truthspy | 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c

Analysis

max time kernel
17s
max time network
134s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
15/12/2024, 02:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c.apk
Size

3.6MB
MD5

0366ae0abf0ada8aed90322bfe07dfd5
SHA1

2f0779ce64f02944e87674745cb446c5bc620607
SHA256

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c
SHA512

52f50f2f847628b1fb498784660050a6f189d8c7cc520c0d3a06ca28cc35ee4961d0a3daca71a540e263ab930ab629b884c3ff187d4abcd8f58549fdf87f9677
SSDEEP

98304:mD/SWbGiowrvH6Odp/9hBbW+te6lXhAyHtu:mWWbGjuvl9jS+oSc

Score

10^/10

truthspy banker collection credential_access discovery evasion infostealer spyware trojan

Malware Config

Extracted

Family

truthspy

http://protocol-a100.phoneparental.com/protocols

Signatures

Truthspy
Truthspy is an Android stalkerware.
trojan infostealer spyware truthspy
Truthspy family
truthspy

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.systemservice

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.systemservice

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.systemservice

com.systemservice
1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Queries information about active data network
PID:4659

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Connections Discovery

T1421

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.systemservice/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
f9d22bb548cb7f61e4aae9efe352c2e7

SHA1
637fdbcee42ecc543c9887d1b0a424699e05208e

SHA256
a745b913a8b1c54305303f6411c6a52789144661195cf9773f434f0399ebb201

SHA512
687bedb6a20ee9ef9526c218edbc977b51008277e5d4e7274a1cea406d3ce964e09f3df1ae27fc41483abf1fba43cf9b55f28d979120c06dee74d4f34aeeba2d

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
3836f68be96e40d874fda5a80b393c0c

SHA1
fe7208ed4b56361488752218048df7256e76a293

SHA256
94d326b22905a57800fef0222ac82655aaa40758e6883c9833743fca61f0252a

SHA512
f3a876cdcdf0654c67321741d0df2675112e35ee5f06203f3b605a5c2c46973f8b20c9eaee98393dc8985fe3c64f44cb1982dc88e343225000c9f2b433220829

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
02746e762a8f824cf52e6cec3176cf79

SHA1
6c5647d228edf03137c278fbf1252f34dfc3e26d

SHA256
091a09e7e13e1bb5658850d4bc44159d055d209f2af85be1981ef2479e67d9f3

SHA512
86ed1bf16deb1e6ef46b46a0ad089d76b38c672094ffa8ad8f1328c54f4c6af57ef27028f3139df8952838c45aada94a6feea4627f751001230a1bf6c1d00fed

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
ea2957b78282c4b7e2f2913e202e769d

SHA1
6d2f26466ce2449ce73d4d7bddf1154d061902d5

SHA256
b762d389b8a37d5b6dad83d70add2cc53e0cceeda99297ce84ca0dc025658e47

SHA512
caad3d027bc533329e5e40c69e6e0af3488a783f60e678b71bd5aa9f2dd83cc0f2873ba83f6205341f5a6d04c95244dae61df10c25e25b280c97b4e199e141c8

Download Submit
/data/data/com.systemservice/databases/core.db

Filesize
36KB

MD5
045489a0639eee27bca52f48828cd93d

SHA1
436e7966e7c019273c44faa4d8c5709b816dfda3

SHA256
0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

SHA512
c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d9cf75fdd1c2292d986f6c3d5d60f2c8

SHA1
07ecb1d3a26d952ae5fecf54f36699ab498510b1

SHA256
2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a

SHA512
442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
e5c2888a8699a3aa13b92de85db30e70

SHA1
d8d0edece10d1d1d40c1da75748956e907323e1d

SHA256
6c875f90839081b7a2dc5a07370d3463ba69bbac30d9b3695c88dd2fa9e37e62

SHA512
ea38312337096acff5165c77283627ca1d12b47565e1badc8024c136de2f20ef80010cae5037abebfe00b5606fa963fd68c3e26ed5446e4e6e459f25f3e79767

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
e813776f423166bfe1494d12b6c13864

SHA1
993423942c29d6ae083de6fe13edea6af79e5d36

SHA256
82606472f2c9fc0a0bd4481fff8b22a0addf838a0b2dfebcb0f64f65408bd76a

SHA512
90105d8c0d380ca6db2fbc8331cbd81b4bf27f487f87e93b3e6f067f7ad26efa397fbcd8d16be4799ba5ca460f74cf33ec29b39815e16d9cc721b90b40e9379d

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
35dd67b4002bb18a3571b0bd3a08630b

SHA1
391a116b85ff01efefa02975e77656e3f0c0eb30

SHA256
f426665260e16faeba9441d68315de9631614f3ffe2e349544341f18028b1872

SHA512
9a8ea82896148536c21fc149be12f2e583986985197ae12b0bb73c082efc2d38783fc752ad6e32b70a39de549c7903269f273a19307ed426ece914cdbcf29003

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
4bbf7c7ea7434f0f9ca724695748ec23

SHA1
4cb06851446f1fc41fd21787788004417a996457

SHA256
1497b0e0acdeb57900ad9ebc64c3cbadde1cfc1ab62b70737acc89b5f8ecc184

SHA512
d7532e0768accb03de68a4516d319376ca10b01c0df7364b828a21360e9a11dc15ab73577b73e04bb03c4009d62583effd535784158b3094ff7a499fc33b73f8

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
2238195eab25764b61f2d26ef6a720af

SHA1
d366efd0cc079f0f87d23c630ec8d99f90541731

SHA256
599d63ed390f7e8e81d82b379c9a733ffbf454bfa5843bd0c909737c8d40dfef

SHA512
478111185428119bc92f0ffa3b6d88a7c644108c4b1d9b14a53bea1d74278bc78e67752e41d464dd81e3d600de8b7a723d0c7fa0ce920250ffd26977f9fa3470

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
721d0076b1781ffe66a66d44b954377e

SHA1
7919603170a8894d6896342ebe94165fcf470833

SHA256
475ea8b96f073540539805f790b7346e12f346622be54beeb55fc918fe36458b

SHA512
072ae840d345f5c8561d801bc0d02bbc2347e75b6368a56dce35d4fd9699ebfa938f4f45e1be945c71d8bf4b9d3e52eeca9c687e184cfbe3862912fca6dcb7ef

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
a955223a5eccaaeb0f63aa67010e5ad1

SHA1
51777049ee412aa730046b5b6cf193dc0747bd62

SHA256
c892e5a2933878eb71ca90ab35e96d032d32bddc99e8da664c496911fd7e0cd9

SHA512
931e245f52732b104198a3748cdfb796f9400c90ae8eb9d3cab1999362c1b582c49c67b98461eeda7f44e332ca4e453c4e9ac2bb9363cb069cdabb944200c7b0

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
8b1cb56e0a28de07a3e74a2edd119d72

SHA1
e6ea6e0b15dfa5bff5f65e1868f70008ff66d768

SHA256
9015d384110912c8ceb73b369f2653d9c0110d71db0e7de3a9a5bb9e54e0b21c

SHA512
269d4adba8c19692f4267c41b8b2bcb8c89fef2c4c96b0f1556f91089546c07cacb0359fe166ac4d58d39a27651f662f7cbb889597a8bd3587c7b052e6293bf9

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
c864d354376f7c104b356983eaec7488

SHA1
6e3b29c6b09c735c49aeb893a01eb650792396e1

SHA256
5139c15a8e852f010f543b04d6e2ee489dc83674fa2b1e4e5df8be8920ebbe9a

SHA512
dc42a1a58fcc55f48d97351e872561295ab9b9d01f8f1604e70645000724c020b91de6d5c7b4b162396bbab1cb1e8cffaf595cafd83c245ca318ffce181b575a

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
9ff11f1bde583c545bbb3263a1aec6db

SHA1
725144b5775688867e39c1739261511157ac81a0

SHA256
ca37bc1a84b46fbe4ebf5ff40d2917a4a725d5f7e4e3c95c2cedd121d7d5e1c2

SHA512
ea9425a8648862d218403421051ebc1738526156c7e1d2b4a64b8ca2c5185492d4fea666854c644c133029c623904e83d61d51154ad6f4a93d6eb7490d6a9187

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
f146c77c7799cbcbc0344e48b0d6b217

SHA1
a7b7eb3ebfb7226da8442f6d13f881905553ccd3

SHA256
72bc373e21fa103b75696b1f865d12776be7d7627cfd33f5a991a9b9dd6ffd7a

SHA512
fa3214088695d4022ebb6f79b9722ffbabcf80a603f3ca8d63520220d39f79d9db593ec65bf2ea411793bcbe6f7beebc78cdb3b217777c6a282a3da16d2be25b

Download Submit
/data/data/com.systemservice/files/PersistedInstallation1620091092612274645tmp

Filesize
90B

MD5
f7155bf9b92a7592fccfc9db72dd681c

SHA1
030d06f66a1faf807b35d1da504570613870c294

SHA256
292b956048b85cc29dd0d345423dd3e521ea3f399928781eb060ed0cb7560e2c

SHA512
366bfe03b2f0b5602bb36f86b104f4400b24976c276ac40446aec33d2a3357500a235107f0c8a8e435643523478c9b6bf61257d31c0f958f3a8329926dabe9fe

Download Submit
/data/data/com.systemservice/files/PersistedInstallation5778808982071790519tmp

Filesize
554B

MD5
1ffe24abeb3dab86d1d42688b0fc1329

SHA1
4087062c76c1100121eeb835620c87f0ec34f9ef

SHA256
3f6b0def7f018ae4962694a1eafad68222a3cf70b5afdfb51be97b5af47421a7

SHA512
89dd2ab4460b1e9b5741d24da675a7e928d4d9b85aaf1b03c1f066a18c1b9a4ee076606729ee8da61b82c4437bccb9fc03c8f1ef469745f30f7dcbfbf1803a87

Download Submit
/data/data/com.systemservice/log/log4j.txt

Filesize
6KB

MD5
955ff620d03a9905ef44f6eee9f64518

SHA1
98c69af28114d9aa419ab90a5ead3a6553ede036

SHA256
48285ee627434730ed4b2bed352d9d0a8dd3f558682deb6a11422471e441c849

SHA512
3b578949e90c25d04e0b0f44a594a05ab334d8e0fd642809665f72ddd60e51312d45602139f645a2056c706800f7f2a516bd36b6e382f02178db64baf65c4284

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads