truthspy | 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c

Analysis

max time kernel
16s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
27-01-2025 02:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c.apk
Size

3.6MB
MD5

0366ae0abf0ada8aed90322bfe07dfd5
SHA1

2f0779ce64f02944e87674745cb446c5bc620607
SHA256

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c
SHA512

52f50f2f847628b1fb498784660050a6f189d8c7cc520c0d3a06ca28cc35ee4961d0a3daca71a540e263ab930ab629b884c3ff187d4abcd8f58549fdf87f9677
SSDEEP

98304:mD/SWbGiowrvH6Odp/9hBbW+te6lXhAyHtu:mWWbGjuvl9jS+oSc

Score

10^/10

truthspy banker collection credential_access defense_evasion discovery impact infostealer persistence spyware trojan

Malware Config

Extracted

Family

truthspy

http://protocol-a100.phoneparental.com/protocols

Signatures

Truthspy
Truthspy is an Android stalkerware.
trojan infostealer spyware truthspy
Truthspy family
truthspy

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection defense_evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.systemservice

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.systemservice

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.systemservice

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.systemservice

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.systemservice

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.systemservice

com.systemservice
1⤵
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4262

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Clipboard Data

T1414

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.systemservice/databases/com.google.android.datatransport.events

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
f7f0ee3fca9b3220a834b4a592f45f97

SHA1
ec6541574cc242500398ec4b75ce6edc1d56af86

SHA256
e777c179851ec44fb17ea25895a375200d7f2ff02b18f48a123d8b9e71e6c96f

SHA512
03a212e91443baa15dd4a188d20a06aeeca291dfa3bb527cac2ef4882eb8857a300ccf2d4dd9bc033a1a55d12ee5a64e5d26ea0653e74aafbe6c02a8ab87af23

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-wal

Filesize
68KB

MD5
e6f282c99cc17513dc3a7799f8d77f81

SHA1
4b3f1ee20602ac62245912b93ece373c29f1785d

SHA256
f4ae58929414ed1b23401fc256d1201c0b7e968270b930d8eaeff6a65b14656d

SHA512
1dadcc359b1d1ad18c9ac272aa17f92d248b11445f7399fa1563ac023662879959c523542c547682dc0586cc98dc866aee2f4f2d81a2fd17d63ed552392175ca

Download Submit
/data/data/com.systemservice/databases/core.db

Filesize
36KB

MD5
045489a0639eee27bca52f48828cd93d

SHA1
436e7966e7c019273c44faa4d8c5709b816dfda3

SHA256
0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

SHA512
c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7237409e0640cfab7bdbd429bf821a3b

SHA1
4c3da934842f8d4835dfe2a9c275a300e5123309

SHA256
5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

SHA512
c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
6cb15124a84fca9eb63d0edd8ab6bbce

SHA1
992bf148f2b6dfab679e7e1ddd436f65998657ca

SHA256
a1d3a57b6d04e98b05ed759cbf8e8030468468d1b0683e1f69dd6ee044f49463

SHA512
744128538a1231d7830bca55fcc93f4849dae0a6d542c41f68d50fd9ff25d86e6e03436c1cf8ce92a83e6c498a3594c7337f08b1261b09f222523b3e47796b4e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
3b7e41e72d2f15d39150ed67b9754a28

SHA1
d94c95fc80b76a8c35b786b6939c41f6341b3bff

SHA256
45f29f1cfdee400cc999a5ca92363cc53c69df58bdaa2f433049e158e2248eec

SHA512
23fe2fd88ed446a0d8ee96a5bf88ec4b84cf07ba7d58b0389c521f4b778a18fd5c09e2e1ce118755fe1043177f4d6c4089fc236167df8f150f1edb7d016a97d5

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
df3c4e82ac92ac147f4f74b25980bc5b

SHA1
f8a869169b4f407a81a0037ba83aa53e59aaca5f

SHA256
db20cfce2327d5087ba18187097d396c5c6daeca5d78a88825887415a212c666

SHA512
06ecbedb4ebf23a3882fa66b8c81a67c36b4c7f0a52fa7e9cc1974db67754d228df60c762c6665d414d13d977271099e86fee1bf9b5aec6e97fe957256fb6166

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
199482d99da49588d123c5c01b60102b

SHA1
3e8f56fa8a26f0a7242db7f5e15222223d6c60da

SHA256
cd66fb5dc14d624f00c29205eb710f6b5f73de70ed5cda203569eae552c027de

SHA512
06c9c24b9f84fa34bf45b507860ea4f45661820198f79366262cec393866827cfe19d7342f05a883ef5eb2c25a208c3f4a5b581fa7fdd4e7eb01ac59bb42a26f

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
835cfc7decf507cdc5e54f602e3f9699

SHA1
4a55d424cb32e766554672cb2d0b3804fc47552f

SHA256
29257dbf2b37d226ace65bd68d001398801235d93ed830a35435bd4bab4de852

SHA512
2ab470c2200d97b545693a4cdc661100e46b0299f3d3890773681bc5f22f29eeda6b6a83a5c627fa22119726f3ce78d40021362a3f018a4f3afb4a08476c253d

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
6b9c7fd895db5ada43efdf95d3f009ea

SHA1
9464acca47b11bd81245878e5b4cb8d66c9ceccf

SHA256
047f18e38f6e0db18594fb953052e58438c3165fc1ca6400936d15072986c65b

SHA512
cab7a9826215b6785c15e816a1c37eeebd2aa13a5b2779911647074f03db7b69a678b4f5e15daa69f4afc63e59148821d15f3c44f0af1c1f0d3295322b9eeb7f

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
0d0b243a105e0dd7fd371f67ae2bcbd4

SHA1
b63a4a54e9f6fd87cab8ef8fc4d288bb5d385e5c

SHA256
a890ba3f703a2c0034f0433fdd65beb360559b33ae11816f652bb40deba15938

SHA512
4ba143f34260a176ba8aa9aedaf8c59d7adad2ee03064f6ad8940a6b6b57b0011eea35f19caf44434fd27e88c7827a39bb2de36ac6ce1b146cd2fe6908e29060

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
50d906607e12f559e190e445262bbfe8

SHA1
bc8efed9d715f7a7d7f1fc230130ef3ab84d862e

SHA256
8714c9f49fedd10eec6fa973103058eb22b80f3752b9b7f48c5f32c341d1ba6f

SHA512
4e2e05c0a23ebfcf68114e2856d09490728654134df6e8c11a5a61ea88bf05b18774d5df996c50fdabf46e4aaa919d82e5d08f05537836c9f80f21cc3168fcc9

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
6cdc57b8dc23b0326f859cacfc1db508

SHA1
552d37e6ae6f1c0596752b28c55eac255b5081fb

SHA256
df85ec204bb5e3aa047e871150f2788b9f9a4256017822a769bcf45da403b604

SHA512
70e04d58caf043e36aad14629bf40122f3c73ccb40781fc5e80e127ea8166e52d646919c6d9462f8d329b608f60c0464a60df782a35ff0bd3b37890caf08c192

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
2a3308cdb90a9c633ebeb603dff63205

SHA1
0c632238a8167adef567abd21056d48b87650305

SHA256
81af6f8e99f469b536d220e20e381436c99d919911b552ad5f5e6fedf14f203d

SHA512
0a6a897b7a9f6cbb609ca5182f34f5c5756674e66ef8b793380c01138345a4c5dc504c0ec129cc1313edb00a69ff253d2fcaf5b7d9e1243f99f5db4d3d6b1166

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
92b29a7de3c081d6c35460fa210e2fe4

SHA1
795450992526c336f91b33ae1a8d4ef4537ec533

SHA256
df15f63ae9bdc9d841d85dbdca1f6e2c0b199aec4e877b3d68aaba5b019e60ff

SHA512
0cd8366d6de6b4ca5b14d4e634fbd5a386ff8c3a2cef53f4b92e609f9bc7a7f9dcc287881ee7b449ed9d55d682e95c3303e8556821bf3177db48d6a6d5d95718

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
e537df6af2c7494cc895a5d74ce16c14

SHA1
ff5a3642be0aaa5f3359d7878eb2934ff88a3451

SHA256
9a8eb754df98390a97cae9f2629c901c6f8609b00641fc217c6b1ca659e6ba55

SHA512
74cddb7c81e511c24192a15f2ef6e5d7e71ee71622395c3d7ce4e6da22958ddfb8e874293134a129d536ab0189ec355ce628946c69cadedbabb759a04b2e369c

Download Submit
/data/data/com.systemservice/files/PersistedInstallation1069983135747595322tmp

Filesize
556B

MD5
642f02ccc04b9a05fcb7119ff6a2a681

SHA1
3182ff1cab97848597e91e9313cf8b560fec4d06

SHA256
593e228cfa0bbceeffdf2c8e4604241b0c2bc397205767346a59a5c088ef5072

SHA512
3053ab063670ba85cbea1eb38d2e5e50e6d3d32ab566063d5d6c1a9758ac45cab8228ffc5598c7e31d87ed1f381f25fb8dd13fcc26ae2562c90c7a419cbd5f9e

Download Submit
/data/data/com.systemservice/files/PersistedInstallation5500842324189648788tmp

Filesize
90B

MD5
a1cfe0fe03a278cd3ed773aa9ea060d7

SHA1
331ffbd001d20c0df65a7970446f8786fd20e16e

SHA256
d0f0e4f1923bbc0f0613f6015924c9b7bb7e17b0c0efc7f5560e163d0d666f83

SHA512
f4741df484205a79557ef6cb0708ef584e44a743d2cac0a4fa42d99169329ddce8425155e26a543412ae2847d03b46633b1dffdfe9f8ad6ce5e4b6f068535ee9

Download Submit
/data/data/com.systemservice/log/log4j.txt

Filesize
6KB

MD5
d17d947998cbb6d515415b6c26d82fe4

SHA1
b406d847a52cd89ddeb8076504effd5bbb0f06b9

SHA256
7e2c0140d9cd02992709b0be05b522246b52984c6289c73458df3312f8894330

SHA512
8683a4835df42e39f35a93d26c10033835166da0b282ab97f91878dc260528687f7a8c89e4ab894ab81586e6686444f6219aaa1d2ef82c0e8795e74c69533670

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads