truthspy | 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c

Analysis

max time kernel
16s
max time network
132s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
26/02/2025, 02:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c.apk
Size

3.6MB
MD5

0366ae0abf0ada8aed90322bfe07dfd5
SHA1

2f0779ce64f02944e87674745cb446c5bc620607
SHA256

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c
SHA512

52f50f2f847628b1fb498784660050a6f189d8c7cc520c0d3a06ca28cc35ee4961d0a3daca71a540e263ab930ab629b884c3ff187d4abcd8f58549fdf87f9677
SSDEEP

98304:mD/SWbGiowrvH6Odp/9hBbW+te6lXhAyHtu:mWWbGjuvl9jS+oSc

Score

10^/10

truthspy banker collection credential_access defense_evasion discovery infostealer spyware trojan

Malware Config

Extracted

Family

truthspy

http://protocol-a100.phoneparental.com/protocols

Signatures

Truthspy
Truthspy is an Android stalkerware.
trojan infostealer spyware truthspy
Truthspy family
truthspy

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection defense_evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.systemservice

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.systemservice

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.systemservice

com.systemservice
1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Queries information about active data network
PID:4452

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Connections Discovery

T1421

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.systemservice/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
4f827d5707ae262645ba7dce672594c6

SHA1
7408fbd4a7ea5cb91c3bfc7a42e6007bceeef46f

SHA256
2e0064136c9dcc1d28744876222f627654e6b1b772fd2d0203449cceb1186822

SHA512
1c2f60c9304ed5ba508a599b0c6332c74989c5c750599722ca3d88b45053bee8fb535641d5ad55a39a7dc141b147e16037e38b4a3826681b963638646fcff9e1

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
d5b192289177812a7a16871e8b9d47e7

SHA1
623f46198d2c041ce49cb5ac90192ec91490a862

SHA256
5c944c109548e0702296b4edd18782cb8871dbecd6a91bdda713b3b3ec3314a9

SHA512
5bcb6c170c48500d23c973620d64f41d9d341bf24fd1cb1fbaa488aad301df814616a1c5070dead1de087c983db5f77d8a88e46169bbb56a3d5c0adf2372e5d6

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
b9455353d4ac5e7154bf56fd3a182204

SHA1
2a8d25da34265a5a74a4d292b1010b4db43900f3

SHA256
b4be8f3a02a4089b9a08024b24330608f45d7fec04d9d0f5b8ddc94c317ccf0b

SHA512
498544671d146a100ae4b16022b924ffcc99ba68860455b8228f5f8337176e39c23e8498efba0694a90d6c36d4a159210ea541eb08ac1ff75b7a7a022776de15

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
07000d8c6a6d471a5958921d664a99d1

SHA1
46c6fcda77e50064ce03c8265dae4584737264b6

SHA256
712e05f20a17e46bd5aaea2ff112519f181f39b10e405bab2daa5a8ab084d9d4

SHA512
ecf641b4a860ce188c2751021a3745eae65e04f6ab40167db790a71b3b7499ca92c20f0ec077f88ba8082fe13f2895fce43065c325b76ab29d1fad3a5f367e60

Download Submit
/data/data/com.systemservice/databases/core.db

Filesize
36KB

MD5
045489a0639eee27bca52f48828cd93d

SHA1
436e7966e7c019273c44faa4d8c5709b816dfda3

SHA256
0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

SHA512
c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d9cf75fdd1c2292d986f6c3d5d60f2c8

SHA1
07ecb1d3a26d952ae5fecf54f36699ab498510b1

SHA256
2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a

SHA512
442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
ab340417afab25a1640c15bcdcd6b323

SHA1
7a63f404296be2bf1bd034d72e2e4f089d34fe31

SHA256
06cdabdfb7589efefcdd6fb8aae41d07123f6af4da747fd58a5e265a8b126149

SHA512
4c2a664500890f7ac55a66e54d71c089ab93207c4d7654b586d695bee1b3c90c426ac35c9cbfbaf5391ec204bbb2aec97017b14e85f59905765aa008b334bcd2

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d94b62da7e0df191bb226f81a30cd4ad

SHA1
cf508e2cea63e866cfc0723706262e086e0e90ac

SHA256
5195ff53cc3ff270204dda3b526aaff96078e1b2d321303b526d9b62b7b13910

SHA512
a6e61d82ab0df72fc7308bd5f3562c425889c329405d6c6c1560201a8c230aeda77c19ed06b65ad9eab8c98fe964f555fedd6eb4fbef5dbbacc87f0bf4791ac5

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
772e1f75784ff006666bd9564251f224

SHA1
7b5949533fb1328b7beb3ae095b3b2438e3a273e

SHA256
6f176a38e1c675eb4319662b2d3a982df8a05b005ddb2fe81c1df3a6ecf68d79

SHA512
6766d692e08e3155153b5faba607c99990345239f07b0be004ec73d061ae0e8da3e00e835d7d797450cc516f05b00a8d1da70dc90d0c00cf198113a9388ec9ff

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
290b715e4476eae1ac5f868a4ad59b36

SHA1
b592fc3bdecaa461ffdd8f484e4b4ddbcd90f0b9

SHA256
bdc969072e762e0938222710f2a2ef003954bb60836b79b964527e643796b8c3

SHA512
bbc6089555c6b613b95b902c2b1818cba9eac98fb7e0c9a3aa4a5dde426600a6a32aee88888548a017be37202399db45e35a69a6ccd39b657ab94fb2843a814a

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
2238195eab25764b61f2d26ef6a720af

SHA1
d366efd0cc079f0f87d23c630ec8d99f90541731

SHA256
599d63ed390f7e8e81d82b379c9a733ffbf454bfa5843bd0c909737c8d40dfef

SHA512
478111185428119bc92f0ffa3b6d88a7c644108c4b1d9b14a53bea1d74278bc78e67752e41d464dd81e3d600de8b7a723d0c7fa0ce920250ffd26977f9fa3470

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
3771e4e56b067debc72b57641e6a956b

SHA1
3f3cea36d81c0299e6e73cae2161e82f670b4bae

SHA256
5a6c3f83949f04c262197a4e5424a2c9c63c06a119828fe0d1c807d9a3fcd20c

SHA512
9f1095db984f563c9c7717e11959a032b68af5f501442c79318fd34efee55e3c728e2a82941bb96bd69ea74d30986c7c2b992ea7d23dec059f2357db41a6e7f4

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
bb876fc78b7f9b906cb77697d76a3cb8

SHA1
f4940b7a95c0d0079e41a9d087ecfe6b10afaf69

SHA256
0ff0365553c49758e964aa66130743f045c408aec142fd3a4a4c5ed2e5f58ad8

SHA512
4a4572c63cd37e36ff419c7305747dd8c91c21ec6cd163951c23d0815b0fb2d44bacd9be755ac84e454ecac24c0da6c4ce5e50a3b749b7b417de1ca7c5699c6a

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
5308459adb9de5c5e07745037a59a1f0

SHA1
b7eb399b96a4f593fab6f5b0b5ceb7e975af0472

SHA256
baf2f3c86258ec008bad94a834188038ed90e8ba3d0ae7f129edf684d29ec534

SHA512
b27c7203f31f74e310ed43ee15e5b5b2417a1c057464dbb5f8d90bbc845bbf95d4acd817338fd581b96293a0e68e91362b26824460c7d46306710ce5e4f6622e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
24e691592908a132f79d0dffd10c260a

SHA1
5b29b9f86e7dc71f4390c68f13c3a4103182a5d3

SHA256
81a641ffbbfd7ee283eb2d02eba4d75307a1731ce4b23db4e27bd5b6b8244ded

SHA512
1eefd976031a2948202fc1fc9e428f0d49621932956cf88cc65e3487ac4738fb9de08ec0c3683cfae42442477ca31d7a08b69e4a63697448d9f3ec451911ff9b

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
606b0a7f4f21a3fdb3c57e5a1aec744b

SHA1
dc604be467141bd535f709d07ff65638bdc64f46

SHA256
b6cb838d8cce6ecfab539db61223cee31ca4e380357e6d70246b3067e0c0f34f

SHA512
35ff595469179b77226332ba4ba2b69a18fe83e07c036520cc861bc53bb949223a7b6ae890f06cb30eac2efbd8e7f121db9d483171dab387123e76401f6a4ae0

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
a450b74e91904f2bc32b0fc756ccbc7f

SHA1
5379a9adcc3f6c3640f113b5a8501049c64aede3

SHA256
ea6aa632ee92ba609a840e4cb6074cb3e08be49b890397546c7e5eefcba30fb4

SHA512
b2bf24efc471075ec50c8bd050327ce81c7763ff539f168e4262b9e9ace25550bdcaaa01c346497a1aedf122136735e3d4dca1ca72e9274417259177654905e6

Download Submit
/data/data/com.systemservice/files/PersistedInstallation5527891536672838925tmp

Filesize
557B

MD5
85ae9e09925720741d796078ce2c213e

SHA1
4671941fc506ff4405bb085e38e4343d602e3534

SHA256
28e968a302db06fae0227815d49cbea341a848087df60cec114eeda0362fab12

SHA512
d95df53fca790a891a741ae2140a3cfea06af605d5fec3fc3d44f7b2febd25a96356de21d4713f75c5ffbc099f5277b5aea0f2215526f521134e07878f505ca7

Download Submit
/data/data/com.systemservice/files/PersistedInstallation810030084932881358tmp

Filesize
90B

MD5
50ff2fce350891355d4213e0cdecda14

SHA1
83c4798fa288cd73b16ffc7c59b42254ffef997d

SHA256
693e6859f75ca5ceaadd821592417e0a08a9d555dc880ec9eb4a368e45bcb55c

SHA512
733bdbcdcb0f2b5e697bfe416438f69c73ab229d90f3bf3238422237396120b02cc17db59d9dcda48b414d61a048ede8c90152aba14ee56b5758a98eb51b8026

Download Submit
/data/data/com.systemservice/log/log4j.txt

Filesize
3KB

MD5
5a914aea2a7453c80c37e02d9b1b6139

SHA1
568097c04ef0d5b39190689c20f30d52060e68a4

SHA256
84139faf3612c27109dcb9d9232afdae7ec2f77ee6115cfb37a59d404c408310

SHA512
66d4cd3c6907e7621ed279b164d9dfbd1033af966605f91e996471ffb2fe60ad59deb750f6ec3985cd9f65bb7e0cf6b5aa1580a4d26e2882cf2d5dfd7d9520e7

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads