truthspy | 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c

Analysis

max time kernel
13s
max time network
150s
platform
android-9_x86
resource
android-x86-arm-20240910-en
resource tags

arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
submitted
09-12-2024 02:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c.apk
Size

3.6MB
MD5

0366ae0abf0ada8aed90322bfe07dfd5
SHA1

2f0779ce64f02944e87674745cb446c5bc620607
SHA256

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c
SHA512

52f50f2f847628b1fb498784660050a6f189d8c7cc520c0d3a06ca28cc35ee4961d0a3daca71a540e263ab930ab629b884c3ff187d4abcd8f58549fdf87f9677
SSDEEP

98304:mD/SWbGiowrvH6Odp/9hBbW+te6lXhAyHtu:mWWbGjuvl9jS+oSc

Score

10^/10

truthspy banker collection credential_access discovery evasion impact infostealer persistence spyware trojan

Malware Config

Extracted

Family

truthspy

http://protocol-a100.phoneparental.com/protocols

Signatures

Truthspy
Truthspy is an Android stalkerware.
trojan infostealer spyware truthspy
Truthspy family
truthspy

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.systemservice

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.systemservice

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.systemservice

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.systemservice

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.systemservice

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.systemservice

com.systemservice
1⤵
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4335

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Clipboard Data

T1414

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.systemservice/databases/com.google.android.datatransport.events

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
d3d09b4bdbb8d597fec470d94b0d8a05

SHA1
98c78bf40b69f02224500796091be2fce9368fd1

SHA256
134e976461f106e3deacb993aa13bca1e36128b0b7e6b380b3ca68cf403b45ec

SHA512
b0d2e65388ce776d3a36b31da352f3f9c20621c196bbe3e14a3e29a79b163a2f018fac264644faa2327935f6a660999edb66b783ac1cff45c1979a0bddf62c99

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-wal

Filesize
68KB

MD5
40a8075fe033a1a0418c231581fb2754

SHA1
0eb28d0233125c4ca3711747e9a9f09bbba3d0d4

SHA256
84511e1685520639fc1a912ab078b7e6d4e8f408d2c1f8f7ab35f53ca58a063e

SHA512
a014b2932cc8b0c8c1c0ccfb16d3cec601793acf9e8909fee61da2afe918ab973b455217b9863b3fbcf1504d530573de8ad7d3b1f7d32359c78c69f539504ed0

Download Submit
/data/data/com.systemservice/databases/core.db

Filesize
36KB

MD5
045489a0639eee27bca52f48828cd93d

SHA1
436e7966e7c019273c44faa4d8c5709b816dfda3

SHA256
0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

SHA512
c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7237409e0640cfab7bdbd429bf821a3b

SHA1
4c3da934842f8d4835dfe2a9c275a300e5123309

SHA256
5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

SHA512
c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
ef03cc2598e09194f77eb92b730d2f28

SHA1
6c962adaf7b73df37c0a1b537131d65d36760479

SHA256
7841463d782b4515ef99d584198c050c84d0ddd62c20c1b0cc9c99ddf00fcf00

SHA512
32c93e591b56c4338e735c924f5af819d800cb1442f26f881b961db62aad2b7f84872c0c6dbe9eef0ef5ed8f1c06ab9387499390efa7497891cabadc76314be3

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
8653d2c7177b959e011e1a609118c8f8

SHA1
ebd3751f0d7c1e610bb8d3099faff36a134ad685

SHA256
5ef880b282a5ac10c68b0ad5d473bfe028c685feda5aefffa7cb8d6bacc5c532

SHA512
703c376c127429911b8fc6e463ec396b884f3609fc7b6796b61a48a343187ff6eb74417f901101ce4a4110de164604a17b39da88952c1055776e64350214dbf9

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d4edee343b6e38d550b08e5b5067b19a

SHA1
e750a8b90d3b31ecd199f6e192990db6240e2d14

SHA256
73460b59ad78da0ebe7c777cc6db7f40d192824b98d77967c63fc702b8ff58e2

SHA512
9c5063261e4e78ee0fd508e10fc3b484bfc76feb2cf2caac4427f911e03d337facbdca443076add0cf4f1275fb568a1441a36727d9435eac47417906ef91d19a

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
aa45a8d5fef76811e7788cd3ffaf3408

SHA1
f26755a3a1dbdecf9deb8d1d61e95f6eebd0e9a5

SHA256
6210d907ab7dbff8b8e74793d7d74cb2338fc0e1d17d4bba2cd0611c9812e908

SHA512
7c9659df6454b744beafb0c92e4c6689ca5f46320877b4e54548fd3be8648ae57accec4b8c2f76725e79e839299312943945669f7cb6d32f7ec1c2bab3ae5c88

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
835cfc7decf507cdc5e54f602e3f9699

SHA1
4a55d424cb32e766554672cb2d0b3804fc47552f

SHA256
29257dbf2b37d226ace65bd68d001398801235d93ed830a35435bd4bab4de852

SHA512
2ab470c2200d97b545693a4cdc661100e46b0299f3d3890773681bc5f22f29eeda6b6a83a5c627fa22119726f3ce78d40021362a3f018a4f3afb4a08476c253d

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
8664510715fafcb5d014a1a7dba2ab47

SHA1
066e60600f9cd0bfe0c18bab21c28395359cb97b

SHA256
a60fac610564a722188842014b3411da50cabe842211dcd3b798bd9d5543caa6

SHA512
dd67b2c53083cc878d73b074ee66dfcd36cbd5d1444b11bc1da0e21458b2f62ce324cdb6dc862cc5dfc5c9bb9685e52e6c7a591f2a9cb8aaede9540723a2ef2b

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
b575873156362bee49f18cc6b8c8d636

SHA1
e1c404a126e5a2dbf2716e0253ad4a3d70e69c10

SHA256
067b12194f252e26baf7426dafa51de4153db393128c85dc7e4f3795d059156f

SHA512
c593d1af7b72044119696799358f7dd15c1247364fd169d50606a1705e64298e39a309e7f1c6479f5b19dc2a8e972fc73d2d7ec2eeec6d5ecf0215b9320d7263

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
b42a02b3c8ea4f81a81634c0dde43e1f

SHA1
32b0a48f4d3908ece647f4958a3f70829b066725

SHA256
98840ba8e066bed3764fd5e93963bc611e4c1c0570cd2a23bf5c7a2527caad2b

SHA512
186f00dd710e41491e6876c46ebd83625a691b811666b6c4fcb985ba9dbdc3895fe0c698270f7a67746554d62f0fc37e80444aecc01b82f1b1214c107d9dd0c4

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
d1bf1a2768037c5afab3284a0e631829

SHA1
d19962d7d2b60486c81d7c3280f6e460c17df139

SHA256
dcc6233ef18560b925ed655c656c6fef5181c2bd7251949e50f13e9d129a0b73

SHA512
919e8f10e0f01302e5b968bc0e84fe9ee294af98105f8c05db345f1f680846cd3fe0fcc26e2539000b2a77c1424e674ffb9914d1b6bec4804a10888ecc881f05

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
2dccb6f3dd336ebbcd2ce95f3dba9e24

SHA1
a7750ec5a37e728d4255677248c3e8d7b97fffd1

SHA256
99230021fe2976804d7170d871175a780aa2ee9e0bd35c00d2e2aa2e09c133e0

SHA512
f61147e6b11543ac02eda322ca27d494dd1af395662598d46bd0fb8e569727d72d418a8b27c4e9f4f04677d18e0c58302bf8789abd5930b72cb866aeff6e737c

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
363a00c04d2105a8aecf20c0da7d6dcb

SHA1
25d497dfc9aa7e38ff2fff7d2ff13bf25a9de6a4

SHA256
9366a9bf8b090d38c6f4b1324dd61512da8d9dbfc6a7917ec9fa4820335f27e3

SHA512
fbf1a0407a7c26b19fa91741c27ca8ca09c785af4387f24dc91f6d27717a686be158d65800850d4c98891668ce99e66b6229f78ff77b51b8497fa4978c341ede

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
9d8e88c35a4a2d75bd27a224eb91d6bb

SHA1
955d95e82ba75a0e5dfb3932d97baf10537616b7

SHA256
baa0af4231a2bf396c1f22ac76f1f63e2b4dc35ddef21fe0d31410b50ae67806

SHA512
b2012394da6c34471abf209a8fa138107b60151f8acb3eeaca766864bf4aced0d4d1b182420f7f0a0f1257291855b0854113285e0925f27f33b8df14785fb154

Download Submit
/data/data/com.systemservice/files/PersistedInstallation4324223216215634482tmp

Filesize
555B

MD5
aaeb0f982e086d09cd7af7980243bf3a

SHA1
39955d6d47b666f372c37fa8da2341e4df437326

SHA256
ca4366567432f9846df2c1e2a9e9bb0e70911bafec356d4d8b78f29954d2f28c

SHA512
751a4a049e724b6a95b33c3fb527f1a0f01d31c687305fa74eaf9dd2f50b108d1d82376a2adf91e8c375781637e77d75d6240e25878f5d455bf0d5b1a97b3b83

Download Submit
/data/data/com.systemservice/files/PersistedInstallation4559693870047415641tmp

Filesize
90B

MD5
7f85970c003d4c45f708bc2fff5ce39b

SHA1
65499485451fb309b235700cdf89fcb156087b79

SHA256
db1be5b83c5d18fbd8b7fa5c586c110b1367ef83e630ac518c1edd5042a72d35

SHA512
b3fd1c36e4880ed10d8d2c1f000a86b1e304cbe2a854d6eb96259af1fe76d9f3398985bf7cd91f65d9537e776786c30bfc251265101cab28b8695890a6052f7f

Download Submit
/data/data/com.systemservice/log/log4j.txt

Filesize
6KB

MD5
a3e842bfd39c9676ba13095f74d1d08a

SHA1
1a4512fc4f4712e3d4b5a79bce2034e80dae6309

SHA256
9e78f959eab410e560b2b12f2b66d4736a8e320726fc50cc9532fa750e6249e1

SHA512
403e1e66d0b388ffcdc4308b90052bc78ffa9f0f7054bfdda81622db459a6792adfcf3c661ae8d993df25b636502c6c5ee012215fbe7bfc67e3738dc44ef4820

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads