truthspy | 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c

Analysis

max time kernel
16s
max time network
132s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
05-01-2025 02:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c.apk
Size

3.6MB
MD5

0366ae0abf0ada8aed90322bfe07dfd5
SHA1

2f0779ce64f02944e87674745cb446c5bc620607
SHA256

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c
SHA512

52f50f2f847628b1fb498784660050a6f189d8c7cc520c0d3a06ca28cc35ee4961d0a3daca71a540e263ab930ab629b884c3ff187d4abcd8f58549fdf87f9677
SSDEEP

98304:mD/SWbGiowrvH6Odp/9hBbW+te6lXhAyHtu:mWWbGjuvl9jS+oSc

Score

10^/10

truthspy banker collection credential_access discovery evasion infostealer spyware trojan

Malware Config

Extracted

Family

truthspy

http://protocol-a100.phoneparental.com/protocols

Signatures

Truthspy
Truthspy is an Android stalkerware.
trojan infostealer spyware truthspy
Truthspy family
truthspy

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.systemservice

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.systemservice

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.systemservice

com.systemservice
1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Queries information about active data network
PID:4474

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Connections Discovery

T1421

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.systemservice/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
ce4427cd552e4bda097307b10d780881

SHA1
10f6ab1c7d03ef696c656bc7d23a54c1baa7aef2

SHA256
5ddc1a2c8a7542bd27d4a61bb6f71d6497592224e2a3391a1f5d2a11d7ae80e5

SHA512
0c2bca7dd59e73530bf6688c8a77a1dc90346b6f0635a142c78dd47ca4b1e2fde2be036a8acbb65a373e2aafc13160e8f8a9d15ee82c7aeeda01314cd410295c

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
03f5654136e45cb72d3845514877c01f

SHA1
9e773972066733e6986434814b84ad3425ec3e96

SHA256
66a8a29ec4e16699cd9b1234395310d9ff0e8c141ed6c4443fe026f537be8e6d

SHA512
1697126b4f0c2db79ee8d60fca04c4f3257398d439077c667a8fbfe34ee0b81a1c2edfde1d52c8946d70a9af8dd87aefaa34d3fc93cd60d27f609f20725eb775

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
394648f2012d04b874433ade08451974

SHA1
eb0f72c84d0321a788967c2d51494a4cf389ef20

SHA256
4a28847d096a36537431a56b035c388fcc0409d19f11e7a85561c90f181fda23

SHA512
d3da14949e2d480ff119a74f787090953eb96343821ba826f8f1671660e6c1f3db07bd7c0e1ea7befdf2e9ffc9d13080d71031209e5b85db0ab81dc9344cf73f

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
76d3f49cc0758aa4c62b536c7c0762a0

SHA1
03b9ee95f52231dfe83dd5167efb18be1b8a35a9

SHA256
336b342b42d04f70bc270ba43b1a6ebe4e562aa765f54bc49b1245cd10083989

SHA512
f3d463f060034636e9e2e6fcb25de10898c64311bac2f3f161f5ecafe118c97fbc29498747abde8a200eb9146d94bafaf63ad13b33e52165274a4505f85d5061

Download Submit
/data/data/com.systemservice/databases/core.db

Filesize
36KB

MD5
045489a0639eee27bca52f48828cd93d

SHA1
436e7966e7c019273c44faa4d8c5709b816dfda3

SHA256
0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

SHA512
c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d9cf75fdd1c2292d986f6c3d5d60f2c8

SHA1
07ecb1d3a26d952ae5fecf54f36699ab498510b1

SHA256
2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a

SHA512
442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
aa92769ab3f46df40d9deaf820f5622a

SHA1
1aea6737d671db555ac167144f874f32eb6ed21a

SHA256
9bf98432aaa0bf46ca291f06a90c3dc2893ce855d9a5bec02bf82f38fdb8003d

SHA512
79ca8a13084345ffcb9a57646b277d96da9258fe53e2ec8bca9475fffb6677de27b30137e4daffd82eef57fbe3c1aa8a64efb5f867f167fa5a990774fdc3f712

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7e4707feaa530e4437f7ad35e7309fc2

SHA1
3197669fdece881046bcb955da5c976b03174d05

SHA256
8dbf93ee80cb0590a12cf51ff668b77cb3ffb059541a1318478fe22d805219d9

SHA512
086b32a63753f6c108d30d28104e49dade1cbe8a41b8ad415f3c827b6d05f7e87b9b9053cb60ddba9f03cd52b6e80585b4874e06ee86aa03c515fdd590439074

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
654d7dd1bd36fc91181d3a4e3cffed0d

SHA1
e5b8d77901b565035901aaff64cae8ba93ae5dc0

SHA256
7bdf3286bbceacb8d4146d6aa6db870a7aeecfd2f67e578b5bf22218e6857201

SHA512
0cacd02dc1270d3401390010d471bb013495bc70afa68fb5ec58dc5cb13eac01c545df64245ea9b8586aff04862479521dbddb4879f75a6db1f93628fef3e897

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
8d418276802aaa3a3b50ab5509576f7c

SHA1
7b85cf102ec6f15f29059760eefc6a66c571c132

SHA256
1da98518efd4bfccaae21313e7b56d0c0a1a8abaa356039f74aff5a216dd34ee

SHA512
2b98e716c351316bf4cfe55bdf97677d3113426882d4afb4c6952d48bbe6edec5af7c9aa6a7a64d046272d008009d1d3f43f649d6b78cb6dd1c9b509ab0f6621

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
2238195eab25764b61f2d26ef6a720af

SHA1
d366efd0cc079f0f87d23c630ec8d99f90541731

SHA256
599d63ed390f7e8e81d82b379c9a733ffbf454bfa5843bd0c909737c8d40dfef

SHA512
478111185428119bc92f0ffa3b6d88a7c644108c4b1d9b14a53bea1d74278bc78e67752e41d464dd81e3d600de8b7a723d0c7fa0ce920250ffd26977f9fa3470

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
ef9f0ec54b4dcc0d91cb7489764ea964

SHA1
56c88f39a8d4e6bf8832f626eb1040fbba6f4861

SHA256
10b55ee1b0cbd5e0fc326504f7b2f2d910bb2b3a3f4b4f1012f436577e128680

SHA512
cd7c413c46bd947f20ad9e4ea18c4e2b0b15e7aec042d2ea59c5b515d21f17ce45f713a3dd5715565f255ea49646c251e1a278b9c56eced4af36226f63fb7a18

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
63e5b27bb01cb3bbbba31d3d6afebe3f

SHA1
af9c3ab005cd5e5b9fabca67091337cdada585a7

SHA256
8fe71a1ddc6fc7a26582fb425f9742e969de6fdd4060f019d194f5c223068827

SHA512
9f1d0ebcfd8a9fe7761ff54db9d9615d33060dec9dd113886a1f20e0240460b77d4800e15e3205a5e14724dcf43079583a90a1631a1be49b965a9404b62e54bb

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
98f55a0c3f505d7b4cffd9a1973af9ea

SHA1
bdaeef0f98775929ae8188909c0a6d9bf106c933

SHA256
c2a4822f8bc96d952506cac06cfa5e0f752aeec23ebddf582898be1cf0c4bd97

SHA512
98fc6995e6c2e5f28ef6dca55bbcb2142609af7641c34e0b3e4bb91013439b278e87752bae3259e4eeb66321674b42978b96519d0ef5669f175b5b8282004f00

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
1f3530aba84f4a4c5bba056608e2a4fa

SHA1
5c29f1ec739bf3c9df439d60bcad67c768082238

SHA256
7ab730afa17efc60e09c052e4dc9c198e02f0498f231fd77f377c02eeda94800

SHA512
4598fec2dfe0eb9ea608ad0390bb27d586482a249075a49581438d0e47085057689ec1d2ec2e48009353207bbd95e0627edf2f63e5f7b3aa36cb6960ab81f106

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
f732a39f1a828328aac3a4efd56b7d13

SHA1
4793d62a43fdef7226ce9ba07b63eb2544d605c2

SHA256
cad99c122756b4fdc14a3cc886572668e7ed552bf76bb378e5f1741079b4b927

SHA512
936cc09576bd8606b5981a02bd520ccb1320e5ade8b8a42118a9bbffe2ff48cc7fdcf60ac94a6d5c2bea34736fb160d6509176e46ab03fccbb61cdc00531aa7b

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
4264de1d609531e050116820a55c8c4e

SHA1
09c1e2c047c7cea4c36c666b3fdb64e3e2ba6434

SHA256
254491234d8e50739e2ee67e46939a6cf955bd38b41aade976709b6382f08101

SHA512
30fb08432e54e4033573364c32a8253657f2d2670486920a3f5034e8ce286e083baea62768b0343f1c0c7ac7687d28609c5cc4da73eab7bcab6fc0c643381602

Download Submit
/data/data/com.systemservice/files/PersistedInstallation1279266419795920597tmp

Filesize
90B

MD5
65a8c95c0ead93958f660549b4cdeffe

SHA1
41f3bb8256c73ebd55f4de114de28052876f05ec

SHA256
5ad2b95b2b9a1467e37d539a64a5c5b370a3efefc2dfa7981105e6da5bb1a55b

SHA512
e1ea4e17b5bbb8ed74d59ea6231b243eff71007ae8eebc8013da01d34ebbe54f5f9e317799e028a24621ffbfe35161e867f83c0c48c2b01c7d3849f85ed0fd26

Download Submit
/data/data/com.systemservice/files/PersistedInstallation7963027413432171626tmp

Filesize
554B

MD5
e776a94132b66f82c6cfacd2e53f6e6a

SHA1
4e5f11ea864b53f8f07bcfc1669757c5073f590e

SHA256
49fae21e5ea11b0f2fdd2958513ceec040330a40a6dab249e39e35480ab72bb1

SHA512
f6f376e798050e6be58222f6640197de3e38473c671505fb19a613dae43fe0dc1ee8e58ad5f4fa0f2794922c2e6eaca3cdff2c5f390f6129b1374fdb3c58fa5f

Download Submit
/data/data/com.systemservice/log/log4j.txt

Filesize
6KB

MD5
ea2f363c7c4a5196aa651cb1276a8bab

SHA1
4865f84899c7067629ab0bbfa67b237e7120951c

SHA256
6d8c2e30f6c7283d68cc45181e928397f61152e17d0218a26ead55cfd8c2a2fd

SHA512
e918b8f53386ec6324e17f21e03604bc5183f3c40129a09fcd7cafd0feb0a2765735a27a11043e1722089ab4c831aa471ab8d6451d4e761a61c17c099e70ecc3

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads