truthspy | 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c

Analysis

max time kernel
13s
max time network
151s
platform
android-9_x86
resource
android-x86-arm-20240910-en
resource tags

arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
submitted
01-01-2025 02:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c.apk
Size

3.6MB
MD5

0366ae0abf0ada8aed90322bfe07dfd5
SHA1

2f0779ce64f02944e87674745cb446c5bc620607
SHA256

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c
SHA512

52f50f2f847628b1fb498784660050a6f189d8c7cc520c0d3a06ca28cc35ee4961d0a3daca71a540e263ab930ab629b884c3ff187d4abcd8f58549fdf87f9677
SSDEEP

98304:mD/SWbGiowrvH6Odp/9hBbW+te6lXhAyHtu:mWWbGjuvl9jS+oSc

Score

10^/10

truthspy banker collection credential_access discovery evasion impact infostealer persistence spyware trojan

Malware Config

Extracted

Family

truthspy

http://protocol-a100.phoneparental.com/protocols

Signatures

Truthspy
Truthspy is an Android stalkerware.
trojan infostealer spyware truthspy
Truthspy family
truthspy

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.systemservice

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.systemservice

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.systemservice

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.systemservice

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.systemservice

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.systemservice

com.systemservice
1⤵
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4311

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Clipboard Data

T1414

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.systemservice/databases/com.google.android.datatransport.events

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
28a3a86ee56c0694c04cc799f5821504

SHA1
09e9bccb6588bb35edf84d191e562a9184ac2254

SHA256
b8d649332df1821da8d872f96cd5df9154ea1399180f76ae9f4afc095f96a491

SHA512
ec06cc707ed4732784158e437f5b743ddf7cda78d367f90dbc8ed48be3d2a5899f225f63719c16f8fa08f3a4226e468a9d81a4aa33fdb7784538bf70ca575fc9

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-wal

Filesize
68KB

MD5
1ccbbab22e37c30360528c43bb0739f0

SHA1
c8c8f64aba38dc934027d73ed12987e6eb02ce4a

SHA256
ed83619b3e8ee02e02ec1b4b911d583ff143689f2faaeb164a9ff441013185cd

SHA512
e50f33892fd7eabc39df20492f5cd382791c02f4c74b45418daa4c5a066fb6d6d673c35f44b1e7a044ae5aa71000d8a582813a06b8fddc0d8c7d25aecb599489

Download Submit
/data/data/com.systemservice/databases/core.db

Filesize
36KB

MD5
045489a0639eee27bca52f48828cd93d

SHA1
436e7966e7c019273c44faa4d8c5709b816dfda3

SHA256
0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

SHA512
c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7237409e0640cfab7bdbd429bf821a3b

SHA1
4c3da934842f8d4835dfe2a9c275a300e5123309

SHA256
5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

SHA512
c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
9435361587e453cc6b452a604958b655

SHA1
8020e15c414aa3f927a1d520c9efd541436e0e78

SHA256
1e3aff1040aae80c8d2d484aeed017f6f6c0a42e7bdcd6f968d4fb17136370a1

SHA512
9a7fb012c406ce4c217aa178ca69dd522c4c4d88bfc56e7e9537d0af3ee383127518c0ceeb1bb57e98167bcd57016b6da9fe8a8ec1f318970277783f75692245

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
44bbfaf7e517a8890d1fca1f42546e24

SHA1
d7a1378eb2d08a62f8b503ea7ef5a709c68bcc0b

SHA256
f38630aa2affea8fc0e488e666a092b10aa03ff7c182f378d1c85295475d7138

SHA512
855fcf3ffc43574952ba8ce98c49c999082fcfec69729c41a199fb38d281b2ae3c77d54bee9418209459b41fe8aeaf06e5742e957cbf6d112c51f0b71fdbae53

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
1baea16f27cb8b3af5f5d576cbf11279

SHA1
1f59fbcc501078f17d2cfcb814e313156fe2eeb9

SHA256
29747682846d1c3eea1e03a4b56d1c8ddd482048f9f73a84dc0a7efdbdc1f1b8

SHA512
9e33de0807b352bdb17a2d2e4bbf3bd9128691b801bbabe732b474eba98fea5608776f3178e602369267577c799c078ff3629aac0d73fb7f408c1da7249b2cbe

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d3434139da7c5064d3c2724978da3004

SHA1
f30fef0f2c71d6f6fa4d61cd1f18614778fd3915

SHA256
3c7511d5c31ab265c5edca998f69adf518dec366bc97d04645880fa098f33068

SHA512
ab6fd78b4f9b3ec6f90d08cd26a00ce6ac493057be327f9f2e1739534aa49f8f69f907d6dddf487be06329319161d2d5f35e262b2c9d1422d9b9acd2389cb364

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
835cfc7decf507cdc5e54f602e3f9699

SHA1
4a55d424cb32e766554672cb2d0b3804fc47552f

SHA256
29257dbf2b37d226ace65bd68d001398801235d93ed830a35435bd4bab4de852

SHA512
2ab470c2200d97b545693a4cdc661100e46b0299f3d3890773681bc5f22f29eeda6b6a83a5c627fa22119726f3ce78d40021362a3f018a4f3afb4a08476c253d

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
5baabc3a38ca7d292f556d06b25b6cc4

SHA1
d64167c33dfbd3c106b35552c2350465728b9cf5

SHA256
6e7c4131e95528d681dfdbf7d9467c094638c7a57f2960cdd5a8291ddb57775c

SHA512
e9b99d0f97ccfe7d945f0f8f161235be1d96e7ffa136b61786f5838a457c416566f2a2d9371cbadac3da295240b601e08b0052d0a1662bd7563ef4f318f6ea54

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
f26b1c4203ec447922f634512345451e

SHA1
a69e3d11d17cdcac714c177ced2c17068c326aa8

SHA256
d5e2cba5f0b11db8bcb4fcf66c6cb52097c771099d3a598adae5dbfae1e28700

SHA512
fe7aa41faceb5dbfc3b07013af903ad229e272b8e858c69ec4aef6872779a2f96fd38914ddb8c030944d95dc4866c9705cd0ef3f48d6cb817c143f7c31a4aceb

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
bd73b367f1ce5b2ca05283c558ab88cb

SHA1
f0ab925630ebc885e524be80a4eb39e81082434b

SHA256
b77a10669875d5056bb44ab2e49ddefba3c524bcca6138cd0868b49004396d16

SHA512
2177101c49519d347f6b15da685420bf0235996351956dd6a53caff9d9edb0741e789b9092ef60c8623e0af2b0adb9dd18f5f57bfb365f4bd9732f271d9ed0cc

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
95fbbff591e0ceba09e7ca7894219be3

SHA1
dc1b14965e6c36637c900ece39e498821bf88bb2

SHA256
df229ef5e61e64af738ff71e4a53b30014b070ce991ef99f867addee289cf2dd

SHA512
182da60fd7f726ab4bf2837944a720f29c0f6955b224d11ca86bbcde2ba24a369740e24bbf3195c5441ddc0abb146715b16a6179a2970c9f4edee2b14384a6ca

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
c60da910c9ae5343f6a363f9aabe6230

SHA1
aa4c0d17e4b808e07a200f288f404817cfae7647

SHA256
fa259c76102c07a8008760ed97e5df9abc0457ed53983079fc6b7bd9f599db0b

SHA512
e49e6bc0e0bf4d91322eedf03db147c21957603c7f93401f64d4f32acad7586dc65e3e6f6e2be76e112ec2e51849e89276b1596eddf3b95b2a543a6ce3b436c2

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
28b43e59f07ec6b428dd079109d8d641

SHA1
2422ea39b55b2bff70cfdee5ec2951f6ec59f539

SHA256
e6def07ec71d1fb348a2221aa63b87b66e8f02d9cb9070057192b23aae754b0e

SHA512
21dd1d01b940f8c9e2813f86a1ca053a8ccd305d800ebe26becf8fa4a1fd55b8294167dfd2bb1cc273705ca4a93d1e3536090f57df66f82e08ba648878e30894

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
ec485f9453aec94fdd94fdb9a14e5aa4

SHA1
1380d6ea0a28b9732d3b3e6df2eed9d017beea07

SHA256
09026ce9463ddefae90067a3457bb3ba08092e00fa59d29dab0415b35019a93a

SHA512
c2efef59496d938c2bafcf3f34fa2c6102427ce0054127f3d108b63d3cb99261c24243f778c979567df233fec418526b867f323dcf35fd29c536073a47062093

Download Submit
/data/data/com.systemservice/files/PersistedInstallation1762903448010250923tmp

Filesize
90B

MD5
3513bc78b4ca32d6fddf8584b2363326

SHA1
f7e0c163c035e5a92dab6f599883817750d59a55

SHA256
0fc9da5aa1c4d06a716c754376dc566029d858ad35277b89d84d805e5a2cc5cf

SHA512
cb8ebcfef66f158223c06ae11f4d40f2e7947465c942ab7486bc10a399e17d96a442a96e6f5757f4e71d832ed985f588acfbbad695e812f485e2447267ef9d6e

Download Submit
/data/data/com.systemservice/files/PersistedInstallation4313073342174256654tmp

Filesize
556B

MD5
a3769858c423eba40d9cc785fb13c357

SHA1
02e9583c09420c05aa7635c90a88e9833ce0f043

SHA256
738a82147869794830c6ca9210771dda7c67ec45d1fc29f40a2ef0c6fa5ab902

SHA512
115b4404cbe5f0cce1db9a890b388b6d5797ff2e9e094242702910a042995d0b39058f612c53bf3e9faac03b3e7fbf136bfa4c27d270461946b053b214b0874c

Download Submit
/data/data/com.systemservice/log/log4j.txt

Filesize
6KB

MD5
809d93f87e9576e7734a3dccf1d207c0

SHA1
1774d1d3c8db7061aeccb3567c260cde37329981

SHA256
e109800da72bd5801b7fa8fb3927688bfc8a4ac2d50cb93f6c392ff01a48d14c

SHA512
b253fef3d451c9e7a26be8f6c015d446068ac9070737c3ddc61daee88b73da2044d4056a88e9c36c1d41331a21082797d6b1bd1ca2a35230bc4bad20c8ccfc69

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads