truthspy | 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c

Analysis

max time kernel
13s
max time network
151s
platform
android-9_x86
resource
android-x86-arm-20240910-en
resource tags

arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
submitted
12-02-2025 02:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c.apk
Size

3.6MB
MD5

0366ae0abf0ada8aed90322bfe07dfd5
SHA1

2f0779ce64f02944e87674745cb446c5bc620607
SHA256

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c
SHA512

52f50f2f847628b1fb498784660050a6f189d8c7cc520c0d3a06ca28cc35ee4961d0a3daca71a540e263ab930ab629b884c3ff187d4abcd8f58549fdf87f9677
SSDEEP

98304:mD/SWbGiowrvH6Odp/9hBbW+te6lXhAyHtu:mWWbGjuvl9jS+oSc

Score

10^/10

truthspy banker collection credential_access defense_evasion discovery impact infostealer persistence spyware trojan

Malware Config

Extracted

Family

truthspy

http://protocol-a100.phoneparental.com/protocols

Signatures

Truthspy
Truthspy is an Android stalkerware.
trojan infostealer spyware truthspy
Truthspy family
truthspy

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection defense_evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.systemservice

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.systemservice

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.systemservice

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.systemservice

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.systemservice

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.systemservice

com.systemservice
1⤵
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4218

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Clipboard Data

T1414

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.systemservice/databases/com.google.android.datatransport.events

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
0eb02c22ac96de0a80e556ca59d83d91

SHA1
d556359920e43282bda31ee91257119ff111b31b

SHA256
3dc89884e9e18e916902c3d7d7c296363518fbf20196f9216d78b1a5a124c685

SHA512
0d995e1364ff8a4fe08a9e0509a00bf4b342331c48203ea84d8a79426c777e37b074f1643f85ca5059992bfb07848264234295c703161ac66c77c5fbbe554ef9

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-wal

Filesize
68KB

MD5
e1cacb57683ca2077f27e7a68b89fa06

SHA1
c88cf920c6f561c30003d84a6168ab45b0b30149

SHA256
fb769eea6dd9f6e2413ed992fd5a27df027aaf7e67ec462794b9c6578f1b03ab

SHA512
dca645781e00314ac0fee3d603983b6972b1a7e2ac451caddaec631d466bf01b713e53cee17d48f2e3017cd50bf53ad9572290e2007b9abe2d8f22c1280d435b

Download Submit
/data/data/com.systemservice/databases/core.db

Filesize
36KB

MD5
045489a0639eee27bca52f48828cd93d

SHA1
436e7966e7c019273c44faa4d8c5709b816dfda3

SHA256
0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

SHA512
c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7237409e0640cfab7bdbd429bf821a3b

SHA1
4c3da934842f8d4835dfe2a9c275a300e5123309

SHA256
5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

SHA512
c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
1b396ff8df019a90e60836932d320f59

SHA1
6f4ffe479fc30fa5281c31a5c69b5eed46c64a2c

SHA256
f4a0ee1406533005c084441c1b9a2bc54ae219182923a56bdfc43164c329e1bf

SHA512
9ca4647bf5b9ce8ab699f44feeeab4ef05c1ab1f428fb6e898975a37cd146c36acc89e150d2eada475a2cd10c5561eab28de0c2d38d6428169592cbc9bfcdebf

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
9a09c89fb4b3fc80c0e54d50139ca17a

SHA1
a093304f6b7ab61620e2d5ace0536fda8927bd16

SHA256
24a5aa9337e4111765a56b6c3ec3581aaa99102f719c1880f8a2f2ba0908dc3b

SHA512
ea52b9e39f8733d92e3ff0dc0b97258020ce396473da3ecadcad930cf70dffd9d3701df004a4b4c898f1c095fa250b723fbe8e9c162c37700787d5459ceb35e4

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
f7e4a6d267d05699a178a78430d5e631

SHA1
12ca991f4c0450e272474bdfbeaed039786c8df9

SHA256
0aeeabb9095e49dbc242565a010f5c319488e26e744e87e75a2672584418d297

SHA512
74c103b37d6335cafa513a3d44ce0c5c17190c966b39d2d4e615ae2b4278f12f8782de2cc851f7c07634b0ac8a9e8a234810f6d7360cb7bbf41170ccb4685543

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
dddd695a27f9e0dd2241331b4f7e537f

SHA1
531ad313fbc666399e589839ca7ff2b5186d2bd3

SHA256
5fb06f7d039cab32913fd0f3ad355e854970752fd676f48e4ef51ae1a8a3b060

SHA512
bc9b3dc167bab6816e8f5100b0cc1ec706e61b6c85972cf06d354b98b2482cd6869d8c8dd785d67d4ade1be11ca3aa41728c647a2f37562fd77b7358e4562c97

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
c7916c37288f600778efce650e010d11

SHA1
45e00be4f103bff40421757e8fad8415fa8def4e

SHA256
4cde80733dc0091520d18d88ca796b5a0b212d7d2fb1d37473236a330c2e9f4a

SHA512
67be19e87929eed1dabc9f5e955dba734bc5919dab85de710fe90f3bc1a8d2419d996535ed08e4f9a54df13a9dc6438a475a3eec9a673985b317f47374228430

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
325045455dd6de4c54cfdb60bd8683b4

SHA1
b452472802679cfff33e87193498655c61a10d1f

SHA256
9a470cb3a8aec6515cce58f9013faee725405cd70a19f0e15a8fd3ae2064e82f

SHA512
073446c681eb9a783e46164bb29a701e170a1052e4bfeaa760f946b0f22740c3131ed814dadb9b1b57392ef4fb6f23d5b2f000181336c73081e28b19ad93f5c6

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
4cd7892394f582790296ac17a4542390

SHA1
a0d5938a376ddd48ed5534f997e881b4c53e13f6

SHA256
e99ce3f351108d29421e1d48e516066b9d3f57a35c7ade7efeab0349f648cec2

SHA512
73c1e78276e85938b66c4771bb510fdaf603fd7c35da914027601fd820e00744d3b659b39661df31ef075a88b147855c86499b6769ffffdc7a5fbf867821fdce

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
45cfd2e670806b33c75032dd4afa6374

SHA1
31a4d824d5de26643a06e93656c71f88e0079187

SHA256
622663b40e48873f9d4ef8d5771394619c9611418f53193b716b253c279e73d1

SHA512
7ef42b3a637573c36b9fd5b8178044fb6314e6fa99647f0f8c77b1124597882fe73b32e1883040c302fdd5a79bc7b32e092791df7fc758624b3d9950b20ae812

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
41cfb05902837f6d6925bf90d9b1a3d1

SHA1
e8b481a6655f7319e32d3e1d7b64e099a321ceda

SHA256
340300e8ab108b6e7a966bd8713d933c09db5b97bd5826720b311e17dd2cd275

SHA512
e2f45762d3ae0113ceaeb8f73d6e3927e93b8b1ccff69f4d3d6a13a60930edf6fa5d2849bd04b47437d766cebfa198eabe7dd4243a325a436c29e669471122e6

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
35b80911e9afc99225c8820deb77e14e

SHA1
f8f2b64532620271e431c3fc43f6b8bc94d73c87

SHA256
bd6adaed3a5913cf22a65bdcb78aecd95dcbcb1e9cabc94f86665135f1c4f143

SHA512
0180ad11fdd73af24097b54ab15df784a6349f9973fe0b24bd4e998b1e93ad020036bc8c6f2ef87273c04ff026c54b76806c6cc5316d5e25cb240f3cb0d13ad7

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
87beca07bfc34f07e34afc3405a31411

SHA1
fbce1b36d76c4921c44f9196d4ea1525a67a460f

SHA256
7e7d16a3811990d92743c17c6bffe9599172ac2cfba1f9c797125a38a6fd5259

SHA512
93e6be711e33642f792301f074d6a1c55af15d8716469a20610d8dcc742c0d177b0f33cdf2379977ee2eb9e38f0530b323bcafe7e6a2f667a0592bff1c9cbbf1

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
1fa77dd5bfa404e54b66a3975c79cc83

SHA1
aaf623146ad21f181e85f5f33164f555cf513925

SHA256
606de02d2723e40e43a4142ebd0c3028556047f8c1e4dab1a4e038b6e7fc2bed

SHA512
8bff7ffd0ff8a80840bbdc197149b03f970eff82abb8c3f977605b6e2b0df5ef69894d573441ce1e990012aabfe0cdc2a45360a955c28f4d3326106deb67d3f4

Download Submit
/data/data/com.systemservice/files/PersistedInstallation5699555427551634949tmp

Filesize
556B

MD5
2b685b5df1874383fdb6724304c70c7e

SHA1
09c291df81d4483e51b237db984a7f2ecef41a8f

SHA256
72dbebee1ee9f1367b4ae421ec06233680dbbda66f1d3f7b7c8165cfed64c455

SHA512
adf3c08e345379dcc58aa6399a7d23cd93f7e0560a46260219ed208bb44b766713208469440481d888d50ad0a621a2691ce37d641b784e2702f18e0c74064a65

Download Submit
/data/data/com.systemservice/files/PersistedInstallation8660640041565852680tmp

Filesize
90B

MD5
722352b460ead1fc0d55c10a7a76ffac

SHA1
c1659b483ea7f3ee5c5282f9281814568cfc7469

SHA256
f00e76dfb9130713fb0247c7dc62ea989caad1e6eff5c0d0898f0d4d23fee1e5

SHA512
11e18d5d2041e05e769b7e6507f7861e9c5e5714f6579022075b34dda79f41f95e8e7fbfe17b8be4fa646b7d36f99cb1ce95cc0388f3d0c82918f22e0c188f6d

Download Submit
/data/data/com.systemservice/log/log4j.txt

Filesize
6KB

MD5
e1b7d3f0873d33db5c72f4fb0cd01758

SHA1
1630b0d1781f1acefe13a91a23c73357bd1a92c1

SHA256
6ef4e6c547a69b1b25b8279f2f662235b554b8f81d14d04a0ca083d13b5b9cca

SHA512
e5cc353b76f7bcc0695a90c585bc4c7afade3d502f0bf2f985ca1d02c63fe20e30bfe1a514e941edbf46036990c905d10e8828e5a0e7b23c43d42e4a2594b869

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads