truthspy | 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c

Analysis

max time kernel
17s
max time network
155s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
03-01-2025 02:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c.apk
Size

3.6MB
MD5

0366ae0abf0ada8aed90322bfe07dfd5
SHA1

2f0779ce64f02944e87674745cb446c5bc620607
SHA256

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c
SHA512

52f50f2f847628b1fb498784660050a6f189d8c7cc520c0d3a06ca28cc35ee4961d0a3daca71a540e263ab930ab629b884c3ff187d4abcd8f58549fdf87f9677
SSDEEP

98304:mD/SWbGiowrvH6Odp/9hBbW+te6lXhAyHtu:mWWbGjuvl9jS+oSc

Score

10^/10

truthspy banker collection credential_access discovery evasion infostealer persistence spyware trojan

Malware Config

Extracted

Family

truthspy

http://protocol-a100.phoneparental.com/protocols

Signatures

Truthspy
Truthspy is an Android stalkerware.
trojan infostealer spyware truthspy
Truthspy family
truthspy

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.systemservice

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.systemservice

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.systemservice

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.systemservice

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.systemservice

com.systemservice
1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4999

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Connections Discovery

T1421

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.systemservice/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
e6acfeccb55187236774906d9bbb1777

SHA1
619a38819c3e813ed2cb30017256ed5ccf4f6061

SHA256
95983c40079fb7ae812d15648496965390c517a1ec8d34195033c91f31912e49

SHA512
5f45afb6eb652b559354c51cc5ffffcae314692ea828dd50bd7e6a9f00dd1ecf368b2c33bb7c385a89ceb5fa7b003740875ffce7aced459a1bf58e07a6339d3b

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
62453d79e4317607ecb19b46ce44594e

SHA1
1a1329cc6484b81421fa2f277666e03707251c76

SHA256
76e8a1b7c5635b464e0bb1aa46bdc57e8c4090e8bcfc067a8985e7540b3df6e0

SHA512
6323f433bded6a676effcec3a25306ed383225fc7d3cb344eae3c208bf25096fa042b0d597923dbaa3651c3a591af5142b777f738c5bd3626ffca1e9b89145f3

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
620faf65ac71ce449d02f5714237c438

SHA1
b2e31ef8cb32be2d21ca595344e6600bcd3c4699

SHA256
1a5dc87ea5fea1b47741152923c52fd13a48c480e500ffc173337d9edef8d113

SHA512
2c5d66a74d41e4a82b635c2cc7d865a61ab4f14714250ae1d7860145c7386c0af966fe1e6117db13c9330f28969019340f6aab9fe1dcc3f75c2f78173b37ab46

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
3d60c1ba388a3d2a850af59c35a9fb12

SHA1
3e79243e6e16a41ab123e62649ee926e26910b9d

SHA256
364114f1e784f39abfe33cafd95d7c9ee1dc47539ccc5421662016712d4867f7

SHA512
4ef785de9248a8f2184d6e2355a3decbff8f1366b6a177dc88deb05322f1d6d21d3662a3b2dcebf663a647444f23c4b261ef86d1d6ff0d15a07309e6a98b7975

Download Submit
/data/data/com.systemservice/databases/core.db

Filesize
36KB

MD5
045489a0639eee27bca52f48828cd93d

SHA1
436e7966e7c019273c44faa4d8c5709b816dfda3

SHA256
0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

SHA512
c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
eb52a90bb70b76e946b62f50b6f7fb85

SHA1
42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0

SHA256
48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4

SHA512
b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
4276ef7eac302a6ff502325810386dcc

SHA1
eaa176c7fb041dfc06d1854e993cb84fa9068281

SHA256
0e270b438ad719e25ad11679314f2adba9fedf88e18ba942d4350e2fad2b5c0b

SHA512
6ced39ab2e1b546c97584ada31ef14af5453d0c24e0bc71d10e5b235af2913f1dc605bcbf646ef607c6aa0c2267e1d4a64d9071fb992b9326024d8dea88508ff

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
04035a9770373c7001b20ac8add53738

SHA1
8c3a3f3afb5a565deca953f451d93323a6519020

SHA256
8641e08c74ccf7ae89ec7a0b7911e835b8c5ea41ea8a564ed53220a57e8c4237

SHA512
35fb391086f630289da2f582bff0e3429f197b7200fdce67018947553b23a496c7783f93fe095febb843915d93611bfa42d2df91fb8950234530f6c2cc54b385

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
2dffdea1c1752793852da61e93f5dfa9

SHA1
97e675557662bb35332e6850a3db44a26ac1bcf2

SHA256
c7a9d4506dafcb53b799c4e8fbf1761b666bb5d931a118f2e0a9c4e20d140883

SHA512
33014b02163acf54635da6d6c943515dc962b40beac4006eb45de5214811ff4d8a782d186b382afcb56f5465d2ccceadbc5c17139a9c8e8a5716946b0af8bbb3

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
2acd611327538c37272dc664dceec2cc

SHA1
61eab3f92674dd40e2cd0dd6e7cca1cad90d3f81

SHA256
ff45c569898ac10fa79ea84b63743b1ac772ea87e7d7cf6961b5f06f349b38a0

SHA512
d9f9dd7a4a89b11e58768b318c4145bffc99c38d7d41a6fe1ceeb3f4cf4053ed5e1ef811e886e042ff040d001e29947d5bf3e8a096d4f431cf4924b9ed1f7ede

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
f871ff700510a56a54fdd56bc41b7541

SHA1
481548c8bc3254a00f497140278597b915460c48

SHA256
ab18f3bb605f3cbedaffc75b2d5a03fe21ab82179d268331ea907bdcd32c23fa

SHA512
12e3d348199566e137f02b63e4c8b4c722aa086128c0f1cea883d512075b8573d40d889d2b4452d9e3d9c02f523716da9775d93750c242a1a2d9e62f50f60fc5

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
b5c300f92f6ec5dd8a8e8eb3cd444a80

SHA1
fb68f5989c20520ba6369820e9d901a8347b4478

SHA256
503bc63ceb886121217c621192bd6ec808df53700896c7027956852bafda478c

SHA512
9ae44fcca4539af3cfd56e810d75328fb9db972268d0c5611417639d137398ee3dcfbdd451fe8cc65e8946d852908aebce36985b1787bd3f8e8072eb278ec38e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
a508f7ed6459aeab3ffa0d0a5e409194

SHA1
e8df2067d352315b6e34d3eaaf5ca848d91b2ff4

SHA256
557ebf49c4d872875884ee3865b34b4150e9ced79d2ff5476ec4b427c00e644f

SHA512
eb13caf8fc85e0809bd04c8139dd601e5a0f347fda5036cfb3826ca262c7ef0743ff696523b33ee3d3740aa7c64fa369d0bad3e1866e3f47df1cee0b117a6118

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
a193ec761dbf8742511b722a4c7f8954

SHA1
4fffffe018ac24984e54a3ca43325f7ad79d8c2e

SHA256
d3691220180fdea0f8f20039cb67fcceef3a7829c6cc377e2a4e176694aafcf6

SHA512
b4c43cee37e7883e623aebc0750679d9932951a71e20ff36b35f8902c7e375ea8a82f9fdb611a3969fa1b02224dd59b083c0ec1b73e071e480b2bc3e8c77e168

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
a752b7773158ecb78edb72d5197f43be

SHA1
5f082e664021f4765919bf8007e01a0c66217c8b

SHA256
35d83090a568c045c7b94c17ac8b2b6e78c6e9111a36300865fb6a7656e54089

SHA512
5132ee94096b088649c115b54fe8864836c5b1998c25730fd30a29aa1f7f608713f76ff9cdcead30303bb0b49bbc09e1662719b4be556d977441e7a3ae752b1f

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
dc2921f69093b43622bc5be555d9ae8c

SHA1
78ea777a799aa378c418c2c77181874775aea512

SHA256
65ad7a6c93abe3a70ede28a9a31b2c371f398aad25dc061a2cb95010f6a31ae7

SHA512
66bfa77921230ee9cb7989f6311d367761f97f32cd2871ee70236821c76e17ce59269c43ebfe194fa4e9008305e20d898e526838c8406c9b6d51121fdeaf648d

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
f8762e232c27ac61533ab256c9a834fb

SHA1
80899f351a3eb28cfbace588fbecc2a2b52098f4

SHA256
9bb2627f0840890ca382fdddb3ff38abc0ac25938faf97c8776c8bf2f2274366

SHA512
48ff30f1b40e0d8cc597692fe2a6e2649539b47e115414266bf2618db963177d74c6030fdf0e57cf17080e260c5076fab3becf61d7ac4d962bee942a56ac97c4

Download Submit
/data/data/com.systemservice/files/PersistedInstallation2299180345454185054tmp

Filesize
553B

MD5
a41e5bf0e7c893437c0fbb737f80e610

SHA1
274a0eb5b94f6cdf21d38193a4892e899ff6fc2e

SHA256
4b86d40866a45c337e1441edb9196ef79e1b6d6d25058c06fb0d95e73ed7c3e1

SHA512
b14e595ae6570cbe078beb480d879a8fd5d062029ca5477cffbf60503d32f898f5280fef3fef1f8ca7f992c81cb3ea81f6b0c02655dc808ac314e0366bcf0789

Download Submit
/data/data/com.systemservice/files/PersistedInstallation2731408321037887895tmp

Filesize
90B

MD5
4705a06931ae87ff7548ee0dd1d4dc40

SHA1
8d6bab2155d3c58dcef1512baed6c70f295a4b78

SHA256
ca56fe981eb3ea07f9fed72517077ffb47b40058153fbe09267149a5ae643838

SHA512
d8360ef9eb93dd2317c848fd1c0ecad02ae9cc9a5a0794d79b0c165b708b029c212792acff377afad3ed541e78b1204abbf3fd06c16bb7605deaa0c2792759ca

Download Submit
/data/data/com.systemservice/log/log4j.txt

Filesize
6KB

MD5
3c6137faaf7a455f2ec48ace10dfe70a

SHA1
adbed01b3b21d7ecfd23a9b35d2bd59b56647921

SHA256
c9fb525fbd4b5c1ce0985a2e9d07fb9ff35be50fa52fc29abb0b646ab50c3c91

SHA512
b3a9ef725ec949559f3d270af61e39c1c8246c85b8f6b861389d13629794b856b0ab30d52158a88391964f1ac9d7690e7ba699b218fc1dd4cf5e1e6a0f7a48a6

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads