truthspy | 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c

Analysis

max time kernel
13s
max time network
150s
platform
android-11_x64
resource
android-x64-arm64-20240910-en
resource tags

arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
submitted
09/02/2025, 02:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c.apk
Size

3.6MB
MD5

0366ae0abf0ada8aed90322bfe07dfd5
SHA1

2f0779ce64f02944e87674745cb446c5bc620607
SHA256

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c
SHA512

52f50f2f847628b1fb498784660050a6f189d8c7cc520c0d3a06ca28cc35ee4961d0a3daca71a540e263ab930ab629b884c3ff187d4abcd8f58549fdf87f9677
SSDEEP

98304:mD/SWbGiowrvH6Odp/9hBbW+te6lXhAyHtu:mWWbGjuvl9jS+oSc

Score

10^/10

truthspy banker collection credential_access defense_evasion discovery infostealer spyware trojan

Malware Config

Extracted

Family

truthspy

http://protocol-a100.phoneparental.com/protocols

Signatures

Truthspy
Truthspy is an Android stalkerware.
trojan infostealer spyware truthspy
Truthspy family
truthspy

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection defense_evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.systemservice

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.systemservice

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.systemservice

com.systemservice
1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Queries information about active data network
PID:4638

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Connections Discovery

T1421

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.systemservice/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
788a5602d4cc8ca4406771d2d44b14b2

SHA1
35e78823afac0d173bf3540283f2672dce00b690

SHA256
6d81556fe57c402a6408fdd4c4303468c18d174c2d1e3b7b6f71a5c89e63344a

SHA512
c001077147d122d01187e2dd6a0b0e484315f64d6fc60204bc1615f834aac6814fdd7153db62fc8e84637a2c3cde2044b886d94861a8d29a9b50906b93deb6f5

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
77a2d74653cc0808b87a55a3a3307dc6

SHA1
465f05b26b853b4e5f523df04a11c48276b50108

SHA256
b12ab713b72b71726599006b26ff7de90540a6ca089f34e232dbea79110e0860

SHA512
f90ba32795e9ad7074fc66c1ac5fe4f497909a5cb223e49e9698546c6f1cb67185cab7aa369864a0d0c2bd376cc55947cbadfa5034c030f33f1de8637fc0b3cc

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
8cb5e1b9e91f13dbb35d7db5bf52a1d5

SHA1
861988d56d1aad116fde7a98f95aa34734429edf

SHA256
2a8bcbcbbf8c37ffca70852c140978e7b7ca12059bf06cefa177cf0c895a90c7

SHA512
aff657e10998f8cb9880811cd5e6ef680b3746a22106006fb2359c0521a9ff5acec4634d54619681e8b88346e85f778ab970b94ea4d64aa475bd87189419c4b4

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
b30fb0fbe07d7ddc50dff059782a45c8

SHA1
c1a96b49512c8eb36c08092d19feebad1c11df95

SHA256
3ba319f4bd6b88f09da9326f9ff7eefa8f6e69b3dddb7de50b6d4a1ed078fe40

SHA512
45bcd5c65b70e2334581cf2c8e6c0cfefce8d0c5213920736e1e70d9b021ee1446abfa34b229a5cd0fabf1f0d54c92fba4685307ab85e9bd1939368c0827435c

Download Submit
/data/data/com.systemservice/databases/core.db

Filesize
36KB

MD5
045489a0639eee27bca52f48828cd93d

SHA1
436e7966e7c019273c44faa4d8c5709b816dfda3

SHA256
0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

SHA512
c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d9cf75fdd1c2292d986f6c3d5d60f2c8

SHA1
07ecb1d3a26d952ae5fecf54f36699ab498510b1

SHA256
2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a

SHA512
442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
f5ea39b52de18aff18c32402d55a4817

SHA1
d5ccd5a4910c65c9f55bb184d330bd2854406d6c

SHA256
874c80f8572f61e6a5d440a20c585da06d2dc414c1eb7180fba568a275109b00

SHA512
8550f45ebaf086bbba3dcc484ef731553a3dc24cbb9d231ba6c0302ddb4d0e0d5c6c5d5f4df0e3d5b7e0162756925fc0919c6fbd250d2cb4336235f6432c6a67

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
62eb0f70f14e68c4365e28459b1b8753

SHA1
ad6d4ad20c8db3119b7a73170673d6d5bd2e066d

SHA256
9877a4772c3bbf63388cc8013a5e77830076fc71a75fabb7a443a8476062a80b

SHA512
ec3acb1f115d09b02b8310f6d9c9cd2639fd04969177fee072574852fda947a6a075659bb90bb572c6f0826e36c975b4b4ac3b3d9cea43811aeee50ca705cf57

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
01199f6faa650a250ddeb317447d1f88

SHA1
02f8140d3c5e660671c8cfd1b60dcbd91a555a18

SHA256
454dcd82ea1df6fbdf4a5525cdd1422ce09d8e36058a50fc5ef7240af61f53a8

SHA512
0ba4a38bbcff2907b582e53d2bfcc8157a7be0fc0679c75a3bb2f0a4d6126d8830840e272cd248bb49ce04f818ab42dba24c8c5ba3c9951dd7cbc1a7ecb7856b

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
a626c4f870c6396c2fee6d2efba9c34f

SHA1
14ec2405f22f15a177e1bec85e2b63ce46fa4785

SHA256
442171e3d74316a262a431d1d174a3a16b46cf2dacfa4eb11b9aeb5dbb5b1131

SHA512
87eb6fbc1f28544f355c4820fbd30325821d69c18084de2c460c7b6eef34e637e49166674a460553227839b446e84d563f5b8becdac7e3df44330837b7535f80

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
2238195eab25764b61f2d26ef6a720af

SHA1
d366efd0cc079f0f87d23c630ec8d99f90541731

SHA256
599d63ed390f7e8e81d82b379c9a733ffbf454bfa5843bd0c909737c8d40dfef

SHA512
478111185428119bc92f0ffa3b6d88a7c644108c4b1d9b14a53bea1d74278bc78e67752e41d464dd81e3d600de8b7a723d0c7fa0ce920250ffd26977f9fa3470

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
21d07e058c2a497d9691e1968c14b01c

SHA1
e70fc8db219bea6c5dfbd8384ea98f05e4610d78

SHA256
74c96962805970d1006daf506e05d97ff243f0b7f22736d593532bfff44846a6

SHA512
439beffeabc956591ece64a558efbbe59f75dbebce9dca165f74e4ed2339fe32d691edb12394f6f72da6ea8cedf08ac7248fe146dfa0cbc00b7de6ed3c41d291

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
1fd167e32bd2eb24fab06a8eded057e7

SHA1
8054414a0ee846cb68346c870b7821eb6b0a7d94

SHA256
d6250f2d6398eb33ae1f971a916803fdcb86456af60cf6f6a478b6542c5b8e55

SHA512
c5241aecb13fa023878818a64709658fd7333a2d0ce7a3786f1303485293b434606ca2f03698500a1e7cfd0d89866330d4e50029109347967c3ded336bc096a6

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
95d74fc0040b2dce89424345c6349455

SHA1
1aacc7e6930261630f1f4f36553dfd0faf791c5a

SHA256
829a45c8a60b5183774b1558b7ec1f4d57a946b4c8d1d55aeb1854a4471ceb55

SHA512
1c3fc908fb9435eeb912e2d5b513b90fa28f4b239b6e3458e7ede0f6610f55c1ef280be6cab9720ab8a7bf9c3e08b9000d4d669822d45d02f2b10f48d93fd25e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
8b9ff4eef4f2794fee79d53df115e396

SHA1
1c3b994b3e7703aa87e866dbe6508b75b52f4ade

SHA256
2df5c768bf4f38cac844361e418b2462b92f7dc0a4421f7c33d8b2feb8308283

SHA512
d83046256eb4d2952e4d090ebaabb9f9e4a9b4f277f728e30be31df8ca278536e74a1b29448493abc199c213c18dba2ec4361f3d259fc86fc5e25ea14cbf1fed

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
6ede00111efb914c22a99e283efe25c7

SHA1
04938ac1b240edfb224ed5aeebb9119600ce5bff

SHA256
a98a3640bdbc891c4ba0aad664ca0ac7fb3d3a029406f44237370f35118eb41a

SHA512
94449a78dcc3aa88c5d7af6c41950a023e4707d67fb8595c4d3a2ff86652abb4063d250c88ba28871f1f143629b49758f3e020c07c7a6a3724f13407b43a9e8a

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
325a29c8457f1e420bca80dfe6664b2b

SHA1
973805563befe0313377ff38e1b073d13a99543e

SHA256
d108226736c56f700ba806292630e0d06e1d1450cefb9af8e60104b66f2f0099

SHA512
8bffb39533086bda1896a9e72f8bc7c22f743fc8d9f956a9531025f02e73aaae608a587cfb3759b9d758f34789f8f01ea35383eae450d7d5f5e36599928945ad

Download Submit
/data/data/com.systemservice/files/PersistedInstallation1211361913098917842tmp

Filesize
556B

MD5
96f14ae4517c6d66460655c88a184aea

SHA1
f871d9b31b302979540a35057b7e53fa613f323a

SHA256
b7c0f7b49104e23322608f69a028c1997906ad1c8385dd06febbf1f32a23db94

SHA512
681c405299082a3778b35e62618d8a592e36eaebe7ef7de025d9c7940ecd56f66acf10398259994090c9c91209745c4a254a6bd1f50ca9e8ce0ab5e75336e6ec

Download Submit
/data/data/com.systemservice/files/PersistedInstallation9175456849453440611tmp

Filesize
90B

MD5
7e5053350c2ceae829dfa28e2481a6f4

SHA1
1688ceeed32fbec6bd7d03c283ea7a74eb7c6dea

SHA256
76e402a39e587da9b2e4b882b92934e054439be57b44192e46a9b39db080efaa

SHA512
dba8814514bb4d6489405dcf8fdcdaf73f7637022e1001a3488c824f36af57178f6c831e72dd2021f4e951aee330730c4554b088b02a51f91918dfd027429aa3

Download Submit
/data/data/com.systemservice/log/log4j.txt

Filesize
6KB

MD5
715ac9b9f42d542af6d183d4dbc7bfc6

SHA1
0fb8b85bfda72643e49ea7b2923efd74f9c43748

SHA256
daeeaa4460be42d50f4d49c1c77b523e54906389624709c0c69bd0c8b2ed1275

SHA512
bc3a6b682fe7a274882330a1d1b1084dca4929bf670044582208dbe3b31df1c0b93df6b36befb3ccfb8e5df173f91009410e5fa8388d86583bb44ec48344ce12

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads