truthspy | 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c

Analysis

max time kernel
13s
max time network
150s
platform
android-11_x64
resource
android-x64-arm64-20240910-en
resource tags

arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
submitted
12-12-2024 02:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c.apk
Size

3.6MB
MD5

0366ae0abf0ada8aed90322bfe07dfd5
SHA1

2f0779ce64f02944e87674745cb446c5bc620607
SHA256

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c
SHA512

52f50f2f847628b1fb498784660050a6f189d8c7cc520c0d3a06ca28cc35ee4961d0a3daca71a540e263ab930ab629b884c3ff187d4abcd8f58549fdf87f9677
SSDEEP

98304:mD/SWbGiowrvH6Odp/9hBbW+te6lXhAyHtu:mWWbGjuvl9jS+oSc

Score

10^/10

truthspy banker collection credential_access discovery evasion infostealer spyware trojan

Malware Config

Extracted

Family

truthspy

http://protocol-a100.phoneparental.com/protocols

Signatures

Truthspy
Truthspy is an Android stalkerware.
trojan infostealer spyware truthspy
Truthspy family
truthspy

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.systemservice

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.systemservice

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.systemservice

com.systemservice
1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Queries information about active data network
PID:4574

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Connections Discovery

T1421

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.systemservice/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
0e6ac530b7592fb7ea9b2ffeb6d562ff

SHA1
9e20d8cb850a5f2d955bf36aea5ffcf71fe8d1ad

SHA256
26566b8a91b6969497fe0ead42e7ab426cf74ff9c2e90dacea9afc1461b1f7e1

SHA512
e7efad5cacf6de4e8cd918cfa9f6d2cb25677a6ba30aa1e414af69f629def14450425aa1bc65e3bb7e9b14c1ca045ef38378aadc70c61d2fa277844b3b9838f8

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
58b3dbe4a475ea32d6c91afa7caa7ffb

SHA1
4631b7887f2a689a87adfc86b1377ce659f5cf7b

SHA256
b76eaaf4a10aa1ba2a50ac38ffac0611978b687b60d7747d12b269ac4e6cafc3

SHA512
0553901889eff83f2e650fd5478bcedca73e702bd515708d175ea846786ec7c8aacc7daf737a894b046264196d237fb17ff7987b67514d4c4c3abe00ac53da69

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
c72b5fa3cba60d026f5dea89a8487024

SHA1
484ee99f632981211da43ce0d67b159b1cce07a8

SHA256
bfaa3070965e70af609e65389b6f0a9489e2c1bc0df5bd4f628477d739761840

SHA512
297a6a0901b9474d239828af369c7e6fcc2667c6dab0a8d631d4b5d5d48bdfcb996855e63a6a5d4f959f4779b576d98c9b6c9d79f333258fc9e9632b1e70771f

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
5b0724f401010c14cdc385be00c8ce27

SHA1
5b48eec985453b43b938e4f4549a6e2b80f1300f

SHA256
3b9a5a2af9e9f34ecc8a81226d2727ed736c3bf8fb6eafd7b3307e0dc1647403

SHA512
014a9a548bd538b1f27d3fd68eaa25b98eae05a7b43deef3b9f360cc901e9e384dbf7dcd8ba96539c807bd5a78543d32b061b03e707d20913aef31b0440d21b0

Download Submit
/data/data/com.systemservice/databases/core.db

Filesize
36KB

MD5
045489a0639eee27bca52f48828cd93d

SHA1
436e7966e7c019273c44faa4d8c5709b816dfda3

SHA256
0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

SHA512
c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d9cf75fdd1c2292d986f6c3d5d60f2c8

SHA1
07ecb1d3a26d952ae5fecf54f36699ab498510b1

SHA256
2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a

SHA512
442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
bb70852a815315660e3e7ea2413faf71

SHA1
06bc349a26e5bbe5c0f47c94b1da364b582e3418

SHA256
2636b1e830319863b1dea7513d4206d3feef80de76df96bdea5946359b896525

SHA512
2771c2c9d7fb537ace63b328c1324219cd50d43e77d13e8694ecc8e7376f2e9e62246717ffa7def1b811aa9d6cb74a64558c43dccb468b042392dc09a49de6b5

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
e94e5a32261850228ad952d876eec11d

SHA1
4f9a94391934fedcfc4b102a845e095180ba3a1f

SHA256
a8b158c29a699ee4c6b49ba9bb189edf81954b3c0c443189fcda09f07a8cc54b

SHA512
d3a6de158e6e03a16062f27220a1668b8acb751f465335470863ef4bea2cce99888250165accca776db95f453aeb78edfd2c4021fe6e32c15ae1e48547ed69aa

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
cb8f6b713f5940fc5490a87f703309d5

SHA1
8b0b004296c69f222d1a0f9d078989dacddf5157

SHA256
ad229c36b41850e77861c52bfff074ed5478fdd3d7d9d51df59f7e68ed4867ff

SHA512
11e20c536c62449ee89cb6a2bfcfa9d5a6edba5ad31307dcb6ac6b2ec7d40f19e8e821d580062ff2c5e2518d5dba513a470b338518da8c4da51f0f3b64b15122

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
4086a513100aafd62242c1e9e147fcdb

SHA1
4d78b6546559ee56164f4a860c91fa30386a84a0

SHA256
585a70e7b15218dfc5b690290f2577ca76835b1c405e49da4e7c81ea73315592

SHA512
0593b956ef96115c51e35e8eebbcd61aef92df8f9c42c60a498906475cedf8bd51bd2aa97901ebcba8ca51a9c0f6a01562b718474d3076fb42eafc6426a58964

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
2238195eab25764b61f2d26ef6a720af

SHA1
d366efd0cc079f0f87d23c630ec8d99f90541731

SHA256
599d63ed390f7e8e81d82b379c9a733ffbf454bfa5843bd0c909737c8d40dfef

SHA512
478111185428119bc92f0ffa3b6d88a7c644108c4b1d9b14a53bea1d74278bc78e67752e41d464dd81e3d600de8b7a723d0c7fa0ce920250ffd26977f9fa3470

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
ad0d49d5567c385e46d3cbf7fecf1e9b

SHA1
0987041e3bb184d8e2945c070e828507b77fb589

SHA256
74ae75079c0f0097e9d5009f21dddb5e6617289071a492c6064461dd751c4f7d

SHA512
78c10a4388c1863c2897ecb31c1497b35ad96a62eb56f1511543b4a1036fc76306af682f45195c7d1a1ac46717e5a7b6c9346bc65ddb08760cbe2880ea017548

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
f1653897be84324defd9917548c4a5c5

SHA1
1e7b4d07950d86cd32c78a5365bc4c8047833ebd

SHA256
e9543f609ef0f0f398f88b7d4d5b77ff80f2b622b253d630cb815cb1687534fe

SHA512
d0a699879c5be82a8dabc2a1f78b0c3492d27f55bd797eab336a48ee430ea9ca979a9547ae950b43c40ea026329a88cabcaff295ee1c0c816584721ca39758b5

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
1eeccc4107f8d2d2265ab7d13e141d3f

SHA1
d522270e0481bac3b1139d6bc5e9690c5f167f30

SHA256
5c2d6906b230209cc470537dd3635face77bae698f01bd543457b1375a79161d

SHA512
36e6fed1c810d6ff32e7462219e68ddb500c1d3f4b003e35580f934afb36323f541dde7bbe8747f6ae5a94846dc0963e8c5033881777003f5cc99bfbb168ab76

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
dba2946a5774a4402cdfb050ef7411aa

SHA1
89bda801a4b3b9aae82c28836910210b236fe573

SHA256
fb6eeb9e9a80882c5bcd0edcf0db6b573678cca4be5939b0cdea1faa4b24b328

SHA512
943e7071debbfcb30572efec5a6e83a3ac19cbf8fa8c6d98db95b34980fd36b121305e3c09e2766bc204333c54595f116405baa3967fa4b12b646be7c1e16498

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
fc64b899d965670b513008bf9a28dab8

SHA1
eba08b54e76b175291dd2ab82081599eebc5f4a9

SHA256
eccf6fcab5edcd12ff09b11c4390c956251553375e2719ab7cebf5739daf7daa

SHA512
87993e3b8f10cdbb965635a89a3725be018ff83e6b3f13e79d682cc6caddd7bfc0fc4a21462d2add6f54b081f87bbd53dc5018a2edbcf65ff6fd874961eb84c2

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
641150d8f87017b22ecb9cdbc004065a

SHA1
4b4a3b1d06f74d8d8a597b9db9a185ce89fc6ef3

SHA256
be8efa3951f0b51e4f70b57e633c313e7bbe5c6367db1e12ca666d7fbafb273f

SHA512
21d5dbc59dc7d2910ae03f07d74a923913d8cbe2f3340306423e4bb02de433d7ac0cde2bf32c6d865a8c13fce3bbf3922ef813a497768794b889c3abc5fa9851

Download Submit
/data/data/com.systemservice/files/PersistedInstallation4559759913965179869tmp

Filesize
554B

MD5
e30a848028021ee65a76920e3cc3250f

SHA1
fe8c924306d061220e66411f9058718d56673057

SHA256
7648c9de2c96e0f06c14eb2a1709abfa9500e68c60c957afb34fbd6c3856cf66

SHA512
63bebb52cce3ae33fd3c56eb733c449e1df733709f31f75683860913134bf86499f0d41d3f1856fcd49dbc40f3e53aecbe4bcd63ac739e30e1ea39604cb07fcf

Download Submit
/data/data/com.systemservice/files/PersistedInstallation8519715271214003724tmp

Filesize
90B

MD5
45931662ae1e1ed2efbbb0c1efd1af14

SHA1
3c7612f99551ecaeb8b0c0062d27a02d27a6cbff

SHA256
3397f6aadf21b9a4cfa50a465785eeb796bddf61fa38dd44cdd329201b9dc09e

SHA512
1e00ceb646e24e4adb6895cbdb25dc0b544550d3cd39d71458da4b9baff7037128f1fb831d86b4c3cda42799ecb8dc49217bc717ca44117e717bbd47107298e2

Download Submit
/data/data/com.systemservice/log/log4j.txt

Filesize
6KB

MD5
6c9f161448eda386da5448a5eba1b128

SHA1
1e90bd871a7c357fed9ed972e111f9441db21436

SHA256
d13a384504458f3484691966155e79b1a9cbaea5b645a790e5e73ac42e41894a

SHA512
efb3b0e28d304b05f76aa0172ad02f2c6d69f5165122c3089a04c7da01015fd2f5aecc079be91e375a60f3bab13659bcb5754ed819b425cbfb6301568e46fc23

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads