truthspy | 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c

Analysis

max time kernel
17s
max time network
132s
platform
android_x64
resource
android-33-x64-arm64-20240624-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system
submitted
28-01-2025 02:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c.apk
Size

3.6MB
MD5

0366ae0abf0ada8aed90322bfe07dfd5
SHA1

2f0779ce64f02944e87674745cb446c5bc620607
SHA256

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c
SHA512

52f50f2f847628b1fb498784660050a6f189d8c7cc520c0d3a06ca28cc35ee4961d0a3daca71a540e263ab930ab629b884c3ff187d4abcd8f58549fdf87f9677
SSDEEP

98304:mD/SWbGiowrvH6Odp/9hBbW+te6lXhAyHtu:mWWbGjuvl9jS+oSc

Score

10^/10

truthspy banker collection credential_access defense_evasion discovery infostealer spyware trojan

Malware Config

Extracted

Family

truthspy

http://protocol-a100.phoneparental.com/protocols

Signatures

Truthspy
Truthspy is an Android stalkerware.
trojan infostealer spyware truthspy
Truthspy family
truthspy

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection defense_evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.systemservice

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.systemservice

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.systemservice

com.systemservice
1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Queries information about active data network
PID:4309

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Connections Discovery

T1421

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.systemservice/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
c4c28a5441f83da9e04b426ebb7e5a5a

SHA1
89dac06005945a4767d3bc140d0d7a4d1e17d99f

SHA256
4e696f0aea5eed45143e70592334e6cda4d0a75a48ff3dc8b0f8614769adc07d

SHA512
5ae3f7078e715e0cd88e1ed421f6d35c01ce066a06b4c0041ca081b6fa97917b11f1905cd2fbc5a50510f30429ac850b70946119028b070aeb47d107761af6b4

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
41d89fa301c43cb18d6d250eab3310bf

SHA1
51fef066dabe8774aa7fd70211db9c31f68c50d8

SHA256
83b5968ac29de2468020a44d8a69bea06158f70474e5cb1903f823a122f0b87a

SHA512
5d7a84a07e5ebf1d299601c2089276a50b8ddae993ed3287a57eb850582d40c47343f51dc4cea606edbd4c1d84b946b4df32ca8ecb9ee235cd55b352d166749c

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
6be00415e2bff92a474a3db94a1cb805

SHA1
64b24260dcb1e2b824f26633ae343ade925df9bd

SHA256
4b102b689eede6e3199495ce555f11838f02d65ca7e11e8ecbc83fdc357670cb

SHA512
8c9dd70ce49b46666822baf59a1fed0274262c2f8e895eff94b02cee15c8e3962e590f1b898fcf3e16aa21d8401de83d87caca8c081a465b44e2ad054d612436

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
9281c8cd5326f8a982fe43665f89a598

SHA1
acda2ff417e944f9a20aba242a5802f1cd62c5a1

SHA256
4daea57c7d20b4f6e326d3485f27e5c1851a543264de222bb1df7344566bef59

SHA512
e534192fc0614b961fbcd043b15fb81721889cbec75f692a9519b210fabc079a43bcf7f08ee0c1319c677d22293bf9b42653eb172e868a1675ac50aabcdcd227

Download Submit
/data/data/com.systemservice/databases/core.db

Filesize
36KB

MD5
045489a0639eee27bca52f48828cd93d

SHA1
436e7966e7c019273c44faa4d8c5709b816dfda3

SHA256
0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

SHA512
c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
62ad4a05cbdca7f47b3206b7dbda487f

SHA1
4f4044cef7b7b1e5c6184ed9025267fc92bf0cd3

SHA256
18b909096c7c61d51ab076ae8e562effb0d4ada28e2a4ecd0e6b88ef58f6b2a6

SHA512
0936531ed1b2b356a247123200739a43cfc765469ab47a424dcd6e3d1176092a212b0a28591d07f8c2d0cc9d2e0eeddfcea8dde314c2f9343783c61075b071a6

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
1f49d0b25e12d95d2f51feca363dc13c

SHA1
4fa8139a0d65afb95f7a434ef94974876aa92451

SHA256
113a50889ddbd8c66368b91d6fa0891d17c1e04c6a85bf89cf8fc66e18afa310

SHA512
9e5ef821c5b722e3f089c38ffa3d4cae87057d8d2e23b444be06c2fec32c4dc1a6f4f5631938767dbde3192df061ad28a93592679645d77287a1357d4f1969f3

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d246b4ed6335595d0dc44921c5df0447

SHA1
5bc29a173b39a6cc8138739a5860ad8c0385f89c

SHA256
8491eeacd7d103f36815456fb8a5e63bcb237874b75151bdb979a1885fa9c927

SHA512
8a395af80e7e058fbb7f82c8ccbfa438095c02609da135e18ee36d972afc7adbf82625cdf77d1ea9a16b74126ad388598efe58f564f8b5fe0469900a8648d5a1

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
73ad3fc78ff7361af8c8af3c528d2c34

SHA1
530cd06281c63cc372d9c1a69d4ea6f0aed4566a

SHA256
135c271e4772de27424f061dc18e858827356a4ba1be0f58beb702f88232120f

SHA512
4a4b57012545220f00087bb4d3515e94600b1a5f892e4e9f7f40b2e1671034e79ab7b975843cad5114ab599a4904870df4b851f2813f3a1feec25e32238044c2

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
485668087a80c476a4d3eece4bb66b71

SHA1
b09bd684897be2701a16c99ccf78267043b056d4

SHA256
c359fcc57ed65e551fb710a021ba8c842be9b32f40eef802df8c2179832cc530

SHA512
4a30da214eb5f281524266288cd4775a0016abc2d8f62109bf44d8f4231f208120d7050384422aa76f7118af775d87f4ac01095d042be96f4651be14d955327a

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
e3f13c7d7678604e5b293f6672bc0ed1

SHA1
b16c998ac7ca1db79cd4983b207a292ac1d96e21

SHA256
486eb5bec4ec277ea7b334a0d0e431e5e62881d3462903e8294640edbe96b2e3

SHA512
b63bab85a373912587e78dfc9daf8b4168a223c7af08fb87de8140d66b9f35042052d2d25694e4ea7c9f2064107e5471318b6dcec39c4e3dc0aa352627fa09f4

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
3a5bf8007c7256c897285a581c722e98

SHA1
f3a3833e22e10760ec3cb8c78d42cb38dd6ff277

SHA256
1e0acf1130e6be8569a3176236c9b4240b6be20b8934b726276ea64698446cfe

SHA512
63733e719bae051e335ef78b2e1fb713b208ba068696ddbaefc0a6ed0e924e3117a541d5ac94593d3f2800c9d7d758060daee61828d09f57f03b54c5fc4eaadd

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
9c5a073d30999ae7dc9625d33682ba3b

SHA1
79849f8a94e16d3ca5a8a731a52bd05da46a00f0

SHA256
0772e00676a30d909860d1fd14e9413114fd01d77c4f10c424c3c8db1f114c0c

SHA512
c89080814d924fd2351394650fc2f90edfef148d1f37ea3e959c0a5150e5d0ab8ea4bab444df3b83e2ea8b9269635e07ab88af7eba035111599b4259b579423b

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
be3bc818cfced83a68f04b5c04255168

SHA1
155e0260e72a8ef0479b0742e282b72c67864b6e

SHA256
094acb52933f880a39a876d341333206909173cf99455eda5768923430ca8659

SHA512
9197b9cff90dba2caa13cd1110ac9c9498c30d980edc4497e54dde5561d3d569a44b3a537f8b1226891c7932435467acde5bf2138c25e4f6095f2c759131a1c5

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
7dfa4aa06d19578e39c11bdf1b969c5d

SHA1
874f88e2dd285577930efe01fa862d6f0847c54a

SHA256
fa42190a5b8e03d73a9884970dac6d074555ae39332e9b5d045c20918e06df80

SHA512
e286a2a8347ec6dbae3f5451da9ccf0c92448ce13251ed745a58d358a71ff688a99dc787aea457ad120c7460c9a22aa615f7a926cc46932795d119922aa60913

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
1ed6e1f33a6e06badad93ec5bf12e210

SHA1
b100847785a89fb069e8925ce469a67c47f5d7f1

SHA256
c9233ac5f3c29bdd9a584bd573e019b45423c6cd64fd2ceb5fa559d2397fa5a3

SHA512
da45801f01d83ff73fd6fe8a5664662703863030be5a01f005f6ca20d88f6bc5c05408782933579c9dbe74d7177f381c45bb8d8a0ca2217b385857bbec1b391c

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
77bba4bb458d07f6110eeef9303a1c5f

SHA1
739c15021076614b9f77abdde052f106426ece1a

SHA256
8748d525d1c5fd22d6bd8217eb20bee1ab0a76726720f83fe358d821f1dbd71d

SHA512
339771135f6385cb781312cb74798d20b2e0a1a085a3ce6e5c0508ccb052027a310659eed403a35ecaad9eda86f910cc97bfcdfd97f0d2c81f5a960662af2a5f

Download Submit
/data/data/com.systemservice/files/PersistedInstallation3883292823079493125tmp

Filesize
556B

MD5
26a28ebedf0f1c2347f2686b0cb2c859

SHA1
7ba2eed5b83822914208d9dc1b2f123f2d161e41

SHA256
e64da9af3c834eb29679f704439c38cec68affc295926f6b3f7c8bb85792911a

SHA512
40cae0abd49859399502759b35ac8be84001586372ccddfaaa2c8a16989abde7b7282076269f7c597f0681da58a5517513966de551953da7660a8bfe3afacc44

Download Submit
/data/data/com.systemservice/files/PersistedInstallation6494255258927956592tmp

Filesize
90B

MD5
0e3b83f795bbaba42173e0f95bdd7b29

SHA1
e59df1fb2fc31cdc9a18847f73fe033a6badc4a9

SHA256
4bd11fd9077219e442324fe67a094d17eaf03f88e8085f3c48b2e7193e058a34

SHA512
20b8c30fe881499f27546ec9e3bb41df18284014a4a027f00a8f85bb1e43b1044b42e58fad7c5ae70915d3fd37c094363502924b84a80219e2f6d642093800ee

Download Submit
/data/data/com.systemservice/log/log4j.txt

Filesize
3KB

MD5
c1a046f079f5a2d72490632fdd000881

SHA1
deec670d0933bb895ec9bdc9db014f1663493267

SHA256
e9f73689a6037f7f1b8ebc6aed68fb70f95d7384014e7c956ebd2137b26a8fa5

SHA512
30c0ae8155ce7679268cbedd0d33048ed77d9227c06582f4414b2897215815744279d28d0e78ee8633f400cdc4c5d23333d7ad59cd48b0b885270e95d1ea59bc

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads