truthspy | 41752e7b3d8374ec74b94ebc258a0fefd3d41a44bb07a43d85546701afb50e36

Analysis

max time kernel
81s
max time network
130s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
14-01-2025 01:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Dilshod.apk
Size

2.8MB
MD5

84e73c6c1a69ac3f3dedd5119080f19d
SHA1

65fffa7ab8f7a3ff5154b6c69a3ee31186c9d012
SHA256

41752e7b3d8374ec74b94ebc258a0fefd3d41a44bb07a43d85546701afb50e36
SHA512

ed3678dab2f80bafcf4c80bd095829cf54088c72e6f32bac58031b0270e06d32e4729898fab250f194113bb3046c47f97965f8f728f292d33ba8e9acf6fe0e30
SSDEEP

49152:0V1yqxc7abNLn7WvcWgEhaj+10GbHr9wzWhcAqL4iR9YO791fWFwGOLV31+snp4N:m1yqxOabNLn7RkKw0GbazjL4ZOOFwGO2

Score

10^/10

truthspy banker discovery evasion infostealer persistence spyware trojan

Malware Config

Extracted

Family

truthspy

http://protocol-a748.thetruthspy.com/protocols

Signatures

Truthspy
Truthspy is an Android stalkerware.
trojan infostealer spyware truthspy
Truthspy family
truthspy

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	com.systemservice
/system/xbin/su	com.systemservice

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.systemservice

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.systemservice

Checks the presence of a debugger
evasion

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.systemservice

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.systemservice

com.systemservice
1⤵
- Checks if the Android device is rooted.
- Acquires the wake lock
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks memory information
PID:4238

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.systemservice/databases/core.db

Filesize
27KB

MD5
c7b5801f4970b944a556dda8d75097f6

SHA1
ab62d5c3d60940ac286f019fecd21f822af864f2

SHA256
cc9e08d0728cef73f1f391fc1486845d285b6a14d778ef14c0ac2401e6b3fde0

SHA512
6ac93f5393ce957d0be7de34145f433285f6ee37f6037f174f4532502da62218dddfc0e32883bf94830b4c79f63aa16cf10b3fa7b6eb4187b72f7703b6e0f0c1

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
41172d46ff8888be4cfc7da9dc7d75bd

SHA1
83758a810bc86c52f60c838acebb9bd0c541be19

SHA256
7c27b82cb8af372763b0699274222450a8311bcf96cd8e876b717d4ead2a4c9c

SHA512
6d2556fbd104bc18366276346a8fa3d36992b5a7e98b2dc43683912ab4322dfda0ddf76c43b20710f8b5a8018655e731e5a52b2e573fd62f0ba0767b868c3972

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
91d5a24cca5be0837ab61d2d37465c43

SHA1
2a90f3d6989df5045efaa0076053fcfee7ca6e34

SHA256
5df78cc9307c5a2bc0e073bd2ca9db919f014be396d26f3c95b2dd21de318974

SHA512
082b8e65bd994dabe134d6df1f1acdbdae582d53c6255b5753d98d934d9da9dd03d72388de8c1be147043519478d4234e89bd7088903e97e8c8720ec25e72a1b

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
a55f3ec0f5806757ae692c09d346623b

SHA1
c380fc3372c72bb724caf3ed2a073ebc849ffe66

SHA256
be264db7412398c155a2a5f6a1bfc07fe4da804b28796e430d29bcddaf0b1234

SHA512
8306b4bece0b8196ad31fb1ccb6125d667bc377fa2689efd4f6c2bf298ed38f56726eec950a08fdce6158a001629534ae8f6d60ca96b188301d21787274f8c85

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
d951bd79161bbd69abd143fa4bd7d0e0

SHA1
7da65d21ce8601bf2d1dc6ee91d4fda95837f2e1

SHA256
3dd771bab386c9e4f0683fb0968f27f1ccc325d18776f91c6b59956310d0ee10

SHA512
df1759f781d4c4e28931b66a53b28b552c9ddf947800119988a5c90a7d56b39f4403db45f489bc9b9597164ebd1b4c9f13094b1a76bca1c1fbd2055c725c8b0f

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
90b1bcd3cca6ff1e301caf0361c1ee27

SHA1
e58537a0cc47cdf6876546b4001aa0d982889b05

SHA256
f9fcafa24dd3e3f219956d6c68845cd74ba1c81d128c22d166034b2ab4ffdbed

SHA512
812135a9c26dc91435bcbc80aa1359bfbdff151cf214cf35e17b128e1e67957323b002e938ec10d72c4bfa63d49705a3c4056c03909701f55686c705e99fd3a5

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
529e2623dbb9b948b82a4ff261318f5e

SHA1
d4de8efdba4c9b4ea23eb15851f3754828d15967

SHA256
1dce5b30db4dce39d599b0aab405e3c028088acffd138e3e150ed7c7ae4d36c6

SHA512
fcd1d1c4ce760afb373a7e623a81d20dead5ba2e926c0b2f29b3a3789317792d8bb3f1ef5104f4c0c14cb29d7e1e95762a56bb7c7479549561e8b9a1188ce40b

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
28e641e4f389ee8ff3dfb5abf930d67a

SHA1
b345fdc6f0ec0d00879925762eb7071933eacf8d

SHA256
8b3a4fe67b074f3a67e10b8bf7234f4a96717468386c7423eca02ebe1b77e6fb

SHA512
c7a5f22b4bedba967699d9545438948edb822fdbc87b8adbd86bb03931a3ade5bce5d9077decfe8036713077037c3fba224b65258defca1f96232f642c723467

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
0b89d737bd94a92255763b750dc1aa16

SHA1
fb7ee691bf436da30dc58133afc60681f8730eae

SHA256
573b5befcdb561cb29aab19035a8a342c958e558638a337d800b8f8088fe9d62

SHA512
afba01e06dc7c3069473750473109db72fed5396033a56ce42e106f1a71f2642286e9705af1d400ee4d093972a84a452108d0d370b998dd06c434f84ef2c8f59

Download Submit
/data/data/com.systemservice/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6785BB17020F-0001-108E-3A661BDF0BB1BeginSession.cls_temp

Filesize
77B

MD5
2ea52c2f646be1a2fdb1cac0c02442a1

SHA1
7eeb9563ef28faa8a76c24c6a517b7830b17f3e9

SHA256
0890ef78d7e3e70065e128e1ab24a00285b078a7720de62f79c46037e6348eb8

SHA512
ca7e92926438545915f5176fcb350f6fa356fddede517d2eca4e9ec6913457fe3b6555c5bbed27626a98c0111395e5b092450f27665716e89a89006c4de51cae

Download Submit
/data/data/com.systemservice/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6785BB17020F-0001-108E-3A661BDF0BB1BeginSession.json

Filesize
132B

MD5
a71ade20f2031c34c1e03287e4fe7989

SHA1
57553466135880093695adf84e905a06da8883c6

SHA256
6e924702d0d45db51151ee88261926dec04d0f73b8a0f33cdafdc378d3bd012b

SHA512
959d304b2130fecff956bb77abf173d47b6a98048feb2d14f597867abdde25b72c6ad7c4fc10fe1b9545c955fea7264e7fc3c13cdd735cda8c6c18b4db722bb0

Download Submit
/data/data/com.systemservice/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6785BB17020F-0001-108E-3A661BDF0BB1SessionApp.cls_temp

Filesize
109B

MD5
53e80280f4a19370d4266cbb497a884c

SHA1
cc0f24f8a7712036a5c1239356c3d3f7451dbed5

SHA256
403eeb13f570d94c8b14c0d508bc2aaefa53c51c5c6f9c218ae96ee2c669a308

SHA512
2e38011af438ac02c67fbb9e60bb2d48fa27e48a5b8ffbde6ffc4bba096585a91efdbedb6c242c8804c0174d87213f1f1138542f4551e35e84ed5697364888f5

Download Submit
/data/data/com.systemservice/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6785BB17020F-0001-108E-3A661BDF0BB1SessionApp.json

Filesize
223B

MD5
ac938ea8ee6397dea5916ff72f6a9016

SHA1
da332f6bbb4816cceebf767c6fc5b714d9ebee57

SHA256
dca46535dd3d59456d3eb5d29d335a47e6dbe43fee81c2f7a830b0ca0a7f12c9

SHA512
b0b4265bb98bcb806436e20a85ce50c4f5a94e1d695130819ad8183e8b2834d28a4e4ff2b580e43a5992498b18cbf5bec582138ed0873c1037ae496d50849ef8

Download Submit
/data/data/com.systemservice/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6785BB17020F-0001-108E-3A661BDF0BB1SessionDevice.cls_temp

Filesize
48B

MD5
cf9cb0612d588a1f71b63084cea67316

SHA1
3d035bb92fd3f8997160cf8025c40239af74d3ca

SHA256
0d37c5a64baf86735501f9044eeb926b3d46548cdcf67c2cd1f773df36624ac9

SHA512
70f000233e181e3b7c6fcf07aa04fdb570f970335837f8d1c4680a9f78af9f9e17c73a0a5646770f7a8787e338899edc4a5197b023865a4da894b1aca12bf600

Download Submit
/data/data/com.systemservice/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6785BB17020F-0001-108E-3A661BDF0BB1SessionDevice.json

Filesize
202B

MD5
75db92d50c80a89e068550028c62acec

SHA1
d78ea55f5dc682e4da456d26383249f608fe894f

SHA256
1dfc488309883b61beb3462567a9befeaf36bb475a07a7ecef2be60bedb4b5a2

SHA512
dbb81daa5fab357f087dc295e7861444f945eb4c3883a09926b47312ce526bc069266a8a24b2a5b4921fb13e797696c5824195f0a79317e279ccf7855ca2ee13

Download Submit
/data/data/com.systemservice/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6785BB17020F-0001-108E-3A661BDF0BB1SessionOS.cls_temp

Filesize
14B

MD5
9b3d4522944ce6396563812bfdb92fa9

SHA1
6d2a6133c8f01938a48ccc77ef86ad8ca335c020

SHA256
d32805d685a3f50caa7f1c0bd7c8804c4d937a866513289f60e3184f7a591ed9

SHA512
091d87643712530bf9006135db42a5a50742bb5ca3026bcc5f2c1c17bf4fd984a8938d29263b0abde3d15cac196d2230902534e200b0b79485e3a1bd97d95727

Download Submit
/data/data/com.systemservice/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6785BB17020F-0001-108E-3A661BDF0BB1SessionOS.json

Filesize
54B

MD5
93023624eb8dff5c20050da136aaae0a

SHA1
acfd1ffed752c28fb135ba83c0c6345ddf2f6995

SHA256
968bcd7c4f1abed89a09cc0e6dadd238a81e8655e64196b39a86be49ceecd39c

SHA512
bb25dfa144d3f0e17203936c503c5fedec5f9ca710e177f99e273010ba4a682199d4bda5684151d65f3cb1549f4611b3a645ce39646d3db9a1b2c17d6b160579

Download Submit
/data/data/com.systemservice/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

Filesize
825B

MD5
2f72284fd06fa6b3299b2745dde139e4

SHA1
25eb6d04d08e7be28433d5b309f66e34d2f5cb7e

SHA256
d9aa5f715818128becaa752e062238bb71ebee0d20da07e1210347133f4805d8

SHA512
44bef6a046ca00e0593b65c8aae9087115d696afa5bd357b94d5a4ea071a674b4a742774a937c865c49f3885b80a5b43d9de869ad5df63b381e0acd3ad299979

Download Submit
/data/data/com.systemservice/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

Filesize
395B

MD5
3b301c20faa76e2108801d6779258490

SHA1
d1b2a8177b9920473e588ab6c43a783e62475a66

SHA256
b9a2bcef908bcebaab6c5f6990ea08a457b8a65734d8fc0ee0c7998e619f26bb

SHA512
c1d60be211a132c55b4c691141a275d60de6d69f4aabd3907a3e4661318d69bbd7e835a2a78afe88e8d17493b7478339720d5024218433f7087d96df9f20164f

Download Submit
/data/data/com.systemservice/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp

Filesize
16B

MD5
c33583fae4e0b61cde1c5b9227963237

SHA1
fe2ebe4d27469af1460f7e852031a04208ef629b

SHA256
35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

SHA512
fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

Download Submit
/data/data/com.systemservice/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_4235c433-41d1-43f8-853f-4ad315207490_1736817432436.tap

Filesize
318B

MD5
9de91a37c6b60a1d99a1a6775c7a02a4

SHA1
1de99a64d3cf5243aa096585163f068bc8abc986

SHA256
ab73c7a59d59a3ef3ea8513b5aa59cd1ee21d44d7ae8ede082a7b1d8af5321cd

SHA512
4dbfe7f4020074d57d0565603bb89f6f124c9b5038f6edd8148f662e0ec54c01b525582a20b5b9c4ba25fcbebc6acd25f37e070d6ab3f5845c93e63e98243d41

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads