truthspy | 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c

Analysis

max time kernel
17s
max time network
132s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
11-01-2025 02:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c.apk
Size

3.6MB
MD5

0366ae0abf0ada8aed90322bfe07dfd5
SHA1

2f0779ce64f02944e87674745cb446c5bc620607
SHA256

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c
SHA512

52f50f2f847628b1fb498784660050a6f189d8c7cc520c0d3a06ca28cc35ee4961d0a3daca71a540e263ab930ab629b884c3ff187d4abcd8f58549fdf87f9677
SSDEEP

98304:mD/SWbGiowrvH6Odp/9hBbW+te6lXhAyHtu:mWWbGjuvl9jS+oSc

Score

10^/10

truthspy banker collection credential_access discovery evasion infostealer spyware trojan

Malware Config

Extracted

Family

truthspy

http://protocol-a100.phoneparental.com/protocols

Signatures

Truthspy
Truthspy is an Android stalkerware.
trojan infostealer spyware truthspy
Truthspy family
truthspy

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.systemservice

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.systemservice

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.systemservice

com.systemservice
1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Queries information about active data network
PID:4493

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Connections Discovery

T1421

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.systemservice/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
ef757ef145efdbc22a1916c46e428a57

SHA1
4d992e68d9ec67bf5ef3b114a0890481ddae464b

SHA256
6d4505f376d5fa60e9ce1900a9b7386465bf9053e813ebd119ccea58fc3ba664

SHA512
c6fe2a058f63535314709e4956bee0491dee047e4691ae1048135d5878ea0651735b6adcc240faaefadae0bd8a6e6eeba454ef9659baad7720908dedde537121

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
59c3005c374e78cf9ffbed30a2cdae38

SHA1
d1e9fc83df037ec286706ce6b8bae941a14107eb

SHA256
1fc211cc60df5e1bedab99926b7b5a5d073aac5e57c1e501873ccfb5397c477b

SHA512
a4bfbf6ffd38ff9d2259f9c2150c32396bd5bf40d939adea14c84fa211152e250d46e369b096a861d3f0e600197638bc83ed0424a7e92e8642c5ca8235778358

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
94264748f581d12517f11165d625da8b

SHA1
acfe58a10923745af36872cac3e9f14b317f08b4

SHA256
d62e1cd34c5648ad300939a6a481503696009b270b2f2d246f41867b028c7860

SHA512
6056b0498767725e06e3a6b4a56c52e7e09fb0c9bedda16c493ab8ef040947d497ca661b0cc18b0289528a025d4844af6c5dea2c85ec9e6a3a5a6d896161c271

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
d64c17c32e0ccc67fef9342c6ff1d12d

SHA1
153cda21b410ea87de2677ca371620d374761e9c

SHA256
b46ad8a761edcca4302b067d090b7fe4cf16753a9422c823dd59aa0c7dbe511e

SHA512
ed7de7da2a8e9cfc11394b61441de6f427114625f58d5ead767fb5dff827082e430071b1d9100b7c8c5d2d4073e4224f9e18be5bef2c406ec16fa1252aeb9459

Download Submit
/data/data/com.systemservice/databases/core.db

Filesize
36KB

MD5
045489a0639eee27bca52f48828cd93d

SHA1
436e7966e7c019273c44faa4d8c5709b816dfda3

SHA256
0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

SHA512
c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d9cf75fdd1c2292d986f6c3d5d60f2c8

SHA1
07ecb1d3a26d952ae5fecf54f36699ab498510b1

SHA256
2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a

SHA512
442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
2ebddf29f67073cf819ceafb61fe7fee

SHA1
796ebc6e736bcc7ae0c4b35a6f75de9b4f6fa103

SHA256
b85c667a978f2d3eb69df21d0dfe99399eacaaf3c5c62392eed79875b220e74b

SHA512
0c979b6fe99926f2ab49596135beb82d367b9faafc5b6fd7d79529c9f4ea22c76148601ec95a82713adc8d57c96422b89f8fd19cd66756184eb68450a300e20d

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
1a2d264536fa823a415be509a095a73b

SHA1
4957f3e7f7402bfa90dc0cbd60ac213935dffff9

SHA256
ac7e0dc2cfb9eeb7b94dc06bf46ba8c176ecc5f5da7ee7356f7f6f733d78181c

SHA512
1f520aefb52242e7e0fba14c9f8a153d9cd90255f07460305812c5a925aa3a04d60664170b08359f8640bb1b78a0c56bae9d7edc20fe599421afdd2c2d6f272a

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
400e7ed24aec3657480af8c01246aaf8

SHA1
0c9cd70b9ecd895ba4949fb160215dfda109db93

SHA256
adf5af346978a32f4406ca477aacb981ae94d5aee89a8f797b08d7cfe707f3fb

SHA512
a83ecdfeeac45e0849c0419891f18edba511914344bed2a50c476d2ac93bb02eede252cc0606c7001f9b7b056c407995b7c1abb6792cd9be13ec8ade5f169273

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
116476a873f675057ea67e04410cec54

SHA1
50489f117a5b4e3db5c944c699ae84adfb3fcbb1

SHA256
7b5eabd6813f3216edc16daf8fd46607dd21ac69d383f76953756f1de7dc990b

SHA512
1aa3ebc16ceb30928cc5490f9494393dbb0e42114604c519f73779601362768c3eb3e1a6f9ce2a5ead0ee64cc92bfd76879003b23a75e1d01aeda5fa6c304416

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
2238195eab25764b61f2d26ef6a720af

SHA1
d366efd0cc079f0f87d23c630ec8d99f90541731

SHA256
599d63ed390f7e8e81d82b379c9a733ffbf454bfa5843bd0c909737c8d40dfef

SHA512
478111185428119bc92f0ffa3b6d88a7c644108c4b1d9b14a53bea1d74278bc78e67752e41d464dd81e3d600de8b7a723d0c7fa0ce920250ffd26977f9fa3470

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
85637b8eaa32afe21c4a9420e49b1594

SHA1
32e2adba5f8da4cbe9a1cedfb26502b2b5d528d6

SHA256
81348b8a0362cb9d96b997cd12eef3a45cb36f1fa4fa8673897002d136a1909d

SHA512
ecabcf8407c0415628c2904079518458722d0bdc7b34f8c6010a9f81f0c6eb2471f2b2a1fd7e92cab9a8bd58011147d0713ed35e5f960c1fdf87a4fc4ae7515b

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
3fde1c2734d1877a141cc94869e9332e

SHA1
7770d065e43731296c1a639ae1da7b50e30b45ff

SHA256
57a8697fd11e9afc71203b3760e7e5481cf8790142e6696c038383267b1cadf3

SHA512
314e10205f6e71d0ae295eda4e71337c3cc36ecbff2d4a0098bae9bb8b93ce5a9aa51757196cd062cd0ecfe6df0e075e7f0be0e73c512b9de378d70266c9926c

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
b73aebd4ac91d0eea4350f06854f3636

SHA1
e350d7117d46e50e6d3ae116b931072ea3fcd6d6

SHA256
3808eaf8cf1544a8079383473ed591e355ad194eae74c4dd64726acd858f9eaa

SHA512
ae375e4c642934062b4699068b37ae968c056a50d94ae349c3f6e887e707a969a458bbd7dc1a1248712b5c00fd00d83344a375b479dcafb9bd336f68c925b860

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
ddccc1db275384684258b1d7632bdad5

SHA1
cd73446fa4408e6378a0461e046f8f401eaa9799

SHA256
f8e30d0e08b87f0080eae14b79ec1bba901f6b59dad147718b7563a3cc4b7afb

SHA512
7ca8cfbce6b8682090d946e584af66c894028c3ac9b2fb54787892e84aa252e8181eeba078876c57257fcffed6f7a4ed519ab9fce66d5b09caf8c6862334e12e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
267e66770d8f93be4a72ed3ab1a8e35d

SHA1
bd29cae3da286453fc0199edd5723409de0d1afc

SHA256
7fdf35a4d1e17a329963596b61502a5cde00c9b1390ef28f170024df80e7c255

SHA512
11664d246580c69408ebe9a28a78204244fc886b78653c5e6831ae67ecd07dae286cf50ae73a99e94e3c08b278238492fa28f7548efc702c89a81b5ce6c813f4

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
a0bf6db910cf51d0215ea3200ec87215

SHA1
dfb35dda2d5917de6f64b4da7900e602285eb8ee

SHA256
963f65f31e029df54bad82bdd9ab3001609463faf39fd6aad1df39803db02d72

SHA512
c6036c271f62a394691c3c5143048b6d2538b0c61450dc0f95e5c0707f5d4ce6c5481bb19aea7fb262d7760e28aeb531a5183afb38e23f2d29d5e517746e108e

Download Submit
/data/data/com.systemservice/files/PersistedInstallation3488179729844730809tmp

Filesize
554B

MD5
f28a643ac5c1538d5a64495756bfa793

SHA1
4058db37040d97e7485a18382f69e89991594c1b

SHA256
16960dc0e3ef6d766f5e96dc70d767ac8d1657dd0ad0ff205053adbf864e0dd5

SHA512
8b3a8358355530f7b8bbcd7f345184d02be30c81f7d6a6fd6b2a3e646c80ca328c553f6864d5c91a2c8681a59335e25b204e8a0baea1bf1362bd33e31632a653

Download Submit
/data/data/com.systemservice/files/PersistedInstallation7737612553678955743tmp

Filesize
90B

MD5
1ba416911c08e5e0508ec5ec72e1eb39

SHA1
c2a0cbe9f48ad8c44677561bf846349de28a3e60

SHA256
bdb76dc3f9da2510b1df4e872cabcf1a319b58da36cba2a960e2e6f94ac5f88a

SHA512
8e47a6b936932f871765de221a002dbc69e2355d84a3f2f0e41e4ceae11e3740b24f807f75d85084e99debdbd452acca48af32d35d9e7dbfae00c4b566311630

Download Submit
/data/data/com.systemservice/log/log4j.txt

Filesize
6KB

MD5
5ad67e0eb337a4a364b03518ae2a9312

SHA1
6fef02182b6372d97fcb3a52e1186146f328ad56

SHA256
d85e9ca4030a72684f9ab8e502f40c6805b2248b3d35eb48c20efbcffdcdb7e5

SHA512
f3a7a9c22677fe5cc9989b75055c241ac201e1242a9abe6842fbb961ef108ecd38412b3e589c52ba9345c4cf58a52010b4ebb319cc75d78f62e3389f55779aff

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads