truthspy | 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c

Analysis

max time kernel
18s
max time network
134s
platform
android_x64
resource
android-33-x64-arm64-20240624-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system
submitted
17/12/2024, 02:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c.apk
Size

3.6MB
MD5

0366ae0abf0ada8aed90322bfe07dfd5
SHA1

2f0779ce64f02944e87674745cb446c5bc620607
SHA256

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c
SHA512

52f50f2f847628b1fb498784660050a6f189d8c7cc520c0d3a06ca28cc35ee4961d0a3daca71a540e263ab930ab629b884c3ff187d4abcd8f58549fdf87f9677
SSDEEP

98304:mD/SWbGiowrvH6Odp/9hBbW+te6lXhAyHtu:mWWbGjuvl9jS+oSc

Score

10^/10

truthspy banker collection credential_access discovery evasion infostealer spyware trojan

Malware Config

Extracted

Family

truthspy

http://protocol-a100.phoneparental.com/protocols

Signatures

Truthspy
Truthspy is an Android stalkerware.
trojan infostealer spyware truthspy
Truthspy family
truthspy

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.systemservice

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.systemservice

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.systemservice

com.systemservice
1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Queries information about active data network
PID:4346

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Connections Discovery

T1421

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.systemservice/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
111e08114e97d224bdf9422c7566d7c5

SHA1
d7cf7f6bb8afc839cdab1d7f2f49e58129bd0f77

SHA256
50628a2e6767249dbe7023f9195300c184e4ec3f25167f14aa4900bb13d9967e

SHA512
b52fcc686a6bb17451a389cca51b670603e0fb69d71b9aa95255274326912aed1d44d428f38041fb6dc30f6b7cd4d9f4c46507c01d54273a1bd3f46769386a0a

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
5cc6ad65d6629e02ecf8e6c8e21aa87b

SHA1
b2b58fac59f331d42828c02c7bccefe9857b3098

SHA256
758cc7fb25a23caa77d8351815127c4b33dde0e6efb943421052d2956c387d73

SHA512
828075beca2955a8f763d65eee0dd4c035e6b05b5664985ce01b399e31f6d40237791837acde695f34df51e00323d332aba5537f23bc3ee86839aa8142cdedf9

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
dbf68d7900312f9d3902309a187105ab

SHA1
3511461f1ea7802c0f660ef982b261b613c9c03e

SHA256
58d4f33923e7b8f6c7000ab075c668466102436441d20525cd4221f18b942264

SHA512
c3b85ae6354c7b5b0d1909d6760f5fccf5eba2c5a248691af0cdf05e870b2fecbc331f61f41a752ba2dd7ae3a11b7ba6c8f61d9af11af13da1fabc57cfd280f9

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
57afe56ef2f6f1a6d769941a484f1386

SHA1
3ae28a3668252ce21804fa4310eba04934e63d7e

SHA256
50513f73119ead4dbe445e1eb2a61aac497c78dd9188e2bf1e64e0e0ac56c414

SHA512
515bc6f0a15e97809267334072e3ec29ba58ebe0b10d55de51b4682430bce3d7937615be509873b47b033e9ccedf6b423a0980586110c76d03aad4cc82355439

Download Submit
/data/data/com.systemservice/databases/core.db

Filesize
36KB

MD5
045489a0639eee27bca52f48828cd93d

SHA1
436e7966e7c019273c44faa4d8c5709b816dfda3

SHA256
0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

SHA512
c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
62ad4a05cbdca7f47b3206b7dbda487f

SHA1
4f4044cef7b7b1e5c6184ed9025267fc92bf0cd3

SHA256
18b909096c7c61d51ab076ae8e562effb0d4ada28e2a4ecd0e6b88ef58f6b2a6

SHA512
0936531ed1b2b356a247123200739a43cfc765469ab47a424dcd6e3d1176092a212b0a28591d07f8c2d0cc9d2e0eeddfcea8dde314c2f9343783c61075b071a6

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
b61b38a91bed3436132e14bc541f2f66

SHA1
2f1c32be437aa9e982128b7ab83d4c37b44feab8

SHA256
fbe716a9795a0eacd8effe66404d31ed24856700c9fe3bfbf391c16e444bffbc

SHA512
19e70678c156a6cca7b21fd144a7666248f7875613002cd87ac1a5584fd6cf3f5b931cf8327dd42e0833ee7e0c3c277dc8239bce1610fb9c5a9ae18a21a4ac00

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
bc41972a77b27ef10f9444b92103c68f

SHA1
68a0f2a1ccdda4bb6eb358e02155993e492e2e16

SHA256
b34274fbec5f81c089e9b5b92e2ead73ba3278bc9f25474b2e9544664fee7f29

SHA512
b0c281fb7bbf998abc2c88636dbc28e21609b926b3f25e8aa5c04534a5b636a905fc387655d083d9d3d39e2ad392e0a0499b57b1bd7453b7fb0900e96e71e492

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
179c427555c3cd111657aadf9c0cad12

SHA1
6ff62c8ac87c881488e0cb5850ced4114202adc7

SHA256
3b6b922ee8c75cbae10391d09b8ada9908e740656cb1d5e1b8c3e45a55761fd2

SHA512
580cff3be2861016cbc1dec44a0f6d475e878edf39e5f8f605f4f42026302e6bf512cfc7cffdb89cbad60b3f8b97adaa46cc64baf6d11092c214030ad059be34

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
5972a281086ffedbac385f047e5e5226

SHA1
22f0b2b03f75341a997790ea20171246459c4aba

SHA256
c86073f377a9ca3bfa2b3d8477e5fe48b3ff889f9e2f795ba0168e38e3d8c1ef

SHA512
b8f22da5995779ef34e65e924d09235e578af4f9c2031eeed3715c76397cc82016198270404100498a8a181a96a3c36bc8800ce219839c5aeff0d4da545b18c4

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
e3f13c7d7678604e5b293f6672bc0ed1

SHA1
b16c998ac7ca1db79cd4983b207a292ac1d96e21

SHA256
486eb5bec4ec277ea7b334a0d0e431e5e62881d3462903e8294640edbe96b2e3

SHA512
b63bab85a373912587e78dfc9daf8b4168a223c7af08fb87de8140d66b9f35042052d2d25694e4ea7c9f2064107e5471318b6dcec39c4e3dc0aa352627fa09f4

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
d4f559028628b643019e7a0225a794f1

SHA1
a7eef7ffb455f2a41b6a976d8a41fa9574879441

SHA256
4eeaecae183a4d86ffd2f56c99a4f4a559029ef7023762d06f5e25444dd1c91d

SHA512
08c480c02774bfa31def145d1c313623d05d89280dc71f7e5ade891a7885c019e494f84f03f0b19b206fac4a95df20373ed01af5fd7906f2c04a508de894c97d

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
240334c59870b588b65aa2e074ff6d80

SHA1
c163eb56616e39f0b63d2b700f45943382436053

SHA256
0dfdf2bc9aa527102c014d16fe00ec018160bf9733fb066376ac38f280e8c80a

SHA512
07400eb3840a826add3be9a2d2079bcd10927d45037335c3267e8f1ef6e09bc21eb2ff13682308c13a470d2584b52e89b990fae5af35b2b6a7a6b96aa1e78d24

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
23bb51c1d1f9d03941527bd32cf2cc76

SHA1
fd7985e6262e7009a61186d9aff0c608e5ae041f

SHA256
da4c125ca7680eb7c222b25d344f932a215947ae62b8a9172aa0327db4171597

SHA512
d81c7d8af91b50bdad4f213e58037cf73827be43570e473e984e50d4e877d717edf84556c09dd70e98581ed1d534e09a84b6bf78b45f2024cac2e5f0f49db45c

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
3f0be89a47e7b325e2b4f7bd04896f92

SHA1
200de79e2a02a418cab0946dd7b786c1e4b733bf

SHA256
d945aceb667e46ac66c6c3928a414854a7a20e7ee8ad76b364aaed2dbf409c2a

SHA512
be4fdf21f8e87e7a7df5ae9a53f724728bcde550f248e7ccdaf09e90911ac806b503fcfc2938fc6465634eeabd21690c98404205682a65ba0070c2dd62762907

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
2cd57ba32a64b85004f24f9072299e21

SHA1
083d8607130505d26ddd78f6a78068d618825b75

SHA256
c63a692f31cf19b1da063214a910120b324fd5cc64569304d9708ff7cc747d5f

SHA512
0f008a38e3615a20feeee61e69061eeb41be2460343f3207dfe58346008fca2ee8f91dc72c382c0b6759cf4c81e24873c07e78eba249f25a828d5a8fc50d9f50

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
2da61ce17698456f4bc7f5e7809b9e7a

SHA1
f6a152616b06b2f3240efa4eca894d4dc0463e45

SHA256
29a62759dc5f56d605ea9da14b1fbbb22d1e576c1e3812b3132cf1caed1cbb8b

SHA512
3ca150b60adf62b5bee280717f64c098203f5a3bc9892087b4a7301be5ef431500d200d97b59caae2c3dd5e3fc6c080025ced4e8406e50488a58aae0849d9ad4

Download Submit
/data/data/com.systemservice/files/PersistedInstallation4016562125837048832tmp

Filesize
556B

MD5
3d1a02d70165bee78c23b53faf0a7c6f

SHA1
8ba9185be1d6f86c6fc05b75909fc87efbe77dcb

SHA256
09c57b9f32a2e0fa9a7510f407762d4354a5df7fe9d1c19fe94b1baed695d919

SHA512
a90a56708965fbb14bc114404893435d83927398651efba64361462433f0921d3d1469fffde513b41869445f1ce575d0bec5830c92a106a760526acfd7bf436f

Download Submit
/data/data/com.systemservice/files/PersistedInstallation7870855128443790981tmp

Filesize
90B

MD5
af1a27d46c1c08e72ffeab2ea2928c5e

SHA1
5e932c49e4b1f94a604857f9abf4007fd8e4746d

SHA256
34162405e328b37632d3d03a1cfc7947f8f92ab5a74417c1515f555a349d7d8b

SHA512
e43ee9b4078da12112332e30e46ff69d7fadfc82678d0048bc85da60a394c115d64de312cf8e1c58dc747f4b6e11c5e3196d87a2f13eb346458871b95ea3e772

Download Submit
/data/data/com.systemservice/log/log4j.txt

Filesize
3KB

MD5
65585493efe24d46d81ead4a30689fcd

SHA1
a1781a3983939d95f8dc302ac46d00545899f593

SHA256
8d5cc0bda781958843a75dde07f789d3810a45b88b7d898af2045b39c1dc60f5

SHA512
eac49686435bf3cabddd594a7f4dd054fc2386a76cfe6b2b61ce070dccefb661e6cb3e05b833a5852aeabb887111903c801c31c853723563126853d13d0fdc5e

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads