truthspy | 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c

Analysis

max time kernel
17s
max time network
132s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
25-12-2024 02:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c.apk
Size

3.6MB
MD5

0366ae0abf0ada8aed90322bfe07dfd5
SHA1

2f0779ce64f02944e87674745cb446c5bc620607
SHA256

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c
SHA512

52f50f2f847628b1fb498784660050a6f189d8c7cc520c0d3a06ca28cc35ee4961d0a3daca71a540e263ab930ab629b884c3ff187d4abcd8f58549fdf87f9677
SSDEEP

98304:mD/SWbGiowrvH6Odp/9hBbW+te6lXhAyHtu:mWWbGjuvl9jS+oSc

Score

10^/10

truthspy banker collection credential_access discovery evasion impact infostealer persistence spyware trojan

Malware Config

Extracted

Family

truthspy

http://protocol-a100.phoneparental.com/protocols

Signatures

Truthspy
Truthspy is an Android stalkerware.
trojan infostealer spyware truthspy
Truthspy family
truthspy

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.systemservice

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.systemservice

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.systemservice

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.systemservice

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.systemservice

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.systemservice

com.systemservice
1⤵
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4252

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Clipboard Data

T1414

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.systemservice/databases/com.google.android.datatransport.events

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
f1a5fd6ed41b54d8a4883b38d1a5da76

SHA1
0b962094b6343ff1808eeed0fe3cef50c942ca38

SHA256
8b62bba16dac35277360ade3eecd930242550adfef8b679b6bd8c93600e1b257

SHA512
175dbde20625a4dd2657972612dd8e9ccabdc243e1514be7271d4ddf7ffd4fc221826bdb2f22dfe16dcc236082068f515d02e1fba6a73c8483dbe24d81f41e67

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-wal

Filesize
68KB

MD5
bbd1f502ac351337e8fb752d876f076a

SHA1
f56d4fd30018c8a9f78ebdf03b3b30aadaef0459

SHA256
9671e6fadc326df2a50fa31ea3b3f134109fbe913f15e9cd2beafdedcfb3e76a

SHA512
5148824aa04df2ad4c28b4a33a5807d79358206a8e13fd6400b17f079bbd5419108180facb21a8fb7e5a33bc427d9d1bd1efafefbc55ab273ac4704b358e0519

Download Submit
/data/data/com.systemservice/databases/core.db

Filesize
36KB

MD5
045489a0639eee27bca52f48828cd93d

SHA1
436e7966e7c019273c44faa4d8c5709b816dfda3

SHA256
0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

SHA512
c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7237409e0640cfab7bdbd429bf821a3b

SHA1
4c3da934842f8d4835dfe2a9c275a300e5123309

SHA256
5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

SHA512
c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
2988e70f1ffdf1d76aebc4c438bfd819

SHA1
ff957c77889ab5b28082fa89e74811e53a2a833b

SHA256
2349909de0ca5e189ea18d98b9ec966486e6e7433c3eca59cc4bb71d261022b5

SHA512
e69f12b42d32ae4a2b90cf7ff13eb7dad8b1752b2c747d0d467b96f8be56899e06d26a471badb9b7f32825c9e9e5ada5d94984a41b527ee07a79e963258bae4a

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d8498e56500e19d1966c66c1276e95bc

SHA1
24843244c5b67e188e4f11f7216fa16125e682fd

SHA256
576b99281aafeeeff967394ef580d52ec868ee8a9fdafd810f6eb6d3b51b8468

SHA512
ecfd2a8be57d9dab3de41fb43b6348fc5a3d174ad252e13bd56ed9495d7ea277a397bc350bfb4295ba2c814108543487c35a07f1229165f6fe8f90f632d4a52f

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
07a4594a64e12ea1453b453287f25371

SHA1
d68acd6aa727f6b92a62d4d1191c072c9bdfc0ec

SHA256
4eeb3494e652267f8c9ef3c3368f7c77d196de54e7cb0f23adcfff9457de68cb

SHA512
da336fc62bc24f5962877ed4af96365563beb1ccfbeb21fad9cb958c94c82f2e7b8d3fc005e943320a163c8886f0e2689017ade83177305c7e6891a251440cd4

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
c6d2bcf7e7b8f1923bb3c6948f4fcb1d

SHA1
afdaa5d210e03234becc0424da823f62082e40b0

SHA256
c7aa8a76e07b15c7e93e5af3ba650a6737581c7881320f2b60e60e7562b4579c

SHA512
9d4a07544bce7595bf18b24b179e0c20155c3b4589e91cdf135ff8299f5bc771ef83796a444cba4cd666e60ca6d9afafe0f49478710435566305ce607e64f6f2

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
835cfc7decf507cdc5e54f602e3f9699

SHA1
4a55d424cb32e766554672cb2d0b3804fc47552f

SHA256
29257dbf2b37d226ace65bd68d001398801235d93ed830a35435bd4bab4de852

SHA512
2ab470c2200d97b545693a4cdc661100e46b0299f3d3890773681bc5f22f29eeda6b6a83a5c627fa22119726f3ce78d40021362a3f018a4f3afb4a08476c253d

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
f5a7e94362196ec289e12e3810f873c0

SHA1
36fb75d8638b2a9940d3ead791fbe68e48cc7ec6

SHA256
5d7ddd3763b6504e61822d69a74da8c7a7e15b53abd586ba055f910928b634ad

SHA512
6f52870e03fc2c79c62ae7dd7ad4efb5bce61b0431205d74343bdc9c9f3860fb9c072f75baa4950f1596c929a2ba4ad6239739e3ad99deab2f48028a81ff07f9

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
3470e916b33c90d90f2b7aaae99792a6

SHA1
4f4c0a7a8f1aa15018e74edfae22f464a8f37957

SHA256
cbb5d9fa824f696dbc7a76fda263859c19f3295daaedb7875ba3ec73d0542105

SHA512
63438bd72ebba67e91400c2541b25ac3f21127cc9eb371ed4111355121a41b689912b7bbdafad78bb38ec22f4964c8f242d1871b8e6ef5f660e7ed52a736b41d

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
560f2d79d62ea6d2742f86f75d6e6314

SHA1
538751b06a4d2a37e0ac2e4fa7162d2013b8eb9c

SHA256
832ceabe0381c295f7826aff88bc800afd19fe8e2cc2b0acb7f0f5fd96ab1501

SHA512
5716b0e06a4719e9dd9546e63a62296e3503cba904106c68725c7e11f21cd17f97b94fad39277e5b169c70e9c1cd342b3afe51238edeca7011b59c48411777dc

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
2f9f22eac000f1c86be2155820508aff

SHA1
49f0a8211736dfc67cc873677ea6be06761cbc46

SHA256
7e75a057b25375eab483228f0536995d601c6add9758ca42e037099073fccc28

SHA512
a601cc9dc6c8684fc248c013a38a9f66fd53f652ca87a6774b3e48c6d51ec36aa4ccf14ac5a3d9931fcf04af37db2505cd06f8558357858c11fd75e0150177b9

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
584b1bc67a2f3c33dfdb4bd7ea2d0769

SHA1
cb2e9fc9bb5fd970ccea38b5c34a1d9fed0e07d5

SHA256
2a9d549331d78f85a5c05bc6c84b076c8c3469750cfc75b0c1fb02585233537a

SHA512
27bbdac9157a392ff0aab725281414b31bf7e62a89f78266d6634f865704c83f01a1ed6cd3cf39c27375793fb67aeddf5228571723da0c34434c5549598befb3

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
9a610f7b1427858040746f73d711e735

SHA1
bb262a57879dfc1687e8a7d3b8bc7ed70ee653cc

SHA256
2f0e7bb27928cb54c1029fd327eb0bfb2b8a505cc763c56bf9d0a455fd884dc8

SHA512
51c8961683664d78c0a582117ff56c97d622f823d4c8adf0802b7a1bb6b8a77f30b15666172364221469133758798bb00ca037148a733d98364ef84226767bcf

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
6b97da560d50f704ecf9bfcffa933be7

SHA1
aa58ae268356e1a8d2d7e75d2c4651d519f3df5c

SHA256
69d93b88753ab7ab8e8f4a7d3fe446d2e0d8cf9fa4d3a5c1e264979f0e0c84c5

SHA512
4b1a7ddfaf5edd8141cd3c9332796caf992210b5987f658b40c395f74dc460d56cb85e36bc52da07dd40bb15409caf8fa3885040b73fd34f72a6a1a1db31ffd6

Download Submit
/data/data/com.systemservice/files/PersistedInstallation6602081100221830265tmp

Filesize
554B

MD5
31cee83349f4d9649523c334466e3ce1

SHA1
d7c380730bf6309ceed855eff052e35e92c4c093

SHA256
c324e66715950bac13bb51db66c8d9e5b3ad683f56651ab63267c204b1e86a5d

SHA512
b28a241dc2d3d6b1bcb8cbe9cff6fad4342a20161e782834c5c6ad6537f8a17727a7225a3576fb18b5cce37ec6f8718b3d411398069d50c6aa5c4db04eecff00

Download Submit
/data/data/com.systemservice/files/PersistedInstallation7512816258794386387tmp

Filesize
90B

MD5
2b1a7c7e555cd9027cf5256371b0df63

SHA1
0662a7468fd232fdcbf1dbfdb61051dc600687d9

SHA256
30a715a6cf7603a189d40e0cd24f5142381a3b9ec3ec87b4c386fe472ae690d9

SHA512
057bc2313ccd5c223cdc9e775d3be1410c4cce47c0804bd7476751c7c1ee0678cca5f5b879d4028c28b377515cd2e72335ad3c01b0b636cfbb52e6410fee57a9

Download Submit
/data/data/com.systemservice/log/log4j.txt

Filesize
3KB

MD5
51fcc0c285ec75c4dfbee9fb9e83d5d8

SHA1
d8ff8208e92f9fd42b5c7d0a392e2fa4f8ccbd2f

SHA256
a7eddfa25227783ec4b08588ac8127b6e86f3aa11fa1ec3d81ea33d8d2c7e90a

SHA512
bc773597a27d1009d8e8e27767de14ecae8f5e7b310cce5a3397029fffba6e0a641ac35f8496a823c4542ce6d88976ca6bf67562d45146593380448e79774f76

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads