truthspy | 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c

Analysis

max time kernel
16s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
02/01/2025, 02:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c.apk
Size

3.6MB
MD5

0366ae0abf0ada8aed90322bfe07dfd5
SHA1

2f0779ce64f02944e87674745cb446c5bc620607
SHA256

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c
SHA512

52f50f2f847628b1fb498784660050a6f189d8c7cc520c0d3a06ca28cc35ee4961d0a3daca71a540e263ab930ab629b884c3ff187d4abcd8f58549fdf87f9677
SSDEEP

98304:mD/SWbGiowrvH6Odp/9hBbW+te6lXhAyHtu:mWWbGjuvl9jS+oSc

Score

10^/10

truthspy banker collection credential_access discovery evasion impact infostealer persistence spyware trojan

Malware Config

Extracted

Family

truthspy

http://protocol-a100.phoneparental.com/protocols

Signatures

Truthspy
Truthspy is an Android stalkerware.
trojan infostealer spyware truthspy
Truthspy family
truthspy

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.systemservice

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.systemservice

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.systemservice

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.systemservice

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.systemservice

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.systemservice

com.systemservice
1⤵
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4261

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Clipboard Data

T1414

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.systemservice/databases/com.google.android.datatransport.events

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
5603453f2b9ae63c1a794ed2cf784311

SHA1
e1df180303b29f6ac30e002f00588d0fa366799b

SHA256
51ce8e8ee8d0872ed9b51e61dc14121bd98f7789a6cde35aa01ddfff0da04d5e

SHA512
112461fa023e6d800ddb398d3a0dd63563f923f689a62fd218191ada2a7917f9509417538687c7ca858b07cf1cdd70a243c4c4982f0453f77f739f87446855f6

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-wal

Filesize
68KB

MD5
cd1935fafb16e066135727cf70d17c63

SHA1
0677e072590c8dec79a26f4bdb01b8d7992f928d

SHA256
00a46887d265fcbfa15fe07db749f6e11746d2650510d59a101d111a9a84809e

SHA512
c162b51f3a4d50d586e29303faaf288aa7332285677d6a1f8acc4c7d4a5a2186860825dbcce903cb7a1808f5676af8c2b2e48df97becc7abe037e2a2eda2ad04

Download Submit
/data/data/com.systemservice/databases/core.db

Filesize
36KB

MD5
045489a0639eee27bca52f48828cd93d

SHA1
436e7966e7c019273c44faa4d8c5709b816dfda3

SHA256
0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

SHA512
c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7237409e0640cfab7bdbd429bf821a3b

SHA1
4c3da934842f8d4835dfe2a9c275a300e5123309

SHA256
5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

SHA512
c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
2a0e69d05ae9b09769342018c8fb4c81

SHA1
1ba27af44c0766386f43f14594885c5f84aa4840

SHA256
7f46ef09b71b9bfddbb5f46736b73c4657e4c1d2a0a030d4514db8c1fac6427a

SHA512
dcbff07b30b9963f90cd8da5464818b7c1ce93155b9c9c9e18dc20bafe4119c0660e67b38db473d73540060783265a0e6be4abb5fede49df372887a262820e29

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7b5c9b85fad93a6c66b81f8b5fa1ed4a

SHA1
19c086f63dacdaa599a03500d8dbed422d261cde

SHA256
7e585ae7653f57ef5651f75d9e4b0225dd482e30f225d24f998df3322bcc8313

SHA512
c0616a97fe8ebc1db3b39a9fe422782bf517179162919d23aca42d94740d7b2d11049fbb5c1f05e8d7e5ab61fe130a0e527827a596ef963a8a4e6ef3e0f3b057

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
cd55c2056b3f1c77106e1d05771b6d2d

SHA1
01f616cbdd02f112a659145fe095a4b43f95e165

SHA256
2de84a04089987d46406b7a4b5dec210ac6eacc0764732b1737088533729c2d9

SHA512
03bb6b8207170670d6f3005741d6afca2d36122de445f8611d7c655934e9bda8adec9bd5edc9fc83e1b48b701422fb7cd38ada82b2da0226b775c3f27827bfd5

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
76ed909f47457976b8a3c7048934dcde

SHA1
b8ddd4790ddea60fe54a6f7f42fa2ca3edf861c9

SHA256
02a659c9bc899bab40ae6bac55b9f9687166ffc0aecc044e634d8408d30f873b

SHA512
3389c4ad24eba1e1087b672fd6d29dea9d8176d71c69eff68044a7ebf9f5c77828af44b7df4f7be8247e0693cc2b19fa3429cc45d0f78b6ab2db424c4c409f6d

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
835cfc7decf507cdc5e54f602e3f9699

SHA1
4a55d424cb32e766554672cb2d0b3804fc47552f

SHA256
29257dbf2b37d226ace65bd68d001398801235d93ed830a35435bd4bab4de852

SHA512
2ab470c2200d97b545693a4cdc661100e46b0299f3d3890773681bc5f22f29eeda6b6a83a5c627fa22119726f3ce78d40021362a3f018a4f3afb4a08476c253d

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
cfa39ad9897ec54f47f901b1f0786305

SHA1
397a5037e403429803bc97088579b03bd6d5d1d4

SHA256
7fee32134e67af3e363cbbd60108aa93dbb58fb8fff895878ba233208b6854bd

SHA512
a62cd104ed3eeaab38b2bfac3b685750a0325ba01f6e5a5ed51617defb4da0fd3acb825d2fd9d988345888896521466b84bb822901ab0c4b4d10474fd4b44728

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
5a64df7b82448bbf014f2be3a18110e5

SHA1
2fcaf98afc6f0b9f9d2a9a2d18f85e6ffb55699f

SHA256
46bafe610018ad16d8c36d1df9fa51f50cbe55f76747036c1bf050d7947f38ab

SHA512
37ec32dcfad8f93bdb4265777d5dcc255d19e422365f5ad294719932690b834af970df2cb87c6e491fd636048e4cbb18506898672b8542d2718a9276c1bc6c81

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
2ff6058fb99b67d3bed1c13b2ede89d2

SHA1
23c52e52b65b9658efb3e87c6b13d013d4540444

SHA256
741bacc8e5d283ccf00f8808882e7470d9a378a604fb98dab165a6687a9326b0

SHA512
bf978584b8d12098f0453509e658d25fda52b78de68d7347a6f4ca30fa39402b13448555690292dd2c5fdfe84b29878737ba98ee7578421bc3e067f9dd8de310

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
570854b9d99042f7940b7e94ac4b77d2

SHA1
c640a15bdc007ca961e2c8dc2ff3110aae2e0281

SHA256
3aa80e227307e5c7133b7dad77e9115d391daf7bb0f0bb03b2b8fc75fa061075

SHA512
4cc26f1ff82272d8e0c19152dc42f53dbb5f7e43a20870c28e1c1368d84e51949544b8c5b7e6bbb36a140ddfd61b646318ec7cde51557e653fb92fb1c88306e7

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
4db65f394f70f0c471efcb43e38805e7

SHA1
49292b5761481861e281566d7c893864faae2617

SHA256
a6b250c6cb47b3931e0f1230df674c2be996a0548bae2f52746e22e126d0f126

SHA512
6f4740e8bdfe52a7e46c98205f09eb174c0fe32d1c4de0590e4158e7ca3688529881810e56f084e0fe609e761457bd0fb49d67b0cc6feae63c2d7ce9dae8cf6d

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
258dd29c5e87411b4a308ff308bfcf9b

SHA1
88cb8079838bcbd94ad992f78e14f17b84bc9eb2

SHA256
e65ef0715c8f31a8f3e30954215096e204d70b64e16bb9bd3e8225ddfb379f5d

SHA512
74c300cce3268a423fcd5a6ef75fd3b017fbadbea1acaa1b948325d5fc1c1c1431a27e5b36a0ab3e6944a614eb4a7380913d75810fb4108cc8ee9a232f71d189

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
5d1c689e9474d1bc5798d7e7f60fdd7e

SHA1
212fcdf54b7eb29b797a4441f7f0780ef0c7b449

SHA256
9082460f518184b1adf7b21fdd56adffeb5951c2ff842d850b490ecbbc5f2eff

SHA512
524b559561b1c07cf5525769a45a5e4303a1e09e9488c9ab91050aa9b59d7e97846c821d79bf63b0c25b39b2ec9061ebdf4c6aa40967117e73763feeb07ed5cc

Download Submit
/data/data/com.systemservice/files/PersistedInstallation8452759186812795043tmp

Filesize
556B

MD5
9d249f4949fcba0ff1c7704c2e372e15

SHA1
f4c24592a10fc903ccd2d9a8b88f3bf473ceeefd

SHA256
c402bece7675bc2c8e4c89c8dacc368eea2ee1e4733d3565dbcd5e27e1a9a89d

SHA512
1ff9276cf08cf46a505e29f7ab77a26634c823a7925eaaf1e4f65608a1cd32784118126402b031b395fce7da9c9b5f3ea3313db39651d39233fb923b76fb89d3

Download Submit
/data/data/com.systemservice/files/PersistedInstallation8925455214560406189tmp

Filesize
90B

MD5
521581b732844d3e1274c159ab370fb7

SHA1
ccb8fbf797bebbcde5fb616add835468025e407d

SHA256
a5a5aff9be69aed57076bb498b737717530b3e1c74668f586071d7c7ad0db5a4

SHA512
23eae5a9b6588b6f251170b7abd383c6d27fc71043cc1d7d83a8ae5912d12bd566e87f6a92c7e81551f5fc4b485ee6840035df2bf0dd9ddbb8a77f93eae06b94

Download Submit
/data/data/com.systemservice/log/log4j.txt

Filesize
3KB

MD5
7e9317cfa151ac3bdd444e09698015c5

SHA1
c3cf3e02fdb80418f451d7ea8f49fa84bce6f535

SHA256
29713e62052eb393c54b7234ce23a077353b027ab7823ae78d1b538711366c62

SHA512
7a800479527f87ba123a4fe9618fa3e15ce78f06de6f6ab74f7c2556e1cea9bd80bad5fcf4f9888776c777f0d4d15183dd780cdf91154c4924c0b8a270fb7496

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads