truthspy | 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c

Analysis

max time kernel
16s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
15/02/2025, 02:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c.apk
Size

3.6MB
MD5

0366ae0abf0ada8aed90322bfe07dfd5
SHA1

2f0779ce64f02944e87674745cb446c5bc620607
SHA256

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c
SHA512

52f50f2f847628b1fb498784660050a6f189d8c7cc520c0d3a06ca28cc35ee4961d0a3daca71a540e263ab930ab629b884c3ff187d4abcd8f58549fdf87f9677
SSDEEP

98304:mD/SWbGiowrvH6Odp/9hBbW+te6lXhAyHtu:mWWbGjuvl9jS+oSc

Score

10^/10

truthspy banker collection credential_access defense_evasion discovery impact infostealer persistence spyware trojan

Malware Config

Extracted

Family

truthspy

http://protocol-a100.phoneparental.com/protocols

Signatures

Truthspy
Truthspy is an Android stalkerware.
trojan infostealer spyware truthspy
Truthspy family
truthspy

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection defense_evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.systemservice

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.systemservice

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.systemservice

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.systemservice

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.systemservice

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.systemservice

com.systemservice
1⤵
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4255

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Clipboard Data

T1414

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.systemservice/databases/com.google.android.datatransport.events

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
95450c08f1350d38a85d774ef111983d

SHA1
b1dc9a2b274aec3ff5f00a127f779e1b4df47659

SHA256
e616355802558caef3e8190bfe0912dc8fc5b8730cdf4ea69b7030c8bb92c1b3

SHA512
927267edfa4d4965b61fcb4d1ce2a99f5b9943f0709a528604bdb06c0c4ef54c5581baf4a0c785bfcaff87dd7eabb882c55077f2aeeefa5ac4332be5fa0a5808

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-wal

Filesize
68KB

MD5
d5bd5f26b5678302b75060c6211d5fa8

SHA1
0bd7cd30b275f2f50da909731bac0a9f0e926ae8

SHA256
df3876089d1e671f738c32dda0abfcb7b1b05531c5af34e618b6993c41b799cc

SHA512
62eabaa952fe5151bc990bef0abb7c12fbafbb0dde3c825cfcc4091848bf5a4db1f6c67f258c0e4029098441e8afd64b1a465eefad74016f130430e7461bf356

Download Submit
/data/data/com.systemservice/databases/core.db

Filesize
36KB

MD5
045489a0639eee27bca52f48828cd93d

SHA1
436e7966e7c019273c44faa4d8c5709b816dfda3

SHA256
0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

SHA512
c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7237409e0640cfab7bdbd429bf821a3b

SHA1
4c3da934842f8d4835dfe2a9c275a300e5123309

SHA256
5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

SHA512
c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
86a2bb1bc0ec396820bb90562b7132ab

SHA1
a53f926f23d55d4241ab280585f1d0e363b804c0

SHA256
0bcfa4da9023da025879c00774fb8b21aff53be2d837f1c3e89bfb5fa159a79e

SHA512
d4ca8ad818b3ff5eff1f9b1a5c925cdb6f6497bc38bdf49fa7b168fde8aea3ead6f272f6486b6375a1e4b49b96a2d71c555b4e379044df079dfd6c7315a0fcb8

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
379dfae96ae26f28e3a728ee6f3603d4

SHA1
31f1b2c724ffc52ead67c46e4d3635193d8a8c2d

SHA256
198a220cefb3c7e2fe2ae6170e62e29ffb920663d767af560a046a825b75e134

SHA512
39df524e4bb89a5ca670e4b453cc4c387310d8861edb6d2fe37b7cc7bfad88121227cf261ca7a3d8b82f5c89a248a9e1ab6a6656fc47f74b662ec1ede9d88412

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
82207c1cf5b9cfef8a10e6e60713a476

SHA1
5dbf604c87c5a5a36e2de9df30b51b97788986b4

SHA256
2fb41bf2d310170f423d38f366bca52e03ada75837ac7f101724520f2df3e55b

SHA512
032bb22fb9c72ef7b80dde61244f6b8b1ddb8f801cb507e94d7ff9d4bba21d20042f61f30bf198c55f23b3fc746036d69c17a36a07096e9f611dad0c9940c8b6

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
20adc6225957a6803c02f90e21eaac88

SHA1
f7de4a389057f3052f2c5f2496024382f99c023b

SHA256
7daa7af20c4fe9695cfdf8b3916e20338946074cb86af84e35b7bbbb0237ea02

SHA512
3f172e5bd90038a384e73b86a3e577e71688f2e3ac2b090d9dbacb21316942d99ad518b88adbe8f53a95d75c5a47429cfe8847047743353518378252b0a9b5ab

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
835cfc7decf507cdc5e54f602e3f9699

SHA1
4a55d424cb32e766554672cb2d0b3804fc47552f

SHA256
29257dbf2b37d226ace65bd68d001398801235d93ed830a35435bd4bab4de852

SHA512
2ab470c2200d97b545693a4cdc661100e46b0299f3d3890773681bc5f22f29eeda6b6a83a5c627fa22119726f3ce78d40021362a3f018a4f3afb4a08476c253d

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
1105f7d0aa15f0925066142cf0e4e918

SHA1
57aefac558c9c415c61776b31779b2eb83266437

SHA256
8cca7225040ca47fc0082eafcfc52d24f5bb65e4d852ecc0123865db312f1107

SHA512
fdb6e973ce9c230399ac484e88313ea0dfd8a53adfb4343b19fd2709305aa05ba798bd09adc2ff132bbd23b700eebd36c811a134932018a3593df864e9e07e23

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
394f114cb0fdef601c87b78afeaaf0e7

SHA1
cd00950620129d822b7460ce19585193f22a8b2f

SHA256
1d4eacdf2c852b4c3cd057e19a758cff6b6254ff197c4c89c58b2b3b57e83b7d

SHA512
59e84321898d19c5041020ced379e0472820d0537518d0063a16fce621edccd101f81feb787e111177e345d745e2a909a3971f63c937958a1f133539b38f4b40

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
e9d10361c823433c95fad4657f173b1e

SHA1
d452f8a48414a5c3844c3d51748f3033e2da31a6

SHA256
5113fba7ee3657f66b6adfe8a196b9c0259ec6b9cd8e88dc2e617d04403c880b

SHA512
9bfd5fbcd458aa27a0fdea6de9c99ef738159d5aff1f2caeb61add3108bf129dde27aac0d28b782bbfc566a802a0264462be096b63cfc98234a47fcd28aa10f1

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
d9a8d99cf923a9da02a7adbe1969309d

SHA1
a44b4cbe87f486ef59a6195a2cd0249f76958938

SHA256
78060bd9a6ba5b4638b891a9e49a57f5f456620c750f15885123fc8d0ed51055

SHA512
070aba7341bbbea8f81712f05a29daae32ef57290e6ebb3448bc10ce39700ed05898c38b4d297b0bcca1d903cf046547d4aa1766218f891431fa6794c5fed76b

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
fee0bcb6b3c928542c915b9816fe97bb

SHA1
53a70d384b176488480a6d77b6176fc0552c50e2

SHA256
28ca759fe6114432c76b7f61f46687c2c429dd5efea454b3608ae1575bcee427

SHA512
a94f8b3b76318b91ef1f2bfbc47047668fb02127fbe177fc04a58640f93f3e2fc6a611c385b0e9f26fb486b6188d1e5fa6f36c4c44451a4da0f255a0150d0f7d

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
5f8a9f77543d279a08121468e44cc556

SHA1
d41f307c62edc90d2d48ab3f20adedba02761e97

SHA256
cf1b55e73c1392ff58a9a6d9a2353ab609cc581d07cadc6ed17bcc0be74370b0

SHA512
94f1f4df5c127bbca7e2f5acf4bd3f9d6b4d5fec55ac0c63b8eb2350fe954efdb9fbc60efe4819158f0becb9c3d6af5f5288ccdd46033544f4a94651dcffc56f

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
73a0670bfff2f217e0430c35b2de232c

SHA1
2a8690b1c51519219b83ebdc0e42cfdf50eb6b58

SHA256
ff23adcfedf96259c02eff50292f2e5caec6453e5e36ef1a24cd22a6cc83767e

SHA512
b62d442b97b44cb0f619dba55cced087215c770b0372139d91c6fd55bda2661b95b1d2cb963bc52da238429469b27f365175b3972746b6d3f2b56934162a8c74

Download Submit
/data/data/com.systemservice/files/PersistedInstallation3388981941937079639tmp

Filesize
556B

MD5
872be30a7113de99e06fe2da7b43db10

SHA1
13812702b8a843edc1c3949fc626ced6b8027ad0

SHA256
caeaf536db679757fc5763d31eef3fabca5b594d19724295d2b54bd99b54d708

SHA512
7b4232641d0b7a959f6dda644bccced8d0db2a3914cb8f50db25f0234673acf9e73b3aec3b79a825bd276023eee7295fb29e3ef22947a43be50877e5a5279656

Download Submit
/data/data/com.systemservice/files/PersistedInstallation9088857425643927463tmp

Filesize
90B

MD5
6b33cb6075bb3e8d38342934c739bfd6

SHA1
8d337ebb3ad1904c028b1247234f84778a88959e

SHA256
7ac884b87f12de19c2f2baf4abfafb5791834ad0ffade1bab38d3a866e31681e

SHA512
87a4e7f41ce27bb26121cc5468fb28925bd2c5383c1e52d455d9c479736a3695035809cc1ca23442b6ef13d83cfbd9e70d9234c2f1fee0a959c22b44969326fe

Download Submit
/data/data/com.systemservice/log/log4j.txt

Filesize
3KB

MD5
7db2aa6f0bcd5d3b4074af58b10de13b

SHA1
c93cb773788c8834e37d31979782779301589bb9

SHA256
9e7d9aa0aec98dd5246587af1d3828d95775f6fd64ffd0691bac58268ce0ffa1

SHA512
64432940e1430ebc32feac5031a34c41975aedb0a03e25e55fa7ec9b3eea6f5fcd0b1df0735625f19833f518ddee67be48b73e85600b775688b0f703fb34d0d4

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads