truthspy | 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c

Analysis

max time kernel
68s
max time network
154s
platform
android-10_x64
resource
android-x64-20240910-en
resource tags

arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system
submitted
01-01-2025 02:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c.apk
Size

3.6MB
MD5

0366ae0abf0ada8aed90322bfe07dfd5
SHA1

2f0779ce64f02944e87674745cb446c5bc620607
SHA256

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c
SHA512

52f50f2f847628b1fb498784660050a6f189d8c7cc520c0d3a06ca28cc35ee4961d0a3daca71a540e263ab930ab629b884c3ff187d4abcd8f58549fdf87f9677
SSDEEP

98304:mD/SWbGiowrvH6Odp/9hBbW+te6lXhAyHtu:mWWbGjuvl9jS+oSc

Score

10^/10

truthspy banker collection credential_access discovery evasion infostealer persistence spyware trojan

Malware Config

Extracted

Family

truthspy

http://protocol-a100.phoneparental.com/protocols

Signatures

Truthspy
Truthspy is an Android stalkerware.
trojan infostealer spyware truthspy
Truthspy family
truthspy

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.systemservice

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.systemservice

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.systemservice

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.systemservice

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.systemservice

com.systemservice
1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:5242

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Connections Discovery

T1421

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.systemservice/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
95e9f8894073bbff27913c375f150b4e

SHA1
78d0f88130e96d022e5af9d7b7a529fb3466ff19

SHA256
1eeb7cb45e62aca9166431647eb43fd78fa62822051fd91dcfa1a8f16a0ddc72

SHA512
1f148d8ade3fe78694a96d187be196bb064a99d3c6c08da806eb0acc066a47a1f6a792d4a24406792d4916cc1498ce339149c24288f134a7d45d2fc1bfcdb7ae

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
4a129ec7b322cfe3b09e2ae3ddde9fce

SHA1
9d1f3cea9d908a53f58f240566971247b8d2a0cd

SHA256
be71eb63257e5fe79dd40b63672b25a7f19d22905faa0b5405f55f1940e08f63

SHA512
b61eebaf6a16daccfaf36462dfb08725f5b59389133b17670ca9b182afa66a62f136185c936d9083c0f0176cb5b048936a6a74fe87e1d47a010bb047cb415925

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
af429626692ab9983efa6a52d3b11e8c

SHA1
b6f478558bd79c914373c66fbaaa45a7805dc134

SHA256
b04bc6d0c05a27bd636e61413f1fb7478c149dd7325d9976b39b0625461e9e26

SHA512
1cc2f50b3f8fc9babab58bda55722bbcbe8069414a3ee8d371e9f476afe072805db14090932a7accf1ed973a9fcb010c03d821e8f6cc0506f011a688e7f487b5

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
476695267c3ea037f6172f7cc53269d6

SHA1
5a2160ef8c6acdb41a9a27a95a98613ecb04dc92

SHA256
fd874472a20414253040103281892c82815062357d9db7d0db5ab1bb35b54d4a

SHA512
b6f919ee8543be736df8a2dfc856656dbef2b8423e94f0dd7d6c1724db0c01d4ed9f062a2cd28b33e61280f30f07a1e6c3bf4fa4db4c4f14d7d642a00f969620

Download Submit
/data/data/com.systemservice/databases/core.db

Filesize
36KB

MD5
045489a0639eee27bca52f48828cd93d

SHA1
436e7966e7c019273c44faa4d8c5709b816dfda3

SHA256
0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

SHA512
c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
eb52a90bb70b76e946b62f50b6f7fb85

SHA1
42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0

SHA256
48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4

SHA512
b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
9018e8f069b68bc0ac0dcf290c5ccc1b

SHA1
227115b05912545fce48dc64337af6edecf2bc0c

SHA256
b501dbe0906d98a8de5782cca414806f91699e2f903238973647b02f21ad5d0c

SHA512
e82dc11f758d6ed6d5aecfde549a115f9fe4fe339908c87372909a1f442218faf9efeff59849e2fd499e7ae441928769abb3928a067ed3e7b96ec419b84af939

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d8a055169f019e35a64d7a4fdd1a3873

SHA1
98d8d3bb4b4266b0725e8940b10cc7598f5f6eda

SHA256
ca8d6ba5736bd28c07253f1f6c511651444f504a71496017c657ce06aac9d45e

SHA512
d2e51f56b9bb1ac6ac30e1195fc7e12b696afc257f49575552ebcc00bc92b04303105f40f54d734a08780eefc007737840fa10aba5a10575533e61cb710bbd54

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
a3e8383b397d7a3936a761371025e609

SHA1
7f7056f059ec5eac3f4502e11efcef9ada8544d7

SHA256
6a93bf4099a123c387a28d14ecc7f5ed4b3086e02379ede80a5a68348ee4d2bd

SHA512
3b48fdbf9521cdddbf94c0031ca885e41417ec4f27f178cb38e4e03bf159607fb588d5075f69677a4dff1b23478c74b49f7a348fe121da2e94ec2aae16fab175

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
e4de923a00b5eba86ea52d240beed1c4

SHA1
f19ad1ba40a54b4e7d3bc7c69e6882639e365ca9

SHA256
ad58d5ce647982348a4c019bfea0adff5e2b451240af842b1fdf7c9d4f0f2ec2

SHA512
ebb0a01c0ddf8428de29791f88922b8219ac3bfe1b8e00862e1b05c4c69c915cefdceedde23f7724655c1f36212f62f7bfa9cf67b529ce1599c5e5c32ebd2061

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
f871ff700510a56a54fdd56bc41b7541

SHA1
481548c8bc3254a00f497140278597b915460c48

SHA256
ab18f3bb605f3cbedaffc75b2d5a03fe21ab82179d268331ea907bdcd32c23fa

SHA512
12e3d348199566e137f02b63e4c8b4c722aa086128c0f1cea883d512075b8573d40d889d2b4452d9e3d9c02f523716da9775d93750c242a1a2d9e62f50f60fc5

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
bafc018f48f9634b4b58399d78ced848

SHA1
7ad8a673391c69559af4258b056cf101ef2f311d

SHA256
c24ea786aca23e89af12cda2a705098d40b397c7e2f4714c61a01f40afed9fd2

SHA512
3c0d82fd805d086899a3426e87fc209bc27cc38369063e44f42cc41fc5cfcfddc734b445e3ebaddf0efe8fe9c7a482e29d02e230d0d2939c9f28cc1d2b2c0b08

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
85c6eab1a9f8c813f1de1bf3fe20eec1

SHA1
22abcc77e90d78f7eacdd27bf824d92bb99b0fac

SHA256
763fb3b93809f791a1b58318871cedc545ea0959dce78084b13f528ea0d45641

SHA512
52ebe31aeccd5e43b38ee8be48738de4c19f6c56727c608d4e29b3b1b6f9c85286856082bcf926c3ffe4dcc62e2f954317598e4af646b703e6722602262e66bf

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
bcdf013be19a18f1111397d903aa30f5

SHA1
5f22e7d84419a55c214c39c03b441e0464466934

SHA256
42cb5bba25bfcec344101b771fb769ddaa506b0f6ae2ae02213b0d514d8e318b

SHA512
ea8f1c5d260786f1045842795e6624125f1c33559d8cbb5eda582d9b85d3c19e13672a17aa622b6fa38108e6552a7b5f53152b6cc9f6024dfb62f7d9842369c2

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
3373a51f531e84bd7423db6f37aa475a

SHA1
59195039f4bb6e7e2988d4142ad690758e5b335d

SHA256
565314b22e938d728fb4890a5a82a35301a567b04a70b5e5c494f86364dea527

SHA512
139d177c7c16e95d798c01d850f1653b891af0712e5c7e171eb2cfbcc3541749b5d2c37d6a8d2f011a453f79f50c010fad887e0abdecd8872765c03993181ff3

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
6aee96b7384a43aee5db90d3b17df476

SHA1
af86bac68308b62f299148f6dbf2e003265ec6bd

SHA256
ed647d4ee05458d4a2fcb5c77cbe4c4e4498cb805c74e6b24d9911224212020e

SHA512
71141c50190fea1c964ae345b4db118bfdf70efb2e79faef220dc84b864afc32d54f0f401bd4382a0cb21fb503254aa390db01203482e5bb30e9a0ae7dac14de

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
d5e175d43a763d0e95b57e83f6a91cf6

SHA1
2a1e6a475ee8eff4e86c6ce9c62e0ed2f794d723

SHA256
b6f02a6fd6db809c79001f12ba7431f2eb0e23949ee38b2cd611bf53a2757675

SHA512
c9d1316d30560383ab5ddc6b67cd7bdcac9c9d3a54661905c21134cb4fbe72cc029eb0ac415c299367aee9a0c2e29f95ed624abb804d29f15ef389568eeae879

Download Submit
/data/data/com.systemservice/files/PersistedInstallation3475470655275872918tmp

Filesize
90B

MD5
43424c805c378848fd3998771d9b29f8

SHA1
843469ddf23105fe18e14bb6cc93cae165201b15

SHA256
6ddc413b559b175691db12f20413d270a5193ab7b63b4b91f7d970c311dbb585

SHA512
ad66bb959cae559b34cd1823526096434a4e947ed2b7eb5218d3f745cebe40b3364a1499e38cde5828e9d4ce579afcabf82f15bf7514e73a4523b5a7f1120480

Download Submit
/data/data/com.systemservice/files/PersistedInstallation5726821694173664611tmp

Filesize
557B

MD5
a34abdbd415c4bb5a7c81b90a117ce07

SHA1
f2e300e6bc5a20220243b58fc4ed31b207797059

SHA256
0a3c01765264bd377e90dc52e76862b2adefc5b1941701d083768035a4a10f77

SHA512
c6e93b903073168461d885fbcf06869753f079911ad1c59bf0acc9c17ce9928cd5e971ea5b3e71d7be781ae3f94e25417f01624da44c33c892824b14d0f5f1a7

Download Submit
/data/data/com.systemservice/log/log4j.txt

Filesize
6KB

MD5
146334dee72a9f1c7ba93cbfbe7e5a95

SHA1
9028fb47c832d089cb211053ba68762c5ad646df

SHA256
c6f29ef5ebaee1412a20d86bc6bc95ab1491cfaaa752c67aa86d60e46e0d47bc

SHA512
2d898704f6b1bdb6adf7a09c04aa7ea3d4fced1d6c36f06c4ab96047013a1bace5612ac2ba7f0a9c78698c06ef15ab2e5766526b9dbcbaa2f1665e581e6e6ca1

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads