truthspy | 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c

Analysis

max time kernel
17s
max time network
156s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
10/12/2024, 02:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c.apk
Size

3.6MB
MD5

0366ae0abf0ada8aed90322bfe07dfd5
SHA1

2f0779ce64f02944e87674745cb446c5bc620607
SHA256

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c
SHA512

52f50f2f847628b1fb498784660050a6f189d8c7cc520c0d3a06ca28cc35ee4961d0a3daca71a540e263ab930ab629b884c3ff187d4abcd8f58549fdf87f9677
SSDEEP

98304:mD/SWbGiowrvH6Odp/9hBbW+te6lXhAyHtu:mWWbGjuvl9jS+oSc

Score

10^/10

truthspy banker collection credential_access discovery evasion infostealer persistence spyware trojan

Malware Config

Extracted

Family

truthspy

http://protocol-a100.phoneparental.com/protocols

Signatures

Truthspy
Truthspy is an Android stalkerware.
trojan infostealer spyware truthspy
Truthspy family
truthspy

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.systemservice

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.systemservice

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.systemservice

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.systemservice

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.systemservice

com.systemservice
1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:5059

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Connections Discovery

T1421

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.systemservice/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
ba9ca55e39b73fbf7c63012b589656dd

SHA1
3967ea4e2c5d96abb34bdd329f7044615610ec7a

SHA256
fb51c9504eb39e36702b726313de37dc4c46833604234ab0e02797fbb6557c4c

SHA512
dc7379a8b0d6adb0492ee5a7a5cea509624e7059ce4f526c6b8e8f95c2311352ba1145b0bcc6e64524067c5ac13f5d8dcee9379ab281a9482cb66c3f85809d2b

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
a12d2c29d004693311bba7bab5d3dbb9

SHA1
7175a9883737c956584c5ab88ab795f01f682fbf

SHA256
c5419bd894aea5ec2385b7f14a1b5de05d55eee32ab9f8ab114b14aa5163d84f

SHA512
5de479679a307b95cd0f81dc15d2018a74374f21cc7e357a66c72aef12097a8197993b0b2d59bf753c56812f02bf6f0556af92ba76f92b066c4b0a0c5d090984

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
a6f7a1e7b10d568168bda33cfb4da33a

SHA1
36c1e5d744c74b73b4d6ae09e904d5882114b79e

SHA256
d4a8cc4d31ea69692360409bda3631c2e797d3d776a4dc16181adc99324fa3a6

SHA512
7ed89116b03ee54e4bcc123ba379d740173bdb11d1100cecc484b3bef86079d3195d910da2aff9f91a177c623cca3c91e34cc8e78014effbf0b00e4631758c3f

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
4b1690d6017bf8913df6403b1f21c866

SHA1
db7af6e6b6af92edad7a3b1af13302f16dc1d079

SHA256
d3659ccf72f4d0e3b871a70b2ea62d68f9efc01a1c7776cf03141d8047146676

SHA512
91fd9897b02e372fb34dc747024a10265aef3b3ac27c3e1abceef882f3740b3520e72abc56d16b0ba9bbadc53c09305d494afdf974d9b4dd90449b1eb1fa7eac

Download Submit
/data/data/com.systemservice/databases/core.db

Filesize
36KB

MD5
045489a0639eee27bca52f48828cd93d

SHA1
436e7966e7c019273c44faa4d8c5709b816dfda3

SHA256
0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

SHA512
c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
eb52a90bb70b76e946b62f50b6f7fb85

SHA1
42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0

SHA256
48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4

SHA512
b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
6406357c06fedc25eba0c5af51ab9ebd

SHA1
0af0322574c05d04fa9c3f25a5fe07314e299a5f

SHA256
ab65cb72b186bd970014b3cc62bfdca067fd1b5edbed33cb0f273633155d241a

SHA512
e3b4599b1bdebb5bb62d5fe8b3460b12111f6e2e768808e2a04bee06dc31cb666d8118a4dfc7f6b92474aff0c14743db8f03b7fb29eec2151d70b35c8baf2881

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
1aa301a524233f0edca07d0e34525f14

SHA1
f94200d7f2439d72658f5adaaf71dbcec7e378a6

SHA256
d1bb2506f75adf532f1ab7dfb94be867dc79104e1ead0d32ca7182d530bc1a05

SHA512
70a9f4d57603e2db87cf8b36c829d06704f6dc0c855f00ea23ab7b261ee8371a0fb32264d853aee44cd63fe309c45b25de88d26033977be81f4d26d6bf1992e3

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
fce544e2865f6c871f0c355f8ac79d0b

SHA1
6c9fb0879714dbd7e6b42a57ab62ab34fe562d51

SHA256
4da85400c4e2d1fad837afbfa89818de2cb855ab4fe947a5f80ad6861ce5c051

SHA512
9c695f12685c87050b82d538ecfbb739b40bc361e3e45789e98ac34b5b11a7d60c2813253a7c419d5e1690eee9a0771c0bce2eecff857d5a8120e3e092d47b8c

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7222b616f5a9b5b31f3cb79a44acbed7

SHA1
10b3f0785175c3ad4ff85edd14fdcd700d2ec9f9

SHA256
3adb3025291e72c612806b19e8f07e99d715b046ae59451776e17859d13cce90

SHA512
b8d284992d00bca9d522ef09166bc318d4d7cf500a7d98d978e3c206c60301b40cef83e1284f7a84ef21d383d314925b06087a3fd857f69334b484229be83e63

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
f871ff700510a56a54fdd56bc41b7541

SHA1
481548c8bc3254a00f497140278597b915460c48

SHA256
ab18f3bb605f3cbedaffc75b2d5a03fe21ab82179d268331ea907bdcd32c23fa

SHA512
12e3d348199566e137f02b63e4c8b4c722aa086128c0f1cea883d512075b8573d40d889d2b4452d9e3d9c02f523716da9775d93750c242a1a2d9e62f50f60fc5

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
ac19cba6696ea0d6539b39b799dc7bdd

SHA1
b7c6eea4b0f714d69996153cbbcb557ca2319dd5

SHA256
ef19a510caf91ddcc7eea01fbaa35f3ae2726b14267f0fc013b4916c4a6b91ca

SHA512
efeae6341b575a78ff74dbfb09cce2b88efdf13760357669720533b1e2fb0bd2879e60921a8f392b30da7a9c52479e0c398d2a7464330feb85d9aaab32dac681

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
8a8d26999f683ff0ca52dd8bd25b0e39

SHA1
4ba131bd411c3ad8418a3ee1c442b7b2c60bfa85

SHA256
555d8e4bf4568bc5d7c8d1fdc149d4889138a0b6711dfc26e282258765f98a04

SHA512
322afb2d9bfc84ea135b1173573971d54f0ab67aed6a9ee8b7b9076112814e70f0a2f32166e2fa526d995fa7b93e90affb8f4f65888a13ed92112bfd6d9ccbdb

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
f3cf4fa8dcd308d0ced2679216130f01

SHA1
218ebb794b61a4b0ca70ac1ffaadab779728736f

SHA256
2aa1584f374657d5eb5f5eec178402b312ce5040553d379af474ff3de58cab36

SHA512
acab5e18f7f54eb193e3c273398654c8305340c9dcada50c0206e7251a244a278921b4117b95b83e16874ba0bfa1f19b74d589a8e0d2ac269ed0b23251a6cc32

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
23e76c62791303772c4c854e3daaeb48

SHA1
2575f5b01df8f658768450ecbf4725b280c05bea

SHA256
ebba7143c0fd45fa1e03ce49439874c5460dd8526f2246ae4529e5839ea75a6a

SHA512
083a94700e71a3f84e063d36a673a0143aa0d8715eba153f767bd2d896c3be9d4ff66e7bcaa83f95762715656b7df9ac12fcc38ac33e1d432e1cc048e342d994

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
ac475fe65595e1a9031d2675176103ff

SHA1
9ad4e2cc472b1d602463dd91db0582f3b346222a

SHA256
50b72e74a79b361f723c67be40ebe201be757bc26985f64b54721d6a6c4c2a30

SHA512
1dbb8e190917c44443d70295485aad178b7093059a73c8ab4bbb3dcf921e495db2d8771887b597fd35f4fd38cf5170eb5f9496305416b677bb469f32d3697176

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
083645344792ccf66f841f052cd966e8

SHA1
c3985315915c7bfa2f787b78400ec626c86ed37b

SHA256
6d7d12c56ea2964029dc474ebd93149fe8b55006ca23b1b2c459900081218275

SHA512
b279054960552fc1cca0dcc0d5719dd2ea8e2ccf59f2bf040aa4bfc1eab46d82eb2cdea01ff93b6379e1669a56cb8743946da1d1b7c5599a97f710fea2102dff

Download Submit
/data/data/com.systemservice/files/PersistedInstallation3685860112294409279tmp

Filesize
90B

MD5
ae635906b710fe274e53a3d4deb9f3c2

SHA1
bdd7a43abe942ec2686f58b15a0cd91a906370b8

SHA256
4b6586096b8b7224cbe6fefa0c7991f34b2f8c987ab3ae969176de3729e24342

SHA512
b85aa3c950514c5c062f6c0fbd968d6eef1973ecdd807f63eb8f7958ae43ca1cbc255f75a310b36d39756234ac8bd6dbe46096560e34b810f71bc580434c6657

Download Submit
/data/data/com.systemservice/files/PersistedInstallation5760450480875366865tmp

Filesize
557B

MD5
f2405d68cc798b9f3eea44616bec87c6

SHA1
74abcb7c4fa716bbac4f898fb6074c7788919a5f

SHA256
f9989f238c9fa73ec2424b8b054a3adbac86a6055c6763138aad44700bc5cbbb

SHA512
782718ca1a2478634028ea04226229f680747d4388a068e640df9db168806a9ce23390a782b0ebff45c384ed636f5be63538c142faf45d48dd1ef6c315748140

Download Submit
/data/data/com.systemservice/log/log4j.txt

Filesize
3KB

MD5
4af25b1729ced8a52d195dc73897756b

SHA1
e4ccc8cd8ffd3b9c017370d4d2108fc87aa37f6a

SHA256
887074c3ccfb1bd73bdeecafe6f88ea173c1f85bf0d1c7c222cc04073d678ef0

SHA512
f3a3491bee0db21cd5a369395b20f00ab582d2d32e087c7ccb20f9f2f0596f7a98068111eacf61fc692ecba3b6e73cc57ce9db0e0894952fcc6df0738e2c11a2

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads