truthspy | 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c

Analysis

max time kernel
17s
max time network
156s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
23-01-2025 02:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c.apk
Size

3.6MB
MD5

0366ae0abf0ada8aed90322bfe07dfd5
SHA1

2f0779ce64f02944e87674745cb446c5bc620607
SHA256

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c
SHA512

52f50f2f847628b1fb498784660050a6f189d8c7cc520c0d3a06ca28cc35ee4961d0a3daca71a540e263ab930ab629b884c3ff187d4abcd8f58549fdf87f9677
SSDEEP

98304:mD/SWbGiowrvH6Odp/9hBbW+te6lXhAyHtu:mWWbGjuvl9jS+oSc

Score

10^/10

truthspy banker collection credential_access defense_evasion discovery infostealer persistence spyware trojan

Malware Config

Extracted

Family

truthspy

http://protocol-a100.phoneparental.com/protocols

Signatures

Truthspy
Truthspy is an Android stalkerware.
trojan infostealer spyware truthspy
Truthspy family
truthspy

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection defense_evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.systemservice

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.systemservice

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.systemservice

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.systemservice

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.systemservice

com.systemservice
1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:5001

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Connections Discovery

T1421

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.systemservice/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
34ee7d7fe97ca7caf0709b92441f0a15

SHA1
016c8ff0fa1f392e59033083039238fa628a9254

SHA256
61470f083505a0c6054086e38b5790c1bc0a04a5c42fd33f36b1bfb38968ae6d

SHA512
9dbab8661d6e21506e5db4579c6b08bbcd73cc696c625f364b506aceef7dda3fab6bfdd35d1c5bc403ee0540d3536c3e5822dc7cdb6ac6897e8a928be546f4b3

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
45ff56e8fdb67481d7db6a26ac40d3e9

SHA1
445073c08fd9ad0f7a8fe9664a45736750ebe604

SHA256
7e375e9a5a83816ea92d7470ce57675de8dceaabb50876b6fa3a51bed3315027

SHA512
24a6529cc4a9920dd8ee9b49e07f3638898e723d1df42e43957846327af924898af7328d5fc6f1f1cf8d3165ad27a6becf0817c82f54e3dabb42b2d9ecb03d81

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
220450c7c078a2d7283fa64665a67bb7

SHA1
1e691d6f3e551976ec85a0cb725900ede875d84e

SHA256
bf36dcefcb3922571a36f437a088d6f77e0ebbb134112d952e23f479e2482f21

SHA512
0b3c2af98e2ebe04b208266a668093a72b2eb2c6ec29a9cf58710a875c694e61669f96b097f6328788697893b7887310e17cb0a44770eba94761754ca31768f3

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
3300339a124518b033c3a80f1f7f8495

SHA1
9743e2fd4ce61887938933e87d416564c1cb8730

SHA256
40914ad6e67de91f9ffc9a9134d8c4d5351b4d67f5e69740ba87f6e9a0d19c1b

SHA512
5d0036066a27b0eea5e338fd120351a9be52f487eb1fa5ccb55e5e191c8996424e13c90992b53212bbd05d8350ae52c92c40524d618fa0fa3b25f85aca353611

Download Submit
/data/data/com.systemservice/databases/core.db

Filesize
36KB

MD5
045489a0639eee27bca52f48828cd93d

SHA1
436e7966e7c019273c44faa4d8c5709b816dfda3

SHA256
0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

SHA512
c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
eb52a90bb70b76e946b62f50b6f7fb85

SHA1
42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0

SHA256
48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4

SHA512
b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
aab2e901d8c283f22ea0cf0c9745b3eb

SHA1
18697206bb3d92cb53ac2800fe3a5c8ae55244a9

SHA256
8c2f1319edd45c40547aa68b52775029b93480eabd727742537a8b21a64f521f

SHA512
c66fb9c915dc03408d22dce9d8b29cb345d1def8e3f75351b97cfa05ca78ca9a9e2d00cf26382c2e5ba5cd559b91e8e8b3f267d15476ea45f1d2bb774669c30b

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
4b020daea4816691769663ae06de9de3

SHA1
3fab5e41fc25e982414219487285d8dbf770b968

SHA256
ee9a3e6cbf05b6837e8258469fba63fe8eb3f75010535469177422a00621b0da

SHA512
6324584b7cda3278680c8a2963c414fcb1317584290505c88cf43b26880665951dea0d6e6bcaecfd2c118f2a38cf9c0a15a87b806a31ccebb6910cd69cbf16d9

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
705be8232ade624c10933ebaa1ad310f

SHA1
e19eb0857a44d6fbb8f12e7b87eb21954b1654a9

SHA256
abf6a5735f2773cf95e9a047d924d1ac00804d01d10462ad0ea7404ee9ed2ae5

SHA512
ba72b619b18fdae77967aa585f80812af07aee5336092476c02885043d34fccc05e097407775bb1b695744255f45a1f5275de0dab024193d143e054ea1b178e1

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
e98fd02fa861c2b98b4d29cd29890ecf

SHA1
e48c202ee897e35ec39e24f5b04b80b27defaa5e

SHA256
24ab2709393a7c0db28a3aa36db1f66f726db226b1fa2bc05dcba6d723205cb5

SHA512
ab080c609fc61e445dd38609d3956cf14d04682b0777ddd23e0dfebbb55362a656061f1f0a62fadd49f470c40e1d8da9a9a010303cae9a3d2ec4942ffddd7d0b

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
f871ff700510a56a54fdd56bc41b7541

SHA1
481548c8bc3254a00f497140278597b915460c48

SHA256
ab18f3bb605f3cbedaffc75b2d5a03fe21ab82179d268331ea907bdcd32c23fa

SHA512
12e3d348199566e137f02b63e4c8b4c722aa086128c0f1cea883d512075b8573d40d889d2b4452d9e3d9c02f523716da9775d93750c242a1a2d9e62f50f60fc5

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
184682c5511611b4ac614eab8ee55460

SHA1
68f2767afd29b13a663076eb661f59072a00ca9a

SHA256
3df879d73ca6a7a0401bc51efce606c0808197c90aa5d91cccb144bcc958e53a

SHA512
ca80c65b3892f3dee7f2fc1f1e2921ac73725766fa5ad91ac1dc54390ef7d24933bb1015725b2a5be7b157a2f70d76f0f3ae5d9e86243371ef48eae68a5ff723

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
0a7dfd50d229af2d627489f906bfc7d9

SHA1
0f3f95d41bd6b41ce70d4354fe826c82a06bd866

SHA256
7f0db6d008f8823328c42d791bc42a88fba52cb94b192f254b9de05233f21acc

SHA512
ec00d490a1e967fd72ab55e6ed58f02a7e0f64b08ce7a81bdc7b36c8f6d237cfa5cc605cb8bf35bcb69f73e30c06df427cd039304e4b1fadc1b6f46d64293556

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
ea7c32bf5a5e8a001187c34fb8c7319e

SHA1
d663b9ddefc048828db09d638feae0aeaa8f9b97

SHA256
c1a1c7506f3a1075ec9528574d597645a5202b01826387915936f5df3d456fba

SHA512
d138fca924ee054cda3227f67fa4a65e6b0bc7e906d21d0f38075cea1349f27b6d754815b86e0c13e313195b443f71d793beb2b4c54a7bf9d1d693e442b7d141

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
a9c8ebea20bd03e983911983de2b203d

SHA1
01e80e585dc1fc7393a86e2425d54378637fd701

SHA256
10b34531e76f428df2f5c5bedf7d9349e986e2ac8422e58b10cb617cb8d02b0c

SHA512
ef5600e7c478ecee3869efd26b80b6c7a2da8c53f5bcbcd0a49fd268ed50a2b88508f6aeb7f330438725929023d731a0b5a1cebd66a75de128fa809530d939dc

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
3f2ce693bd640fbec02f4dd5a9051cd3

SHA1
d630586472960110c88f32e44ffbff2b43612039

SHA256
7dca365fe0a8d7e3b1aef1a634f00868b1a71bf37c59bf59ed2e5ab6333560a1

SHA512
6db4375c6b7f3586a0032ea002f2da57d12aade003396bbdc21a3c1a19c2c0baef0a1f2a1d69508137cf139096fd7358c80a3ac80f30dea8e324ad2d9d5b6c9b

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
40acdad137c272e336463dac53365623

SHA1
620d5693906fb3ac28b9480f49f6fd5a26e58281

SHA256
cb15f7348f078f74fedeed95b440b5966541155253e4b880b5e8374c7c29b544

SHA512
cd654fb03df20c1e5870ef833812290d900ba03598bdc274e938be7aa8a058c5de14308cbe3254cb801881293add68634caff43a0c129ca6dd347bfacd413ee0

Download Submit
/data/data/com.systemservice/files/PersistedInstallation3604542823754930958tmp

Filesize
90B

MD5
7c6c628fbc83efd25236d9d9a1ca98f2

SHA1
cca4336fabbb5a5905dd0f679f7e80de19ab7d6d

SHA256
1abe557d1a67fc108490a5614349acc550c3974a5c8a5d2d6893163a706150b7

SHA512
d59e2f22173714b00bc5f6784248c4137ac59e17301564e467c3dbcc901570d69b5599c94d7e901770e78a86ee9ff4b3080098e691eb48d39c14b0b073404bfe

Download Submit
/data/data/com.systemservice/files/PersistedInstallation530328350805249122tmp

Filesize
553B

MD5
9f49b9d4082ebad752e333d2986eaffb

SHA1
d91fe61df6b900e312dd9e43f80c7999739dd726

SHA256
2febcfbb8cb345cbd88592ce20115effddd24832575f6a53e684d94c04c15a9a

SHA512
67bfd071532d4da5d9ea33cf1f07f85331e9f1f2bb3a9f91e19df6b7a545f718585ef3b69a5ca0cde589d008556a569561c4abf5cfc960aa5f53861bd565fa53

Download Submit
/data/data/com.systemservice/log/log4j.txt

Filesize
6KB

MD5
d2916c4c2ef028dcca581c79cad62db8

SHA1
db9d69d2716a7b7dcc5d720168b1716f6e6f7cf5

SHA256
36d70799c02aeb1456638c335ec0d4bc1ae531ddd793cbe64aa344fc297daa11

SHA512
1d20d5cd926c3c5bdc68e3906a71e042f5375e6037bc23d8bc99acde30ae570c02e695d4b6c2d3e77d0108ebc35e8f559c4fd4068f0cd8f3e398a7618594f26d

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads