truthspy | 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c

Analysis

max time kernel
19s
max time network
150s
platform
android-13_x64
resource
android-33-x64-arm64-20240910-en
resource tags

arch:arm64arch:x64arch:x86image:android-33-x64-arm64-20240910-enlocale:en-usos:android-13-x64system
submitted
30/01/2025, 02:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c.apk
Size

3.6MB
MD5

0366ae0abf0ada8aed90322bfe07dfd5
SHA1

2f0779ce64f02944e87674745cb446c5bc620607
SHA256

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c
SHA512

52f50f2f847628b1fb498784660050a6f189d8c7cc520c0d3a06ca28cc35ee4961d0a3daca71a540e263ab930ab629b884c3ff187d4abcd8f58549fdf87f9677
SSDEEP

98304:mD/SWbGiowrvH6Odp/9hBbW+te6lXhAyHtu:mWWbGjuvl9jS+oSc

Score

10^/10

truthspy banker collection credential_access defense_evasion discovery infostealer spyware trojan

Malware Config

Extracted

Family

truthspy

http://protocol-a100.phoneparental.com/protocols

Signatures

Truthspy
Truthspy is an Android stalkerware.
trojan infostealer spyware truthspy
Truthspy family
truthspy

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection defense_evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.systemservice

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.systemservice

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.systemservice

com.systemservice
1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Queries information about active data network
PID:4509

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Connections Discovery

T1421

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.systemservice/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
181a0adc79d304ff68362802c352a6a1

SHA1
c876350f43cb1cae3d7db26c72743fe79056bc17

SHA256
fa8d1325ad9e899ea86e134e9959d69189497436424335d613c473dae2526340

SHA512
e2ec3277afa89c3e0b9c0c5b3881301ba617a599c47e3b7c43251595425b63d21083c033c9f60aa0f2e10a468a98dd3a1424c86172653c9d2511a473cd447f08

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
b534e6bba4d13535e47681b87b90a31c

SHA1
f4ac9737893d695cfcc5e977305b28ff184cb15a

SHA256
4d424eee671ad9648cbf25f394accdc5f844118bbe59a2e7db51730f4c91a4de

SHA512
c42f074d25ccc7914a9569265734fbdaea9ef5f296d33ff9db164504783603fdf809e7634a8600effcd9053761548894fc476b27871ead79304b18d9dbc27dd6

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
280c85835e2764b8064d8209c71d92f8

SHA1
e5e8e861993e1c5c9d2be28ebdd6b3f431b73b8c

SHA256
da00042523c47f49c1d8f170421b7eb0146e3b348376c1bc68e6d88b2acb4058

SHA512
ee8c57d50be9527e1e2f3c94138b4e2b64f815351a2c5cbc1a1d7a8ff93ca4a8f58332a1a0d7c138ced30fc529ccb41f2c07c1576d6680c89889f7e2eff86626

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
3631d88cb66304c8d2d1827e9d8aae55

SHA1
380f6e11916fde57d84069fc03f51f3ec59e72ca

SHA256
e9588fa457b57fb45e5c7ef04b1f33769b0efd7ffa0daa7c5cc1fb4374e5f82e

SHA512
1618f954a9567a1156dfaedb3f1e6ef79a71109445fb66692ac8a85a7a9c71305b3b1432358a9a5157e5036b9af1166daec8ecd117e0bdd299c0ceb73b49aaa0

Download Submit
/data/data/com.systemservice/databases/core.db

Filesize
36KB

MD5
045489a0639eee27bca52f48828cd93d

SHA1
436e7966e7c019273c44faa4d8c5709b816dfda3

SHA256
0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

SHA512
c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
62ad4a05cbdca7f47b3206b7dbda487f

SHA1
4f4044cef7b7b1e5c6184ed9025267fc92bf0cd3

SHA256
18b909096c7c61d51ab076ae8e562effb0d4ada28e2a4ecd0e6b88ef58f6b2a6

SHA512
0936531ed1b2b356a247123200739a43cfc765469ab47a424dcd6e3d1176092a212b0a28591d07f8c2d0cc9d2e0eeddfcea8dde314c2f9343783c61075b071a6

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
f0518671af5dc5ef9cb75b2d1c671ba0

SHA1
ab78f1a4fc27997029d7b8df98d62517db24c59f

SHA256
4dd4860c428a27a551bcc817761f941ca3d9648d5b1ca9a0dc8d4b031153b7a0

SHA512
5d02124cdfbd032d810d4300646330583e853017e8896158125d0e7c7a22d348f7edc56a4dfbb100262caf03a42b6a546317fab2879d1c4b5318e97bafc4963a

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
e720491af5dc0916b00815ff8a4cfded

SHA1
6e7a36608d59589cec785f1a8f822e93e998b907

SHA256
b372433a93525aca1a7bb7379247f318a3ecd976fc6602af2aa48cd1d5c81528

SHA512
1fa124dd313733b22f6512db989c0185c33d1f89abbbf389ef4033818219f3624db9aa4c04e4a9f536e3249ef6843104a2a2babc6e39f706d9ca39e0143b196a

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
43d06d293bda1f035e754bba18ea6e94

SHA1
f0ef4fa5d1fd3e72a267038a0f46c282a411d619

SHA256
7ac540b75d4365f84a6ff38bd6735339f072d0faa1b1a6645bed309164c5afb3

SHA512
d5cf8bd47c1ba4bfd45fb313cfe43231206ee797f501245e45c8d00c20d669c886c1c441f36426c1da9ed1052bfe1fb26d1b40ec0d4e94d52b20c334e5aa16fa

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
f55a83d8ff0e6d213105f5ca67109d25

SHA1
74b1fcc3d172ffb7e94feedf047bb50e218f83de

SHA256
a9e8e0c10daf2259d56b5ab76b831390d45d98c62415dab0e16b12bd020e7abe

SHA512
d475f1fcf63fcb6da294b705eaa7dea0acb365f79585145777fa9107b36a69b96c244d041755aec434cbba09cf1e4703ac8cc5a65319e5b5def76022f23a5cee

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
e3f13c7d7678604e5b293f6672bc0ed1

SHA1
b16c998ac7ca1db79cd4983b207a292ac1d96e21

SHA256
486eb5bec4ec277ea7b334a0d0e431e5e62881d3462903e8294640edbe96b2e3

SHA512
b63bab85a373912587e78dfc9daf8b4168a223c7af08fb87de8140d66b9f35042052d2d25694e4ea7c9f2064107e5471318b6dcec39c4e3dc0aa352627fa09f4

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
e7dba007c8cdf6169f5bfcb32869f3b0

SHA1
c2434605342167150557f898fd10681e990fb6e8

SHA256
95fc03aded4895c819660b005df3f8190cceb4afad7260ac0321d7d3dead45eb

SHA512
b2b00a4a62d3d82b65e64d428ce046b30e13b1647002affe6883adc2425ca00957741725b585dae379460608658c00acd32aa2c12dd8e963981067878259c2f1

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
2ba2644c473223aea5f566541fdd9df3

SHA1
4e905ba06e09960900fdfed2bd5898ced9cd5797

SHA256
b9e668226dd3cbc25e40fdb943b1d31df02e06c522a3b36c2b396556cf732e1f

SHA512
0dc07c3db56924772f44027ea350c843df7b324cecf78c5daa4cd70280080b18b50dd14d17e01af60e0af0055d9f8bca8a91e63bf2268201d7fefb6c6fdf0f88

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
e2dbbbc3823cd8e01c40d13608877127

SHA1
b0d3ed995fc00f13362a923bbbf16df30ddd2418

SHA256
d082bb576bf2dce0f8882c078d0ea46a6d6b122a19363e25d1ef19f5fcd0b599

SHA512
a80b13300705ceb41b2290cc0cd5f986467ed71e70d7db6f314ac1a595e8a696b5ebbba9ed0223bcbebd33ab1865dfe4151144d0d2a7d2ca333bb3eb6c1a1e38

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
11f9bfb2fe885f026dd3d7868417aa42

SHA1
55cbacdac24d6949154ea386ab5d70b48e47c4ca

SHA256
e55e87c0d7d625d391faa215380600de7f8da326511f92f3eadff93cdc9c55b4

SHA512
a35a0f01be1a73f3ed5f5878739f37a537f4f8e18273aae36fc35968a2caf20e00a4c72ad5f50539ad27f0fd0454f927c35c70ba589e7f5fb8bcccb366029b06

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
485afd3c09ce83e0a9945a1fa5d88175

SHA1
7c8a29e63ea2f4444348bc1e280d16ec63be6e22

SHA256
3f5ebf78c8d5d6a3206cd2099727369ae731e0546503e8dda1394c7aa167bb13

SHA512
cb71f84212d0a0fd051cc9262c98bc0515f6f706d9ade484760fb51e25c3361e2d5982c5cf8631c040c79be2aaed6dee49b29b68e4ef25f748db704660820616

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
5aa163e938aea5dd48ba84209d55a067

SHA1
821d88dac0d1d926a52aeeb398ce4fe793993d52

SHA256
0c182a76ae0300b6c8ddd58d14857fbba83f579f334cc1bf450338834c31ed32

SHA512
7f3a2e663530d6b87afd9a6b0b079566c735ae17763b408423d959d131b14ef32b272b094fe7c2f2b8ea8c31f052b6aea5d1ac33f71e5d98e6e68d982e232c20

Download Submit
/data/data/com.systemservice/files/PersistedInstallation1162780551558134755tmp

Filesize
556B

MD5
058a64af8431b4fda63748ef56bc86de

SHA1
a523031dd822dba1b4cd0c215a4133b84861af1d

SHA256
a78d928e36dd2d00298dbd523caa6ce04e9de47cdb6d8cc2fe8bbb5e7aa72082

SHA512
81eb9287d71e229610114cdae54c333d19e780bc56c9dcb4bb3a59cc7d355accbf51bfdaf4e83482d400538482a27e79a48819440ee4fc1a30f56d669093327d

Download Submit
/data/data/com.systemservice/files/PersistedInstallation7355191452883232086tmp

Filesize
90B

MD5
d267cff94bd607d5c1661dece0576408

SHA1
9a417ae3df890d1d380e74e47b3cc621f7e79284

SHA256
36508c29684cf0637831023fc9bff7b0023e8ac4fae5098923fed5172809ab3c

SHA512
8cd0a9067a760647efef7897667dd5d2deb8c1e11f15ece1674ab5d84a05c8d51c9b5d06744d93de5adc71743cbf5887f3203f2a2d5dea3dc32f58d2d7283f1c

Download Submit
/data/data/com.systemservice/log/log4j.txt

Filesize
3KB

MD5
6c565e6cbc3ff3b32d3882b19c1fea5b

SHA1
7b0589b82a7a676f26d45c775982ad8438dae2e7

SHA256
686b55b0ff7fe529c91edd66c4e03a016a349ed6d580f39c920cd915be59a772

SHA512
6966f828a7bbac9daa8061e17618359818a2adbbc4f4ba9f06c7a02fc10ca95e56bdfb2d4cde89c533f4ef31a7257503516c0245be55ae23332a30d92d4fa9cd

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads