truthspy | 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c

Analysis

max time kernel
16s
max time network
134s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
30/12/2024, 02:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c.apk
Size

3.6MB
MD5

0366ae0abf0ada8aed90322bfe07dfd5
SHA1

2f0779ce64f02944e87674745cb446c5bc620607
SHA256

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c
SHA512

52f50f2f847628b1fb498784660050a6f189d8c7cc520c0d3a06ca28cc35ee4961d0a3daca71a540e263ab930ab629b884c3ff187d4abcd8f58549fdf87f9677
SSDEEP

98304:mD/SWbGiowrvH6Odp/9hBbW+te6lXhAyHtu:mWWbGjuvl9jS+oSc

Score

10^/10

truthspy banker collection credential_access discovery evasion infostealer spyware trojan

Malware Config

Extracted

Family

truthspy

http://protocol-a100.phoneparental.com/protocols

Signatures

Truthspy
Truthspy is an Android stalkerware.
trojan infostealer spyware truthspy
Truthspy family
truthspy

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.systemservice

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.systemservice

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.systemservice

com.systemservice
1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Queries information about active data network
PID:4509

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Connections Discovery

T1421

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.systemservice/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
75db0da7da1077dea2d5c15616804cde

SHA1
bbe42cc37daaeb7ed7871d904b34405b68ca0f82

SHA256
8a4aac22fd4f7f1ddf9c47ec80ff701795ca1983d08f1acc965264f1f6615717

SHA512
7aa26414cdc60f57c44aff716ebc9fd2e8c96e6f8c0d5fdb54d1d97fcb6320093ec7654315288add46b88e7832aab27fa6bed1e282149412ae6eb12da4cf05e2

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
0532cbdd959336cd833cf92dd80c44b4

SHA1
7d62d40ee93cee6b2e1d73850548c8345e20985a

SHA256
127a6bcffb7fe239cf7da54ef3f529887ab24a775fe50c1086f1621f6c5989ff

SHA512
d6fdb9f70a35421a0f180e3242e4746a5c8694bebf44c7db3a67519e484df711ac25218b010c4f869ae99b8ffb297f5e0b8abdebeaadb47cad6ee510bc5bb902

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
e6128243a1171178485ad4c187dba9af

SHA1
0b4ec55468590aa7837a08c20db8ae4a49b3f36f

SHA256
25c87c97c3d9760fa948bc6f4039400bc422bd1183a82c28db986d4bbccab83f

SHA512
056005e151b30b6a793e86588df1894e9d12be68d6ce2b5b1413c5db14937d08f1a16bcb57806d0e2d63f46f16a40b7a1a64938fdd933b89a1a98bdd7a731ab2

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
bf60378801c2cf87996552e625813f0e

SHA1
1a3020c1b2622bcdb4f2bee7210400cf17ab9442

SHA256
fda3c0d853b04b2b40b1f70347c9d1a73dee88abb53fba01361daa68e782b257

SHA512
ec682a5e244fcd08105c3d9655261dd1d7059e90d95151dbdc879541fb287707d792d96db5a62d2101530aea0270e97453bd4cad71fb26ed4bae305feaad9621

Download Submit
/data/data/com.systemservice/databases/core.db

Filesize
36KB

MD5
045489a0639eee27bca52f48828cd93d

SHA1
436e7966e7c019273c44faa4d8c5709b816dfda3

SHA256
0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

SHA512
c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d9cf75fdd1c2292d986f6c3d5d60f2c8

SHA1
07ecb1d3a26d952ae5fecf54f36699ab498510b1

SHA256
2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a

SHA512
442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
38c1e62935a249fea6fa4f1d17650435

SHA1
59d05c38259f531eb5919eaf593ea098f1019580

SHA256
9a1c7e04652b5d2a5c1f992a14bfd6967fd5557d9dc077acabb7bdb36c1147d6

SHA512
b6e907f317f216d6a6c158c460dedf073e4d1fc8af4956250fb8fc1653cb335d9e59565af683f730ef1cfd375ce4fbfc528c3792f98622bbd80a5782fc3e1be9

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
5b88320e5f84ebac6bb8fd0c21da3810

SHA1
d71eff05641341521f06f621a86dbb99d057d9a3

SHA256
09cef1a259723158fc7a51d702f2e5eb1ab32534218a0bdd01b16cd16128f74f

SHA512
fe2b9613db7e981a16077a9b1ac4c5f5c39a2ed276424ac9ed6392d9503fb477bb9cf6be1c7c9993055b2ecda728bb1bea48014b05985c43485bde6fcd881d47

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
08b77c8ea4fc3593a083efddbbef32df

SHA1
4698d79569a0969b8ae7ac1321f8301e49859205

SHA256
182e6f2bec3aa02df3dc6e5e9ae3c269ad36600f76a91b83f854a6c9996e0520

SHA512
1e0f6082eeab9688036ea75013ead05e07ce8857871c41baa0aa07dd1b324708e88935ebe1e41f2c8f7dad7dbbbd6c1c6d4afa235cb6ff74f4fea00987b4c14b

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
a80401eb51eea528c7dc3b74458ab135

SHA1
5079188795d54947a53ade49168b828c9d234ac3

SHA256
31dd7bfcc8e553a1404795be88cdfda7142048be67f6eeb86e669fae85760b98

SHA512
23ac7a277375ddaf3cef400217f082a1717ffecf9f5099e10eeba18196fbb910784dfdcd4f828ce450c213a9a5390f4ea25bd5938821a34a7d3a29920e2531a5

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
2238195eab25764b61f2d26ef6a720af

SHA1
d366efd0cc079f0f87d23c630ec8d99f90541731

SHA256
599d63ed390f7e8e81d82b379c9a733ffbf454bfa5843bd0c909737c8d40dfef

SHA512
478111185428119bc92f0ffa3b6d88a7c644108c4b1d9b14a53bea1d74278bc78e67752e41d464dd81e3d600de8b7a723d0c7fa0ce920250ffd26977f9fa3470

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
22d48d90e177c322e165042a385a973f

SHA1
d8a3472e87921b072f75ae5e5e00ba05af5ea909

SHA256
1edabd8f25112784a1c459f3eccee8fe39db35331c30dfcb76aa6d9f0b0913cb

SHA512
83e25ee14561b2512ae69a2b780ecdee5cd7948fc295075dbc020e8de5d2bc46f7374f2113e18d90cf0963af135a2033261f856184f7e15497acda17dbae982c

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
6a6f53cc101c3ae47b2b1da11e9a0cbb

SHA1
2565e325da52251860ad9bb17ea56a50a90001ba

SHA256
13f47d02dba95f95858fc59d34552622f053ae9c14517adffe9d322900258cf8

SHA512
9e35b635657e6876e7cda0ba6c11d590a5f31770503691c79badeffb35a0d0331e324efc5f8a644f9cb3c866844e39c310f482390f9d9d17c6df3217776aabf7

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
f5ef413b6ac0f3cc7aeca4fb4394cd4f

SHA1
8d25d013157bcd8c6e4c172c861066149da1edd5

SHA256
ba9ccf5266a95591d648920d108ccad287da42a9cbaa0081e995f1281d34d775

SHA512
95127e7e1a6b4132edde5a09a6069f112bd3f527a523d95a533623e0f60e0abfd319328efd3a6db016edcc8000d42277ecce37eed65ad7768d6cefeb280a85db

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
5eac1c9ecb3124807807727c114505b4

SHA1
264924a590181b9cad49a146d0d2bd2051f5c920

SHA256
30811aa818d12f6256e271b7331c7da266b43ea9e48cd4978031cd786f5d9747

SHA512
d6ec850a8ce4bdcadb7608ef352bf084d9e93358db977a2a87e9e9b22d31568270b7cc5d5caaf3f80c9089975de48ed1ef79c6bf52d4fd7977485faa487a316c

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
55d137ce9573d14acfc9b35ae0c38e72

SHA1
b17c54bc9fa2a63baf8d9808f8f27f30385a1e55

SHA256
e6d6b1b621235b2a82dfd8482ceea2298eefeb634e324d72caeedffa5a37409e

SHA512
09c81e7090d8778735c7c823629712524e5262b920385e4fec23b371d619030131d4d31049ca282a5a5dd98c83345474b17add7e409011236feeca77020d4cb6

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
f4ff28af288773b1e0600599234125d1

SHA1
ca6e4021660aa79bf9514d24ef536ae235c071fa

SHA256
7b3d5268bb7a54167eac1edaad5bf7c4b4a37dd9b4d3660f7d243396905e25c1

SHA512
914e93878741cdaf18530871772d4ae45f202807979b486a210da493e2899b319aee7f5700803c9fa0039c35fca8645f6b2652ec3e7a66c69ca27219e2ce8685

Download Submit
/data/data/com.systemservice/files/PersistedInstallation2263958707560122140tmp

Filesize
90B

MD5
bc018e0699f52b3f166b2edf4f8d5aa2

SHA1
9187ce179a36bc19832905780bc235b0763c18e6

SHA256
48a4f83cd5fa4faee01fbe1c798c7a4aace65751f9dceb20a006663378d6466b

SHA512
ee6d54798f2af02829a6225dfe0a124766fbdc8cbb8d4dc110aef216e5d81ed47b646e45d15aa111749eee0f655e9d1b7c83acdbaa5e4d7441b457f567dc36ec

Download Submit
/data/data/com.systemservice/files/PersistedInstallation3112039005499919219tmp

Filesize
556B

MD5
ac625b863bee94e0618ccb2f44d4a3f6

SHA1
9a5bc5c5c9eab9f6a9fa9d40621576556f204e1a

SHA256
eea7d25718df3c6f3d73c47b72518fd9762ec377d76c77b9ebe85f52e847794e

SHA512
6e30a281ab421c6d308f3c3781bdf8a8feaf2deff7c60c34d33bc6e8b971b9505588aa6e8b94eca1d96f6077439c25504e99886b143f137cc3415cdf3f169e90

Download Submit
/data/data/com.systemservice/log/log4j.txt

Filesize
6KB

MD5
0984db4a7f137ee9f949283c53586ad5

SHA1
90487731172134869ced8c857d8cd6e52513e15d

SHA256
86444838696a1232a3c0da8739a43739d744ea26d072f8bf9d0b998e2b9479c6

SHA512
3f0858c87034b431bd0337ec26b49a9c728018cc8c42c3654c9e66a6cc16376296e7b66aefc07981447ff77994391b23082c4dcd590f0d9eedb6859283bfc627

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads