b

SHA512
f11060d8eed4bbf9d44984915b071c26223a150ee3d3c6c13fb34a1dbd009fdfc447df21991ea079b1b44674727b4be7a75770fbc7c636f6065dc5a12c434e62

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
bc18a419aa4d6f43c6af812f0131ef01

SHA1
f0d01dcf2efd5da4ff13f2b328f5b764f695d2e0

SHA256
fd31b32b7aec22efefdd195ddb77df17fbfe8306af1913309db43124ab1eef62

SHA512
ecca6f3ef52ee6ed9f199f43f7406a4d8a765d6a5b8072091281b959c8c460a31b8616e9c3e285df75016f399d75889b3fa8db6f4f529324444ec9a79c2bbef9

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
1e7af595622a16a2d89006f76b459831

SHA1
237987164798f364faf6daa55c5261bab66f9eb8

SHA256
bf5c5cd69080b6755d94672fabee8fdc8fc9a7d9208d593c7fb2239e9dd51404

SHA512
97d58b015db14f5a85e1aedaf2dd20f0f1106956a2fe9886a3741208f39f2040a07df648f3a74daabe39369e5abb22c7f6d44727b900ffb161d6af592c010d3c

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
c3b13a81a4f70a17dcb90c5ffd2b9dad

SHA1
ad4f93771a430a0938e937bfe5c23c5469cec577

SHA256
193d38ef48d804b1742d034bea8075557fa5251f738c764b2b71642287709038

SHA512
7905b057367a599187b105c2586f10f4531abf907c0194270745d0feb2d446036cdbe1590e207ff230ebf2b265e811934ecdfb38c09004332c25340ca4201c41

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
c9940179175e14b808ba01979a102f69

SHA1
d6806f1967e597a430694cf71cb3394bf82ded28

SHA256
9cb3cb21e82efa06396f275ef83d644d46ca10d6fa480eafde3e927a7a3f9bad

SHA512
21f6bcdd29616cd398e685d64597f1d00c6e048479d5269bd35e914dd9b2c257327ae4e5e8deb4795ba7396838776c963d5171eff3d006395b1ab7bb684a6e91

Download Submit
/data/data/com.systemservice/files/PersistedInstallation2297132102471113527tmp

Filesize
556B

MD5
fafbdd506614c73a12b60126676f73fb

SHA1
d15028eb093faa1836a625b2706360f66ee7ccb0

SHA256
7523869d5dea1e740844ca176b6c9ecfefe555d702185cc60b663a2fbc233332

SHA512
aa127d44cfcdf12f9c41d272d73df469a73ccf4213403b86aefaeb095a20a2fbeb261ae97baeb090f5a9af655898d7ffeaad862a5ba67e8f61cc01efb616c673

Download Submit
/data/data/com.systemservice/files/PersistedInstallation6204651076983335956tmp

Filesize
90B

MD5
c1f83816b05c1c6e944ad6b7b2387538

SHA1
a7b2a10f89b81d82ab4c7c97596187c1d3815ab0

SHA256
49d1548de5cdee60960341f71999fd1a4724da5446cbe6ec9751850dd18bfb5f

SHA512
8b24c07b5c7ecaea76c1b5e2468c87afc7c66d64fe7ee5641d24561ddce4c01840b2ba71c7919bcd2373a2eec1f836ad3550d7601c4dcd1a33e56ca84bb70960

Download Submit
/data/data/com.systemservice/log/log4j.txt

Filesize
6KB

MD5
929ba410e5a70f6be09278bfa20195b0

SHA1
5057cedb9b7c3fb9f9c256d559fd5f6957bf1f34

SHA256
45d10bd35702304879e84d03d9d1b1966723c40c6eb2848741be0e316f194b22

SHA512
4c0614b1f5023a920d4214632c6d14db19d0cac28fa5bbab61d3562acfddfd001dcd942fc1470da2693547b17ba016e6d506191006517d923ed28b0a9ea22748

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads