truthspy | 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c

Analysis

max time kernel
18s
max time network
134s
platform
android_x64
resource
android-33-x64-arm64-20240624-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system
submitted
18-02-2025 02:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c.apk
Size

3.6MB
MD5

0366ae0abf0ada8aed90322bfe07dfd5
SHA1

2f0779ce64f02944e87674745cb446c5bc620607
SHA256

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c
SHA512

52f50f2f847628b1fb498784660050a6f189d8c7cc520c0d3a06ca28cc35ee4961d0a3daca71a540e263ab930ab629b884c3ff187d4abcd8f58549fdf87f9677
SSDEEP

98304:mD/SWbGiowrvH6Odp/9hBbW+te6lXhAyHtu:mWWbGjuvl9jS+oSc

Score

10^/10

truthspy banker collection credential_access defense_evasion discovery infostealer spyware trojan

Malware Config

Extracted

Family

truthspy

http://protocol-a100.phoneparental.com/protocols

Signatures

Truthspy
Truthspy is an Android stalkerware.
trojan infostealer spyware truthspy
Truthspy family
truthspy

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection defense_evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.systemservice

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.systemservice

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.systemservice

com.systemservice
1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Queries information about active data network
PID:4353

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Connections Discovery

T1421

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.systemservice/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
867926c2f100acee35d5180ab19dab45

SHA1
6dda561525d87b09846c08c7250e37087495a3a8

SHA256
fdfad599566fdf6a7fe8ce7421949b223951f48b230b522a6800f721f4616001

SHA512
ea82c5ae8c587d86130c60fd3e1ce90f6d95c2d5a7d0c2059edf31991a69faf336b3d4d91b551943ed19b5f28fa6377e050d16a6a9b4823b8101d685c33cd2a4

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
ade2b8afda0359c99079919a88d20491

SHA1
931640d7cde48fedf7bfc3cce4b4f8dfeff1f402

SHA256
62958309cba917583bbb81a11500b3cb70d09b00204036dc931bcb7c4ce8e6eb

SHA512
fe854507b68d387751dda611f5f8d335a547b54c21c5fa673e27d9899097ad427f1f9bbff163030cb6d794e71e1ce1f4b2243b7e245975a68ee33302276f32ad

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
0cd90bcaa454c5d19acccfab7bf18493

SHA1
ebc6c62407562fea2be4de2e5afd8d11d7ff51d3

SHA256
7c2e7165af192e26e9ce1dc44358582fb4c4127aecd28b7241669af6d3525d36

SHA512
f373cfc1a100e01d99584a7a8633a0f4c534536da3f754638b66e4293dc6a1bd293e446f66fb93b3b3950f42c27f59aeb1152c462f01421b0fa0d3ae4bf6fe0f

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
4efa4cf56b6781f7cd98da5c98f589d7

SHA1
11488afcf23be41a1dcc710de66406d0e9f8ae5d

SHA256
10062777597a81a0786ef56b6b6c9e15eac31408ad80707fe7885815b547e640

SHA512
6c075ebd260a6a830d704d9131ac531f1abf8906f3fbcf626ca6d12c1ff807a169a876b56be960b509d8454e08358796edd8b8097296cf0a2b047b10749f10ae

Download Submit
/data/data/com.systemservice/databases/core.db

Filesize
36KB

MD5
045489a0639eee27bca52f48828cd93d

SHA1
436e7966e7c019273c44faa4d8c5709b816dfda3

SHA256
0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

SHA512
c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
62ad4a05cbdca7f47b3206b7dbda487f

SHA1
4f4044cef7b7b1e5c6184ed9025267fc92bf0cd3

SHA256
18b909096c7c61d51ab076ae8e562effb0d4ada28e2a4ecd0e6b88ef58f6b2a6

SHA512
0936531ed1b2b356a247123200739a43cfc765469ab47a424dcd6e3d1176092a212b0a28591d07f8c2d0cc9d2e0eeddfcea8dde314c2f9343783c61075b071a6

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
825e14631c5d67d57de6ce27d84fea80

SHA1
286667412acfc20b81b9be3610275bc5f7415681

SHA256
1370820aedf7018472ae912fc615f15a9acfa0d4d0354d479a147e7087f58fc7

SHA512
9df8ff912750d5c96f49b70621c565f8c15d9732866b7efcfcdb68b55083e0fa0f32b7f55f52575d016759b98423c332dc5cd64ae0533d7da7e047bf7673be82

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
e0ffe07ed7c88fbd7a40dbf111240cb4

SHA1
11ae2825f8c96f2ee2d6a9421f531d6396247751

SHA256
7cde903aac450709aae7c43569c4e818746808f9249ad0f651a626eabdfb5905

SHA512
97f120e5ac93927450d6e9b878e9423685b9a1b27b356dd7b7cdc9fa684f37c7140d35d890f3b9e93273a66241e322955da2021b7baaa0b09802b0bc3ea2a0c8

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
5478743976739a136db23cec74655e03

SHA1
58e02a785b4283cb8d68e372abf60483453dd63c

SHA256
611d85555233716221bed76f40d3a6b0ab6fd71d47dc3d4f00791d495ca0dc7c

SHA512
e315e79b7ae7210ffc38472ec37dc95493bfb54bd8b7a0cfe1f62674fd47fb272bad41047bdd9e18c3c22bed465507af234e350ad66d28dabee57eea06dd80ef

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
1a15857e883c925bf6886e7ce284e673

SHA1
100618adbfbec9bf736ff6004ca9bb28e8c76587

SHA256
93d27cb3ff58e7a5b84f7becdef7c180b99e1dd3e4b8f9850aea5140d1b389a3

SHA512
611dfd3b3ceb95ca88b5f294148b8ca282328a7e561cef7367d78e880feaa5194d3ad5f3fe37fc7920f243d19841008d3df55914c20f4b5c5f59ea23115cebb6

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
e3f13c7d7678604e5b293f6672bc0ed1

SHA1
b16c998ac7ca1db79cd4983b207a292ac1d96e21

SHA256
486eb5bec4ec277ea7b334a0d0e431e5e62881d3462903e8294640edbe96b2e3

SHA512
b63bab85a373912587e78dfc9daf8b4168a223c7af08fb87de8140d66b9f35042052d2d25694e4ea7c9f2064107e5471318b6dcec39c4e3dc0aa352627fa09f4

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
7da912e5d4f84da94cea1b0e2e923b62

SHA1
c821911c9966f505df57a74f85ea23bd69ad0488

SHA256
7f3dcefe5086c0a8ba61876a4d7190af13b24898eae01ce6fc62740732c17926

SHA512
307ba97671cba3f8cc855a31e74f6b6b67f3a7f8cff858b4e084e9d0a2cd780e09e37d6b39c38c1906afcce35d727bb173bb57028ff06d691945cd9061d83dde

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
ea0e0f269adfe4c3fc439149934b484c

SHA1
fdad29d2389e7a2bc65eefbfeb52e4cce072f3fd

SHA256
4572b1fb1cb33c0ad1b40c069a811500f9c81dac6c5c807862287371a5f7abf7

SHA512
b4340f15153cbc444e7b0c192082d3b4e4f8eca53c325cbdfc0e4c254069ab7bfdbb1155fc0faf0bf2800372d40a1a2d1d5def471587de3d06c372f471444558

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
e1582df8d681a6ebe7f9de8091696833

SHA1
a9fe5df6c9456aaeecb01faa168d2fa0e24cca41

SHA256
d67b1133692b88f66072530dbd055194946d249fc920b8e40e8233fba9a115d6

SHA512
640c1d1e102d97f734e694686a99a3991d669d1fcca2f16686fa5f692c6a1f0ac31931ade9c91295c3cf213f9b2b9de28f5e3ea7afc6afafe50a18981d7b0dad

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
deced398a8c1dea51a0d0dceef18e581

SHA1
c4ddcac85bcde8c55152f9aeecab167e50189b14

SHA256
0fc4b5ffdbb603a697f57e152a103acc9d6143b86251ed4a63ded1530a2174e5

SHA512
c5ad43659e606767eb15acdb8626dec6589ec9ff11275ab1dea9e1046ed586cf2fd11fdcd55ce873543d64c1458712383a425d6bd162c227ba2db23d3281d68a

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
b183173c5aecf7228a22a8b32ad1dd71

SHA1
c7b357c03457ca530d14c7887719e90b3ad5b1f6

SHA256
1ff9407c71e05e4888b4b3c6137765b78d05d7301c27831459387ae244e7e0fa

SHA512
50e806d77d40bb9e38320e25414ffe7db6a21fa984d6634f78e875030022742126b4b04096b340213a43325694ac2d83bd15b5a9ed949c5af008aa449cade874

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
1283783babcc9ec29600755db757ba1c

SHA1
c4c1b390a7d916c3f730c4501c3c78a7f6c9868f

SHA256
4ab2392aec872d6aff3058daf8597fb98e395293538fe8fc7275ef6c562da8c9

SHA512
f430e8fc610e376a5d5dbd7c3354e4be71478114a20bfb5226e762517f0b9ee4e8922dc9344f570187ee535eb7a2d4a4362e01ced7dda664cc3219eec911facf

Download Submit
/data/data/com.systemservice/files/PersistedInstallation5971158111006707855tmp

Filesize
554B

MD5
b4498bb92e3ac3c9bcf402bc674befb8

SHA1
c5592adf314b09e34a41b25e7cc06b0477bc13c2

SHA256
3d914c4eda2ea15e635227fe50282ff687c61aae9ff74947741ae4ddf8333d7b

SHA512
93b1924612bc7739ba01b54488400cdd765b26a1316c65e79e076613f47186d7bed12799904ab87709fa49280efb1baf8db1ac6c225adf29172b85347df49ef0

Download Submit
/data/data/com.systemservice/files/PersistedInstallation6922132245541864828tmp

Filesize
90B

MD5
8c2e28a2e9f175c2b132c33984df48ce

SHA1
30af392332d32583d6e966c5e76d7e9557e5a6a9

SHA256
81ba59e0153801dc6b14b875c4f2b081916c603372152a39e19c8a19cf733330

SHA512
41cd19302d73f0f9d9ee2c149d68ae7d5617934a33a5f1adfe06792adf6a76ad8a93b80c2464c649f5c01f9db5c193fdc77d2302c83cf45fe8a9695416262ecb

Download Submit
/data/data/com.systemservice/log/log4j.txt

Filesize
3KB

MD5
77dfcfbb58220a36ed7cdc4af9dc0cd6

SHA1
2e8ed106204af81d1b1e4f989ba317f6d813e6c4

SHA256
40f0a6ec3efe67ce3a9fac8a3df25be6c9ea983e3af110358d6b0912914903c6

SHA512
96daff4633b6d2d88fa7d7f997cb2be3b4ef5353a922d528343531b4d0a5162ec20c80d8b58aac8589c668cb25f20534cd8a163caa8696e8de742032ad64ce56

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads