truthspy | 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c

Analysis

max time kernel
13s
max time network
153s
platform
android-10_x64
resource
android-x64-20240910-en
resource tags

arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system
submitted
26-01-2025 02:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c.apk
Size

3.6MB
MD5

0366ae0abf0ada8aed90322bfe07dfd5
SHA1

2f0779ce64f02944e87674745cb446c5bc620607
SHA256

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c
SHA512

52f50f2f847628b1fb498784660050a6f189d8c7cc520c0d3a06ca28cc35ee4961d0a3daca71a540e263ab930ab629b884c3ff187d4abcd8f58549fdf87f9677
SSDEEP

98304:mD/SWbGiowrvH6Odp/9hBbW+te6lXhAyHtu:mWWbGjuvl9jS+oSc

Score

10^/10

truthspy banker collection credential_access defense_evasion discovery infostealer persistence spyware trojan

Malware Config

Extracted

Family

truthspy

http://protocol-a100.phoneparental.com/protocols

Signatures

Truthspy
Truthspy is an Android stalkerware.
trojan infostealer spyware truthspy
Truthspy family
truthspy

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection defense_evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.systemservice

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.systemservice

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.systemservice

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.systemservice

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.systemservice

com.systemservice
1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:5118

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Connections Discovery

T1421

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.systemservice/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
016517f9d4b628fe55582a940acfffcd

SHA1
66853ebf31ed0ff2328d156a96411a90d3597955

SHA256
1718a9263e4c1e3b069f90d3422fcdcb90ad6bd8a27b4ae3498941c9afd95879

SHA512
db3f0a58afcf58ec52872ef3983886ae6f42dce28a3ef9f6086b6d8569ff369834dc16e0a9453b46532097b6122428089e2439a5c7f7112a93bf4f15dfa38a55

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
ccdf7705073518c4f418d3c6c990072f

SHA1
864252f26166aebd7588d4047ee4e77c4a652dff

SHA256
eb2917f81d221c61085648bff386f9c991000c921536db93e294f2e0c2e628ea

SHA512
a93ec90b98964ef2d2b038768e3b2ea8705564b3fc042e70f2310b958324704afc997db1221fe40197c4645b5e6e516835879d764c4938a613ec0aea7c7fbf9c

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
121b943d31d00cc6a0b13b51a557c110

SHA1
67f6d03acea6df6465c3e471e3926849f60c56ec

SHA256
782f35197806a50f79eb1bd6872f21f58bcc90175d1bc15d4f4a983102ba2f5f

SHA512
7ff1dd55ae88008fa123bf79955c4e1586ff187a49fa44bcaba6ec86205425f6cafb87d5d1d3afa788b38df1bb0ccea0bd2163ba00070985a59b1c9c712a9636

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
4c51f0e6f827e79ce32c692accdb8ae0

SHA1
3c1fc306f7f5089679070c61ffc4ce1c75ba8ef7

SHA256
06c34ecdc21ae30e1e260798b84082a93db2f5ab70b1e9a0ded758048e7281b9

SHA512
cc4e1b46f6ab8069d611d6fba66524d7067aeadaf7aceaaa612ae7f71c8f4c719d2f3871627486714daae3732df33e73efe402a77724301a8ffaf3f7e312d2cf

Download Submit
/data/data/com.systemservice/databases/core.db

Filesize
36KB

MD5
045489a0639eee27bca52f48828cd93d

SHA1
436e7966e7c019273c44faa4d8c5709b816dfda3

SHA256
0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

SHA512
c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
eb52a90bb70b76e946b62f50b6f7fb85

SHA1
42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0

SHA256
48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4

SHA512
b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
33c36e0f0d2c101828d76c8ee5958b1b

SHA1
a9be0619d040493235c31e1dac06e69d0f50630b

SHA256
10c6027d28b9f1ab2a0540b9e58634fbe1bbb26573ed15a732fb3b769b55330a

SHA512
7c231b87aedc81a223b67d60b2506fa6877df0009df33d655f90ea5bb11489076396af8f5b3d6b462ed7980b947d8eb877e861bb1ad3493a28cb71f08b10faf4

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
e9797ae52616f2935b4edf5cb191d39d

SHA1
5e1c4b248178a00a2ad03eaf5b9f8fea2cadff9d

SHA256
e68477dee18757d2e3e1146b5483d71b12afb761eec7ff7e18e054b2a48f56d7

SHA512
f12a87ed7813f800e5f9e8e4e7351c525f4767d4e2380cd2261c9d7b4382ac3f4ad19179e34a04b4e294c9684bba0e975701506b73c2cd0a1f893188807aa8b0

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
bffd59bbd86d875fb648cf905d94d5e5

SHA1
e22c09d64a73d61b6e05a76871980b92d1df0ab3

SHA256
e2fbace59b867bb3855d591f15d6c36beec041688531d9c0e09e3ff975acb6a6

SHA512
dbf876ba6770d5f71c4222c893aa7e544c88c419139bf55332feccebba9b65622e50d52ac34dbca88590ff585a563a4b99f20b3d4bd268bd6632f09ee139fb14

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
385b1805474cebe44a1475e257d93b2c

SHA1
d51ae3fff8e40c43f13fb0016c29c15a9bb4e07c

SHA256
d3324b2cf4434b1e50a1b63d169613388075a00832ae33fa827c5d117a826901

SHA512
44463369e97e9dc743413da8d1bfefd417e4be354b47a82bc8849e4925ad00367afd2815845f5be69d81f239231ee4728069893053eb9ae95d3a3d1a2cf5906d

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
f871ff700510a56a54fdd56bc41b7541

SHA1
481548c8bc3254a00f497140278597b915460c48

SHA256
ab18f3bb605f3cbedaffc75b2d5a03fe21ab82179d268331ea907bdcd32c23fa

SHA512
12e3d348199566e137f02b63e4c8b4c722aa086128c0f1cea883d512075b8573d40d889d2b4452d9e3d9c02f523716da9775d93750c242a1a2d9e62f50f60fc5

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
f2dae0fc24fc860dfa8861be4e4abe9f

SHA1
1f19bd93ddfee1306a35cb064af498f580d8728f

SHA256
4b88e9eb6babeaf95a1adde9f7602624c9ee300317198ad2049fb0153cecf31b

SHA512
8d55e63eb7fa1778c8de806820cccc9a6e48c4bc67418222fa81cb09c18cd310892b9e7adb10efb0820c09331f826ac94b97c1bd34831c30593e26a52ac79a4b

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
cdaf694d7904d59ddb8f7df7ee70ff3d

SHA1
77df1ffa67b6c6afdd978320aca3311de4063fe4

SHA256
3fa45cd4320ba9ee5b0d7ff996eff2d919472f526d341f2e3b4f2235a516b333

SHA512
c6422515d62fb85d9a1605199ec904b23bfd20c9c839c5019377a6c999c2bc38f3211c864d3e15634532364804bd3de27eac993d8c49d1ca505fd954faf76468

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
09f540a1d5e91794b7800faa1e5c3cb9

SHA1
1ca1bf307c3490226c012d9abaae79d51610d434

SHA256
82dda9c878979d414aecb0ee05a285dfafc1b262137f2aefb8b4a76557c0fb96

SHA512
e31e61a92e002df0d6389d300ab4fe548beb4422e88495c7869785839bfb9c43b5b55081c290a0e9a8b3a2b953d629b1ddcce71331aaca09a712911fe6bc2f44

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
bb9adeabe639a6ceccdb533fd0dd7c98

SHA1
9d2be686b91b58a780b09e18e512a1e4f0edabee

SHA256
a8f4e1b5901528eeb44b1167229d3b1cced939933f55c22d9bcc3e0e7b01818b

SHA512
caacc5d04c4b5141af20aec52b73a0cb797a62e868a814331490d49896ed768dbb598f5fa0cdb12aacb6fb3777a940d8af380946ddd4834efead79244e90b747

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
fd89ea962122a69dad9645a6fdcc3bad

SHA1
d6a95f97dfc7164e455b61c02bfcc759574ec100

SHA256
a463825de37c6ca193c65fa82f0efec1ccc2f926dfbb5c3a53132986783a8f6f

SHA512
ac292acce474afc7e7415a593f0219e957fe2ca49c06039af4dbc1786c1fa09160b04d11346abe4e86a0dbeef8e864ec187988028c4cce59243bd91bc6221193

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
04e5c0983c4d979eb3ff1ee80ab9892b

SHA1
044e490f2f9ae6fb3acc83c85ee996f24de5a89b

SHA256
5fda56e759cbc1c8d58c11a48c94bd6b9477caa16d90caa1a2cfa06b3f9b3c07

SHA512
b109ee5774c3ea63dbe5d6f3fb1f06f7df529153c38abd8f0ef9dde8d01857c368754f06caa6c56cb5a4f3d01913191e7bae00086f625a6bdb59c6fee09790d4

Download Submit
/data/data/com.systemservice/files/PersistedInstallation322461927561394892tmp

Filesize
555B

MD5
6c1ac867e4dd2fd51f3c9bf0b8511eae

SHA1
8d207a6d03b3460a09054d8afc484dff5796d331

SHA256
5461d0284bf63eb9ca0a75641fc0ecad17ce4ad5891929d25a174f7674e9a9c7

SHA512
b018c61c849b479ffa7e870456324361c6d460e6fcf3d826af740b2bf71c7a8b680f5833924c4c88820a164994aa5cc9b5cb02aa2246aa8892225f80506124be

Download Submit
/data/data/com.systemservice/files/PersistedInstallation4931851650703076931tmp

Filesize
90B

MD5
04769f932a469f3c3b6d69d9926648a4

SHA1
6c8ec7ed59f0044251794977cbe0afd88cb697c2

SHA256
1ae8f5391150609639a25bd31e531014e3242a4866a0d1c5761a10e03063c71a

SHA512
e20e5d27a11cae54a9d065e8998819dec8387a85ca3cd54d8167342d69c49b429f678be594e1b44385a682e226f66a1f061d2c4588f5a40510acfa0533bf6a89

Download Submit
/data/data/com.systemservice/log/log4j.txt

Filesize
6KB

MD5
65367b71d8b9ffecb1255a9a441f20f9

SHA1
066d9ee8425e25b361674c9e0d3ef19a958021e5

SHA256
69cbb74229e523952d65cd3c18e7a5152e360f550b7c52c2e4fc7b4b8b44cee6

SHA512
262cd8ee9ac54290da8d3b563b29b073e0d2df1a35194fa3c379e2a38754bd6164d3ba17fe3fcb431f533083320a062c587742f2426dee85ea74adde84802464

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads