truthspy | 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c

Analysis

max time kernel
16s
max time network
130s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
21/12/2024, 02:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c.apk
Size

3.6MB
MD5

0366ae0abf0ada8aed90322bfe07dfd5
SHA1

2f0779ce64f02944e87674745cb446c5bc620607
SHA256

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c
SHA512

52f50f2f847628b1fb498784660050a6f189d8c7cc520c0d3a06ca28cc35ee4961d0a3daca71a540e263ab930ab629b884c3ff187d4abcd8f58549fdf87f9677
SSDEEP

98304:mD/SWbGiowrvH6Odp/9hBbW+te6lXhAyHtu:mWWbGjuvl9jS+oSc

Score

10^/10

truthspy banker collection credential_access discovery evasion impact infostealer persistence spyware trojan

Malware Config

Extracted

Family

truthspy

http://protocol-a100.phoneparental.com/protocols

Signatures

Truthspy
Truthspy is an Android stalkerware.
trojan infostealer spyware truthspy
Truthspy family
truthspy

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.systemservice

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.systemservice

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.systemservice

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.systemservice

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.systemservice

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.systemservice

com.systemservice
1⤵
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4257

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Clipboard Data

T1414

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.systemservice/databases/com.google.android.datatransport.events

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
b18a4629a7acd22f879dcf6793ab2aa9

SHA1
3ac410c12a992a2c4bd6a24aabfc40b4edda3507

SHA256
139c2b580b888dcad372f7f7ec8c6a795b03cb43781da57b8b590fa963ad5f95

SHA512
fc7fc09aa1d7bfb9197f78d0e72f56565d5075dfa54a4d56a1ad28b95b0755aeb7938118864a0585d62e3f0d6436935fd281efe6100ca388d4cfd3cb9a9752e4

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-wal

Filesize
68KB

MD5
f0b0123480c1118882cb54489091ed85

SHA1
519ffe0d5755aacc31dfc0ae104dcd2c7d3b3fa0

SHA256
b847fcd39418237d996ad85e8e83a596ba2c3d496c48864b210c21cc51fbe583

SHA512
33c5b23d8e49cf275f5cbe8e372ca3905216434fc57e1cc93288674e24fbb336dc39de9abd3523ed38fff71fa3a625f59a5f131ad80d4d25b70b4f2c5bea3e65

Download Submit
/data/data/com.systemservice/databases/core.db

Filesize
36KB

MD5
045489a0639eee27bca52f48828cd93d

SHA1
436e7966e7c019273c44faa4d8c5709b816dfda3

SHA256
0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

SHA512
c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7237409e0640cfab7bdbd429bf821a3b

SHA1
4c3da934842f8d4835dfe2a9c275a300e5123309

SHA256
5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

SHA512
c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
a432021391aec59fffe64dbd2da6ffae

SHA1
c37b885dd9446cd3f70ac5894bd415f9aedc53f4

SHA256
d1e5a59b9e35141383c672fb8fd28c7fcdd318c7b7ad2f4224cd48f95ba603f4

SHA512
2e596212c50d1b470d4f4d63860573f2f2a7cdc6452eda46d14eeb4a3088698bc51e459c628e68aaaba132d88b524c3f6576e54a0e8666bca6f1bc6051a988b5

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
477e33f92a199a57ceff17e5dc803680

SHA1
347e0c1f0c8808ed07bc61db22a06f2f68db1df3

SHA256
d9b9ae697a45345b7407edc0e181aa3264288924316fc6e4040f47bd970fb7ba

SHA512
8316c9dbf739dde95f67d3593b2e5d421cb232a9b66032e23ffb858191c6998e4e4721477245c865560c81384dadb2e780ee11cf1f3805cf6477cc6ef2343631

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
a2b75c3d573cf8064c1137a3aeae1aef

SHA1
ab2c5200d8e49ac7c6fcea1b9baa5cec0bf13f16

SHA256
db7d48f1d1f35315fb6096b085ec9366175fbc53e6b22b3bef12c119785c9aa9

SHA512
616ced87104605cc6a552defe246357570bac57d49d43ec1964e3684cb513977ac0c14102f0b8175f0bb6f759552d1ed9a77acf252cc59226129fc5be9528ad0

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
1f3e17f89dc738ceb95e8df004eb6a1f

SHA1
42d455f011fc530d8271cc3ecdebc6927e723603

SHA256
42037a3e932f8e61a2c4204582a2c6499461ba73c224e977c2dc5b90756b3320

SHA512
c50c2ff5e1c9df60e4d861617aaf69c078c85668837182f70a84a4b221424b3387db41ffd040b46668e7fa33a77ee4e17ab46a3c9705312d54591f2e0c13a4a8

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
835cfc7decf507cdc5e54f602e3f9699

SHA1
4a55d424cb32e766554672cb2d0b3804fc47552f

SHA256
29257dbf2b37d226ace65bd68d001398801235d93ed830a35435bd4bab4de852

SHA512
2ab470c2200d97b545693a4cdc661100e46b0299f3d3890773681bc5f22f29eeda6b6a83a5c627fa22119726f3ce78d40021362a3f018a4f3afb4a08476c253d

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
00cc649e76b95b38e142221d6393b503

SHA1
52aa73c5c51b9dba99a503343ce3293ab632f620

SHA256
24cab818db695217867906980262321538af137e57680a6f24874ac1e6868a10

SHA512
99541a9f5dfb3fb729d6e35c6ad6c30fafa17071b567d869d1f5bab1b60d4d3e66cb31739525333586cc83dc40af58a3f1ffa600447a2a7dc8cecbb8e9c3d0aa

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
82fffb07a560b5c2e75288ed872c5b95

SHA1
3ea64822cfb9bd7412e0ddd1b5489c5f66386af3

SHA256
46037a68be77b8792afa50e267067590789cfe18f87e10e9caec9cf78a99d132

SHA512
4a15741b3dbe14a574d3b49a36413da0365656bb796a0beb15a5eee2b7e59f506b449b73c000460d8da2ac90fd2c209438ae82931a4aaecb27de5982887e1361

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
dc7dc646df4bc8b02f673651cabca643

SHA1
d87da88bef1dd34806b772aa7add4cfe7b1408ac

SHA256
71564c403481f16a8fa7d351f4b4c9e2c5d8a80bc146ba04bd118533a359bec5

SHA512
4e3623b9d38e76e66705f59795a8aae952b9fcde54d026d2c056fd58e8d39ff2881695bd1bce7b0c969483ec5c675c54b962c8a30b2a9e695baa22fa129fc12f

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
e0e79a5436d0c68635207f621e776508

SHA1
caba3b588d0294861b3e75ee2d327a11439746fa

SHA256
0d6351cbca9a634d07db26e89a33fcef8bec8fb086ad6c63ff1f32c2ca0d9447

SHA512
f953e8188f38131b312ce02fcb0e2b1b9f67c341c5e59d59fb29643feeb219cbbea0ab1b7fe51ea88bf95f04d7fe523b52299f9fe732d9130cd3941ac2658314

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
6b2270d7c08eb6c382ebab9e0ba35463

SHA1
9eeac145bc973e2416eedc79824cea3b526bc5eb

SHA256
195feddcd15dc7212420dc982d006153777d0ac1d5cdbc7d9d6532319fb2cbbd

SHA512
ebc3b3368ca425516228153366e3e09257a6c95891b462babf6e97e7f9ad12f7c852c397aff1e88c0e596292bb8521e825e8285fbf7cd6c7538088ac6f2e7436

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
d137eb7c5aef605f6d36e2f8957b331c

SHA1
46af8f4affaa9bace2282a7f6bf3226259e0b95c

SHA256
26ced7818caafcce8c012337d1a6cf733d7a1b33c90f695b3328ae1072ed9524

SHA512
21d0cb995d6c744199c8f4b574c74769c2b99dbcb693919e4fdcfea40e5d0854c99edbfb6b29e3fda3c618eb20b6faf7d312b2907a9e2d7d7fda7b6e711a7505

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
5dcf49bc03a73ce2a78f322eb0dc47f0

SHA1
eead6e86ab19075c69a292350aa1dafa6ab53e24

SHA256
06c1e16efd7942d5689e260d9e1d553cbd7911ab96966aaec6837d125461d11b

SHA512
2f7d7b8f30884f68e5bceb142d6ab0b9a583f889cc2d7e9276a3caef3927100611de574bb698b1df6e070ad4aec91659755f80dc65011048af013075f072561f

Download Submit
/data/data/com.systemservice/files/PersistedInstallation3237432850268292086tmp

Filesize
556B

MD5
3ddd76ad160129705a9421a3dc0b4a49

SHA1
38b5435c531e2eb9e29967a2981cf52084348359

SHA256
5d8422a4d0d3a4711d1a788bb6eccf86259d5c0cf33f04529e754f58dda89db9

SHA512
a4bec296b6213967498dc7265c5dfd8e45f1cec57f95f67ed4082ccf3b361be0cb1dfb5e923d25754cdb0709ef92a6b96d3f8d98e9bee2e6472d35ca9b1a3e3a

Download Submit
/data/data/com.systemservice/files/PersistedInstallation6594368871056130987tmp

Filesize
90B

MD5
b5a80b0f5eabf2f2cb9e3b934e38552a

SHA1
207fd944fa26afca379e83dba137d1d36c3733e1

SHA256
6435f887d2a98ed73c3cc3dbee3c1b0307127a47aaf488c417fc93ab8624d7bd

SHA512
937d4a2427705a29b44b0e12665617830210ae26a99f5122e7d5ed244e1234ea3f359e36ee4202b254616fd5a16882879234f9be02dfad8de55b6d994ed68e12

Download Submit
/data/data/com.systemservice/log/log4j.txt

Filesize
6KB

MD5
e5b2f5a6c6b249bfd1462a93c23fb2e6

SHA1
34d8081c07e95dd528aa83e913a4b797dc3a77cc

SHA256
470554b50a2d3054e1e505b74bc3b0ad2dcde0939889671ccf002966eb757422

SHA512
14eb49a5c485c019e46b7b41504750c77ac03c3d68923d12267e0706e8fbbb5c603d4ccc090f036174a9306fdfb13243c6c14fd97d4006336900dc4fe9ae8fc0

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads