truthspy | 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c

Analysis

max time kernel
16s
max time network
157s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
20-01-2025 02:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c.apk
Size

3.6MB
MD5

0366ae0abf0ada8aed90322bfe07dfd5
SHA1

2f0779ce64f02944e87674745cb446c5bc620607
SHA256

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c
SHA512

52f50f2f847628b1fb498784660050a6f189d8c7cc520c0d3a06ca28cc35ee4961d0a3daca71a540e263ab930ab629b884c3ff187d4abcd8f58549fdf87f9677
SSDEEP

98304:mD/SWbGiowrvH6Odp/9hBbW+te6lXhAyHtu:mWWbGjuvl9jS+oSc

Score

10^/10

truthspy banker collection credential_access discovery evasion infostealer persistence spyware trojan

Malware Config

Extracted

Family

truthspy

http://protocol-a100.phoneparental.com/protocols

Signatures

Truthspy
Truthspy is an Android stalkerware.
trojan infostealer spyware truthspy
Truthspy family
truthspy

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.systemservice

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.systemservice

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.systemservice

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.systemservice

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.systemservice

com.systemservice
1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:5045

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Connections Discovery

T1421

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.systemservice/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
374bb714e018f922333c75b8acff9e31

SHA1
5340032b9a167a36a844809b6592af8d64e0caab

SHA256
fdcebb96ab731fb6aef3789d68d7960c0501c72ebe8a9e8078a9a65b50354d72

SHA512
394c6f4dd847637a8fbd3f1c7f513ca5b19f3c45d1f34aa70556c216eda29e6bfc1e619ab1284b3e94ce1f890a8b8fbe4d4d8c5998d7d22c5f8710ca8d9f8fd4

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
548c2f333b6cdd668110db1e29af64cb

SHA1
729729deeef10ede900c127bccdba422014c9308

SHA256
f2715e25a3cb0683e18aff19853ab31a933994282835da4c4d21fbbf2cb2f3ef

SHA512
de133932bfe3f698b03441f5b8125692fb9350a64621bafed98f342e9995334aac54557f40fc6fdd08d1973ea8c8a9ae39525439990aea05f01d888b48886902

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
2dcc202b8a951f4bca67059af4e549b6

SHA1
5e9198e0c87181bcfaa093e867e5bff7c7218c06

SHA256
768bdd77a9dcd085cc0a04e54e33fc08aff0a37b7751b50137269d876d9bda26

SHA512
64a3855cef50e22dab0e7a7f1060ce23f772cadd97d6cb764cf433bb780aa065977e8f4649dea0f645a42425e2603b44ff6cec7794b2a7a7c78903f92b2b62ee

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
a2a49607b81c0708f6482720a1f6729d

SHA1
1088ba39b76a5aed42f47ee0f54cc4bf1fd55586

SHA256
20489360e2ee758f17320e54f3a7fdaf7d65365bc4c75cbd729ed6760b2b6057

SHA512
210a5e0a61cab099d43cb5ea36edeafcf1d7c1e1e91b6c1193e3f934cd25842d67be94061e4ae85232dd4087b680ece349ed31122b2c140135b6a136712fa758

Download Submit
/data/data/com.systemservice/databases/core.db

Filesize
36KB

MD5
045489a0639eee27bca52f48828cd93d

SHA1
436e7966e7c019273c44faa4d8c5709b816dfda3

SHA256
0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

SHA512
c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
eb52a90bb70b76e946b62f50b6f7fb85

SHA1
42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0

SHA256
48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4

SHA512
b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
18ebaa4fb461630c7efef0b1045e8c41

SHA1
95368ddd2361e5f184154111cceb23c661544ecb

SHA256
55d3eb4e27b68ef91b76620ba83cc3094edcfe6930e47f0bdd90c82837a07617

SHA512
540551da6537204f326531ce91c2f26e044b8a6b51535bdba0f2f12528b63b76d731b1368564c5e2e6347ca07f58e4facc85a2ffc2ad8a9294b160d94ec3322b

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
fc355f67ecfe887788941a8b6698d4ea

SHA1
e8562cfeeaf034ff9151a3d2d864c10c7535217f

SHA256
a4b1955ef097f6cd692b3105cb6ee9b26b56a2e938552095d69832bbaf79e8f6

SHA512
a7c6895fe0d4f0c62758ea3f71bb56d82d162a79de7ff3a85aa4f916c79a07972e4472e63e42f5566a5610cb6ad9ab40d366e1142e639d3bab36b78e991363b5

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
07197a9505dd42eb1d7763c018e34cc0

SHA1
9aa9365a7a8bf36f2318ae88ff50842544cfc959

SHA256
eee645ee2d969e99dc2f0f28ac917fbe4a24bd3376fde8e362500a38aeda3df0

SHA512
b6846f6af6c6ee77ee421e948d1a6205e6670002c0843f8ab49fea5bcc89936e1f7b625e249384465841464842858f79d7a9647c36972295e969418f1b06b96f

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
edb9eb65b536a26eee0b4c0dc3112010

SHA1
829350ef9d01bad88edd62c083b151a10a1abc30

SHA256
7d6d1edd28ad1bf810cdf69bc7a99385590c6b29ed6ab74a8307c13a7852870f

SHA512
2e1d3e0ca2f69703cd08364481a29c3d711f220914d49859aa1edbc8bad8eed9899207beb1e2ac6d226d1a6d87b907677f92d09cf8e4ba310051c621d8468b19

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
f871ff700510a56a54fdd56bc41b7541

SHA1
481548c8bc3254a00f497140278597b915460c48

SHA256
ab18f3bb605f3cbedaffc75b2d5a03fe21ab82179d268331ea907bdcd32c23fa

SHA512
12e3d348199566e137f02b63e4c8b4c722aa086128c0f1cea883d512075b8573d40d889d2b4452d9e3d9c02f523716da9775d93750c242a1a2d9e62f50f60fc5

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
fb6ba7d681697a51fef3aabbfb452483

SHA1
27d4c2003048f5dcd0f6d6ee324a2fddf6b86b73

SHA256
5b3a70b56991f6823ae13be29bf1276a18b150981c0134676ef9fa592a3fd577

SHA512
8c3feed2f1bea5b8072ef8f103cf973d8b5799b80de1362865e864354cdceaa851e1a05630c62c94086b0eb184d54eab1e9cc69bb7a6040de1d734cb34c9355f

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
bb758ab05a2768d1a12d2fb9666fa8e5

SHA1
5c426193fcfed965fa02161c5330dfa136fca1f6

SHA256
1f272511e56c8365b8e302ce88abb42f5e8399cd7783e0400b50c1f8dce2ec54

SHA512
e5b0bab7df3570e0d3fda61ba2be662da5482cf680e962f6525915e32ec2b7407e43ca932f1f5933bc75e79b297521a7a42091c276a0465a27b39b09d3f83da4

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
487d143a92993052f6d98e962d746f93

SHA1
0d010bf2f15ed363ded24ebef3b8e97dd34f70a5

SHA256
1ee499bd1dc3b3d621613005f4104134ae1b7bc264a2d5d457a7ff0df9388042

SHA512
5f5a6a0f658c7e1ec6d46eed15c522fbb01f161387f9d3f4ce8e31f431efd4b57a4ae91dff49502525c39d867c10f7bdbc9622f5bc882ad278d54578e2cf14ed

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
8f20394cbae3d1ca7dd00d4b00431178

SHA1
2d322ab581d22ff1da0b7f7e2674af602123c486

SHA256
b50ff67c8ab6941885ddea428c9c157864138b7a6db1cdd8dc6f826b176aa592

SHA512
9c455cb310f2432555bf7fe6d4c0e107d554139495a3841dae9c7f723242e7da9c5005a62baead4afc53d984e4f4cc01e874fa9a759ce966f9a643e127ab67b8

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
894ff8cc8b8e673d025cbcce14c6d9e9

SHA1
48fe6c4eb6453a7f2c684ef5b43c5dde67420825

SHA256
4e64302ea53d06b206097ad7bc29831f4654ee2775fe2b534fc250f7ff591a34

SHA512
efa9ea7e42ffd4c2bb7ab9a18f479e6f11c8a429f413397c3e0ac920787f271246689bc10edd73f537758123837c1490654cd2d5423caf25993a8569bfe59daa

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
a2dfd06e98d9deb60897e7ea38d90347

SHA1
86843751d9b54d429060e844e534b891ec5581c3

SHA256
608670c28fc830d6f1237e8b78f9c547c8c2f9aa6bf538b1ffb6f08d2c1343a0

SHA512
fe47113014fde667acd61f7b5daf81d758e942eb0a1ecdfd082f07819de883bd9344ad4e0af903e636e1173df8a0ef2e7c04166fc01a955bcf9dd61d3a0f6528

Download Submit
/data/data/com.systemservice/files/PersistedInstallation1549274256889537294tmp

Filesize
556B

MD5
5ad7d205277981e762bbd1074b358ec6

SHA1
bdf10ab6a66ce1232f8210eae3be5976035e3d30

SHA256
bfd1dd3262812fe8107f70e842292b4a9c2c5663e19ba3d2f8148e1e2fb22539

SHA512
1727d106e5814eb7bbc95d65a4c4acba78e642ff2470fed887b7882b575a8a60dc85a508cdf6e71d3a0a698c533d4457a6719b36c6b90df06cb904b9d5717d5b

Download Submit
/data/data/com.systemservice/files/PersistedInstallation2342429540176295668tmp

Filesize
90B

MD5
a3644bd8a2c1b64d7ac377a2c7d9e260

SHA1
042f5f438705f8dcd6a668e3b5801d68766b0952

SHA256
b40f7dd9a13338aa8e246a6738109482ead9a994f0f8db1e29fe90f8032a6973

SHA512
6f253afbbe907a385fdcb0e068eda08a7674d3b201ff54a3b4502df6b7ede2221a514720a065bb8bb77df6855b17d49727e7364fa9f7c6f84ba1ea993050c3b7

Download Submit
/data/data/com.systemservice/log/log4j.txt

Filesize
6KB

MD5
b333a2465ed32883c7fcc9eddeff23e7

SHA1
328ebbc7bfed882176b1916b692a377a68aa94bb

SHA256
d1f3c7af3e867f2348c113ea9b0446d66dba9ace5544be89f6964d70159cdb8f

SHA512
814b8132df7ea8e54da1e20cbd1140e8e71f571c0a1dca1496bd91dbed10907196423cb5120b4ed5e7848886a2024fa3a34e016925e7902fa2ee0ab6887629f3

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads