truthspy | 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c

Analysis

max time kernel
13s
max time network
152s
platform
android-11_x64
resource
android-x64-arm64-20240910-en
resource tags

arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
submitted
03/02/2025, 02:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c.apk
Size

3.6MB
MD5

0366ae0abf0ada8aed90322bfe07dfd5
SHA1

2f0779ce64f02944e87674745cb446c5bc620607
SHA256

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c
SHA512

52f50f2f847628b1fb498784660050a6f189d8c7cc520c0d3a06ca28cc35ee4961d0a3daca71a540e263ab930ab629b884c3ff187d4abcd8f58549fdf87f9677
SSDEEP

98304:mD/SWbGiowrvH6Odp/9hBbW+te6lXhAyHtu:mWWbGjuvl9jS+oSc

Score

10^/10

truthspy banker collection credential_access defense_evasion discovery infostealer spyware trojan

Malware Config

Extracted

Family

truthspy

http://protocol-a100.phoneparental.com/protocols

Signatures

Truthspy
Truthspy is an Android stalkerware.
trojan infostealer spyware truthspy
Truthspy family
truthspy

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection defense_evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.systemservice

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.systemservice

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.systemservice

com.systemservice
1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Queries information about active data network
PID:4827

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Connections Discovery

T1421

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.systemservice/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
8e405ac80b38c4884d6b350574598b2d

SHA1
226a5446c608b9ef628eb88865fbcfa078796189

SHA256
9f788cbed79629e4efef2bbe3fd38ce86a410913003102f39bb9e96e8aff4c20

SHA512
ade4750018b04b05776cc4fb8d32a9342bdeb4fec1dbdc470c1774d50b3671857c9131957f23d44b18e17b0a40a408de0c50fcc9e0b3ef7e0a862f3a57c665f0

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
39c1de60dc21e910906c3ddbb0b7aedf

SHA1
906569b91ac98b2e85d231ba54c4fb35e0f7773d

SHA256
f7661224fd5cb4aa7c095024d5946109facf2934a65f8a2be032c2fbb0d7c5c2

SHA512
661574378379cab776135d11a5f0055c96c3ade5111cbe2d62da985be63b555815dcf103a4d47ae92cd18e975e610854b5009c8dd521088a8b2b9a6793d74cfa

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
9896f0884df5b119eeb9020f8a5a890f

SHA1
f5b264dad5f14979aa226bc5223bc311779ffce0

SHA256
9b237e7dcbf90b3dd66b54a2b2c283fd0ca5dc14ceb0aaecf84ac04799f0cff4

SHA512
db2df62705a4045e0712f97fd9903aba35169bdad5afc6148c4be30dd46f3b9459ee9734b2be75bfe0386e0da0aa76ffc14c888c8176e16a2a4594cb5da4482e

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
94cd711368a4e8fcbf463779ca51a5bf

SHA1
f423aaa5a3db6ceec70df30bfb2944d1934ca67c

SHA256
7601783b03c564c7723ac0a504f8400828d5f3fc1327befc307c4ef1a13f05f6

SHA512
ac541d103dfce9699e690ccb21b3739e6cd058fcd2d50427fe7acf918a4234cab2545b711838c774aa2e89b3a87a3631e0e0a38044de6874ea17accf3e8fdddd

Download Submit
/data/data/com.systemservice/databases/core.db

Filesize
36KB

MD5
045489a0639eee27bca52f48828cd93d

SHA1
436e7966e7c019273c44faa4d8c5709b816dfda3

SHA256
0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

SHA512
c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d9cf75fdd1c2292d986f6c3d5d60f2c8

SHA1
07ecb1d3a26d952ae5fecf54f36699ab498510b1

SHA256
2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a

SHA512
442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
5027a680af22d9ee56b4c29bba4b9446

SHA1
bb72b81de68f59b39e5beffbf72f0a56362c7ca4

SHA256
5b85daa6ec49ccaa366a873c9eada379e286358a033e872da656d6ca2aae1364

SHA512
c169ca8ef033732dd41e9b7dd699cf9925b92b05bc2204eb295f947fa57e32ec493f9648f1015fe63734281ed3d852b28825b468666a6df29c1ec3bd1596f9e9

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
1a220ff78429697b4b418e4695f26c10

SHA1
c6f40437b3e49f8661e8c6524f8100b756206e0a

SHA256
1ddc20636d97683f131576639deb4bbe801e897b9b665db2b79722f4045b0ac7

SHA512
a708c7a11c8d8bf892449eb94f42ced942a992e353d0e98e75d1e4b593fc23e1eeda1e771da93dc8f922c3c68b8d59a834ff80dae8dece45b639d6f0a07489e1

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
3305f0cae3381ae5229418c5febd70f0

SHA1
4ef8ed1b2247244c6f08c25de4540c52298d98f6

SHA256
6640429cc552c9140495cb22a3955bd9453cf22846b032f413c1432e6d6f7c14

SHA512
6edf27f01508fe35a8e0eaee9f3a6af9a9f043fa756480d71dac7d8d8c418b1c31e281ee39b12bf1483f19ef8aef313519f1584503cc1d8159122d02da0d8afa

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
4b0ca64fbb50392c41800998f2a3f8a6

SHA1
1bf90db2fa94349e0eb432f7481e8f102597d3b0

SHA256
a65815ecdce9bac36ebda0c390c987464bebd25f2c01dad2dfcac2981f017b6e

SHA512
1cb5a9aefeae56d1d1fc46055ae075651f8c4a4bf78f07b40a3ddc45bcbc71f6b89b7efd6051c5fbd9aef3696475f5aa5eaa2fb6d1b6242af39f369c6eef9509

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
2238195eab25764b61f2d26ef6a720af

SHA1
d366efd0cc079f0f87d23c630ec8d99f90541731

SHA256
599d63ed390f7e8e81d82b379c9a733ffbf454bfa5843bd0c909737c8d40dfef

SHA512
478111185428119bc92f0ffa3b6d88a7c644108c4b1d9b14a53bea1d74278bc78e67752e41d464dd81e3d600de8b7a723d0c7fa0ce920250ffd26977f9fa3470

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
b59e273a4b55422326afa17a06c8d3eb

SHA1
9ca02e5f73e68804701cb623771a89f443ec7a0c

SHA256
cdd9e82e28fae5b9712d2713352da1d9294215bb844fa2bbeed6983e66d4583a

SHA512
cac9f03527f7a408acf707b83846c7739ea4f3a927621eaf48c57c710f0057a44337508053094bd413604390558737231678416aa9dcf8cf3bb0c5a173b5925d

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
53233bc99dc9f488a605b0b21f29f6a2

SHA1
616196bb96ac01b460de1ed438fed459753f87f8

SHA256
3b7a762d1f726bdf38bad8917532cab32b7feba893c726990ea9be6ebadee2b8

SHA512
09c9a25e5179c520fca7a795e614db363d53e2498b2881df05831cffa3ba1c29a987aba801301abff4d50cd4afd8533cfb3bfc795b23d1575214a143caf870f1

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
5f86881d446083db9f3b2f50cb33099d

SHA1
a6dbc29bbe034e7cbabd8237466b5ca96ce05eae

SHA256
313fdf23a530f3ecd37fe1d2704c992b5d2af02fee99adb1d109bbe92c3478b0

SHA512
a1fede5fee87a249de272cd34d9f32b8f6ce4676418aa6e31714b89a13f68c67e1e3956be8aa4f0a231dd2f64ec0756ba2db5c50309b6a96b00b994f38ebe30e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
9ed414b9861ac1db1bf42b247cd9fd71

SHA1
1427f2335f812f4efc0cf5b7a9206f323808cfe0

SHA256
dafdf01d9be5fd140e277ebdd063e75efb4fbf73b9eaefb6f5f730296131057e

SHA512
95f0125486b36b3ad1850a686ab29c11670183f5517b94fb59205888374cc1d9daf37c2873dbd8d0e5e8e0df600a06ddac876bad094abd9048dd9554fdda8052

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
b776b2b2a307baba8115b294811c70bd

SHA1
eefaf65bc5783b482bdd75b4f7ed0673b7bf1d58

SHA256
a76ba8d71808de935d7b4ad6aaa82aaa426a2233ffab09b7e2458185f0fee7f4

SHA512
82f3186496d9dbc907566be762e868bff03a0cb10da7ed37ea4b45211ff4f8cdc04908c4a4df8effde6c4a0b2efed2f4db7b7917d4ba49d52856a8084e100df4

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
22068d69884ee4a63f33e96660c20b00

SHA1
aabc94fbbf07e8b79ebce38965f95e67b3937de4

SHA256
bf5c27c7c0bf367f9da94b9348f4361f6248b88794ed43a4433a751a04b8c816

SHA512
4267342888bfe61b0725bd1cd3ad01519ffd2aed82b7f0a979885195545c52c7aed7a35a448239df9706a02a5e083142ae0f6bec95a6deb522267e2c34eea0be

Download Submit
/data/data/com.systemservice/files/PersistedInstallation1439307969289275673tmp

Filesize
556B

MD5
2367b4f758040899f8fa800d40a08fcb

SHA1
5e12bc93e4a593f23d25f5f664ff186e836b9b82

SHA256
86bd7895139c5d1f1890252fcdc83cb40560b2127ed21557a93e7b8c220f0823

SHA512
b86c7d65abba9cb3e9cede2501a44ab7580acea0a09403d84010396a96ff611d95ebc088095abe62404e13be014efea9b60c9c13798106d8aaae2e003fae6042

Download Submit
/data/data/com.systemservice/files/PersistedInstallation3703163648482001371tmp

Filesize
90B

MD5
b5e4852c5c92070d75920ec2f32e2282

SHA1
ec0f3ae5fd37ecbb5702630cb7cb85848a5f8e17

SHA256
b18bfd3a7b3013ec3f1fd0b5be9406731967cc807db84a1f2017eb8bf9ecb9d9

SHA512
e1a1ba3ab06e2fdb21c138b2d953350658dc61face6b1166449e1c1c1a8e42a5ccbce45c169278be1455934f9927e85bf330810ec916c2b5550546ebb77d7751

Download Submit
/data/data/com.systemservice/log/log4j.txt

Filesize
6KB

MD5
1e88b651e9d18a7309a7452106ee36cb

SHA1
3dfa644afda053834144789b57e3273742b6e4df

SHA256
ae2231fff4da93820480db6c1ebb5af77b339cbd6f10ad3a37feef037e109118

SHA512
2b73ce35bec153c35836894eca46f5c25e787c5a77a68792b9cb6e5f85fc76f1d585ec957476d3d1e35c538310396f687ec3f605b6cb2e3f9644a88c9a0e5720

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads