truthspy | 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c

Analysis

max time kernel
82s
max time network
132s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
14/02/2025, 02:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c.apk
Size

3.6MB
MD5

0366ae0abf0ada8aed90322bfe07dfd5
SHA1

2f0779ce64f02944e87674745cb446c5bc620607
SHA256

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c
SHA512

52f50f2f847628b1fb498784660050a6f189d8c7cc520c0d3a06ca28cc35ee4961d0a3daca71a540e263ab930ab629b884c3ff187d4abcd8f58549fdf87f9677
SSDEEP

98304:mD/SWbGiowrvH6Odp/9hBbW+te6lXhAyHtu:mWWbGjuvl9jS+oSc

Score

10^/10

truthspy banker collection credential_access defense_evasion discovery impact infostealer persistence spyware trojan

Malware Config

Extracted

Family

truthspy

http://protocol-a100.phoneparental.com/protocols

Signatures

Truthspy
Truthspy is an Android stalkerware.
trojan infostealer spyware truthspy
Truthspy family
truthspy

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection defense_evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.systemservice

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.systemservice

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.systemservice

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.systemservice

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.systemservice

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.systemservice

com.systemservice
1⤵
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4332

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Clipboard Data

T1414

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.systemservice/databases/com.google.android.datatransport.events

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
ffdecbaed7488bf7d07a9e55149a2c4d

SHA1
27c0ce4b33e6c9636ff67bc6919aba4102e0396d

SHA256
7bef543e161df5b0a75b815181205ef06e3b892d9021d8bff2f7ce2db2035e6e

SHA512
b711b25c3534f771b29e912243589c1196f7ca7034b51880749fce59f53ff0392ac27f3d21cd024d656756d1df6ed99eb1d3d099befa6bfffe11f86c216ccd24

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-wal

Filesize
68KB

MD5
8dc8f5c1c3a74098563e87e2d7621eec

SHA1
951ee2569e371dcc9df1e59f8da3f355514371b8

SHA256
59513aa34696188cc5c291c92a400bc64c8d864e05b166bfd9d326791f8e084f

SHA512
9d42fba091d47510de7633425fec9797b81687a3cd02dc55ce23705fc6e32492574d13d60f7d25693e03728ca7f2fb7582a9b277478e96a695dadc2aa37a1a2a

Download Submit
/data/data/com.systemservice/databases/core.db

Filesize
36KB

MD5
045489a0639eee27bca52f48828cd93d

SHA1
436e7966e7c019273c44faa4d8c5709b816dfda3

SHA256
0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

SHA512
c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7237409e0640cfab7bdbd429bf821a3b

SHA1
4c3da934842f8d4835dfe2a9c275a300e5123309

SHA256
5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

SHA512
c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
f957d9d3fc36cf0d5c9c870fdba84c05

SHA1
def48b9a3f1609a61b4727338bac3f1e6926f16e

SHA256
380694958a4bc29f39e452cb6c1a83acd0c5edc2517bec674c25d311ebd64060

SHA512
27c52ce2e85b603f929f6727963364721aec509170cef832e456267f5e62233b3066decd7f87a2308db275a743a9268083f716c1c2f89f12c575bc455af8b4d7

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
40b733f7735f1528b90aad75bc5bb85f

SHA1
4e5dfa3cb1d37a714eeac7f0a9b92f542a54cd98

SHA256
3153a94458288ad2055f7d802924cd97911f094a619bcddf989eccab5f818eda

SHA512
9471ea6bb979c3e87845fc6efd0169340f0386a270e669c0d3be895222df1668f26b15f699ea8646493ec52ce3a996b690e43df5a6a78428ab67ba92103afe60

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
8ff6db9505bbf256331da75615e13c83

SHA1
e69bc36e3ba4de37f9e1a9b9427e883cedc7b505

SHA256
6f0710ef5ee643714de6a08279711b1fd3a41bcb555b7f8021e2f945287633f6

SHA512
8c1e0041e4e17a560997cecf2841b5604235696316de22c8b71f2265c4420138701e2e837863a65e0aea1cb4089c90897b184b255a7e94d682ba2e12a68b9364

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
dcba1749d828af297d792e7e7e917f3b

SHA1
4405d983f5887610337386c7e7af1063d68701f6

SHA256
c949f6fb5392315bcefc3888464d81aed96302f99bf5fac55f8343925d78777f

SHA512
e951727255e2c4544eac12e7ef5d0431385cda14f7c567f14f05c62d79b6c5ca252efc943891b0443d1af10ce7dd0739004def197c5e2aaf1de7754b24ed7020

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
835cfc7decf507cdc5e54f602e3f9699

SHA1
4a55d424cb32e766554672cb2d0b3804fc47552f

SHA256
29257dbf2b37d226ace65bd68d001398801235d93ed830a35435bd4bab4de852

SHA512
2ab470c2200d97b545693a4cdc661100e46b0299f3d3890773681bc5f22f29eeda6b6a83a5c627fa22119726f3ce78d40021362a3f018a4f3afb4a08476c253d

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
91ea72b8fcaf6758399ffd6e764c859c

SHA1
1c1069fe1fb47a91f6e5bb74f1165e0de50ad4f2

SHA256
64d11c146e9f0590c99c0b051a424b3b9762665f8ff7509bd14dfc1f1fe92e2a

SHA512
79e20f33292cbf4f4f4794d73c47a39306121525d998e2c0e80bc9c814fd64057313c71e8869edc543bd7553150c9488176343b7c331875dd2b19060100ab30e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
202d242efe79a7754c32bd885946e54a

SHA1
e096344c5540e633c8192ac97ba5bfe94061fe11

SHA256
9760e626dd69fcf90498651c962aa7ca978c9bc43cbd771bdfd86005f3fba1db

SHA512
5638a633aa0511c49714ddc08de5603fd2b899e3b676dadffca0a473e669df7cbba38df9ef3c384aef3d7e54d0f777733a21c955568a809fe0aad302df930bb5

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
3452b81d6a6e604cdbf59653279246bc

SHA1
f8cfaacf2532b11d4a702bc36b10b0fea695678a

SHA256
cc6485c375a82f295f62bdc985ef9ae1e27cdff0e62d059cafd0abfe30888c9b

SHA512
a839df08c3c3647ca779fffc478350c24e049bca58485f685561d988ba13153da3b4c5a5a5657711c34efc55ed95a882e81ece58a6420081d9f82ba64f0ff72d

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
d91c0f868cc00f3dda5ee7dfa251c30a

SHA1
15fb0d67ee54d957183e37dece80df91d2b5cd88

SHA256
344a273d68fb9f2b247ab490c9d2ea070ca4e31e2ec1b32b2217dd22790f3e65

SHA512
71265eb73eeaaf628716fb85895f0611d04f26aa95d660503d8c16d3aa32cb3ec3da9b71cdd8b2bc0f3a2f0f8b5b384c7034fa1b18e8675857f9cbdede58ab2d

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
62b39807c453f264b3bd2fb3129afbab

SHA1
e0a809ccbd413ac244a14e8cafc9970b3e39977c

SHA256
665f549b2e3f67a5c3a2904d5137023767b6ce2854e8f74d06c7a8b9b447049b

SHA512
873d6cfd1b2fe4ff4b9f51930886be17585b8cd48f96d3e6b10fa1a681cda40b8ebf151393f42d086a3f9721a0293a1dade7360cb9668388523f0c7abdca9dcf

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
be18cff140dd0c4145957db916b0df8e

SHA1
8ea0643979d0a248800586b3608e1e64f16fb8cb

SHA256
2b7e8160d7868570d58f808c150ece2464a43b02fd406e5d21b5c942d568a242

SHA512
d7ef075f15664df8f511efc3a4bf2b4ceb16126f33983e91fd6fd9858cd9a6b35a202bbe200b684f86fb593b0190b9d097e08a1610a104e56dcbad524dfc8437

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
0aedbe208b0a96385e37a71a5d5495e6

SHA1
a66c10f033e78cf930f25f1403c52286ad8aa309

SHA256
be128059d856efb18f8b40a2db82c0192298ced1b84b60db0b44e359fd551ec4

SHA512
6431ebd774018f9678c3a5d4b9742a5234aa35426f43ffb7d5838d2ae73ab341cd4dbc8f91f44b64e1813de7e76d4c9c5810c7565bf23f1360a3b82863c8624f

Download Submit
/data/data/com.systemservice/files/PersistedInstallation3824140727686432227tmp

Filesize
90B

MD5
e143231d960302731ee7f873c5be8db9

SHA1
3a37cbd1182e4b7da8f4abf959e527a6e87bf440

SHA256
cfc819df373405ed3b399c69222e121132317df165f48ab2f6be36a8f5572c5b

SHA512
14dba76f97c18f85408a9bce53663483f323325743b1be72f87a2af6f7048163d957062721f0d608582e38bb224f46d7c913a772ab15a9a8145c285b2fab0466

Download Submit
/data/data/com.systemservice/files/PersistedInstallation3931117540221510993tmp

Filesize
555B

MD5
3de28c0e0e14903ea222549ba1cc58ea

SHA1
b51887dc78d3cdb72aff1540ab49e5459bdd70cd

SHA256
a47655d252f993fae95e4088b6117b741cce1b9eee92a78961292894d4474091

SHA512
78ecc7e49b52ef7de924c10ef79f6019dccb9894b9651b790327a7cac0ff759b778cf31d148ba331ee612afbda2afb4fa02c6d032a624987bb2df5ff99d484b8

Download Submit
/data/data/com.systemservice/log/log4j.txt

Filesize
1KB

MD5
2362cdc5965c116dfea40c2d185c11ae

SHA1
70a2775e88bf9756069a7b76ac5764a9b0d00c02

SHA256
07fff0210f7256fccb893ae66c98ab4624b59ecee7f2d7a5d045295f9c316ed7

SHA512
7dc43557eb958e6e76871203bc356078fb3fc24165a3111b36ec20960b134f2aecd84b569882a28f213af255cd6b6cadf531425ddc6dd068c67fda2a819259df

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads