truthspy | 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c

Analysis

max time kernel
21s
max time network
151s
platform
android-13_x64
resource
android-33-x64-arm64-20240910-en
resource tags

arch:arm64arch:x64arch:x86image:android-33-x64-arm64-20240910-enlocale:en-usos:android-13-x64system
submitted
23-12-2024 02:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c.apk
Size

3.6MB
MD5

0366ae0abf0ada8aed90322bfe07dfd5
SHA1

2f0779ce64f02944e87674745cb446c5bc620607
SHA256

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c
SHA512

52f50f2f847628b1fb498784660050a6f189d8c7cc520c0d3a06ca28cc35ee4961d0a3daca71a540e263ab930ab629b884c3ff187d4abcd8f58549fdf87f9677
SSDEEP

98304:mD/SWbGiowrvH6Odp/9hBbW+te6lXhAyHtu:mWWbGjuvl9jS+oSc

Score

10^/10

truthspy banker collection credential_access discovery evasion infostealer spyware trojan

Malware Config

Extracted

Family

truthspy

http://protocol-a100.phoneparental.com/protocols

Signatures

Truthspy
Truthspy is an Android stalkerware.
trojan infostealer spyware truthspy
Truthspy family
truthspy

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.systemservice

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.systemservice

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.systemservice

com.systemservice
1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Queries information about active data network
PID:4477

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Connections Discovery

T1421

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.systemservice/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
92a608f09914644858ab387240cf7c0d

SHA1
507b1fe3d3f5ea5ca90922fd6bf04bc0ab993ee9

SHA256
01d5cc438d4e7c7b38e35f0a62ed1577e23b6708c5f80300029e4c14a7c854cd

SHA512
6de58fab7059b5fdcd81ef0efdb8d53d2a88d1d49e7b41c72d56f49962a84d543c8f3e1f34f1f1f788775864622ce1db982df1b875176d18d9cc252b37a49247

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
2adf3f73d409e462206671ef62acc264

SHA1
b544cb63cbbca1870840c7a59bd76fed6d781f35

SHA256
cc213c246b065086dc9fdd63b6bdaf681d0d8a751d428565fe26ecd41e58fc83

SHA512
58cf3486ccd2713f94ec1a9aae8a29388d9dd6f6afab958d84b2c97a4a3bddbc6e612d90ff8e7940e4fc78a2f92c4d25f925e14ea34439f134568ae34671b842

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
8a1299c0026d22cbeba2454a19d40570

SHA1
9760447639c2440a11a70a90ee717b1b5066dfa2

SHA256
a64bfc81d57b888d8dbbe311d2ae4ce4cfe41f066622cdfd953ab6494776e08e

SHA512
3d6591c692145e4e041a33d8c86aa8dc6c8b99f77a6da93740ee8277221519c99f6a02f6c96778c9e53f7c92b2903358d8b3e6e2d2b0daf5edd45062fca60da9

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
7d8fc1b8de089b0eba747a77232faff6

SHA1
e0621703087600c97e249569d0972df7e9aacc3e

SHA256
87cac9ca6f837c64b89b7907d74e6c7907943963af5a67104fa0552d1c0a7df0

SHA512
435720b9172b4f89ae6aff51ecbbaea2f52acc0587097c86ea3cf116c02ff54b30e4395f3a82f22676208e1c2fe0e61fb7f4f7be24e43380f9e83c58a806e46c

Download Submit
/data/data/com.systemservice/databases/core.db

Filesize
36KB

MD5
045489a0639eee27bca52f48828cd93d

SHA1
436e7966e7c019273c44faa4d8c5709b816dfda3

SHA256
0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

SHA512
c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
62ad4a05cbdca7f47b3206b7dbda487f

SHA1
4f4044cef7b7b1e5c6184ed9025267fc92bf0cd3

SHA256
18b909096c7c61d51ab076ae8e562effb0d4ada28e2a4ecd0e6b88ef58f6b2a6

SHA512
0936531ed1b2b356a247123200739a43cfc765469ab47a424dcd6e3d1176092a212b0a28591d07f8c2d0cc9d2e0eeddfcea8dde314c2f9343783c61075b071a6

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
b58e337a8b2eaecbd3c3a7cfd8dab26f

SHA1
d0e1159e07dc16872a0a6237c3a2eec28155706f

SHA256
32ae11b87f9d7a8c1713affafe24f5d90ed8bd38c3afc997622cfc190adb4ce0

SHA512
35c330bf81a3bde81eff8410e9bbb06a21a4265c2a62a9b547480f25d20448ed75d599b062742a6d7864d92b355476f1dc080a57572d9d035193944bce37c0f2

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
34134d8ea4957ba34836027962085e9e

SHA1
5ebcb3ff849498ce509f1df9dc43cdc71a8d54f7

SHA256
fa1f0f4d98eda3ead56457bf613864b24bfd8a3b6ef5c5cb6df52f6df83464bc

SHA512
735d058f98f6aa8bd79a32c90cae8f9adf66475f9bc848c169b89a8ff6fc9edb25101b4d6c1630fe787352098f5b569654dc92240054d63ea07cd10b6117ac56

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
2eef337a9f92408b75d6d9b6ed2aaa97

SHA1
b4f6951c859d9ebe98eaa9df7f458835a86428de

SHA256
6e91f295d8a66ae50cc0216dfd027a5fb704d9537432a92d3b49de923ca15fbb

SHA512
d595c48a584c25f3ec87233bf50d90336826fc1b4856f7bf47a3ff6c3d4b467b0a8b3c9159f71632b968f79385618c6fdc977888953796ead0022cfd1408ded1

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
efee68496fa400b2c1842b44a14fcd77

SHA1
c534e2a3c2cb9057ff9deee9fd30bb7ba67733ab

SHA256
b87200b9af284d3d160028c3a2c872d6c532997376c45a4ebbc684874ff83ead

SHA512
befef86881d6ba27feebfc526ebf0566042427ff5bd26d93a35c9948c0c30888fe57aa547edc48188392dfac9f1db3919520377f025ec0c18572db3e9b077312

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
e3f13c7d7678604e5b293f6672bc0ed1

SHA1
b16c998ac7ca1db79cd4983b207a292ac1d96e21

SHA256
486eb5bec4ec277ea7b334a0d0e431e5e62881d3462903e8294640edbe96b2e3

SHA512
b63bab85a373912587e78dfc9daf8b4168a223c7af08fb87de8140d66b9f35042052d2d25694e4ea7c9f2064107e5471318b6dcec39c4e3dc0aa352627fa09f4

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
5dff7e528dcef97042b53a78b5caf02e

SHA1
030fdc3670e1cd9ed82d987ad725d0163d8ed5d9

SHA256
e03631e2e99ad7c22702ffcde5fecd2bc019f2e1bc87867038ada60ad5ff1dfa

SHA512
25d996053809856a78b3500f6bb614928add9910a12fd92a16af5ceac481679b12d413571bd2d26e25ec3968048b08bb02e887a816565c8217d7aa5e782dcd06

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
ac46ce723b85026f8a170c6b14d4145e

SHA1
cf3a0b6c69aa2ad952dcd6254f7d64fced94cbb2

SHA256
70b41189d566f7e93f5f00716b34d30943909169660306d2733856b75f699364

SHA512
8b983c920427ba233018a2b1d06cf39021ba99ac0a0aa64a8490a98b58db4c10183756efedc8efce6a5873ff8deff39412ddd0f2e24c68225d8ba5bebdc5a214

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
f18e73a25f73e47d31c0bf28c68c517d

SHA1
301d2dd76484882803d31536051a71aabb8f35fb

SHA256
4dd3f13bc0bfcbe698cb59937bac227ec056aa498cd7d31163bca244a8b26909

SHA512
81543215044f379015cdd257d5831293b7266cb92c7a38b4c22b66782db9ef29aaf3483835734fed76fcc2c323e9433140adf55cc0e5bb92d414ed316fdce793

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
b9f34b267c1f5fa44d3bb9b6b2ef8d2e

SHA1
2afe069af620eeac215feca3522f1f228ea81471

SHA256
66d55d8c5877973c8f4d427874929de9e8d6813e5e908e6db34a0c0f69598224

SHA512
77242488f668a9510b2bbeb339413e63f78f74ef0c472b5d5e11634cb8dbaed946a7bc31fdba7de7d7783ee535a6d6bf62d419e0fff06060b92cc8baaf6d8bfe

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
7b056fb84d2bedc1726889bf8f93303e

SHA1
ee143d49e6b2870393dff8a21a93a4be9e00fb45

SHA256
3de02da30e911a8cce1179b07bd555cb19ee8e423119f0f33a66d00d9a5f151e

SHA512
aff16f6c4ab1bd0b87fb89146803ecb35cee393e6d480c022c93bdbfbf016113c48761a0292a6d105b1501c296fb9300853d88d187a623b4f6a7fa207d2b9f0e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
f5c6417ef4d66a86a9e2f532f3d3480c

SHA1
66346f80dc4ed30bae93178fe3f609a494079aab

SHA256
2aa83f32a271ba7126ed9d2fe0567ad2dddc2b7f1881a40bd45c18259d8ca9b7

SHA512
42e5d1d2a59bdfb3c47c0fb6dfbd35905b1740dcadd385e9ac313b3243bc468bd40c8bf78475779e4964c5d761e8bd0f8abd457760bdcfbc7d3fbbaebded089b

Download Submit
/data/data/com.systemservice/files/PersistedInstallation1257028828162411168tmp

Filesize
90B

MD5
5dbb6e99d36fb5f74328d200efb6379f

SHA1
ef91acc953f3ea0a05e81675c7f869e8cdf23be6

SHA256
2e61728cb4bd854e0accb9405c218d85fc84e89f9c2d6df51ae5c4ef4fb9a5e2

SHA512
887735a29be12f71ed4abf66b62947061d6683ea2657f666654ccf94f6590e28782b6cb4ba5c429975a7caf6b7e6e00fccdb6e35f7b05dad0ba058e8f64579d3

Download Submit
/data/data/com.systemservice/files/PersistedInstallation6420231736189930854tmp

Filesize
556B

MD5
1190a12a7bc2a709b40c0b0393c9188e

SHA1
c1f3c2577afc2b67aca7a46daa6c1b0beb641503

SHA256
482d3c7dc5ec8da2162d3b7bb2856a4ab941555d0587fb0526a37e0a687f537b

SHA512
930a047bc0bdaa3a41b5692df8f160330b5e8f00c27158c14bd88e9358002be749f8de484e9d29723314f989cd52b30c2d1bb5f5bc796dafc2f5a7460ca501c9

Download Submit
/data/data/com.systemservice/log/log4j.txt

Filesize
3KB

MD5
7950d280a4d87ecbe8033e76d4bf1266

SHA1
2ce95e20f5ff8f3df3c2c4ecb7af5cb8be1c67ad

SHA256
96d77b20354f2bae8c32c8ea29c890898e321773557ce0e0cbea7c736c04f607

SHA512
ca91546f560964cc254b06adc154149c7f7e9e79407617da6f8050dcea0193ca413e6cd63fa03409b57c075fba7d82e62eb4d6c3e3a2f017bb52ae7a480916b6

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads