truthspy | 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c

Analysis

max time kernel
17s
max time network
132s
platform
android_x64
resource
android-33-x64-arm64-20240624-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system
submitted
25-01-2025 02:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c.apk
Size

3.6MB
MD5

0366ae0abf0ada8aed90322bfe07dfd5
SHA1

2f0779ce64f02944e87674745cb446c5bc620607
SHA256

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c
SHA512

52f50f2f847628b1fb498784660050a6f189d8c7cc520c0d3a06ca28cc35ee4961d0a3daca71a540e263ab930ab629b884c3ff187d4abcd8f58549fdf87f9677
SSDEEP

98304:mD/SWbGiowrvH6Odp/9hBbW+te6lXhAyHtu:mWWbGjuvl9jS+oSc

Score

10^/10

truthspy banker collection credential_access defense_evasion discovery infostealer spyware trojan

Malware Config

Extracted

Family

truthspy

http://protocol-a100.phoneparental.com/protocols

Signatures

Truthspy
Truthspy is an Android stalkerware.
trojan infostealer spyware truthspy
Truthspy family
truthspy

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection defense_evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.systemservice

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.systemservice

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.systemservice

com.systemservice
1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Queries information about active data network
PID:4336

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Connections Discovery

T1421

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.systemservice/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
04ff4cc9c2e362296cf1d0d7b82f0128

SHA1
b80c5d6ceefabc56b6bec3d103ff0fcaf22fb1a4

SHA256
719dc4e73c4dc17703a7d4d588783cfdeb0736435d0104e5d760b8af40255b40

SHA512
1c1cc43d8b62c5e0bc6cde0c584716a65268c722494b70149b11cee9e288c965eff3954a09e0746c544a5346cfce2cba515a9af3cc3cbbb42acfb9bfd5e16573

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
570cad075f2b6f435ed9857ab1cf9868

SHA1
a1a228ebd7c90d6e0b3877b92ea85cd97990ed2d

SHA256
06abd47c0b0aaa04a5e4950ebdc62556cde0a71af63ea0d3adf1953eef29af1c

SHA512
a082af563f1461eb9d994a9e8bbc4f75d69d288e501e7bfe6cf8b4a1ac61efeb4d905461b27f78ff1225c3dd66c13c0cb7070a7558866dea46dccfcc589da3fc

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
4d1105458b0b5592915cbd2d4fd0fc89

SHA1
fe6e66c07a2e38fef7ff6462361e4842f2b09748

SHA256
b231b123224e8a7a8658b79f014102a3d08f153dd0efc444b87c4ee81146b5a3

SHA512
201a00e6336de8fd3d180e94cc901b276cb0230e1af350bfa5dcd73f6922c909d6358516bc48c952bb19268aabc642d2beaa31c438e8248a308b0e858397510c

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
d1a20d54c8922446c9c26124d5d4f9c0

SHA1
69f2959363c5dde7bbce67996f3ae01fbcd8405c

SHA256
cb8767f0d3100fc29560243eb26711615fc8bfa66e6f799084b2da7a8f717db0

SHA512
f7c0fb2b8daaa483181901f99116d4060f35a389391cf881808c1c319187ef6d85f85482a6b952d83b7a9fce0bd5c61d52fbb75595aae9dd4f40f4522ef53d7b

Download Submit
/data/data/com.systemservice/databases/core.db

Filesize
36KB

MD5
045489a0639eee27bca52f48828cd93d

SHA1
436e7966e7c019273c44faa4d8c5709b816dfda3

SHA256
0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

SHA512
c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
62ad4a05cbdca7f47b3206b7dbda487f

SHA1
4f4044cef7b7b1e5c6184ed9025267fc92bf0cd3

SHA256
18b909096c7c61d51ab076ae8e562effb0d4ada28e2a4ecd0e6b88ef58f6b2a6

SHA512
0936531ed1b2b356a247123200739a43cfc765469ab47a424dcd6e3d1176092a212b0a28591d07f8c2d0cc9d2e0eeddfcea8dde314c2f9343783c61075b071a6

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d41d12443a56acc785fe1b65ef9c23f0

SHA1
b041868e13fc99c0f5324c2d49fbd2a33486a7dc

SHA256
764784da384e9f0f368a710b43848abbead1df1fb6edd0bca9a63febfe74df57

SHA512
1e91c602370bd8aaad023abba33f3e56d6f7e1c1ac1edb8e197d1d074b2f2f1031af11eca4221642dce9bf4f3771cadf248557d29391fede89dc76449a65d055

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
9da3db1b41247eebe1d3fe04d8d55128

SHA1
1b3121109e1a5dd815f36151d5377b290679b338

SHA256
40081b2fa684f5dc3d57e30d61b9b1af77a81dbb986a069d59aea5e726548004

SHA512
69378068d6c9f41a6cee02350cb1e0727e380268faa42a7b8917bd245ed1d916cf1b17f2fc2cb3139d1e1d9f4730b81e7bfd47f526b2501e12dbbc8e75be4db7

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
718cd6369f83888c78802a604d78f959

SHA1
4969a6a1c200c3377aeceb1152fe3edf680704b9

SHA256
1fab22995f699f6239204d716898a1fbf3d992014a474d72e20a623995b498eb

SHA512
0b226cacbb3d5ae26c0203679b4091aa8785aa4a0d52c409d586b24a53962c56faab3218c1f98923b3ce7d1c8bf225ef5af49d064a88689dd77fcdf3769cc4c4

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
b2d700c1910f2156def791706a5114cc

SHA1
292777db7c6c169466afe90ade1955a58b50eb16

SHA256
074022871ef30745aa88eb13ee2eefb835ceb1dda57881b5424291861bca9577

SHA512
c65cbd881b9d26353c6eef9a613ccceb4161ac3c4fd8588c19534bebe23bb383545034d69dbfefa076712bf31d15806f7c4f3382432e1daee39a13a19677b37b

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
e3f13c7d7678604e5b293f6672bc0ed1

SHA1
b16c998ac7ca1db79cd4983b207a292ac1d96e21

SHA256
486eb5bec4ec277ea7b334a0d0e431e5e62881d3462903e8294640edbe96b2e3

SHA512
b63bab85a373912587e78dfc9daf8b4168a223c7af08fb87de8140d66b9f35042052d2d25694e4ea7c9f2064107e5471318b6dcec39c4e3dc0aa352627fa09f4

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
14ed617b0408917675305eb52e22cfc2

SHA1
d64e9666a3293d072534ce8541afd2c7b7dcb7b0

SHA256
3c62af46455dd02aa582954a0d31015b050ddf4916a219080d85e4c11caa60ca

SHA512
3cff0c9b1db1b6d7b33d8124c8ac1fb987606e9cfd9a95d3dea0716bad011673869ba2ffbb7a1c9fd8c2ea76556a56342e6aff1b481d4c72dcf4ac6fe81b267d

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
8191a335f21548d58937e935eefda505

SHA1
de5639cae51b75b4a354cb700bc973d8cd9ffbcb

SHA256
a5b11b55b65b42cd69cedbb9da3c35887a39a4868c2edce94fc66ca178ef17cb

SHA512
b88a120cf8a2f22aca5ecdcfc72a222567f4f7023948d0686a41491a05c53a116b8bd74e20f453db6637e7c90497c35d4280612d790f99cd9fdf846c7bb043af

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
ff242ad344e5058b1607ee7f7ff4cb3f

SHA1
154266308ac4d37ec3da83ef6ebf25671abf789a

SHA256
da06df228c70ec4bc229d469429770beb426f657a47c4f036cdc4d2c94752e18

SHA512
433e2bf1dc40d8ce9cf57ebf7802826667a25d0ea164f88742a17a076fc6cbffcdc374f60d7842c7d43303e0793999d4f4d83e2022294c95a85cb6b6a48854a8

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
4bd8c68fd6dbd8c17e0ecbb36e7ac75f

SHA1
947f4e34d6c924448cfa7a00019b10406cb280ec

SHA256
a8a9088580c5d68d22e71de0ce3da052842a150fcd0e17198dc82ef873da3ce7

SHA512
70dc1235623786db37719d1575c30b36eb3e579b8a6906eae4d348704e1b8cd2a99341ae0acfcb7e23d7c12a9d1c3047f8c28a71b69db506ce49411574a251ad

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
0a0a06e7a5a72afd382d52c5638d82c5

SHA1
e34ea77d00ccd845447a72f0c7b8005e162dd245

SHA256
2896acdabfcf37b77388df551ab9d957b1566f858004f2aa20b109f3ad390cd3

SHA512
780a4620e9abafe35752903adc5448782696d72106f9daf496052dc1fa150b5a19471b182aeebafadf1a464c359067d9ad696845f844ae588590539f68db2e03

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
72d46ee97b337c63126c0f42ad83c588

SHA1
ce8fae0ddfb87c5e2f7f91ff9034e254025bb5c0

SHA256
d74a94ad2c5e6978cb38e636c5ca1dbf3c7e38552f4de5633cae22fa2f60c791

SHA512
688b67df484634def5e5b96f47626f874590bdf9af9abeecf2b9298025de48f94a20f30cbd7621b8e5f0d47d15a9d64ab60c873471e7a0790ce5e1746a17ec10

Download Submit
/data/data/com.systemservice/files/PersistedInstallation4647536971368852630tmp

Filesize
555B

MD5
4c5b96dce49375268e46bcbf84c4ec52

SHA1
7c15cef7ea17c6ae54eba9a3fd910b19995f7660

SHA256
8be9067ac6f7eb348e70e48bbd29b168395c3ed74afdde1ee85c5d32113ac07f

SHA512
082f1ee0b3ac872ff840cf081a6d72d3dc42563d4d5f64f17a67420e96a69a17cfa0c70a5b5135615b517affa4dc988a4699fdfd0056600c4ebf1e6ceb04ddb0

Download Submit
/data/data/com.systemservice/files/PersistedInstallation8847262208485876717tmp

Filesize
90B

MD5
2482ade79a975d7f87691540a5dd00be

SHA1
347c1ccafde84430e8bdf6241d80969be2038310

SHA256
0b668808e62d603a8157026ff285bcf14dec14a41444e4b7d360ff0e249bf30a

SHA512
3f91ed4edbcc9f255e7e1f1c141f3137ebf66e0a0d7c617b4b3555eb33cd690b4ed566597cef4ca6c0c82b92d5116e7f0bbeb4fd58452715edb4ddbf7cf94f69

Download Submit
/data/data/com.systemservice/log/log4j.txt

Filesize
3KB

MD5
8a320fe36e494392ad14cd5e0731c365

SHA1
4011f95a976786618e1e12493f730462b369ca40

SHA256
0ec323d4c725076e44e2f19ee97eecf9e62848e48348e7baafaa2103c1d1ab57

SHA512
e6ba875d6e0d24a9a895de7d2e13e8a706360d1c2e07f3f87adb437543db01ec22b2206860cc6d4ad4434278b1fb441a73f27deae263411bf9755b7c6eef67b6

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads