truthspy | 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c

Analysis

max time kernel
16s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
03/01/2025, 02:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c.apk
Size

3.6MB
MD5

0366ae0abf0ada8aed90322bfe07dfd5
SHA1

2f0779ce64f02944e87674745cb446c5bc620607
SHA256

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c
SHA512

52f50f2f847628b1fb498784660050a6f189d8c7cc520c0d3a06ca28cc35ee4961d0a3daca71a540e263ab930ab629b884c3ff187d4abcd8f58549fdf87f9677
SSDEEP

98304:mD/SWbGiowrvH6Odp/9hBbW+te6lXhAyHtu:mWWbGjuvl9jS+oSc

Score

10^/10

truthspy banker collection credential_access discovery evasion impact infostealer persistence spyware trojan

Malware Config

Extracted

Family

truthspy

http://protocol-a100.phoneparental.com/protocols

Signatures

Truthspy
Truthspy is an Android stalkerware.
trojan infostealer spyware truthspy
Truthspy family
truthspy

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.systemservice

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.systemservice

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.systemservice

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.systemservice

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.systemservice

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.systemservice

com.systemservice
1⤵
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4261

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Clipboard Data

T1414

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.systemservice/databases/com.google.android.datatransport.events

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
029e1ee4a24cef5f91c3040a89b37a66

SHA1
24075ca3187e92998438badb9ff0117e061056f2

SHA256
3a7a3a9517019c217e732dfdd8ee88d1c18043c91f841900ef0bdc03a53e47af

SHA512
25373dcb7fe21d68921371a61e58cb313905743780922fbbaa025aa6a603cf887bf6fe29b5532eb4b613225b80131699ad20fdd2be235c9f5dd9022318c0f40c

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-wal

Filesize
68KB

MD5
18083b3f312ace1149f6e6ef6917fad1

SHA1
e2b686f17444b8df3f69bd1356b97edf30fa273c

SHA256
8243939a20bfe8fbc71a1b0b040592eeb8c68e33753db1749e5c150a9f117ed7

SHA512
fe23ebd0bcba6429531103975c3a6c236b5a747dabf3b91dd1aa32026c4cc6ca7744268ea31a474d2e537619191a71da01ff608be6cd124ac6ba42a4ac3fa6ad

Download Submit
/data/data/com.systemservice/databases/core.db

Filesize
36KB

MD5
045489a0639eee27bca52f48828cd93d

SHA1
436e7966e7c019273c44faa4d8c5709b816dfda3

SHA256
0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

SHA512
c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7237409e0640cfab7bdbd429bf821a3b

SHA1
4c3da934842f8d4835dfe2a9c275a300e5123309

SHA256
5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

SHA512
c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
aba663f9d4da232f53193e7c11d5ad98

SHA1
867f52525591b083f0abd160fae88531bfcc6a0c

SHA256
650d5ed0f74e7ffb05e263fe966cffe7779e70e2a2c3653f542874952044a831

SHA512
d93be099e3c3c19b0864ef07a139924daed6407c21487e4ae703665425d2a312d4e7186e102f1346497196b5d52e936abf18da6ed269a31e893210281bbb1097

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
b1c7c152efeb0c48ce1cd63036b93c84

SHA1
aa459692ae09dfc7ae07d8410698d51bf5977515

SHA256
dfe40b5d0455dd9c8cb86e68dc8f9374a043567fc4b7e54be00b938f5a5b4e00

SHA512
7dfaf9cdb0ee096444db6da248fd21c85abb5dfb8d262f5443a5f2a66599db091d30c097a14f39a08b032336b618da48016e1676050f724c5bef965b79af855d

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
631109a555539a1714d3dc922acae65e

SHA1
ecb52256d3b7a5b2489a94d7dde4bf189c1e9eee

SHA256
591a898e670659b62d62818509952eccda3258d399a0e991001fe304362958ca

SHA512
a12c319ad49f24e4287281c7c625520a21ce05fb6c3086fd12160c4635218c4f54ab6ea02067ab628b207ea2eeccca4d3b89f02c5333baa617ec7b9b57d20676

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
a34d811406b3873b935553df4d468232

SHA1
8b3a5496735af0c7924d92cf9cc36bc33ab7952e

SHA256
cc826b35f1c8089206bd0be53d254c50f66282f980293237c020e5097259bd73

SHA512
df88a8c5b01cbd46c52dff038014bfba559d0044e1ce97641d22ced8bf1f6bbf15d22969bf7534b2f005f28ecfa1e4acb76e7ac997d58108792ed2a8d7707622

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
835cfc7decf507cdc5e54f602e3f9699

SHA1
4a55d424cb32e766554672cb2d0b3804fc47552f

SHA256
29257dbf2b37d226ace65bd68d001398801235d93ed830a35435bd4bab4de852

SHA512
2ab470c2200d97b545693a4cdc661100e46b0299f3d3890773681bc5f22f29eeda6b6a83a5c627fa22119726f3ce78d40021362a3f018a4f3afb4a08476c253d

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
6ea8313f6a2a86d8b977eeb440a6936b

SHA1
16e5eb84e6a1e15df98ef01ab5448e523d8b29d3

SHA256
d0e42024b9ee1e126e2e3f458c0ba68bac7e1248d99fda7d492478bde7d958c0

SHA512
fd87df811b8bfc3cfd72d7ddeded694983f2529c1fb9dc4b7a72deb97581a5d43da8d36eb849b31aa8131900ae9b8671e6c35c560323744491110b9587e56489

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
4eb069fd90b66be8b9b05441c4964805

SHA1
7e5766bc324f6e811004bf626b17d716f181e370

SHA256
c89bae8b19ea4e2ec94dc0c4c3c3bd54d87fa69303800593773d927c6555e8d2

SHA512
caca75211a6398b203d2075b74400ce784c9e6f3d41484504d33746c206c8cbcfc6ea6d9992bb09005f1ea89e1a3c23190cbe9c3f36c7d42e6549f0263cf51ff

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
58f59ef09f8ca8cad372ff1ca9e315b5

SHA1
2dade251a6271adbcf393961b54ff150d84fe401

SHA256
dd24b97a87b7f2e2c6cc06ce220b7be38d0ffbd3982d9bacc3354ca7fc1f482d

SHA512
817d935746677e6799572ae88dfeeca7c8256273fe1a3e7b85401c15bd9dfd28799d5e7026eabbb1583c090d806742b909cc054e428e8e2ea573b687907f6be9

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
367d7fc27dce1155ba9d42726bd54c77

SHA1
8ab45e83e31ed35528cb0c0626dab8cbe43038de

SHA256
d9d7f726b2ba22eff544a4b07459142210a6c2fc06e0302ccb38d688459fb1f6

SHA512
85e18800395729849b9fe88166fae5e0af4b795b5678151c876fc486bdfe62ace9bde38f0d9e56c6285841841132e696f988f4c33d10133d13a8e1941a2cd556

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
88f89c4cd6e514770f3da65ed542e827

SHA1
038c7c91dd5963e803d656a78d6109bd1c8f998f

SHA256
4a5e09ba51919f36c546437166af1b22d2149d48b2dd56c195efc1a5d45f3277

SHA512
34e359f9c895e53eae34c4d2abc1e5286fbe922015364f5dda4022ed9b67480aa0bc1b822041bd968183bd122eae11881927e928c421d87cb3f29fd8383f796e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
e46cd641e9d553dbbb9907d55dfffb11

SHA1
dbded3a5d03f3e5edb9e72f9d5ce6368b9405eb1

SHA256
3ef191c3cb00b23b86ddb9d6160147978e8083dc66b1880877185b4d106b3b58

SHA512
1fa54b11dfce216d90d5b486cf3832884aa1455fad7725631f37e1179ac27668e79d710739e116ed447b20a833ab92c5cd7df4cb617335e54befbf8c06013d8e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
08ca933e7dda0fe0e210bb33445f1f0e

SHA1
d9c178bc5612b37850cb8ad8784a950a2f781d43

SHA256
86229135b3a38f2ea3798f09c49a0001239f7c894ed88e0681ec759455ae4430

SHA512
fae79cd68052f965f36e65791802235d263ee538ea8dc8befa56c3f5ea63996b533428bef8d45eaa7fc5fab3eb4f15f74e681937ae372bc2995b38bba29f5e99

Download Submit
/data/data/com.systemservice/files/PersistedInstallation492522039380645438tmp

Filesize
90B

MD5
e7cc6a9d7efecc4a3b094c2c3b4e1c7d

SHA1
a6b3fdbed93622a2255d4fbe177c80de197db3a4

SHA256
c7a35a27755d6329311e7885bb1c468786093231bd64a2ab6e49fbedfea16103

SHA512
5afaef85b1845601449ead8983f8f99d03d5dd9181a8808887b111fc3c0be21e3ee82727f20e20b79c089714b6265368992965809668f4f7bc08181a413d8e0c

Download Submit
/data/data/com.systemservice/files/PersistedInstallation8672707239254658207tmp

Filesize
556B

MD5
e5949de3e4b180ea5c0ec6342e3e84b4

SHA1
848fdf620bc16a1983886c13b9cc3f8cbc83b8a1

SHA256
5e9615983ce3db81a96bcfed89fc6f82b44e1f9c98e2c746b5cdce5a347be806

SHA512
e17b1278c8f025b60fbd6ff97b6e423fae594e94a77cdea656a39b663ee494764d68b2261d8a4d08c1d1a403fdfa0cea5925bcbfbbbbe76135685371be534c6e

Download Submit
/data/data/com.systemservice/log/log4j.txt

Filesize
6KB

MD5
e1f98965e2083f173234e4d115fc8073

SHA1
7411322abfc7f32b231f30fec9051a6a68d26879

SHA256
5fb61d81206b4fee303819c0b27c599380d82c98e3184370b3a97bcf86db4ba1

SHA512
9ed58b38a005541c34b678a78a2f39bc42322822ec647ee0231a143822b4c24b9ffdd1be50ab4e1961db17065950f783dafa72667a667863493a62801b337784

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads