truthspy | 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c

Analysis

max time kernel
16s
max time network
157s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
27-01-2025 02:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c.apk
Size

3.6MB
MD5

0366ae0abf0ada8aed90322bfe07dfd5
SHA1

2f0779ce64f02944e87674745cb446c5bc620607
SHA256

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c
SHA512

52f50f2f847628b1fb498784660050a6f189d8c7cc520c0d3a06ca28cc35ee4961d0a3daca71a540e263ab930ab629b884c3ff187d4abcd8f58549fdf87f9677
SSDEEP

98304:mD/SWbGiowrvH6Odp/9hBbW+te6lXhAyHtu:mWWbGjuvl9jS+oSc

Score

10^/10

truthspy banker collection credential_access defense_evasion discovery infostealer persistence spyware trojan

Malware Config

Extracted

Family

truthspy

http://protocol-a100.phoneparental.com/protocols

Signatures

Truthspy
Truthspy is an Android stalkerware.
trojan infostealer spyware truthspy
Truthspy family
truthspy

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection defense_evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.systemservice

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.systemservice

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.systemservice

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.systemservice

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.systemservice

com.systemservice
1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4931

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Connections Discovery

T1421

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.systemservice/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
cbd8ad2a54510f352cce9231166783a4

SHA1
5fcb1ed90b61bfbc6c5a1d3e8a5b72c5dc0d3232

SHA256
a84609ac890ad43d5e63005e8557f4d3878959c5ee1b2486e2135f6b25d657d7

SHA512
03997da04fb397621a7675c1636968c31d5a19516fe16da924c084cdf9b3bbac78248b3cfeb9d4df98e0015240a6878f5de90b9aa086035433277327bc079579

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
40e1368d4cdf2472f663398cceb3b534

SHA1
164b445ac238abb32e6d78ac61107113f7c85c98

SHA256
5dd9c078c02476e17cd4c615a9a7abafe47ae77f395d3a4ed60b716280df6eba

SHA512
1b55858e9f89826c3d218e1131dd85657ebcf7b81f9e473a8e68e4fa141a3f820e7e745c133fce8d1d03a1a673e7d12bc9f81dac75a5575976ce4228e1d52a26

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
b3c4bd64bbde778fb5077517df25e369

SHA1
6ff7b2c579d37e89c90b0561aa9bbb77ed0722d5

SHA256
d5359b54bf6f68b82284e19994fd6df43e7d11aa461d12cff076df979262eceb

SHA512
84a0c4624db83fde7304b71f9ce1b0b09e37d71451a7b7d60dc46b988d49c0878f6302eaa1b1565d2f575702c666ec6cce05060f9740c69f2db852b1d1b3cba2

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
51e45bddf8227cb9670479711de281c7

SHA1
38cc2f7c99433c9b64e49f54faa6d7366ca8fa60

SHA256
4d10c8e11fc38957aedd15b20060508cec362942d45db9e6a4c41d8ccc462ac4

SHA512
d49ed990e7a419d09a0144dc0eba7298089075e4a573b07bd614447299de9a9ac987e6401c5f4dadd80307325989163057eb919c68b76a298ff74abb25c877ff

Download Submit
/data/data/com.systemservice/databases/core.db

Filesize
36KB

MD5
045489a0639eee27bca52f48828cd93d

SHA1
436e7966e7c019273c44faa4d8c5709b816dfda3

SHA256
0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

SHA512
c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
eb52a90bb70b76e946b62f50b6f7fb85

SHA1
42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0

SHA256
48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4

SHA512
b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
76cb17d2d4426ff7b8ad1fa73c0e4cb3

SHA1
eadb704483bafb15afde8c84438300172dd11c98

SHA256
1895043bf5e151e571308ed0f329a84000fd366a00e03f7e8f2d20f80aa16ec4

SHA512
812c4ade8a3142af32fea96ac840e8523c98a5b0d5023131094e418c7cdf712201dd12682ff6130ccb308b2f51f67cf60c2a5a9dd46082de8218fd60ddaabeeb

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
95ee0a5b4d8097c5bf03c713f1a2aca5

SHA1
1716d297285c81e1e842ed83ef959e66c38c5e20

SHA256
6a858df6c67e2ae7cee00a2872f9f0c7fa464ceb85c139fd8857d5909624a53b

SHA512
67931cc702540fc3906f04ee0331480aa44b54bdd5449288d6f445d74dca47bcf09f90d5c8e5fff2fae20742773e53a18ce0f3fdcb58d386c03cc67671ca78b0

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
f4f3d7ee0ba52fdba49ffe797d2d8158

SHA1
fab43dacf23f074f55ae264e263a3bcf61c93f9e

SHA256
aaa217c89f044bd7eda49e1a57fdf886dbc5e08c6ae3c3dc4d1137133ab42e19

SHA512
0627c6208554d22e4cd81eec19c5fcec419f7a325b3d4c5680bf8c657cd899b3766acece8520e7082361805c8b000744d4fc873bc7d85b133f1b53e0d7e0b146

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
1099084ef3dd9a07e04762927af04732

SHA1
67a84b1f312e21c28bc5d3e6cda041736f6ed92d

SHA256
8afce1c0fa88a5494b05d26fecc6897216076f8e3b441b5dc6b17a52955914c4

SHA512
7a3d8d6e61d48f1cf32419d93d97434b789d57a019b8801dc07e1d22dd57691207b0da6a5f857867c0fa31f465f9b206257f0a41e54c28813f6d7151507c235f

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
f871ff700510a56a54fdd56bc41b7541

SHA1
481548c8bc3254a00f497140278597b915460c48

SHA256
ab18f3bb605f3cbedaffc75b2d5a03fe21ab82179d268331ea907bdcd32c23fa

SHA512
12e3d348199566e137f02b63e4c8b4c722aa086128c0f1cea883d512075b8573d40d889d2b4452d9e3d9c02f523716da9775d93750c242a1a2d9e62f50f60fc5

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
3767413b78188e4b28d4de842afbbdf5

SHA1
0f440d5fed6465f1f51f89c16bdbd4a9dc6c5878

SHA256
d385ad52d38cb5e3b0f4e925c2558edf4ccfb7d95f23e5a04115ade768caefc9

SHA512
2db1bb4371f88be3eeeafbd5865ce513248a6da99a16a9a01178a6af654cd8348fa5c3ca76eb71d9f535211014982dccacb5f3175690fd96c25efb57394c1a07

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
87efb4b7ad6e2a4e669fb7a0e6df360c

SHA1
40217bdba6e2b45f9c2413e0de27dab3c865f11e

SHA256
00f173463860e89a2ba9e2c3f7f08f802de789341e11446b6fc265aa68c94972

SHA512
8a1a6470f22e149db9d13eb9ef5041c7cc97dbea3531328d9bbac8a008f3c64032d66b50990cd3d6a85f5b712e2fbbac6e0b9b7450f569f3552d9390457842fd

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
2c60d389170a383b65004d8dd3bed220

SHA1
d839672c33f7192e16fddc3b4c98733ebb980660

SHA256
7d139e369e016e781f755c5f801b7d01ef1b34d2f30a474e6db13c5f40ff24e3

SHA512
531229e7dcefc2a84d8923a2911b7732207e84c4c5a52be5d530df021838f3c58fd4505bfcd030ea95aa96b97f0b179357e639d622112ee2f4f1545d9bcd26dc

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
2f16d24217a1c7a7ffa01c83b42824ae

SHA1
a6fff1408805324ec1892e8b8b0619d42a37d005

SHA256
ada2dcddb1c5ba6bbb8240b2072a68cc28aba19a0c2861e01b11ae508cd12094

SHA512
d8701232c568e0e81e0b3552609ebedb74787dafdbbae26de2ce3095e372aeaf1e8de905654c34c96b9cd136a9904b3b41d0032967e8a6f0184440bfeb31757e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
5e569286dea5bb1429a770bbe173b2d0

SHA1
8f6790e8e695aac249a344e36bc125f06144f01c

SHA256
040e978912fe9ecf464c4891f4c87c8da638e5a9a85d0e098bfc562e01b7a859

SHA512
8081d46e6201636dbfcbdd90cbb31cec3770427ecdbc028e0d477f29b930e198ca6e752f9df612568da3af0f5fe22bda5e12ada004930ab86c4e285cb5b51411

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
f888a7a55e01d9ab23218557628239dd

SHA1
c1ff6dce4a2865032bb0f901ba2d169a0bf74c5a

SHA256
8acadc6586d39bfc4ea77869e48f2a565ee2ac0dbc505250e34bd39129bf97ad

SHA512
eaa2ce0ef51487d972f256efc11289c8078458149b265e8860e2e97a8579179ea68d2d38933eb69bb219ebf01a232f85599ab1a1db7d7cfe55d49a745c228f06

Download Submit
/data/data/com.systemservice/files/PersistedInstallation2409660095796104105tmp

Filesize
555B

MD5
f96614d3138e597fa209cb0dbabe4520

SHA1
90f05911e6bde45b1de962165374e41e71deb025

SHA256
fb19bbca1808b186fa80cf2fadabb27b9654cd6e97829fa47ed60f799bc9e134

SHA512
75a1752530f9647c53d0112a285735fdb0b3d82df440621d937dacec87dc47bc315792fc0cdd679ea2918f190fbbd57577150df88823bff0751c67a75f7a2e27

Download Submit
/data/data/com.systemservice/files/PersistedInstallation3532733949830425795tmp

Filesize
90B

MD5
55c8e8d5c9bd141bddbb03d162dcc17e

SHA1
b5b387427cb3dcbda53a424c8ee7dac720cb42f4

SHA256
6b3ef5e218d1d31e19c843d1bdb04015cbcb9fb9b4b4fdcadc4630fc4d60b1ec

SHA512
01ae76b18992f6084eda8eb05204e37c4e715ceb614f75c2084e401dc1287962b7376ba315e37f5c143405201083c2e6ba9e17edbf267538468e94ad43385344

Download Submit
/data/data/com.systemservice/log/log4j.txt

Filesize
6KB

MD5
d0a6d73987e10bfd27c304d20a4925ab

SHA1
0050ada53638755df62ed406a5976a278c41c7e2

SHA256
6cb77359bbe930747aff8211baded75957a5ca571ffe5160e804ea5f99b0febc

SHA512
9149f1484510160f1c1539a5cee2848facc9bebd6d4fcfd3f5337f47a3d4a41ef5c0a004d561d4100def9a275bd10e0ff824c6d220e3caccc1b10c6f40375cf9

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads