truthspy | 41752e7b3d8374ec74b94ebc258a0fefd3d41a44bb07a43d85546701afb50e36

Analysis

max time kernel
13s
max time network
156s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
14-01-2025 01:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Dilshod.apk
Size

2.8MB
MD5

84e73c6c1a69ac3f3dedd5119080f19d
SHA1

65fffa7ab8f7a3ff5154b6c69a3ee31186c9d012
SHA256

41752e7b3d8374ec74b94ebc258a0fefd3d41a44bb07a43d85546701afb50e36
SHA512

ed3678dab2f80bafcf4c80bd095829cf54088c72e6f32bac58031b0270e06d32e4729898fab250f194113bb3046c47f97965f8f728f292d33ba8e9acf6fe0e30
SSDEEP

49152:0V1yqxc7abNLn7WvcWgEhaj+10GbHr9wzWhcAqL4iR9YO791fWFwGOLV31+snp4N:m1yqxOabNLn7RkKw0GbazjL4ZOOFwGO2

Score

10^/10

truthspy banker discovery evasion infostealer persistence spyware trojan

Malware Config

Extracted

Family

truthspy

http://protocol-a748.thetruthspy.com/protocols

Signatures

Truthspy
Truthspy is an Android stalkerware.
trojan infostealer spyware truthspy
Truthspy family
truthspy

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	com.systemservice
/system/xbin/su	com.systemservice

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.systemservice

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Checks the presence of a debugger
evasion

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.systemservice

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.systemservice

com.systemservice
1⤵
- Checks if the Android device is rooted.
- Acquires the wake lock
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks memory information
PID:4937

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.systemservice/databases/core.db

Filesize
27KB

MD5
c7b5801f4970b944a556dda8d75097f6

SHA1
ab62d5c3d60940ac286f019fecd21f822af864f2

SHA256
cc9e08d0728cef73f1f391fc1486845d285b6a14d778ef14c0ac2401e6b3fde0

SHA512
6ac93f5393ce957d0be7de34145f433285f6ee37f6037f174f4532502da62218dddfc0e32883bf94830b4c79f63aa16cf10b3fa7b6eb4187b72f7703b6e0f0c1

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7637fa900d29d6e7df8beb3551adab1b

SHA1
06317a0ff889e0f60e499fd27d4f2d3d5b1580e3

SHA256
a7f53e525d896c4820b925abd89f674fd5dd09de5b32c77a69aaf19dd6efaa38

SHA512
8bb374aeb0ff99d53fe4ab8a346daf6e9d92f9385f34e7dd7a63dc446a199f43dd317f9b25d8b2217408678fd7eef5babac51b5adbe06c234e3ca75019b72f78

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
2fbdb7c4c632bc1554b8b9d373a35476

SHA1
4b6e225b272d334f4935dd8fd5ba41ee3416ae12

SHA256
6f9d0e8c177c01e6c8be85c8b0ea5f9c8ed557f030f3fc32ad1c1c321ba666c3

SHA512
7d446c7506511b69d46a3233ed9c30246f39c59bf94ed87f3052a57bb03d023e45c3dc0044cb18fb00963e5fceee1ff9d6e8a3bfabe4071ddff47b47eef37c1a

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
ccbfe04f00c7c74f8051c89f477f6f33

SHA1
c56b8ce0e468fcc9ea4b7a3b3244c6999a9ef877

SHA256
06df9994e77eb44e1728755fcfd83e2d387402acc4312801ff9dc4dcfc6232e7

SHA512
e58e0d8ecfd801ff982fffe138d1cb7bc563be71b69c00743de3b7d482d92e8993f58012943ea57e1e115d859b5fbe96599aef3a99c84cfe670c36004545d0e2

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
fca6bf9a43a96a550695e8ab48d38e28

SHA1
94d54e18a1ab7ba83383e97518b7267b1bfccd4b

SHA256
65ef75041eebe636cfd60832ea4328469a6e5b5e6c749e75819de246de5654c8

SHA512
7ef384daa6460b47e7b520c583a4f61886dba99c6f8b20ae2dc2dec4bab55d922af86b872c6368c392edbb482ba1dd8442ced5c7d7135de52db6e23822564737

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
72413863b7da46e2eeafc4f6a91fd8b2

SHA1
b511d04e3af32f12d9fa64e4e738c21617782b44

SHA256
cd15476107b14c8f865b5a8d97e5ce53a4371c24e55b6eb5025feef622cdfad3

SHA512
eb8eb666aed2205855f2399af7b502ae1fea8f96f04a02362c1f7ee0e7fe95134b7987f34a34a7653220132f2e65ba13dcea2dd85fb1c0e6d69e71e64245b1db

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
e56879d2484f015af553cc64f08b511a

SHA1
2afb7b8d5acfb103e010f97abcd1376e27b24a62

SHA256
43bcef3d18dc4bc89fe305a792219ebe01f9f7b580b8eedb03d70ba03320321c

SHA512
b5db192bd13d618b6f4119f8d9dd91e9fc28b92bf91478145d56ae1c57ea2e596ee8716a63578307e3538db1b5caa853355d3104515365fe47643ae6ca7c1209

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
0abec57650b50c28ab06fedf8586076e

SHA1
9d6a8ca153a3c6fbb214fc9ba14a85195a309640

SHA256
b8a1458eae465c0e31b6c3a5193624870aa583234ffef4148bfb3a410c947745

SHA512
0851995bc34f2b1829f8a94dfb5fdb6deacb28e0083259057afb045008682bbaaad692a40743c5ae58c0aba6ca7ec0840e3f4341c019f1f96ddedb48403e037a

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
dfcc5be64db9bb70cb56ef758fc4a5be

SHA1
f2419c07b786663bb8990f706004108592867a7f

SHA256
1e69b14bde48260284852f23f34e1f9f022b9319ff8d6218a0086d7bcddec1e2

SHA512
dfe6cfb61b7c6f90407e292c6adf9f3dc4651c2097489c41d6692a9b7532c3089447ddff9bd65b3f4acde45fb4a8b36fcc93e6002aa81dfc940847306adc6305

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
328c9698edd254e7154d891ba0595511

SHA1
a3f3fc12968d45eb839b8955bdd5a577bc275092

SHA256
d921046287b66eacc1b7f2e1554d17c493e40f0f2e766c0699a4b0f4a278de16

SHA512
02fcbdc971952c0261b45ecadd1a30465807910a6dc5c82e499c17bc38314ddd3acbcd5817064eb40381b278c01798fdfaf9c1143a16bf7f8c6ffbfdfe86d9ef

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
1377969e3723fcccbe54ca0629d820cb

SHA1
5b7c8d32ed10b926e9a4cf9072f1d2c21780aa17

SHA256
e11e02926c2ace7c96996addcfb99d2f4fc907515a3f580ccdf8e6f8b433429a

SHA512
fdbbe1ecfd95a7773d0479eaed9a60d94e6b7ec30a97e353d17cd9ae5ce41a83cdfc403609296219655160fe156e1195878e227cdbb3cdf44562fde8af8b1288

Download Submit
/data/data/com.systemservice/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6785BB180092-0001-1349-68502751C930BeginSession.cls_temp

Filesize
77B

MD5
b2df59231de557c679cd21f7edc54355

SHA1
811dd8b82d63c91cf03e6bcaa3193fab4550ed87

SHA256
747c129cea0c124348c4169301b540baf03beb87c10e69bae825d1d47f304345

SHA512
5084e138d3e09a3340edfe807416c6bada7989ff03d80b6fb17ece44b04bc12618ce24a8b1b6e27cd5982252eb4dbc84095d93ba4325f3ab3874554fdad0e557

Download Submit
/data/data/com.systemservice/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6785BB180092-0001-1349-68502751C930BeginSession.json

Filesize
132B

MD5
12eff4ef1d9f69863dda809d72c0ac9f

SHA1
4f718bfc36ee198227be510b8b95ad0ecf3daddc

SHA256
93acb2defb3e7183c925faa0a4d75bf726089e6529ed7b8e46fcc080c7591811

SHA512
cb1b40e6ecacd1f249d400513755513db4ffc32c1e7c66681fd4c60dace9e0ebcf66ac4262117ede4831d45007bc1604e6e4093332c59b5d822a39fe30524f2f

Download Submit
/data/data/com.systemservice/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6785BB180092-0001-1349-68502751C930SessionApp.cls_temp

Filesize
109B

MD5
051daa937fb0d69f75fc99dcc398ee85

SHA1
c0cb626fe5446f72903f3e8c418849c8cb178bdf

SHA256
e8cbbe2ebd49ef5128539596ce42abf2417d5d15e9316f5252eb41b673536b5d

SHA512
5de7d3606c0aa2f6df0c713d3106a338351fbc9b8e2d55b679958f0535f5b6ed2c7e9e9c105f20ce8c77d53cb46240c6a2fea03939fbb05dce262ca9fb7dc60c

Download Submit
/data/data/com.systemservice/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6785BB180092-0001-1349-68502751C930SessionApp.json

Filesize
223B

MD5
5bdb3de4704e43edc67b8412c3555721

SHA1
89c12a490f3ac00ccb9130cceebbca82fd71ad81

SHA256
d1f8318f23e30166824450d026ba7de97f0e02748aa4a1910cd7961e848a569f

SHA512
be6868b90b7cb35da89651cb8d03a3c125815dbb39c917f5af16a673654c8ad24f3336643adff974dea44c88466cc8faa99fe2c1b710972111878dff3aa2b35f

Download Submit
/data/data/com.systemservice/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6785BB180092-0001-1349-68502751C930SessionDevice.cls_temp

Filesize
48B

MD5
2390c1f21db00b20c07107e3ec7275fe

SHA1
e663a646460acc071aebee942cc1776c23d77655

SHA256
d348072a01496839cfcde3a18866423aee74aefd613fa3bf1ff4a203ef46a699

SHA512
43ff60754eb60795ca1c318f44dcfe49194add26cc3d92c2eac7bef538fd65b6290f2e5953b8f1693b9425ebbcdd022ab16a18280146ee0b0c2eefe27bc0bd63

Download Submit
/data/data/com.systemservice/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6785BB180092-0001-1349-68502751C930SessionDevice.json

Filesize
202B

MD5
afa07370d07ed0a8ac9554ee7001bb72

SHA1
d1e9de22fda1295087525ff3a377f7d7dd410ac7

SHA256
8d4b99fc4968c9cdff4626ff6c1467cdb427f7a597b153f03b4bfb62dde6c07d

SHA512
a7a974b1c4ca3d7ca92e1449dc9718d5ea2af7f8e4c605d25c731fb4bbe891fdf340835e2a4e3a363558744e5ee30aec22542f377eb5bffc0097c70d24f241d1

Download Submit
/data/data/com.systemservice/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6785BB180092-0001-1349-68502751C930SessionOS.cls_temp

Filesize
15B

MD5
2566d27ce8c28d8961f082c375d7535e

SHA1
92fe585b1a2c9c523d2fa1f65ab5c1b6a1a6edaf

SHA256
5acdb54ddba2e264f6822fbdbc4e9b5158f57d43785c2f01d981956b18f7a90a

SHA512
1c70679bbd25a57f9ac02083d5af0fe72b1417cf3070a195497f03d6f492e87b1ed3f570de7ea7c814c995a1530e32610d9570f31a480648f4062e8d3287be8f

Download Submit
/data/data/com.systemservice/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6785BB180092-0001-1349-68502751C930SessionOS.json

Filesize
55B

MD5
5caea4b68c57072f7f52a5a41720566c

SHA1
4d9712f1702c7238949da43f7d8ae6efb233a666

SHA256
3223857b618b924c2b0fbc7bfb373a1aacf300a7b5ab585e18fffcf19039f363

SHA512
fe1455d21c521aeae3292bdcc386f6d2005dc253930c03e44dbcb972f96b849670d2aba039ea59e1a5ebc0350e6315151d17bcda55c161a62987d4bb01e91f9f

Download Submit
/data/data/com.systemservice/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

Filesize
396B

MD5
93d1ed319611fc1f6cea62b5ea5bfdac

SHA1
fde731488bc4091722f0982764a6ba231773c99a

SHA256
74ee4e023ea10042d0220cf502693cd9db0a237c56c476a00c79ab63e56a22a2

SHA512
8df5118dfa5ebab1f418ba4f3ab647f8ed9be6f501a04645abca1830b026b75704999cc06c63a18ef0f772666531840b5aa808141f3f54958cb23a7380385043

Download Submit
/data/data/com.systemservice/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

Filesize
827B

MD5
b81c50bd4ed958fd2790ebe604389891

SHA1
47c88bd22ebbf3027dd6874be04cfd6041f367a2

SHA256
a0d84caf430ec4cf9052953ffb058a8b3f1c0728b352a471f381065d0c733609

SHA512
44cf615fc9461b9e4b1d1e062de0370f777dd29f455d2c9f97f19572212760b5f71066545dfc6daa3d68bbe81a5772d1ba417aaeaff3101589d17656926d0f70

Download Submit
/data/data/com.systemservice/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp

Filesize
16B

MD5
c33583fae4e0b61cde1c5b9227963237

SHA1
fe2ebe4d27469af1460f7e852031a04208ef629b

SHA256
35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

SHA512
fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

Download Submit
/data/data/com.systemservice/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_5ce44498-ef7b-493a-92e8-f877cfce564e_1736817433576.tap

Filesize
319B

MD5
fa88678e16b1ebbf29afab77f187e5f7

SHA1
e4be7523fc7d58d0f8988599c50a47cd6135a62a

SHA256
25ebe2d438be92a587f4a06407cd93cf04fac8149b0324c132f71bc548d4d718

SHA512
40b5753b9d025b74948395a0a7cf3f160f20e400262e03305b076938ffa1e16ca2d5af4a2093a7cf06cb5bfdb0c9b8c1bfac85b8dd125a61134aebe3c95f62ba

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads