truthspy | 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c

Analysis

max time kernel
16s
max time network
154s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
19-01-2025 02:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c.apk
Size

3.6MB
MD5

0366ae0abf0ada8aed90322bfe07dfd5
SHA1

2f0779ce64f02944e87674745cb446c5bc620607
SHA256

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c
SHA512

52f50f2f847628b1fb498784660050a6f189d8c7cc520c0d3a06ca28cc35ee4961d0a3daca71a540e263ab930ab629b884c3ff187d4abcd8f58549fdf87f9677
SSDEEP

98304:mD/SWbGiowrvH6Odp/9hBbW+te6lXhAyHtu:mWWbGjuvl9jS+oSc

Score

10^/10

truthspy banker collection credential_access discovery evasion infostealer persistence spyware trojan

Malware Config

Extracted

Family

truthspy

http://protocol-a100.phoneparental.com/protocols

Signatures

Truthspy
Truthspy is an Android stalkerware.
trojan infostealer spyware truthspy
Truthspy family
truthspy

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.systemservice

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.systemservice

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.systemservice

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.systemservice

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.systemservice

com.systemservice
1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:5000

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Connections Discovery

T1421

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.systemservice/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
14db4be475b85b9939fe0688b3af3aa4

SHA1
830ccbe3ae986febd24c774c59cd6e4848034d94

SHA256
92ba3f61bd9868f1b64c44792ca74e6de0b2371e9069b6134e814118e56044ae

SHA512
dcfe6c853c1b7cfdf9a3a801bbcd6facf79869b929b0d1312817ba451a6ea8abb49b76e134c6b39f91e7c740d9e060adedf152a8c818b76fc3bec02ea4927406

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
c24a3da7823831cbd531e9193a9af115

SHA1
86ee92c99afc5494b5b5fe10ac73e9b6281f00ae

SHA256
0df57f4e28ea6b85e1c790caac474e32c799d863c83d2db6f850c56d6fd914b6

SHA512
5ac4a1e6c7a9d7615786dc2eea05b5703e1cb35bc7aa6e053013c9986fd73b0748179fa35520fd909023fcec6863dbe56848aca4e5ee7ff1527fa0f5a70d33ff

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
869408d0b6472900b44228e09cc181f3

SHA1
4f7f1f23034c6f3e963a454f886f2d5f727d5e87

SHA256
d038d3b598983d79a09bb991a04ad60283e4149b7da450177462f133af499cc7

SHA512
09081779dde493942c3ed537cb19ca9b5dc510078869c3bc2b487a88c770ba99ebe09e47c0cb0e1569acb886ae8c3614a874d994379133b6a4e98921cc579738

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
afb72c02311bcc1d67f096154d34e1de

SHA1
3090a49daa5138914cec37b606f1f0fc903bdcd6

SHA256
6aa9978c532b0a9cf52e5701b3be314ca96255f21d311ceb869aa7b4958ecaad

SHA512
6211f28aef0c0efc812857ff65cee6fa26a8d152b348bf5210cfa24c31b5a031a7469dd93e614a7b0b3066d340728000af07e118e837f44a2809a2dd7b520bab

Download Submit
/data/data/com.systemservice/databases/core.db

Filesize
36KB

MD5
045489a0639eee27bca52f48828cd93d

SHA1
436e7966e7c019273c44faa4d8c5709b816dfda3

SHA256
0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

SHA512
c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
eb52a90bb70b76e946b62f50b6f7fb85

SHA1
42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0

SHA256
48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4

SHA512
b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
f8363608db7ed2ea66eff59c4ff430c2

SHA1
cae57c18ddb4c021bba98dc702928242117239e4

SHA256
58802da0fcd14cbcad1ba8790385aa0e963d9685c496d0d006c8977edf9b98ad

SHA512
f1909a707ac8e54df1edc7c915c585ffc505c36ebc74ce717e48e211279ed771e543920421e0d1834000eadd55e3990ce969b9ebf6ccbc8022c29db10340f92a

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
4ac3f8765eed2f03134907047049c275

SHA1
00f826b9bb64dbafe5db682f8bb860db15f362cc

SHA256
b18e5561f83e6fe952ff1fff51fa36b97f8fbc6dec4f6671b2fcf14839bfb630

SHA512
1ef99ef1e30fdb5ebfb32b441f94e8c578aa843ea3669c3d0531e2ebc1018e8cc84b9a85de3ff5750bbe4749f2855d7eb09c77fa61a4e9424e2402505551ff7f

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
f549889d3a7e3d9126cc0cda4b8b4752

SHA1
4f32b5e55277bcf51d0f6f72c6de56560e1c5469

SHA256
77844ddd4e42bf7a246870389c959c0905762bc1c0d0ff034d2eb5dbefc23f22

SHA512
4ad4852a02b19b8c7d75cbc2ed2979739612ad02324dbe06a3e3a56a2312173122f28070a7bb6779bb4a9c576c8d1232f2c75b52787b9579fb7e77ccaec53d4a

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
83ada3ea48e90e61f5d20ed11a4392ba

SHA1
5326db2ed25a5410477efde3f0e9df1c8aff48b7

SHA256
fc6a3eae381ec1d7e9adcb78eeb80ab031e22bf8f9c0aa916ac3687fff8105a0

SHA512
81fe5df986b40a9419f1b6e100daa31740e8a7391e101f9bedb4d93f94d91cdc1966cf08a102678cb0e97c9551a8fb3a86eeac34ec42a8ae403245a18d99528d

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
f871ff700510a56a54fdd56bc41b7541

SHA1
481548c8bc3254a00f497140278597b915460c48

SHA256
ab18f3bb605f3cbedaffc75b2d5a03fe21ab82179d268331ea907bdcd32c23fa

SHA512
12e3d348199566e137f02b63e4c8b4c722aa086128c0f1cea883d512075b8573d40d889d2b4452d9e3d9c02f523716da9775d93750c242a1a2d9e62f50f60fc5

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
53c068f9cbdb69bcc29f3e6945740af5

SHA1
d5ead85eac54da9a5e54dc9311c69dc05f677f70

SHA256
0ba02d34a98a441b918e5efd3422cd0d9df12b9feb0a48db63caf19967914a11

SHA512
b430da9da3fa38296d1290dba3e04f934a92f5749e3c64be427a089b9777b34502606278347e1fd6612539b98beff544613913515ee2a663eca3ab8acab24c9d

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
52ad70338844b858e6d8d77a2a4c036c

SHA1
719f887d4cb7988e6425558d5dad8663968e8119

SHA256
5f412dc5ab5862210707f1f69b608fa91922b229c2e8118f5b3d091deac36b6e

SHA512
81d87e40c252f4dc9a5a55135c8917aba77f88174960ea41b814979901a8e36c47430893fb55f8bee9a29e2e3b5a3a2005afd0e6b22523c8fbcbefec8691df40

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
cfa111c9b4cb88e5cacf2eae0e322631

SHA1
4b88cb7f31fe15b85db466f107eb2634b50436c8

SHA256
1d9144e44abe434fe1730fd791bf513241d21d5f21b8b147c8ca385a26fa8fab

SHA512
8e7907a64287d457a1ed6c9d563f6236675523c1d4a2b562886a9017f8700dbd29852f8375e4fcd36276304d840a84255cb3a6ac286eef1020197aa840b62a13

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
217951cabba53029b0a0e9ce2cd094af

SHA1
042e3faeba48f3dd67f43fdf60e98f9733a27c8b

SHA256
b1cc516afdd08eee495c3dcedd3037ba256e4c58bc0e090b0e6eb33b2b2bfe66

SHA512
04de5100ddc29421281f1cb70d5f5edbd55aff06ceca96eebaf1372280f83ce461c81adfa866558f546318d7fc1ae2910ebe2f1596ffe785953aca890d46c52e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
683d4309fdc278375266bd4acc7d80a3

SHA1
c8d0f3b378aad2310c815e312c6c94f3c3589047

SHA256
2a88951bb6e06269c8a18798a3543d0ffb4d39812acedb3d3e1f86d45edcab4a

SHA512
6f0227cd57033e9e2077fae959b8ed73be47afe928b486a463912553df9e3b76eba3eb25a8e186baeefa42ba2c37c8b787810aa02eea39c31873ebf95171354b

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
708e8e4b04cdf43f68492549ea38dca3

SHA1
b3279a8050da61b56491bd67f273c1bcf431da6b

SHA256
ef67908f69fe6b0f77cd976354bc7aeb48efb5adef791fe9d2f6d672ca101114

SHA512
1dec5aa43c98cd59a0c1fa22ee81df09416c66a93dce01d65f938ea4cd0d77be6c97fce68fd31905046e662740dd66228be2076dc784b7792a62401f34db50a4

Download Submit
/data/data/com.systemservice/files/PersistedInstallation2605117365296007617tmp

Filesize
556B

MD5
f3cbe1d3740030e2c327c5dfd6a61446

SHA1
fe32e5576a5aae2281d88dadfe8ff1f2100bba14

SHA256
6e459ea9c77f1eb26e1eb3f55ce4e4dfef5cc8769209bc84ef679b29a115ee15

SHA512
14165867a8a155c71788e2d11a25de8b5ce8a9e0eb70b278451321aedb7a7711f66e3a6ccf5de30a6d1c15f5cd9ffd7afe0aafe09e44c58f118e6f99be99314f

Download Submit
/data/data/com.systemservice/files/PersistedInstallation3182837918474555859tmp

Filesize
90B

MD5
deb118db2222ca57d88c4e083e615f80

SHA1
715ec7f84cbee23bc5033e3c348676297f773431

SHA256
bdaa75b49f76bc591002870382df24a6836df2c1fa0f1858dca5b9d431baa47b

SHA512
d9a2a7eb3605efe9b36120360c70a195f1056c9629b008e77313025e7fc636832bb24a0d468791a60ecf06111d964f047a71ebc616f5c69b7c8cbf1420abd897

Download Submit
/data/data/com.systemservice/log/log4j.txt

Filesize
6KB

MD5
a61deb9b9c9d495c4b2097db9cdeb8b7

SHA1
a92c0394408ba7ee30f79f375729c8c94bb9aea5

SHA256
bdd997d702951fc2e8cd0de552d085458923fc48bb3befb4507784a1c91ce530

SHA512
6a16639217a323ecda0064585cd3af4367d13a4e0f1facd292ef5944f34d6104209068adad4cc615ed1e9c0af1c7bac4a9513c440b449f92a793a1040de0e677

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads