truthspy | 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c

Analysis

max time kernel
17s
max time network
128s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
26/02/2025, 02:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c.apk
Size

3.6MB
MD5

0366ae0abf0ada8aed90322bfe07dfd5
SHA1

2f0779ce64f02944e87674745cb446c5bc620607
SHA256

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c
SHA512

52f50f2f847628b1fb498784660050a6f189d8c7cc520c0d3a06ca28cc35ee4961d0a3daca71a540e263ab930ab629b884c3ff187d4abcd8f58549fdf87f9677
SSDEEP

98304:mD/SWbGiowrvH6Odp/9hBbW+te6lXhAyHtu:mWWbGjuvl9jS+oSc

Score

10^/10

truthspy banker collection credential_access defense_evasion discovery impact infostealer persistence spyware trojan

Malware Config

Extracted

Family

truthspy

http://protocol-a100.phoneparental.com/protocols

Signatures

Truthspy
Truthspy is an Android stalkerware.
trojan infostealer spyware truthspy
Truthspy family
truthspy

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection defense_evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.systemservice

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.systemservice

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.systemservice

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.systemservice

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.systemservice

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.systemservice

com.systemservice
1⤵
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4244

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Clipboard Data

T1414

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.systemservice/databases/com.google.android.datatransport.events

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
aba432ef886edcacd1378d3b92642e0c

SHA1
30ce6647733348c654fc3a006d6afd6a855900e0

SHA256
efd1d76f28118b0d006f4386fa2c0b7af139b5bfb2e4a6d84c3fd77fadf775d9

SHA512
cd02d7c2fa26d3774ddb920dfbb4be96a5b2fa536b442cabb34a3488ebc7c2da4724bc351bf8ccb8c6c84ff1a6c5adf491e1f69a9bc1d77309c532361b9ea3fd

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-wal

Filesize
68KB

MD5
68825d735757ec1c42a47dbefcbacd6f

SHA1
885e21c9db30c36b3b94b267c5559c285c1521e9

SHA256
1c10040b34b387f58fed3521e8f08ecb2e95cebb0cad755b90dc3a32ddc6c8ab

SHA512
46983b3d19fe3309ce71a5e1222497bc7b53530db5c334d2563426dded55016873b2f9f076b3c77bf6a6a357b87320292a19694f56e83fe045af0f044dc105a1

Download Submit
/data/data/com.systemservice/databases/core.db

Filesize
36KB

MD5
045489a0639eee27bca52f48828cd93d

SHA1
436e7966e7c019273c44faa4d8c5709b816dfda3

SHA256
0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

SHA512
c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7237409e0640cfab7bdbd429bf821a3b

SHA1
4c3da934842f8d4835dfe2a9c275a300e5123309

SHA256
5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

SHA512
c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
14240e3e92cca9b14268ea290c94ddce

SHA1
cfdb32409061089bc1d77af08dc6e9a33545fad5

SHA256
38605d0902a3468aa6b5605f74085e1c5553b57d455e0da9eaa590b025b01bbb

SHA512
bed58716339596b3009817c5463135f93cebf69d01d9ce65f1a8f9193782702db2a9a40e8702123084673f88d54fdc7a875919b7c812dc1082bec2b419d7a34a

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
0c96b1c0f506ef10032b2797d8a18477

SHA1
a43d1cc14a56b80df830976f36169aeef27dc8fa

SHA256
1e17be271fd5f62a9230e13739625abe09a6250ce37e2170650d113f895f772b

SHA512
e74f7996070cbab10111b2fa9e0e1a717cf331ed9d6bde865db51bde5e31b2d9fc1845e50e90ef9d019c37307172da79b30b9d36c5c12176fd60f78c3df3657f

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
c4f647223130a2662be3ea38d744b7e9

SHA1
33e5c040638f9e47c7352f58440e26361611343a

SHA256
076df51832403f7157131824a9db3a02d834abe8e2c649cc97bb8e54385b44d0

SHA512
c881f1e2cbfa4a75231fced039ea81a63dd6afd0e38a5c8fad16ee9511e79b6cc331f1b8c00a8e146acfe074188a8d41899d4d99a8c63019959bbd467faebdc5

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
867580f382256ded60b269fdac461f5f

SHA1
713180f33dbf45ee1230e0bfe17862d936af3f23

SHA256
8b588c69cef56954deb18ed66e65be06571400f6e9b6deab54903224e112d110

SHA512
4fae58fb08f0a50370d58cca7ce232633fc06b06945a1eea375f4035abd0ccf581657f91371644a14a15d120864e51946384c1a2ea9601fc34b4536333b0f778

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
835cfc7decf507cdc5e54f602e3f9699

SHA1
4a55d424cb32e766554672cb2d0b3804fc47552f

SHA256
29257dbf2b37d226ace65bd68d001398801235d93ed830a35435bd4bab4de852

SHA512
2ab470c2200d97b545693a4cdc661100e46b0299f3d3890773681bc5f22f29eeda6b6a83a5c627fa22119726f3ce78d40021362a3f018a4f3afb4a08476c253d

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
f594f0d613ec85c2808d856958a57750

SHA1
b22b7fe1b060ad2912043021ab0dfc8e519f2b57

SHA256
3e51c92ec8efbe0891133fb22eb79569ffbc30f3420348f667681c5a1a5d65ee

SHA512
65cf9052b847198174a037d7720eb3501c6819a60cb771b375bb8bfd43f7f603dbb8d7bc3fa6d0cb27ad1b7fa43e797562b64d83fe99e2f52528fb41df1a4460

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
161b8b4a1e4dc40d0434580ebb262311

SHA1
2cfd5e0ad1a0a01dbe3c0ba7e863e65278898d12

SHA256
c524c969ea2ae613f6bf019440e26c6e6d99ce3739eb527a367aa6d05d93bcb4

SHA512
b1d49feb1de722bf5c58a6b2eb684daa312bded9e294ad295b3d55e986a6d85639e0525c9c07169a6b802a59d7e82f2182083b44674dfb68fe8b527489cb9675

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
29b898ff5b87d9c129d36be3e167d553

SHA1
5a79f68ed865effe31122b5eb83b9b0b969b2150

SHA256
15c42e9a81a9737fca639cfda4ede7efb7884989cdf67f543b6e71a2127081c7

SHA512
feb82ee0dcb69dd146c9cb8a78b6e9bec37a8621ecd32b3a0b38a0919b1574c4be869de44c6095266479eef672708a19b7138d0c7b6c7d6e3a81bdc95614274b

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
c9a646b04c56f2f9d08a2de8cb5996e9

SHA1
210a505216999160daf378999cf394ce0044039c

SHA256
06d768ca5c895d71589aeb43d5df425957dc0e7d58156c53a69897d8895f2fe7

SHA512
6c083d4eaf9279b41e1806e71eb021b598b786ab73e8788aa441d642baddf82f6ea010376b8bbd93e62c041f0b59074929cdc93bd1cbddea3d7f529463d21cd9

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
4ab844c29b2ee3a56814a1ecdc5d12e5

SHA1
338b3f9fbaeb4dd545554e41c66ec55586022d78

SHA256
46bf338a564d931804d47bb1ee02d6ac39eb67d743772816664aae577784ba9a

SHA512
227e8aab2ef026c8d3a98fd461f7f923062c4eb6fc1b0ab67a6917935db24af31597e806cfd8d1db5407394bd32dac4a28e6a6828de4466507a5f773a937ede5

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
e40762fe5931c4093bc8ada2e96909d0

SHA1
2c20a8f3191fbef5d8b7652e7da843526a8f34b5

SHA256
9376d5eeed53c68673ae81ab631a9f0ba55e86eb3fd48c823b8dc4535ca4f55f

SHA512
96f35d9c2c09271be90a894bc9b3c63616727234e580815ea5ed9f4d264771607e0257b05d877b6563421fe803de3a0d952873ed6d9b4c722ec5f65bd75f22ad

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
5b734b924995ad571e7cf92d4caa696f

SHA1
39ddd70e5720511186b7e0f60a162b2c17ed6a12

SHA256
cb03ee0e33ac537fa925b4ddc9f5e0309e13c69899a64814c413b9ae3eb8c3a6

SHA512
e15ce3d9499064aa140fa1319aa5e6cdf077d669580cb3ba669dd8d85deb6166683b3b226f23d1f65fd488aba661734e1699b25436302f9b5dd9ea304781d272

Download Submit
/data/data/com.systemservice/files/PersistedInstallation5681552750906371526tmp

Filesize
90B

MD5
a11df6cb02606283f997b52603db9450

SHA1
440c23da69543da781e3621b1355717bf20209f8

SHA256
bc7834989265cc53970a6eda2caa597c0cc7d3c3725080d010038ad216744f76

SHA512
f53d247eac9571edc9e5613575d466bf5cf9bce9c8dedc45b623a0213105753487249d5fd3e69105621894d724e2cd90e20cd999d2d5da9c4dda209d5d82266b

Download Submit
/data/data/com.systemservice/files/PersistedInstallation8905855145889116163tmp

Filesize
556B

MD5
19bdcea214ff7266795f698a6196b8df

SHA1
50363367bcf5389e259bce3343a39254ad0e4341

SHA256
b32ce42d0ea59bece8600a38cd29e44df95361d019a85894740a7d8a293796f1

SHA512
f3b9719ceb7d277e8061a8dc02aa42792a795ee7c43ee7321acb2828e24e5da17f762cb08a686739ca13098aa67940e55e764437370852a64f9ae401f06b27d0

Download Submit
/data/data/com.systemservice/log/log4j.txt

Filesize
3KB

MD5
9911488950be7530235e1d19283c8345

SHA1
28e1622f0abd2b1c2a2823549d17535cc9f76564

SHA256
d4c67d52a35a6b0fa5013eff365bed7f434896675fb24dee7bb474417a84da55

SHA512
64cf8bcc9ce72fec34eba0995e011c88a6fb5fb27d4c6634afe7287dc408298343e75ca47c1608ea4b4dc94e247e98a45c97e0dc048493a31efb4eb6c8522365

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads