truthspy | 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c

Analysis

max time kernel
17s
max time network
156s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
02-01-2025 02:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c.apk
Size

3.6MB
MD5

0366ae0abf0ada8aed90322bfe07dfd5
SHA1

2f0779ce64f02944e87674745cb446c5bc620607
SHA256

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c
SHA512

52f50f2f847628b1fb498784660050a6f189d8c7cc520c0d3a06ca28cc35ee4961d0a3daca71a540e263ab930ab629b884c3ff187d4abcd8f58549fdf87f9677
SSDEEP

98304:mD/SWbGiowrvH6Odp/9hBbW+te6lXhAyHtu:mWWbGjuvl9jS+oSc

Score

10^/10

truthspy banker collection credential_access discovery evasion infostealer persistence spyware trojan

Malware Config

Extracted

Family

truthspy

http://protocol-a100.phoneparental.com/protocols

Signatures

Truthspy
Truthspy is an Android stalkerware.
trojan infostealer spyware truthspy
Truthspy family
truthspy

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.systemservice

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.systemservice

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.systemservice

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.systemservice

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.systemservice

com.systemservice
1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4941

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Connections Discovery

T1421

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.systemservice/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
c8f251619dd6e5ee388267baba1a4731

SHA1
38f21565fa7ad5a960dee2073ee1d4f3282e7c27

SHA256
12d5efc84f7d44570aec51a783bb60cc1fa56a9844098af741f1b143aca05f09

SHA512
59d964c6eae5f1f24e4ee622219f29f7a955feb61587982395e50e36eb84ef703c7628960a350c5da09675bf3074cbc22780e5ba0fab24c47f9bfe97ee3c5f72

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
47aa6064bb08205e41bf05eb846f9854

SHA1
af7fd77256c6fabb5eb06a3f513662bc2d55a7ec

SHA256
7bbadb09e0e05a38bbbb6ac5812b713e40e0f3ab51805aa46a114b10968e8ffd

SHA512
3b83d1134c9a9a00f7a76e365c4899f0bbdcbc7bf4f38ac646a399da469ffa7c3166a7392af931a7f73a685eb0fbe5898b8ff0b897d889efa61076cc743172fd

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
373e708c8757d7afc9520cda16844536

SHA1
2a3a59e0f401ff4f249d8ef23d45ca74f184ca16

SHA256
912f1e1351286bfdaa8e336b4c069aa87cb0681c39a769d2863449d280390fcd

SHA512
33eee39ad8717bfce67c9d5bc6e680d70e2bde1fb9d5e2ffad82e8ec5dc0e8c0d9999fb7698ecd0db052e3b5cd545f065e906e25cbf03f032e43137361473780

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
fb71a6f3db2d597e2f782bb1b77cca02

SHA1
401e04c4b691ee73dd63280b1bcff33264bc5ddd

SHA256
012a4aa744887147ec943ae677d99fac8c2b5499d313bfaa7ddca1f13ce7d598

SHA512
25154a31cf951960cf39445966bf0103fb21c1315aedf98afb449fbc7d39c2c520a4195057a7dcb8e348433b889f229dfa2af014363ae7fdd4731305f8371949

Download Submit
/data/data/com.systemservice/databases/core.db

Filesize
36KB

MD5
045489a0639eee27bca52f48828cd93d

SHA1
436e7966e7c019273c44faa4d8c5709b816dfda3

SHA256
0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

SHA512
c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
eb52a90bb70b76e946b62f50b6f7fb85

SHA1
42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0

SHA256
48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4

SHA512
b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
18bd38acd425f4edd6e2041211eefd12

SHA1
f00c2760ac9d6a3804ea8823821ba5e85539b44c

SHA256
4827f3cd0a3ac317f54222384949a667dd362bd68fd7c23ec6ae0980eab0adbf

SHA512
52788e295194c280fff2e3a3ceed4eb5efb842d911ad8e734e2f0322edeb8993dcddf23411cd0e83fa49952411b0911dbc940e4feaa9389266a0de1ff074b449

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
c8b48f157529abc1528fa4e86b992708

SHA1
ab1c876f9e772ca2da96dc408e40063d9cf34729

SHA256
7d52e13c97e5150545d8f63be0089562f29c2fed86217dfd434a5a5c75d1d521

SHA512
0e4573b8ebf7e11987206797a3095c4eca0d9e1188abfcffbe2d9ae6c61ac9d7e2eb237d104d7931acc1631cf2c0730ef8825a2202bbf69245d4f22741a003d1

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
f54bbe06fd76da25d86d5dc5e671ede1

SHA1
ebb562c0b484b820b4da71ad8ec9718bd59f5b8b

SHA256
5fae2e32e5fa0f5d6254d43f9ebaf8e090ea394a28a1e6983376ed5feff88a5e

SHA512
6d6360ab4356cc5a62790199ea1a1fd80d6a3afdbf705336fad043d1a0273bb302396b41bcc082d8aadcdff046ad4c6bb8dfd6917b953307bcb1b5976dd48b9e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
4faaece131d7514627bbaaf96dfe5992

SHA1
fcbc8979a3d55a4415c9a192c63987827f373dc7

SHA256
a10567e2f5a7bee58ef412e279bed6cae05e05f7505114a63b7b26da1695dfc5

SHA512
30507106e6f350c1fdf44157ffa9f9246ad87ebcd8a48d13ce0abb417e506fbaf9905a4bf298161d2c929c3d978eb8571c8027bf3be7d278f150a58f13842155

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
f871ff700510a56a54fdd56bc41b7541

SHA1
481548c8bc3254a00f497140278597b915460c48

SHA256
ab18f3bb605f3cbedaffc75b2d5a03fe21ab82179d268331ea907bdcd32c23fa

SHA512
12e3d348199566e137f02b63e4c8b4c722aa086128c0f1cea883d512075b8573d40d889d2b4452d9e3d9c02f523716da9775d93750c242a1a2d9e62f50f60fc5

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
0efdea92d05a1482425cf2c3e2531298

SHA1
94d0b477df178fb58591c000e743ae6358cd74c5

SHA256
7e9c2ffd1a9b539432ca7225138589ccac1fd6f376108a7aed0a346a943bbc70

SHA512
a82951206b420e0e4aba655f45ba64749b97d1791ebb8bf9a4bcf8a96cb93d0b2925b7b4a3652acfeb2c19a9dcda96b2910a170fbd01845e2da817e7682be945

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
eb36b8bd586f1c7fc5347d552f8100e2

SHA1
5774e6624daf3af8a6b8328e5f1978122dc45b47

SHA256
6d36df63914343244210f845c197bb2c0b0274a533e1e9dc4b34e6a66e459594

SHA512
da37f156f54d4360634b6e5621888a80cc406685c67cf08742509022e7f0f1bd42fecd45bbcc79d5cb1c31fa7d8d2fbc0d731acb741e5bc5fa432af24c0b27f9

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
116da94827b1e50fefa5270c3276e275

SHA1
2dab83fbf032bb2b6d9dcf30009fb466663f4e48

SHA256
560bb0c39c9e7ee1be3d8a3d074bc8fa4c6e9c8174a73537572474a75c1f18ab

SHA512
3882d19decf46908eb2ace7af95e591897d7ac54c580210c572fb1ff07aac39e0ac6c1a751bcbb388a00ba9cd90054e8a62b7ed17a9dfe48f931ecea092f1b04

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
11ef424ee89fdc8f247e3fdb02c2a826

SHA1
3459613b7e9b6d4f239029e8b4c34fab20a6c480

SHA256
6300d0d53fbe78bcc1479870f2bc70c08e4e09ab15dda33adc503de63643cf70

SHA512
b3e77473b77d089a85407dc0c03cad3e5830f956a0bdc2c3a2b65f052e96e14dbf0eb9528e0278ae793e7adc8de38c040ef6bde63af2a68a92d4e28c49f03aa3

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
18cf85c0b51f6f122a313a5faf860566

SHA1
49d67064f0d8a5fa6b8199222ad4cfd8c58c3f7c

SHA256
8642745859412d9129eb124b040c8e8525e7b81b6f33024873383cbacea663ab

SHA512
f8a7ec4081341a5d5f3a91746f8845cfec410d2d5da1160e59371c74c165b1c95691ed9aad5c905da17e5ad64abf469c689eb88fb1ee33936c0c0c567ab935d9

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
2b4de818e083e1dc5c298bb2971bc5c0

SHA1
3c4d9b75a2715c7a60e1eaf3e32106e8e4e90e5d

SHA256
cd60b8fbfd7f75c2d53d8b4b4583f845ecd2b53e03b2ce3aef107565658d620f

SHA512
04f3e80467bde168bead96d98f6476846365ac2b497173b8312cc0be13f43e9b3934668ada2ab9e299b6b2a3fa2f33e4e85b54e22717f507360309e4a56c1980

Download Submit
/data/data/com.systemservice/files/PersistedInstallation8333623987095920046tmp

Filesize
556B

MD5
c46eed34c61ab61d9486d751df5a0728

SHA1
9fdecbe0138eb771b967543cc421ba2fb4e81ea9

SHA256
3cf0d53ea6d0932348f40455814ebe878c9e280b85db4bf350a414fdfc04857a

SHA512
80b5cb2c1c830ad47746d15ae7574c93ecc74d2ca4a7b3c718c747948cba42fba7cbd2584ec3588acd0dfc9ec59d4f92457abd8e350fb89e57a51146f367ccf3

Download Submit
/data/data/com.systemservice/files/PersistedInstallation8663649691732960925tmp

Filesize
90B

MD5
e51b8ce1ccc3295ab460e4d79f2ad9bb

SHA1
2d4d8e7f7b0b1ad52ea42014f886fc014d2c7b41

SHA256
9d9fa04546ba35d64a98efc4d7c08fadc5893555c47fb9540a79b2dc97534784

SHA512
433fbda6753bc02943cee4d6e03dcf2607ffaaf5e6ea4d22ae43c8bf6588cf03ee49c2283b3ab0cd5f6336c76746fd82020d86f3927d0ff2d66879b85e1cd09b

Download Submit
/data/data/com.systemservice/log/log4j.txt

Filesize
6KB

MD5
101fff4877a4a47fbaaee886ad86a8b2

SHA1
74f9af3021f268e73d7d3fe713cb4059f8425ca9

SHA256
42d91a18057db325215b887fb15431be4fcfc929d1a372da374add369afc3fbe

SHA512
f60ccf2f2e7de7732055e56bdc4fbce081b103b074b258ac571b62ea39a30dd6858e5f4022dd328994a75171eaa5ffd9bb2939dd4d64fe85009d73f2eef72691

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads