truthspy | 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c

Analysis

max time kernel
18s
max time network
132s
platform
android_x64
resource
android-33-x64-arm64-20240624-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system
submitted
08-12-2024 03:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c.apk
Size

3.6MB
MD5

0366ae0abf0ada8aed90322bfe07dfd5
SHA1

2f0779ce64f02944e87674745cb446c5bc620607
SHA256

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c
SHA512

52f50f2f847628b1fb498784660050a6f189d8c7cc520c0d3a06ca28cc35ee4961d0a3daca71a540e263ab930ab629b884c3ff187d4abcd8f58549fdf87f9677
SSDEEP

98304:mD/SWbGiowrvH6Odp/9hBbW+te6lXhAyHtu:mWWbGjuvl9jS+oSc

Score

10^/10

truthspy banker collection credential_access discovery evasion infostealer spyware trojan

Malware Config

Extracted

Family

truthspy

http://protocol-a100.phoneparental.com/protocols

Signatures

Truthspy
Truthspy is an Android stalkerware.
trojan infostealer spyware truthspy
Truthspy family
truthspy

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.systemservice

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.systemservice

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.systemservice

com.systemservice
1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Queries information about active data network
PID:4309

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Connections Discovery

T1421

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.systemservice/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
cbf5bf4e9189ac9cbc60ccace89ce363

SHA1
498096ee867d842efb7cdf844caeecaba03f0089

SHA256
9716564ef2012739ce25c6c4c045f4d855d6f6a86924448339ba38144d851750

SHA512
9a5f6211314b5d64a08b0380267c325dfd983cd4aaed38f1d85b38ac25685298842e0971db78a2e73f4ac367ef836d36f353ec875f5e41602b10577b622053de

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
64edd881dc05dd01062b668bc30121f5

SHA1
26edb7febeb18688190ea9306932874d5369a0c4

SHA256
5223c4f2d4c6df97059538175ff5ec0c1d0b4240b40f23d9d3589100fa18bf25

SHA512
0298b2aa4472724fb69021a07069df53fdf548db3e272e8567a90b3397d059e088ddb109fc6fc6eaf887f47169d424f682b0d6c5dae91260e517001bd55e37fb

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
e800c49f3b15c0f790d1b68e7328c8cf

SHA1
c7cf059255bb9eb90e60df82f39c7fd4288dce9a

SHA256
e1200aa6b6e3928cef7b32d2d20f1304d544df8c670d6cd61bf2dcff4ce5bb0e

SHA512
f78ac3af206803836d88b6870fffebb208cdc814780155ebafcb78899172bd995677c39647d7181ce79f167dc077c8f4020abf98cba1d5145935af5cd64c9366

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
97914704677a885bc2aafbf2d98b82b8

SHA1
357f49e44308a14dc83c4855d44a27e996fdd14b

SHA256
02471ded218b93432fe912facf6ab0f2b1248e5e33617282cef232cede8387ce

SHA512
c6924a989c9f612c1992fbaac1715be698434291f8480f7224a89181aa74c5f184f17f2a6a96043e9b79fd66ed350ae804cfe23c15e98a3b56c0ec4f30c1fca7

Download Submit
/data/data/com.systemservice/databases/core.db

Filesize
36KB

MD5
045489a0639eee27bca52f48828cd93d

SHA1
436e7966e7c019273c44faa4d8c5709b816dfda3

SHA256
0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

SHA512
c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
62ad4a05cbdca7f47b3206b7dbda487f

SHA1
4f4044cef7b7b1e5c6184ed9025267fc92bf0cd3

SHA256
18b909096c7c61d51ab076ae8e562effb0d4ada28e2a4ecd0e6b88ef58f6b2a6

SHA512
0936531ed1b2b356a247123200739a43cfc765469ab47a424dcd6e3d1176092a212b0a28591d07f8c2d0cc9d2e0eeddfcea8dde314c2f9343783c61075b071a6

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
6f610cdff78af18ee77925843e7f9206

SHA1
b9ef8b95248e4f906ebd0f65e0b73051ee4ea19e

SHA256
c41efcb30fee7d5d88ab351bdccf696e7733802a424e7b0a88c8d681038e4ea2

SHA512
a753945c89f2a541454e150197ba9ba57cfdc8f630954481a2184653d30c634f7c47c9cc2ac01d4c217d69e8d1ac4da66dcb0a657146a9d0bcc6a0d2c96f9158

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
691698f2cac6c2d848b36130e4f22e40

SHA1
d892f841cc7de3c73d0f5df3b8cde9b224e1b1d8

SHA256
1c54c89ce43ea8fc319d2d4ecd16fd3c842634b56b1ac1b321c0096f13571b77

SHA512
c858d486b7233c479126896dc04ea413525bdcdabe7ae73cf905dd6c0f0eeca866537c9f9ad8dadc1c13f4302dc775ed7c4255fb5b07c0d39fa8f4e568407947

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
c53a7850f96efb8bc7efede78ed94fee

SHA1
1fb828c0019b7564f1048e8ca4241d3f78d142e6

SHA256
8ec7ca2e7b2a02163048aa448c8f92a3c128b38b4192115a0abb9409b0700e4d

SHA512
65f2b166a006f53d374ab381922032526c3d22000fc7dfe57f7ade51a9f272b27f1a389b42df4fa6bc922e22a5c0e0d0495255c8e9515939d8f9fcfdf8e862b9

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
fbf4fda763c2b342a57deb2496bff96a

SHA1
80e7f6fc1c0f44a1d5c9f1df97d063f2c9254b3d

SHA256
1b0201161bcafec58b0462922170f4e7623d08cfdcd53619fe31ddc12da52a72

SHA512
b80d8b1ba7032dc5b9d82155cd0ddc3107eed60c0cbbe9579c37d4bfef5105d98099abd38c1919fb75f13995af36911282c5f20215b70568876d27480018dfd6

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
e3f13c7d7678604e5b293f6672bc0ed1

SHA1
b16c998ac7ca1db79cd4983b207a292ac1d96e21

SHA256
486eb5bec4ec277ea7b334a0d0e431e5e62881d3462903e8294640edbe96b2e3

SHA512
b63bab85a373912587e78dfc9daf8b4168a223c7af08fb87de8140d66b9f35042052d2d25694e4ea7c9f2064107e5471318b6dcec39c4e3dc0aa352627fa09f4

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
8332037cbc28f9adb806475ff3a53c43

SHA1
f27d84c1d46516bd35b87329d09a98200121d4cb

SHA256
c9d22712e23a31fe7cee2cd0515d5b110c426e6512dfdc4ce2bf06dacc363866

SHA512
4269c984cadb575d7f28e0885454b20a8c63e43ccb879b2a93fa7bbdb0398c44ce835d29ae2a8643c63c5abba45857757fd09c63563cf6855bcd28c9a2827936

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
26d6df56a4370bea29646233bc4d1727

SHA1
aa6834a739af3b051ff518b7e484390fdb96b982

SHA256
90b0c266c03a0b61b6dd6bea911fcaac6357cc036818ceb8255d35a7996e5e72

SHA512
62a91965047a723628ff987ea3d4dca389797e0f3cbaae667317ed2f0fd13e164c276fea7f9a60f75e1ce94ee307d203b5b53d3af8e5fe6ad1df05c2dbc60180

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
de01dacd1b59b4fdfb4d115396831253

SHA1
2da4ea0aa532068516fd4777bdec2e1b0944932a

SHA256
13c5efe3dec588b7a24f484bcf7a0b6a7061aac6ee41225dbb1509174c5be4ac

SHA512
af8ccc7a92ca8b6537762e41c11b410a2b805ad7568bc08542aa956b86b795b3cce59cf7cba5e3b8e138da2b0697451082255089da4dd67f9a749a952341e05a

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
eb886199189954022aea34a6c948a037

SHA1
7784fb57d9fc8d691c3c92f36a01814d4402c131

SHA256
69b4b2099a94f1fe18cb2d678df32c1212dfaa4b81e3e575b988b6dd1ce3db24

SHA512
13eddf73d104bbf2c63ca29d2fd733b0a664e936978dcdb5ef3162a586ed4f205566dbf7f682ffc5bca360280529f4f35d4b83ce65aa3cd9a0e882731a53bde4

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
d7d55da4cd6461e6b0c011fc7a9a1e02

SHA1
15cd74296b4645d41328411555f8b598b00726db

SHA256
3dd500155c58dfc3704ae11f10d2a8f288f243b4a3009a32cda49199ba57c152

SHA512
6ed7ede08d0aea19066a75b42401b800551528f5ea7b85b4917a762297f46ab879e939c214bf201dd491bd74418de2477d72b29534c3a22287749f407969fa91

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
cdce1c52d2048b57308c46453d922f7d

SHA1
f8a9823077bd9f01dd88986ccdc9d7117207e7de

SHA256
c8eb09c231c1c3a4df7b5a33fca930ba8b0a0b1b46d0f8abb6c2388e51123340

SHA512
3c8bdcea372cc7b7018a819cc31b17be877c710b752744af5e0558f2730f3ed1200c7949aaf76004882ae3b7ea275a2ad8779e4898e15d38f1e6ce5a0e1d84ac

Download Submit
/data/data/com.systemservice/files/PersistedInstallation1832594868395336771tmp

Filesize
90B

MD5
c88621a2d09a6bace73840c4cd989a99

SHA1
a9ca9f9f7708b3034ebd134aadc609c8ce8f4cf4

SHA256
ca6ee1379b5091417ab2f91ac4b4f0cede53238fb4132e381f8726da9c9bcb71

SHA512
3f9afdf3e1361ba2071d2a5dddc865d5ccb91482ecc0893aa49a94310616934a7d598023f7a001abd029801160aa8aa2c0f0a5624d831d5966a5adeeac4e9417

Download Submit
/data/data/com.systemservice/files/PersistedInstallation5672992549259012494tmp

Filesize
556B

MD5
8cc0f4369e62bf5957a8f1356bd7db2c

SHA1
e5dc3d2108b5bc714bc7f5943ca8dacffb789ab1

SHA256
9db03d2f1964ad65f78f6c234727001fbbda34e583ecfbfa06d3959a92af6a21

SHA512
ec172d407d760b64ae70582a8217bab2625cff11e10ac35091d6544fa8ef3a1d49e4a7bb3301b949c6bc274c8a4999e76780aa98c125882e285cba029ab2c005

Download Submit
/data/data/com.systemservice/log/log4j.txt

Filesize
3KB

MD5
ddc42d2ab8add2a3d9c0bc97a9793094

SHA1
34f756e5f67545b3287376a8a3bee2ef984dd727

SHA256
5d107a3034dcc3e934d19cfa809b2c9fd526b11b4698d8d5aaa9fe433b59109f

SHA512
8a1a9651868b7306a6ed5d4a90a9f93e8c651885d0e1774aef6530217e8ee89dffcefafddfe855858877c1c1c34c1a45087da46db8caef113f0a52cfefa4619f

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads