truthspy | 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c

Analysis

max time kernel
16s
max time network
132s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
23/02/2025, 02:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c.apk
Size

3.6MB
MD5

0366ae0abf0ada8aed90322bfe07dfd5
SHA1

2f0779ce64f02944e87674745cb446c5bc620607
SHA256

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c
SHA512

52f50f2f847628b1fb498784660050a6f189d8c7cc520c0d3a06ca28cc35ee4961d0a3daca71a540e263ab930ab629b884c3ff187d4abcd8f58549fdf87f9677
SSDEEP

98304:mD/SWbGiowrvH6Odp/9hBbW+te6lXhAyHtu:mWWbGjuvl9jS+oSc

Score

10^/10

truthspy banker collection credential_access defense_evasion discovery infostealer spyware trojan

Malware Config

Extracted

Family

truthspy

http://protocol-a100.phoneparental.com/protocols

Signatures

Truthspy
Truthspy is an Android stalkerware.
trojan infostealer spyware truthspy
Truthspy family
truthspy

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection defense_evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.systemservice

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.systemservice

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.systemservice

com.systemservice
1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Queries information about active data network
PID:4470

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Connections Discovery

T1421

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.systemservice/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
64ec8b72613a8c0739e92ee82e00c7da

SHA1
824d4b1dcdac7c1847d2f24377f736269d7c33ef

SHA256
38ba174a4dd31f36a4c740b9daaa999f2cf2f6d5acf303ff286b36e8ce7e14e0

SHA512
4265baba0e6105439025112844cfc5b3f10d77d08e78934d160bdcaa660b5cd6a8c75a28f08ff7614981a9a3c5ed9204cff00286b575b611a7c00bc1a49cacbc

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
acab92d9abd89e74ade1011a3dbcce62

SHA1
e34b58171fa91d2f38549f3366d3adbf4422dd10

SHA256
1cc2240b6f7f3ac8ddb16936d887999e45a1c75c37629fed07ae4f8c1ad577db

SHA512
25ee5262a71df4cf58621adfee39a65d6d1ee6ce56bdbcd76c6e91996491c34012e204b43a4c4da82ad1f0bf86a0e33f9cbe9a874027ea5ed3944abd081672d3

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
b3de80a28acdb017417d5f464adc36c5

SHA1
45215bd3c9e26859109ea9b77450b7d97b0485fb

SHA256
a8c769c1cb7755195032caa803c319c3414501b52fa105399fe267759bd90e4c

SHA512
be5d8f3ffab45d21dba8abbc490fd538147d7eebdfba4c87386924d323e3af6bbea108cd870e3a835dab48569a91b003c518e0600331638e6f0a74cab5d88d9c

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
c0b53df2af9067fbac3cf4bc389a2c6e

SHA1
5033e88199492de5a12862008fb203486bf6cd2e

SHA256
4c3078258560b4a15ca7fc6ebf669b7d40b20bc741d23a2edae8d0d212a5650a

SHA512
24d0f17bbb66b757db6ed6fc42c2ef16bfab509abe253670ecf7fb7ddd00110e74672547e90bb6b103a420941b4cadcd8d1d15c2a9a61c42e3566ef4d7a2b949

Download Submit
/data/data/com.systemservice/databases/core.db

Filesize
36KB

MD5
045489a0639eee27bca52f48828cd93d

SHA1
436e7966e7c019273c44faa4d8c5709b816dfda3

SHA256
0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

SHA512
c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d9cf75fdd1c2292d986f6c3d5d60f2c8

SHA1
07ecb1d3a26d952ae5fecf54f36699ab498510b1

SHA256
2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a

SHA512
442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
c49cd3245ad4987592a70d09021f1534

SHA1
293e105ffcb25bf9d59ccfd35a5dba3ee4d6a812

SHA256
a53f566ff808166b637db548ba450735d35cae3c26d562b761f5c6e8bae6061c

SHA512
3321581858f93deac4382e7b52e16ff8c259f5c056505e1cf781b94f6c1504136bc65f002bcf46e50bf1bf596625b220b33782a1e89af4151e2615a32fd4939f

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
1d42d3e4c421ba64ac2688c2ed5644f2

SHA1
13d28d1583f499ca7b2dce59d30ad094a24e9135

SHA256
45f948d744e731777b7e5543004c40da2e7c2a9e6b86a482622446660ccedac8

SHA512
8d71df8fec91475c737eb60bfaef4c27a1ff578b6ba511efc1b379ce52175725a1ef4deb81bcea6efd8a29caa8ee7796d18f4012634873f76e11972cf38a0c21

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
0a2fa2c15abe01802b4945e4124d9804

SHA1
b2104f823ca8b5e245bac79a69e73a24a1fdb622

SHA256
0c23eb3578de6e91e474b905735369364ce302f9907773c2a1ca325aa7cbf64c

SHA512
4a2a8383120627dda9de659a795846dc1a522f1e3e0fa4ecaf73c92106819ed95d80687c457ba117baaae076285ec4736cae13412d71d8fa5eed480ad1fbaeaf

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
cf3fb8f05697e4ad8fea0ad299ccf39d

SHA1
718f782abddf511461b5b013bc3b61fdca2e7779

SHA256
7149c22c299d8500d62e1095fb821b2cf82327e91188ead99a401c82e9f8310c

SHA512
0a5dd412d23769f6e6aec57afeb9190eaf0e57bba0f6984bda9b79d98595d99ba05281f99e24c5b7137cbb1374bbbb8e3b23756294c295c25d52464acc992a05

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
2238195eab25764b61f2d26ef6a720af

SHA1
d366efd0cc079f0f87d23c630ec8d99f90541731

SHA256
599d63ed390f7e8e81d82b379c9a733ffbf454bfa5843bd0c909737c8d40dfef

SHA512
478111185428119bc92f0ffa3b6d88a7c644108c4b1d9b14a53bea1d74278bc78e67752e41d464dd81e3d600de8b7a723d0c7fa0ce920250ffd26977f9fa3470

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
e254f5f9cbfd32e7930aca8e9a94ace3

SHA1
abdb2e88ffc893d20183516d0466f33feb37e03d

SHA256
57e24fcbbfb115b49b62a058e28802f059e113b7540f5881daf106813c3ace68

SHA512
488900cdd170457ab4d6d88f165ca17ae8ac1f2298b98e19a55005ce2772d013b1e5d10aedaafc3445d034c5f9e7a350670dfc4afcd48f5e47e3112ea5aff711

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
b22cc8a909edb99d8cc146d49e700faa

SHA1
be2ac9f1282a28111dc9d96edcb5220412dddbb2

SHA256
51c6370ede691829285f2bb84a2d5654f2c06abdac66c4e4c92b8e868605b553

SHA512
36d2e8d951b89584a360e142f502ea80e2379094ade9f6164366c7ab58a899cbb83f87f848a1bda8720adae0f9344d52e7cc95c08972fd8fca855c8eb5e82a15

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
5c6b07ad25fc14629cd95bd62ffdfec2

SHA1
5323ec0b434c416a0585502ea15cf9648e72fa66

SHA256
4a0ec9ded54b34f2125caf85301693b1cfe3249745acb719f969c2f6f10dc92c

SHA512
5303e36496447d070b0ac5a83859e74c04e76ad8f0967e53d60272cae984326975772da2e08d90289ba51f6b201ceda3093a5b6ba0c530bec193e23c6e91afea

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
f245f4675a7286a53eef0b5bae938090

SHA1
53db8b2bee10a1f724098c79423d166d54d8246d

SHA256
daa7cb8190ec329036ffb45f583f01f5ea24d16d0f4d237e2168ec64a9145b72

SHA512
4ff93350554085743b7bf5d47458519d36a1b54903e484e739f75654738af2cce1d3ddc6fc5393da7794d4e1ec92ec179d849421cd18e95b1796ab498669cd5a

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
5ae8157360379b9ad8cf96bc517c79bd

SHA1
be574ef959c2538ac0fb1e7ad0429279165706e2

SHA256
9c5b0df39221d1751a26c13a719e23d38667e9d52475066ddf040b72bf3369ce

SHA512
d8e687ab38e96d4d424156e3fae7b6162a33c8af423f778fc93931397bd057b49d9310097656cdce4d17d335d4fe74b5a4b08bafaf5c9c00c0dc75eb65d0164a

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
8c073565e096d27229a10051cfb9711c

SHA1
9444900b3f5a803400e281b76cc8e3390b5585ca

SHA256
f8535fe0abc23669c36bc87b36740ea46614fff4e1853de0211455db1dd26760

SHA512
e7c86b89c39068521eab067ea9c18d808a87725fca2c3647b635e133faae479af4487e2806a2c7a0707faed939cee27bac6c12c478e7ee45d10c2e9b5ce609b5

Download Submit
/data/data/com.systemservice/files/PersistedInstallation2940024391692815387tmp

Filesize
90B

MD5
198e4a2dec0bb8b9889ca3745aaf465c

SHA1
e985b8bbf7e8803d834cbad2f8523372448a3542

SHA256
6bdc9ee161b01b7e90fea9b907fe2246832d8031d9665f70a48eb7e734ce80e4

SHA512
5e42727c370096614da91582ec6b71bbf520678bf3028d2d8bc724edb47e71ad021022762d3299f90d5edca305a7bb0a901ee6f9b7e3c42e6c25c9afe751428d

Download Submit
/data/data/com.systemservice/files/PersistedInstallation7570513560309928059tmp

Filesize
557B

MD5
efff05dd54e46e97f9f9e3bd4fdca0ba

SHA1
cdafade0d0297bffcfc6b7aaf798506b979c72da

SHA256
2bcf00aa8b140fa8bc52945523a1ea7be788d9dea7f7e915836e8b3b24f6bfd2

SHA512
b7f66ffd68382dbfd9a125af03d2223b173584377d2bc95168c93db1684bb56706e85960c40ae6c105dcb8aabc47aebcd9ef76ca55d5f91a95f68e5b6eb2ca1f

Download Submit
/data/data/com.systemservice/log/log4j.txt

Filesize
3KB

MD5
862ec1e751a828ef2d01b10f263920b1

SHA1
704559785a05de38025bfc07260297dc8b315fd6

SHA256
ac5ed259202803f493ed93ae5e50b5b1afd7e3d20eb4dbbd378790ca692ce3ec

SHA512
1c1280139e1827bac223f8323a411ff2ea6087a2019cd4765a7bec39f8e6b0527cbe7e7180012d97e0cfd5b0c2f5b57666e223b0ffd003902dc0fad079b8d387

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads