truthspy | 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c

Analysis

max time kernel
17s
max time network
130s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
28/02/2025, 02:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c.apk
Size

3.6MB
MD5

0366ae0abf0ada8aed90322bfe07dfd5
SHA1

2f0779ce64f02944e87674745cb446c5bc620607
SHA256

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c
SHA512

52f50f2f847628b1fb498784660050a6f189d8c7cc520c0d3a06ca28cc35ee4961d0a3daca71a540e263ab930ab629b884c3ff187d4abcd8f58549fdf87f9677
SSDEEP

98304:mD/SWbGiowrvH6Odp/9hBbW+te6lXhAyHtu:mWWbGjuvl9jS+oSc

Score

10^/10

truthspy banker collection credential_access defense_evasion discovery impact infostealer persistence spyware trojan

Malware Config

Extracted

Family

truthspy

http://protocol-a100.phoneparental.com/protocols

Signatures

Truthspy
Truthspy is an Android stalkerware.
trojan infostealer spyware truthspy
Truthspy family
truthspy

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection defense_evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.systemservice

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.systemservice

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.systemservice

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.systemservice

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.systemservice

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.systemservice

com.systemservice
1⤵
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4261

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Clipboard Data

T1414

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.systemservice/databases/com.google.android.datatransport.events

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
644807ddde703db108d757b8465f0a69

SHA1
c3f6026fc82350415ea06cf1f13da926e2a094f3

SHA256
3a589da6a3d85a661096aef5d1dac6930df8f86be6cb0c97d0d30f92c71b927c

SHA512
3e35b1896249750919de4948f22865cf5c2236d30a369848d7a0b283f58814f8f60c243a38b6845a16fd2dcd95b67942eb580004154cbb32dba09d04dcb100b3

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-wal

Filesize
68KB

MD5
be44a8fb4b75c095fb80167d1c03e61c

SHA1
61e25d8ecb8a96c66fb09a79be375a3b50f6125c

SHA256
fa16a2c808de1ac417f6f171f89a01abf66d25d74f16c000c973ece2585f6e38

SHA512
a4e2ae9f233f8f43344071ce6aae501c20c5f5d0f87749c617b9bd26b9a9a060419bfc35e78e1f4a00ad06d3113caef3049d595227f166ba16f32f80a89e2536

Download Submit
/data/data/com.systemservice/databases/core.db

Filesize
36KB

MD5
045489a0639eee27bca52f48828cd93d

SHA1
436e7966e7c019273c44faa4d8c5709b816dfda3

SHA256
0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

SHA512
c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7237409e0640cfab7bdbd429bf821a3b

SHA1
4c3da934842f8d4835dfe2a9c275a300e5123309

SHA256
5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

SHA512
c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
454a4c9176ff55657340204c4dc83851

SHA1
88f84f72b2439c42ab1f02ce2221b384f1f067fd

SHA256
71114f1a104c70af243714136aee00ae78601e137ebdf9657d5e8bbed78fa209

SHA512
f00e8aa3a35b26bd0f4be74791d8a7b60c967a5ae21449d98c03c86a631169ee022338962d590c57f16089811362d40f46b4e9adcc60eb1bd1cd6c9870fa7a20

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
aae2f2b8ea75a4f554d80929cbcdd469

SHA1
5b31cbfd83d454c21c8dd731b27b7c32a283278f

SHA256
2975b04b8338fa95d905a9ff38fa83ff059afd815e25647a0be1ab86f13c9566

SHA512
7cae78a21622d2eb96e3f60ef97a01a913af5f2491045b547ff8a1a53a6ce82c039b54d3ac8ff69bbe0b612de9c85751470224d4985193922f9991153fcb09de

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
755d3bea9254126ad6a36bb24cd21699

SHA1
57dd11c0e7ae4e8ec1e7c6836aeef675f65d8b12

SHA256
846a60ade780e53a35434fa1da8e1edaf17aa48ed298ade37aaddf6066b5047a

SHA512
2f15fb1c74182f0c02e184e93e992f37c55c31aa85cce411a5442ce0c38f1f5dfcad51f0fcf6abb08f5f9822456c8c5f30b395301ace66eadedef34eacbe6c7f

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
9c8355abd851601366ba45f1ddedb837

SHA1
1aa09bc8958c59f03bb588fcb4f67f51cb001107

SHA256
7f17ec82266ab289e834fe8d938555ffaa7218266124d00473a8f35528527ee2

SHA512
f843342592dc19925225b6bd4fbdb80c1a586b2bd6258b34d6daabe332ecc8f689b4a9abe72eb91b1dcb5f769b4e03562693496af3e766ee45b93a24543aead9

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
835cfc7decf507cdc5e54f602e3f9699

SHA1
4a55d424cb32e766554672cb2d0b3804fc47552f

SHA256
29257dbf2b37d226ace65bd68d001398801235d93ed830a35435bd4bab4de852

SHA512
2ab470c2200d97b545693a4cdc661100e46b0299f3d3890773681bc5f22f29eeda6b6a83a5c627fa22119726f3ce78d40021362a3f018a4f3afb4a08476c253d

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
0db0397099f88b23c9d85afe04bb3d22

SHA1
46be377b193fd9cf826345b467e0a817252c92d0

SHA256
aa8a9f38b395de88035be2ab2aa5afa99933247e5e4e44e88823d5b1427e1243

SHA512
3a3e1d5719dfef846eb0ce7dd71124761312be0efbe11a2e1dd564b6afcaf8747ec2e63fcce9407682a3d2d37f50d2d6af9f00b7ab03baab66d3d32e2f9e8086

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
f22f530ff9cb4679d6d3081d967b2394

SHA1
b4cccfc8b85d38444d81a209ef7db35282338979

SHA256
6915602aef16f028ab0b1fdeaefeb2050cca488d59f581ec7beabb0b811fcfa4

SHA512
a2b7013e275a1bfca5d1f071296caf709f98d067fc3314dfb37aed8b8cbf2c7bc15ed8a355fafee050103b48b2afa881a6e4c4a3f7786e6843c421de247c61d7

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
3ec33dcb8146ac3b7648081aa6186a94

SHA1
4abf294340bbe9ae19ef6ea6f4ee7c35a46827dd

SHA256
61a5a129a35c020ce2268c229923dd63dfff8fbf3698cd1ab1360e5993f744a6

SHA512
889a9663c1133ad110e44d7ee490ef68447f4f4b0b126f427bd8de2a35f7e522c5c77bacf829bef280121750dff77bddda33aa3487eb46ba91b81ad8abaec391

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
ad9b62d456ad8bfcc68f6a2fd7c1aa08

SHA1
8e777b2b7740b44b50f99854fb0596f2915ba5eb

SHA256
a3949d5234bb299081efa123e880e39bb1a14b1579a4efc239194bb695ef0f41

SHA512
5fa9a2131911650a74640d6c74beee86fec8051ce40e4c36196d106485124f0a71f9aaf53e52a9b9dbde183657886ad12ac0e862fd63a60f45bf67aef81a4073

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
5750a3f7183aee9f0abaaee83b12f6e8

SHA1
65dbb14e8a2f668821467144926e71a31dfa57c2

SHA256
1a567884b5b45d3341889179569e1e80ee1977b7196b8834edcd5fdfb5175f32

SHA512
e0f46eb7b83fe8ab7e44d4ea3e0751c2fe10567ea9e309f8de3d6e9dfdfb0dfe51781b1ca49c7cc00eceabb4c8d49628fedb0f7f1d54155bb9500ca6f8e36ea7

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
eb8987ed770ec53d5aea0949212f4e78

SHA1
e457defe0719e03f166832c2efe7b37077bf74ba

SHA256
ac383ed40160b953c27152708cec1ec53e56afd344599611be0fec6f52faaa17

SHA512
0a87718558de5df9db34ea012a8bb6f37140fa4160ae37aa39a58a3338ce4b8e89ffc7df397cdb8ed518f11c1939d456b9507b34c3b35312504b5f6181aada80

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
2bd7d275d3b81a122b23e6134e409ef5

SHA1
a40354339d807ee9512ce5fb9e8ced10e430e720

SHA256
6ea46b92e9e80b6afe7031e0cb94530d26cb2da8fd0286fd6c64988a96b6ea87

SHA512
366b6ac6bd4f203fb10217132c68aa05eab88cb06148d81972f89379024efc0f5204bbbffa658cfdb46ac5b0da68eb05c4856270934b16aafa4872db27c3c834

Download Submit
/data/data/com.systemservice/files/PersistedInstallation6133348489116825643tmp

Filesize
556B

MD5
4faf9c0aca3b50eef1f6ec05ae0cb8cc

SHA1
e8b1a0fd0ff6b465d1a4440cefd12466f42c9386

SHA256
cf1924c8b168e805f496acec780abb388baaa141195b665359156b825caae496

SHA512
8abeadfaaba0c1bbccfef38c1472aa22d83d294ad57aa1493cf4d70a2e19f70b487bdd6855af70d0671d45aff6e566efc024369bbebcc7f52fb30c5ed395a958

Download Submit
/data/data/com.systemservice/files/PersistedInstallation8074420021698106923tmp

Filesize
90B

MD5
d1045200b343b4b474701cc7947b3aca

SHA1
8ab105ce8a198be45662035762a72536a895251e

SHA256
eac5eae47461e34110cfa5cbc3772583df146bbef54c10a08536661fbb8d3564

SHA512
b6588bf0a49a9ff4f8edc932103615f29d8b327bf8d5ae3c8edb70080fbc752238dfa0a6ee32f802eaaf141ae900648b196250b10f4f5ce76b0a955af1930f12

Download Submit
/data/data/com.systemservice/log/log4j.txt

Filesize
6KB

MD5
450674a763a984738e37d747e183d690

SHA1
00949a4d01be41c54d14db4f44254d722150ff61

SHA256
f4dc9f5bcd43de1ac8077bffc72984a69d640f0356e8b98cc088a526ee88996f

SHA512
0a0b4d794c96182962543772ea6fe8c418d9129e75cafd2020f14bcea22e1528dc46d45ded618b0700c53af2700b19f9fe8f5933539eb7dbf4c701c15d999031

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads