truthspy | 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c

Analysis

max time kernel
13s
max time network
150s
platform
android-11_x64
resource
android-x64-arm64-20240910-en
resource tags

arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
submitted
14-01-2025 02:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c.apk
Size

3.6MB
MD5

0366ae0abf0ada8aed90322bfe07dfd5
SHA1

2f0779ce64f02944e87674745cb446c5bc620607
SHA256

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c
SHA512

52f50f2f847628b1fb498784660050a6f189d8c7cc520c0d3a06ca28cc35ee4961d0a3daca71a540e263ab930ab629b884c3ff187d4abcd8f58549fdf87f9677
SSDEEP

98304:mD/SWbGiowrvH6Odp/9hBbW+te6lXhAyHtu:mWWbGjuvl9jS+oSc

Score

10^/10

truthspy banker collection credential_access discovery evasion infostealer spyware trojan

Malware Config

Extracted

Family

truthspy

http://protocol-a100.phoneparental.com/protocols

Signatures

Truthspy
Truthspy is an Android stalkerware.
trojan infostealer spyware truthspy
Truthspy family
truthspy

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.systemservice

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.systemservice

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.systemservice

com.systemservice
1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Queries information about active data network
PID:4731

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Connections Discovery

T1421

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.systemservice/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
3da480c1db1b1dd2fd376d665cc418a1

SHA1
6af48985bd8c13c10ce6aaf67d9c25119a890e06

SHA256
b1bced5525ae0c7349c2f3cbd5cd0f33db70c3b27f562b4409a7362ed58a7170

SHA512
fed1d0095ed6803e1fd0741861f521ebb71629481821671663adc1853f74382272b50651e18e9b0e541a37739797f161595d0d6b64d8140083ab223aaa94a320

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
902bbca3a6897dd0449f6c466d6ba266

SHA1
38e2d1718f768de0c002ed48cf74091aaba5eace

SHA256
e3bb82b5470474ef89762a1c861ac31ffdbdd155b69a570a0f49375bcb21f9fd

SHA512
92243813cf8ae55cb672dd7f3176f523849756fd8b0cd2980d1087c4b059ecabca6d7f0d8073a8b86d241d12cb4e89677316b6fcf30028bb0fe616bb872b6da2

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
6c3db4876fce5d872bbd709427e7c0f2

SHA1
5b541576a5165ee792cb77ac30548ad0e3716830

SHA256
9884934b87ac26c925b1de6df5e4e01e69958c056ff4d5c2241d8c19edeb1b54

SHA512
ac27e9759e0472b48f0fb533499f621dccabff572cf9fa5af9e10327169c890317f5ca1d60f58cdcb6d6073b4b5db918daf6b56e9e80dde2bd8d0b9a4fc1a5a5

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
f1f065aae713cf181132f7546747c200

SHA1
8956faaff07baaed1b507bec981b80a114b1473d

SHA256
303940f7ca31d962355a16ea4d6380f0a3d6b38f76232ea04e9af652645db303

SHA512
434096bc5e2f0f7c6c239e9bb99c2bb4fc3f7afbf4c2747a44296ecf5fc5f28a1b8abe2d07d4a4e513f555aad200d471dae75a8388e979e375895831cc29ad44

Download Submit
/data/data/com.systemservice/databases/core.db

Filesize
36KB

MD5
045489a0639eee27bca52f48828cd93d

SHA1
436e7966e7c019273c44faa4d8c5709b816dfda3

SHA256
0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

SHA512
c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d9cf75fdd1c2292d986f6c3d5d60f2c8

SHA1
07ecb1d3a26d952ae5fecf54f36699ab498510b1

SHA256
2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a

SHA512
442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
e0e0e161aa4e4c930b65d486aa253a86

SHA1
345ad2c3e3486c5f7778dead7768dfa92b8299e1

SHA256
b298dd777c4990e223b80757cf5f9435a51e198dd75c6bb20a03e6c5d0773a56

SHA512
a5f0b7d7e71b2ac13ebfa6f591dda5d63a8b5088875c4448eb432795a2280b8f0105ee935abb3f1a7ee2f1ba206a2838db2e4c091e3f0f59d3ac48ee7bb2c3fb

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
cc1c369bd3b62752c44d9f602cc41c58

SHA1
af36095669f862fe945cc01933057f398e4ff61c

SHA256
23f10224cd66fae1d0e009acd0dd3f13a14f52c15225244ff2f48cab22aed4e9

SHA512
69bb4075580a08feeb1a1192adad524b94454c46d691d770fa1c0df659702e2e0133656266e20828bdd7a84565919dbb29a510368428b2befb5f890dc578bdad

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
ef09185b96a31de267ba5747cf2f64c9

SHA1
4de9654d0f825e4b0bded3beb5f9c2e193ca6cca

SHA256
5001547e792711a03957895e634e981f055ac19188adb448a67ad078ffffb315

SHA512
782656825e761cb63e8e49b96e514dda7e16b754437561cbc111fc896531b0a42cb1c9c4f77a9f100cfbf91f17803f9c80f7a96e52d7f9c0fd4cf68621fec1ae

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
8bafb3139857ea964be809de3ccf734a

SHA1
f004383ccc9b7e306fb6011726f0a58896ff5ced

SHA256
3509274f3ab019ffc4320d248e1510c4b9425dcd3a77c3252942430fd2f6b993

SHA512
94b113fe525ef7718dab1692a113f242c1484c060c798d6d8d0921d33e5669739cbf33b34c9e57ca5c2b98ef1c95f6b75a3a548552395946f705c85e716dadbc

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
2238195eab25764b61f2d26ef6a720af

SHA1
d366efd0cc079f0f87d23c630ec8d99f90541731

SHA256
599d63ed390f7e8e81d82b379c9a733ffbf454bfa5843bd0c909737c8d40dfef

SHA512
478111185428119bc92f0ffa3b6d88a7c644108c4b1d9b14a53bea1d74278bc78e67752e41d464dd81e3d600de8b7a723d0c7fa0ce920250ffd26977f9fa3470

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
aa7dd7d206e27ef74bba08e8744bf277

SHA1
d1130ac132bf89b957d9231ff0186dd38861aed2

SHA256
5d9a85e9a0149e6b2f9752f306d651386ecc577f49aece8f31d32a490a9ea81e

SHA512
01487fba6dc7caddbc0964cb0e7b6f2fb5777aec416b8e6ddab003d4a5cf921c069e8bdb69a910e4f096c8e866ee5a135dd9d0135125c1a68120ebc1bfa2f6e5

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
5ac53a2fb792a32ab403fe9badafca7e

SHA1
c78158cbeb02539ee8119a86edbfad1f98abc6a4

SHA256
e441d65b272034baec70250139cc3c5220f85b8a506b1ebcd3a7c9bd5b01eb9f

SHA512
bc0b740d5664ae758d7e74cda7779f3a6e3e1d538676b3a5cde66fb47b9a6ed23f8a85b0f267b78ffc887c91d74b5a217c7a9b396158b87cef8fd70870f1a327

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
c90aa864f0ad3e17653bd41a80d02757

SHA1
5010ea59087c3e491a8669e821f184636298f5c5

SHA256
23502ce0b27487ef529d1db6a80849ea1256df88f9f3dfa5e074cbbfb9962672

SHA512
f1e55abc339ada8e4bb94d1f90e9bd9ff1c111a196c2e36a0b23c96db3a32d0fe20a23792382c6a99a71f21f56c888abbb0adb3f255ad91c58784e4c9dbd4f21

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
e53e049f3359abb0c0e205e648dc8d6f

SHA1
a48baeecb101e40a3f7a649cf8b67bb685bb7da5

SHA256
6eb1571b11ddee27812f361f968aeefc5f748d89313dc0eabc7568f8fd622d93

SHA512
d8dd234c231444af47efd77a95154d4be8e581a29bbb965119bbf3437ee1285a66fff5dbe29e6dad895e3c6bc69ac286f2629a75823aabab8dcb168364816a81

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
5eac3d5a3e1e54b2e942033cfbdad7e3

SHA1
6b3cd5ca80089ed68072b687c0fcc009c1494702

SHA256
c1b289f916c71e5ade5b905173f1a86ed16675b5da2e000947369b455ab65f6b

SHA512
fa90d75715c73d639ff3690944bb789a83054dbfe90040116295f20e0b32f63bab1dede5246dac60f27434d81fc38a2e1cd1cdfb1d0f14d7b003bf8c46cbd18f

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
894e1ac5038cefad7c9d935a1c26814e

SHA1
d73876c513e151fcf9935cdf42a5f668024ecb9f

SHA256
ce99b0a61189a0defe58a177d40e2abfb9a8e55dfc3840db20b7d06699a8da50

SHA512
3981968adfdee8151b874a4e69cb092274a5d12b967f41920ef5f5261944b399527a14cf635965e0413e5188e0ca6bf12bf1d3eb513bce08ca08484a75dfce9c

Download Submit
/data/data/com.systemservice/files/PersistedInstallation7465095404273022791tmp

Filesize
554B

MD5
88c9114f23317a3a842398610007a5a8

SHA1
b189cc81b34029af88a223aab1f8f1fedbe9ecfd

SHA256
6d105d523b41f3c43fad5b8f834628ec58a6c0032fb0861ef7a51b698f87e920

SHA512
75b139b76eff17e612ac51a6524c97edef67ba5b8da51b5297b92b244095a5f394aa8a9c1ef7e9582c873ab0a6b3d848e243a1cc66003a518ab297df8514a17a

Download Submit
/data/data/com.systemservice/files/PersistedInstallation8814241147360408289tmp

Filesize
90B

MD5
2c3faec6bd1d395bc5024ea4b635d858

SHA1
b653966ecda5ed8336af464dfb73ce5758033513

SHA256
27bc85277f888d15e81e183e90c44b534172afbac16d1bff263be9f16df61139

SHA512
94b9904ad384909567db59ca366c49d4d93843660090e0f09c88ff4afe10ff3e0096a83a7d709fbedacf67ceb8f942995e265de63bfd75f5cd3083b826e4b6d8

Download Submit
/data/data/com.systemservice/log/log4j.txt

Filesize
6KB

MD5
230650966815700bad2aad8484938b69

SHA1
9c1e91a45a5eee6727b4cf40639ab08f75c79272

SHA256
8b35349e85331b21367482bfaec260fcc212ef175a00fe15206b3de1dd4c7a0a

SHA512
f2436d46cbf0a196436080872134301a8f55ebaec7aff0637ef8d7229975ed4cebe958977672077a3df3ee1d95c95769becb138f7e86ce7201d316c9c1d419e2

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads