truthspy | 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c

Analysis

max time kernel
16s
max time network
132s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
13-01-2025 02:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c.apk
Size

3.6MB
MD5

0366ae0abf0ada8aed90322bfe07dfd5
SHA1

2f0779ce64f02944e87674745cb446c5bc620607
SHA256

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c
SHA512

52f50f2f847628b1fb498784660050a6f189d8c7cc520c0d3a06ca28cc35ee4961d0a3daca71a540e263ab930ab629b884c3ff187d4abcd8f58549fdf87f9677
SSDEEP

98304:mD/SWbGiowrvH6Odp/9hBbW+te6lXhAyHtu:mWWbGjuvl9jS+oSc

Score

10^/10

truthspy banker collection credential_access discovery evasion infostealer spyware trojan

Malware Config

Extracted

Family

truthspy

http://protocol-a100.phoneparental.com/protocols

Signatures

Truthspy
Truthspy is an Android stalkerware.
trojan infostealer spyware truthspy
Truthspy family
truthspy

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.systemservice

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.systemservice

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.systemservice

com.systemservice
1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Queries information about active data network
PID:4475

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Connections Discovery

T1421

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.systemservice/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
02f4a361c350ff9f9fffeac833263e53

SHA1
18d232af8fc9ee5becddec3d831a2be930df8fd1

SHA256
37c20bacad1dab33621bb2573d375e1f0cdeaa84efce5d82c03b507930e7dc50

SHA512
feaecc7065df97770bee32bbbc03759fb1261a185da8c35bdb2abbc2ce5ebc8ac10a364ad1f14f8eaf6f7bc261aeea82c6ba67cb7521c5f5c60672cb44799f90

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
f65f687f3c5c92cd99319b45c72c5268

SHA1
f145b96d63654aa0e6309d98bfed29fdbf22e375

SHA256
07bc1ab8bedef6b7feeae673d5741d6b2dcf8ca7b4989d78be09f981ee606ab4

SHA512
7bc159c490535dc1b1cfa6a27fa3d950fe62d6a8006ad5d64311d70e3dd90e93a4fb52b845a996e53bcb9a06dbef395a4a5e296916d937604e317e6f391fdfde

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
dcb6038b023b52d922fb1fc61c17b72d

SHA1
7ae5a4027ce00964b8b4bea3235018547caab2c2

SHA256
7798cc2163d568e1bd6806019223c05590fd75ca9836bc58952117807e3b2933

SHA512
5ba341d6542f531a8a9e63b026e5bd2d4f80088bfebb4bc256dd1ee3adf881adde93047d6ce1e01c28048a408d96600ea2a6cedec6456a834eb426fc26924ac1

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
74cb6ab1a1cd82bc39332b072d15c499

SHA1
90a1f60aac5e8cefcfa1948113e9e9fb9dfd979b

SHA256
0a41047910aa1a48bacb3de064ae974b7250c1484247d5c9ae6ac1cc0445b03a

SHA512
6008d45934cd48ab320c4fdeb0d95435ed6a77a8dcec2d75348752cc7e8871d720bc43280c3a6cc7c7bf6c58bde500039799f1b0415d03467dc6d87621b4b822

Download Submit
/data/data/com.systemservice/databases/core.db

Filesize
36KB

MD5
045489a0639eee27bca52f48828cd93d

SHA1
436e7966e7c019273c44faa4d8c5709b816dfda3

SHA256
0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

SHA512
c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d9cf75fdd1c2292d986f6c3d5d60f2c8

SHA1
07ecb1d3a26d952ae5fecf54f36699ab498510b1

SHA256
2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a

SHA512
442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
3403248b4e59c2fa31dfe66b697cd342

SHA1
4628849c74b1b52c9b164e77a770c071c3ce09fc

SHA256
0e2f9a1f25ebb9c117c203b9f44620b99fcfb2fb2a5f4bb265f8525f1a012a45

SHA512
0b2af39a01150100ef14ac399817ef13c8650b22b401178f47c3ff38aa2450d36b18cbec36bd08bc7de60ef461adec55dc65f83330ba1e82ee0d093cbd6b0b8d

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d908e68aa7b35f8695a7e219e7ca175a

SHA1
b22af6ca102c8aa50e3d0d52527f3d39ff432fde

SHA256
7e496e97ebc2bb1935f5fc46a7cc0551cc64cb992d0888aa58ca552465e2d6ce

SHA512
5b90fab2f359bdbd6085ffbeeac6002a329fd066cd2e5d19209dc5938a19dd2feff52ad53292d460eb522c0d7304d9648c43d428cb5eb9cb0492f13385c3bdab

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
aaf5d2ec257c87d5a6fd60102509199f

SHA1
a241880a982c90cd7ee1a120fe8f44cbcda69508

SHA256
cbe7f0cfce0688eff94ca98023a632e4a67bd2ee52880353fd43506cb8938aaa

SHA512
e5dddea3d1c9970d38e9593d6ab2a2b87d70b805c208a6925baa41b0bf043fa8c6c6cff1937ee91fa08ec18238602299248895e647385cf0ad2a763489bfbbc6

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7accfd6f3843221e536e5a55a68441ce

SHA1
1f00d040d286ec911401aed0d2b51de27420ca5f

SHA256
146321daee4aa2f5d4c9b77c85f978cd471bf1107cf3f9d54f37a77cb07a1c65

SHA512
241712de7a6351c5a1f578bb838a97b24ba8b76c08b127729be530fdf1231e41092da35680674e8bb030d53a8b9f6d7591e5c53170c2cd2556558f8329a21d0f

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
2238195eab25764b61f2d26ef6a720af

SHA1
d366efd0cc079f0f87d23c630ec8d99f90541731

SHA256
599d63ed390f7e8e81d82b379c9a733ffbf454bfa5843bd0c909737c8d40dfef

SHA512
478111185428119bc92f0ffa3b6d88a7c644108c4b1d9b14a53bea1d74278bc78e67752e41d464dd81e3d600de8b7a723d0c7fa0ce920250ffd26977f9fa3470

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
6b9e461754c6cd3816ab53774acd5933

SHA1
ad076569bd78aa132b415cd532000794ad896149

SHA256
86f5c37ca1f2940c85072b445ef206d86c4efac7e605edf2f96b5014cf5a19e9

SHA512
cd2326b0e254b781437719fbad0ebf6b3a9eed7e462b6597bb1baa45301e10cc8b9d6d5a59576aff19a038dbace4be31847dbb2dde0a7c6aeb1cc20466f90dc2

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
10ed5732dc9aaa5a3af9e1fd787f41f6

SHA1
bb29c71e175c46af92018d6f0db27a649a94f3ab

SHA256
848a1af98abab27f1e96f65bf3eaacee49b422f35f4245855cbc1e3646d19975

SHA512
6b649e82a96bc4eebd01f4d038877fb38c5fc6439f496a6b34338d78ee7963ad04b29721a0e62179b1d6f62b2e7c6076953463e42bafdfa23cae15c6cf1122ea

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
b40f8b28639d28053a4d33557678343c

SHA1
e56b32e29df60b2f9fa2239db6dab88f30443954

SHA256
69afc7dc7963c0a42e7efb382f286901f5a6a1f7c598e41304d43a1e3a2ddc4f

SHA512
61761c738e3c526a2eb8b073725a1eeb43109566f33f07feb99f78fdba52b9c1ec777a33e0e7a5fc40d8b5cde2fd36028d815b3897ac36f00a1920597a15972f

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
df26e6fd1a3225271f0ea722655b8c6c

SHA1
07f3ff62a3b9c7b4d479780567ad59408fe6e388

SHA256
45a3d330bcb3f8ff226f814af491a039e1ac270d3c871fcb10c6336ba452aa8a

SHA512
7045c792975ca94bb0b6d2df9309d52be161ecb57d2809d2c1056a21a4bd5036520d6f2f03d234fbe84b3be83abdb4f391a5a2bb34e424be4498692fb2686c3d

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
58512a2ae2a50c9ac6850bbb608bae74

SHA1
dfc24c6bd485d4e5d7ff384e24b9f611a5ed2219

SHA256
12131822615b45b1b9199f9bbe773ebde0a1759ecc484289f91681d68b88a479

SHA512
4e7a80374b75fef7792300b737f527b059ea6d758cb443cde4b6612a194c95cbbc79e1f491fdb1cadad9dc2a8ac3653733d629c996ac4ca2e00d619961947039

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
6be06e74ad49f99f732a1fdfa54ba71f

SHA1
a0f641ff4a59895f96fbe522f4c7af21015e8edc

SHA256
308682bcba3416160d31c4590ef550ffe600c76579e111ab9713bf3b72f5647f

SHA512
4d9451543a171a88f941f2233a642bbeee3b3df5af88c2b3dcfd5cb4d5def3cb7df221e35398ed663456a46ace640bd40ed3df28797df8c8f5137cb1dc755852

Download Submit
/data/data/com.systemservice/files/PersistedInstallation4757412467037007731tmp

Filesize
557B

MD5
7530075f3a71ce11fcf93c27abdf2006

SHA1
73488ed5628d6be5531b5da2f6716ed3a1c900d3

SHA256
209c72bc0254227175c8fbe9ae7ae6ff85fb3e097828d47d868e4ce05c5f7d5a

SHA512
e1c4569e964a39dc8e710b78a0c8daa12a4b2f0c179ab553c75c591af170fa0d206e7c9198c3a6a740cc7c74ce26266950d7848b91bb808bcf7b15122f7385ab

Download Submit
/data/data/com.systemservice/files/PersistedInstallation5429645129599136146tmp

Filesize
90B

MD5
35de30ebac235ed8d904959f7c974c32

SHA1
4dafa9a25fd41419de8c773a136e5238e0d9362a

SHA256
26367b0ebadd262569ee0e2b39571f0e427008955dab37b3899013795d389c4e

SHA512
839c9db79c6d1704a02652c0b1cdbc270a5dda13cff6fbb013222a3e55baf939017c358d1da5aa54ff578527879a258fa4e9cfddc20ff9cdd9d7042ba59030a7

Download Submit
/data/data/com.systemservice/log/log4j.txt

Filesize
6KB

MD5
9bcd4425d8de16d707d8ffd3ce63cc96

SHA1
30693a9f037812d3a348e821f67f47a80f468640

SHA256
7694479437dc7b6a85ec26dfbb7ff3e838e3b634f28902db441919d5bf20510b

SHA512
06bfebcaa4a9601d50a6004a6960f315f396d5b1da3cbd17601ae27c38782df118104dcdf1c58b073cc1a55fb8bc948225028f20f35319456e75901bc81b0fbe

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads