truthspy | 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c

Analysis

max time kernel
19s
max time network
134s
platform
android_x64
resource
android-33-x64-arm64-20240624-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system
submitted
28-12-2024 02:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c.apk
Size

3.6MB
MD5

0366ae0abf0ada8aed90322bfe07dfd5
SHA1

2f0779ce64f02944e87674745cb446c5bc620607
SHA256

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c
SHA512

52f50f2f847628b1fb498784660050a6f189d8c7cc520c0d3a06ca28cc35ee4961d0a3daca71a540e263ab930ab629b884c3ff187d4abcd8f58549fdf87f9677
SSDEEP

98304:mD/SWbGiowrvH6Odp/9hBbW+te6lXhAyHtu:mWWbGjuvl9jS+oSc

Score

10^/10

truthspy banker collection credential_access discovery evasion infostealer spyware trojan

Malware Config

Extracted

Family

truthspy

http://protocol-a100.phoneparental.com/protocols

Signatures

Truthspy
Truthspy is an Android stalkerware.
trojan infostealer spyware truthspy
Truthspy family
truthspy

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.systemservice

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.systemservice

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.systemservice

com.systemservice
1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Queries information about active data network
PID:4328

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Connections Discovery

T1421

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.systemservice/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
6a94ba550ac5ce711ad4f0cc02a2ecd6

SHA1
84b796677425060194ec7ff0b1954cc75dd7b8ba

SHA256
92b7af8f3c423e3d938a5b7af4d61c19c4ff5a694f4a6b0f1264e99dd4e9d2bb

SHA512
485e166981a4250a97ec1bc00feef5a54d14b263d8a2a7de9122e9253764e522790507a9babae14a6056a51570237c1d725ec62c93f137bb2a9acec338c1f058

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
d349502f317da036c3b7b2ac034e4b57

SHA1
7bc83f87621b0b01f5c7bd07badb8e356b1cec14

SHA256
6c5c9a6c1f36df5fb3a3cc5d36926f25f399b54caaae9401ccdcb3ef14508af1

SHA512
5aa171c82e84b2b97ba911931aeea7be4f7e57486d45339a65bfb62c9a35095e3fc102c7f0641d305a2f411b478ee4985f26e027ae99168e8d3cb0d538258f7f

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
f79c200f9636b719fa7cb429be2c867e

SHA1
289ab4ab439074face7a1bfeac36e37a63de4a7e

SHA256
e277cd2ee330eca77fd4fe292a093476cab8fcc8411d3df052b4a663e1918ca7

SHA512
6fcc83e58bc5b4fc6b137ea2db9fd89300d9cf6b62bb68ab8aa124ccd802b0266382183ce2394ebda7aaf4eaec341dda3ccc16890a16791707e34bc92284bef9

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
2bd758050b9e710357cd242fbcc2a4f5

SHA1
364e826c1ebe2c56d7eff6cf5bc80396e1d8bed9

SHA256
874ad40bf056ca90f6beb36270e7ea207206dd6769eba4186ca96cf949a76833

SHA512
9337525301dc6ee6478bf03aa45a607155dda85faa14659d50b88fc0521c1f27bfdeb826d737ccbfcdfe272c15af11ffd3b661681ade05859fede12403821860

Download Submit
/data/data/com.systemservice/databases/core.db

Filesize
36KB

MD5
045489a0639eee27bca52f48828cd93d

SHA1
436e7966e7c019273c44faa4d8c5709b816dfda3

SHA256
0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

SHA512
c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
62ad4a05cbdca7f47b3206b7dbda487f

SHA1
4f4044cef7b7b1e5c6184ed9025267fc92bf0cd3

SHA256
18b909096c7c61d51ab076ae8e562effb0d4ada28e2a4ecd0e6b88ef58f6b2a6

SHA512
0936531ed1b2b356a247123200739a43cfc765469ab47a424dcd6e3d1176092a212b0a28591d07f8c2d0cc9d2e0eeddfcea8dde314c2f9343783c61075b071a6

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7f98ca7b666cacce5b640a66e479bcda

SHA1
3c8746492f221db30955fa13d0206a375cbc3f7b

SHA256
7bcec2194d0e4591806a07de1ebbc0fac48849a96ab4e586b2d4abd412028dd9

SHA512
3202cb4c18866730123a8a741f2dfb1ff3edf8c56f98a621e7468be5f91261915b6760bab524172b09d3a7888155ce801e00f84993a9507cde8b3b8d60d57d64

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
198591d56419336564e6f6172c8a0d87

SHA1
2e564f6e552a3bf39a2f461f3109b95fc9002956

SHA256
88302c3441b015a93a66c18b0dae784a88f695c3b8e19d092fb848678458628e

SHA512
6d92299c6300c2743d1ec92a96832ebb97aed6f221602ca23e66a03405c3157e208ad865a42a1a52310e041260d277609ed83f9d3abbefeef639244c187e8d57

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
a820a09916bcf549f401fcadef08a72b

SHA1
123888c2f666f64b327994f97536f4b707c73add

SHA256
8781156bf13fede1d3f16d13402d407de79f58db01367d825a86d4e3faf61d5b

SHA512
afb1c4aa90bb8b92a8116d283aab3217f7ac79660f486190ebd4990e580139667de70762404fdbe431cab68f9751c50461184bd31a298a6c2d3ff1d1a623bc5e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
f13271f23768c768d660550389569d79

SHA1
1876b02bea43ab658ef45459d8d0cf9075de6fca

SHA256
9a9bf752f7c3d31c160b0d3f89f392266d7f3fb06a663e3bc4414682dbe8902b

SHA512
6885545a81aa0907b14cb1e3dc3f3a4c2a0ab76eaa11f829c74f67c541bb84753c8a02bf7286f466c247833b89c3c1dc7b4630d74293a407daba06ee3addbcc6

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
e3f13c7d7678604e5b293f6672bc0ed1

SHA1
b16c998ac7ca1db79cd4983b207a292ac1d96e21

SHA256
486eb5bec4ec277ea7b334a0d0e431e5e62881d3462903e8294640edbe96b2e3

SHA512
b63bab85a373912587e78dfc9daf8b4168a223c7af08fb87de8140d66b9f35042052d2d25694e4ea7c9f2064107e5471318b6dcec39c4e3dc0aa352627fa09f4

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
b01b92fb4c892a8155f56743b3e16a97

SHA1
d566a79b83197d6532b51623983bde5a45b63856

SHA256
a4c06c6192446927805cb6e292545e1ffbfe121661adc651b1c7e0ed997e4d1b

SHA512
90a41144c3583cabf83e60d96efe434d6458596380455b74343f023303cceca5412f5381f9ce16730fca07e86bb14c27df3c653774e19fe7233384940e8f2bcc

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
c3c81b489035da0c3e4d99cfc7d82140

SHA1
099a1e3a68bf31ae6db5f008593e9131a01eaaa6

SHA256
d86f54e9fe3435f8fc1653f12bce45d0a13fb407ca8e95421bd5d303d4d2682d

SHA512
0b999edcdda35cbedfa442253043440ab51d032f9cb67a41d82fa3a38b04852d92bfef12282b43d45bf09e0099336c1103234a1b046c66fca0b49f5c95d6b645

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
1c81390151fe47b6bb452873ba5284fe

SHA1
598c6f9eeb72176fab390cc31d70cd0146a50152

SHA256
9ee7e5ceff5b75d0745b05df1b3570cb5c944c16a4ae590182e563521531b145

SHA512
588120926ae0f7cc8cbf939440be5fc46f68fb5fc2bc6fd324644d3683ff6e4412c6451fea1887593a19b824152b8719aef52dcdc86d2822b190fc010fa1aa1f

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
481b12cb6bd88edccd2462b225c4794b

SHA1
44fb75d13f60b491464241c578c13765bc6a91a4

SHA256
71becc7f2dc8ed7fe5691c2bfc17b10816eeec6cb668896eebf614a34d39de8b

SHA512
884eaf3ba9a78d8daf7c31638df0b0396f1846c853c74a542285d683e3a3ced9ccdc1a5899da1abd5ce64b28c6b8cd166aade4fbe91720215c858f97729d3d94

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
748116c3dfd13b978fdc1740230d8749

SHA1
19992b11a69ff976e3f9d533e43712deb1d2e644

SHA256
b759c3cf812b0deec9aa6e389f341890c872fed50a2ac0451d3c94603368f825

SHA512
14b0a3a07008e4dd4c4dc9a848237eec00b74e552f10c34ce54ec20a4795300624e614a1a271655351ed1a52d4585dc7868978321edbbf03368821015172c632

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
65a89711c2954b757096cf68b920f865

SHA1
188afff81ea51207424749b827d7f5e51b217fb1

SHA256
dfc90f5af08195bef8cac09e594a5d1b60d490d192b7abb1cbde9899e3e18dde

SHA512
fcb69c1256243fb7f340023d4b75672ea5e48fe5aee8f295d138c5807a395650767cc47fde685a73a58c9a9c131f20f008256fa9266cdf1cc97b4e9c56488b3c

Download Submit
/data/data/com.systemservice/files/PersistedInstallation2387714035708953438tmp

Filesize
90B

MD5
b162b565b7be8385c105c16419645520

SHA1
c5f17d77adffecf8ce5f962d81338326e4590d7a

SHA256
3772fca1a643148960b1614603ac506740a71b207c55b08db18f625767410360

SHA512
ee4dd628ec1a2204f023b44464f78e9df910db028742b7f6327490ea1ceade91527cf39c3ebebd31b72647a500cd4040324c81a729590c22dc691970be52f563

Download Submit
/data/data/com.systemservice/files/PersistedInstallation8506006167751408389tmp

Filesize
554B

MD5
efc1755fb9cbcf58dd4c96c32b2fbec6

SHA1
c08c58ee7d48a50e74117f9dbfd14889431322ec

SHA256
98cd1cdab89dbd82c7bb16c132cb3bc8b321ef7065cba6a5fb806ccc036ad642

SHA512
fcf07ab172bbfed56e2b5d7fa6a268bbfe69b7a3d03a3f4eaa7088295c12ce6c466e40d2d38f4120940f5b16ede6b1ed0c510e2bf08748ce8cdc831a099596da

Download Submit
/data/data/com.systemservice/log/log4j.txt

Filesize
3KB

MD5
2a836f69a85f85afd331370037b2028d

SHA1
34056d871bc2b6efdf0c6a9667ca4ce07f0f53d9

SHA256
718844f6b668f4fff2fadb56199359ae0484ab48a50e908dec93c0bef61d5b08

SHA512
2dbc04226cfb77a03593ec6bc9d68f2acb9843830debc23b56f043844a35c0cf5aed9f032c6b6dd3f499a840fffe48b93e19c0c142afacf28275325c3beb936c

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads