truthspy | 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c

Analysis

max time kernel
23s
max time network
152s
platform
android-13_x64
resource
android-33-x64-arm64-20240910-en
resource tags

arch:arm64arch:x64arch:x86image:android-33-x64-arm64-20240910-enlocale:en-usos:android-13-x64system
submitted
19-12-2024 02:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c.apk
Size

3.6MB
MD5

0366ae0abf0ada8aed90322bfe07dfd5
SHA1

2f0779ce64f02944e87674745cb446c5bc620607
SHA256

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c
SHA512

52f50f2f847628b1fb498784660050a6f189d8c7cc520c0d3a06ca28cc35ee4961d0a3daca71a540e263ab930ab629b884c3ff187d4abcd8f58549fdf87f9677
SSDEEP

98304:mD/SWbGiowrvH6Odp/9hBbW+te6lXhAyHtu:mWWbGjuvl9jS+oSc

Score

10^/10

truthspy banker collection credential_access discovery evasion infostealer spyware trojan

Malware Config

Extracted

Family

truthspy

http://protocol-a100.phoneparental.com/protocols

Signatures

Truthspy
Truthspy is an Android stalkerware.
trojan infostealer spyware truthspy
Truthspy family
truthspy

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.systemservice

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.systemservice

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.systemservice

com.systemservice
1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Queries information about active data network
PID:4521

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Connections Discovery

T1421

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.systemservice/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
fa128e32a221450251e24d6cf6c7821b

SHA1
0f3908df36e5fb50ab547c0f364de7af86392dfa

SHA256
d5a0474001bab1111a134c3877989a463642cc8f191316e6eea843f2f1d9f015

SHA512
7179a764bab8d2c0b675b25b5ef7ec0b885c1075d25ab5a37928f1829bfdce073099a44727d36ee59cee84509318105bd4da28871aca6a85301ef8524e84cadb

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
e5e5add0fe0994b6805824ea6e665084

SHA1
904ec176a9057bb2d0329a93b61cf56db502ae3c

SHA256
bffbe8abdbc2281a4e081f9d687d07ad934502e1059f1ec780858d868943a809

SHA512
55495437edcfab88d420857fe9dd38e7b47879c7903397dbf38b4bc9d8368e19269ef5555e9c8bf278707e98d888c3a43fca565dd04702f2e6d5cee8dd3b2a06

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
c3b14fc2f7d6ddf769bb150b04401950

SHA1
f10a08ea53db59cf79c51c62f831c23f2f4a8b79

SHA256
730471995f1f706ca51aa25a0e3569f7a46184a65424d9e8f82f50d05def0856

SHA512
3f6b53f17f8d3a565b8589ef2a81f6b9930af841179517d9666894bb202936a69372bd61d986822a840bbc35ca5a2ff530a346cb538e5b241e93e57117407c17

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
3649b55b7d97ebfa7af874653a46de92

SHA1
5faf33a85eef7eac3ee415b8864e8776998b448c

SHA256
2668bcfe7d24279dc5a665b40f020b3efd3be5183cbd06fd6b4b495c2e87079a

SHA512
b8e35e38696262b72a41fb26a57d548eb591c6c2b0826bb59eb51266d9275b56b35c24c40428ccd1edab69aa0e987279cbd4d72cd908be872880c9d5998054f2

Download Submit
/data/data/com.systemservice/databases/core.db

Filesize
36KB

MD5
045489a0639eee27bca52f48828cd93d

SHA1
436e7966e7c019273c44faa4d8c5709b816dfda3

SHA256
0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

SHA512
c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
62ad4a05cbdca7f47b3206b7dbda487f

SHA1
4f4044cef7b7b1e5c6184ed9025267fc92bf0cd3

SHA256
18b909096c7c61d51ab076ae8e562effb0d4ada28e2a4ecd0e6b88ef58f6b2a6

SHA512
0936531ed1b2b356a247123200739a43cfc765469ab47a424dcd6e3d1176092a212b0a28591d07f8c2d0cc9d2e0eeddfcea8dde314c2f9343783c61075b071a6

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
9915aea9c7afe509123215653ea8838e

SHA1
63feaab11eb2c91a91b82048c5912f599f916dd0

SHA256
121c5a1dd3aefcc82a9dd11902bb5e9d3e5f6ea677b2efcd5ee4fc04279c7a28

SHA512
220630140dfecb814168799ec73656ac9566453fa399725bae7a949c529e4dbf1ddf329b3f1545bc1e51a1467f7bde58dffadcfd229f059202c89c5ec24ae03e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
74194cb1a052fbc8b6d35c836e186466

SHA1
91c4af90a908645d5d6e17308cbc4037c37074fd

SHA256
fa89913636f51bea968411a8ef89475d6c8c28a2ba5b06bdd335423167dc123c

SHA512
b80572a6e8545fa37957d1f2b8754f1bc6585b567cb007ff4d45c2913b8216fa92fc22594b9e8ca322a2d37f022dbcf777e43f9db87a361f2968f250b3e22d86

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
ca10104d761de7805981e0a3164d8910

SHA1
be197cc88384744c047e300017fd99a02e57b48c

SHA256
b2b98c33770ffad8dddc801d64af123c9b428266ed368dd4c6e5ea180be12564

SHA512
8b01f730713d0c00d80031dd6c9bdc3c93d4ee1d1ce09c6b14c33c06e36617fc320978785e5e9722cd60c7f4d2ba74a518b8310f4db9ecef29bcdceeeea3837c

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
f9448e001e5aef52bf35243a3343f3dc

SHA1
1e52c488d6f92745294106bee7ce6a651526e5d4

SHA256
d80326782f5c4bde0bd79bb296608ff54982d61e26fdc838ed4f653f04a79694

SHA512
7f74d2e68edefc21926e5130c2af504ea2c4cbf8c84a745d482749c3c818ab6c4c4df106967a9e2cc377f68b4db0a8c60250fd5c57f02e201b702f506e77faae

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
e3f13c7d7678604e5b293f6672bc0ed1

SHA1
b16c998ac7ca1db79cd4983b207a292ac1d96e21

SHA256
486eb5bec4ec277ea7b334a0d0e431e5e62881d3462903e8294640edbe96b2e3

SHA512
b63bab85a373912587e78dfc9daf8b4168a223c7af08fb87de8140d66b9f35042052d2d25694e4ea7c9f2064107e5471318b6dcec39c4e3dc0aa352627fa09f4

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
3b58646c225634f4388c554d81f02f7e

SHA1
86db6cf9a42f51ab97af7e80d6067d1fa90d0cf2

SHA256
93b6b838dcca25a1d4a45a10a079b0edd036008a872483d37be03c10ba0256d6

SHA512
6278650399c806fb7fe042c220e9fb87d6356df63f3e51740ac2d7d13b64382ee3895f9fba6debf1a641d816bf5404f4fb5436696679c0d18c13731032e92749

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
9754b1832738e5bbda8cbb8472c4b4dc

SHA1
99659e3152076501a684094c2398c0d8ed50d660

SHA256
b68e1b9579e0e2a7a8f24aebdd1207ca5a256357e1ee96d6659218730e985d26

SHA512
e5d02da11868c32393e08a0e8bbf7a9c1413f3dd0ec4c1eddf7999d1df2a29e234c7ffa8fbb46846a886d7b095ff47295ca62ef7e646c73a7813e87759574419

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
0310457fe319c33e9b79281f481492c7

SHA1
7445b1ded4007be8675b8a1936d984f1842a0bc1

SHA256
910e04f7c49c462b63e14eb3d28beeffee290b7322358fd94a1dac3d044e5c97

SHA512
9591dd229c4e5f880677f14c5ba3e4ba44f160b6e71518f553d1d1422b971e4cd78be0720c966c7a7aa7e0dbd59fe6930fbebc1b39f305c7b1a07653c4cced17

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
82d5d3df06a61cc528ea36607c2b1fd0

SHA1
8a5df69648158116236f7931f3c85212eda69786

SHA256
165bc69d1792c8b17421c1b23904716c2981f22bf49d8011f0585845207dba82

SHA512
5f5c51575b367f25b8135121f02d56b4c4799916c22c067670c0ee2a3b64eb357ae1ea959708b77ff246994bb294f2e0dc0e9f64f1071f695489be45d6ccf585

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
dc251636adc13678d7b01c043950b5d0

SHA1
c3adff7a0fe3c85dca80fa76e455f9cd127340a4

SHA256
866531d5a16143ff5d576e6fa6fb5f64b1ae5e4e1510dc47e0cf728b17552728

SHA512
9a306e75c72d2bebec270812b54a7fadfde3d10a803e3206eedbad38bbc48214f93e0bcd0347ad20623a9440f762b1a6658ad8681ce34f2891433ac98b569e77

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
919ec39f6d8cfab3261e2315c2276fd4

SHA1
5da646c86677de4d0991b6a1383bbd29e2964029

SHA256
9c8eb8e59db9805d3fe1ff3814584c07aff264e02fdbed69c650e1446ad08105

SHA512
816545f789025111ec89d4a2a20dbd60a943dde58632b98ab66ca17a8fa6a0c38f807e2e3d93fa279f7b827d8c580317fc4fd60612022597f326f5e877478100

Download Submit
/data/data/com.systemservice/files/PersistedInstallation7114262321032025273tmp

Filesize
556B

MD5
73ee630d1dd1bd7594f40d94b51ebaa6

SHA1
1a27a0c2f6dae88be7b8637535453f4868bda811

SHA256
b47a7b876ff17683972e5a4b0836806c9d9fe3709918d7c3319587ebc20276e2

SHA512
06de485787d9ba864d7ff6eb23eadd555d0332b506cc91cd82c82c2a69643baec1ecd729e59d9a550f4cf4ebb19e90cd12a7bbb2c36a040e24a65d0065f5eb02

Download Submit
/data/data/com.systemservice/files/PersistedInstallation7907209672428303394tmp

Filesize
90B

MD5
bd7bb92e4c8a8a2d36d760f4192faf1d

SHA1
c91328454f5358a52cf0daad5f95030de51beed6

SHA256
0832ed7c192c3e2585bc41a3c8f27cd39b397fa942f47b5d1ad58403f785a0f9

SHA512
539f9c0976a214297edb37f2778c29ecc621ed7f0f4f06f4a2c78c988bfefb73e2e90037a46bd8337e9433c8715fafea206faee3f32e1d282997a91cc8357978

Download Submit
/data/data/com.systemservice/log/log4j.txt

Filesize
3KB

MD5
40f60e12b21a4422c80bdba3b406f33b

SHA1
8f4bb3dec6c35851330b1decc5a6ffeb4ec72b03

SHA256
675942c03542b11769e0366ff5f8a1af0046b0396e582fcaba32714ef733039a

SHA512
5f0a8e686ae399524c9cce2097add1a56a9e737f2cbdb6859395d7db9f785ce8194fc199534aee46ce3b168aeec0c38c1b9698535c72ae41181f1557176e7f8c

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads