truthspy | 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c

Analysis

max time kernel
19s
max time network
152s
platform
android-13_x64
resource
android-33-x64-arm64-20240910-en
resource tags

arch:arm64arch:x64arch:x86image:android-33-x64-arm64-20240910-enlocale:en-usos:android-13-x64system
submitted
01/03/2025, 02:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c.apk
Size

3.6MB
MD5

0366ae0abf0ada8aed90322bfe07dfd5
SHA1

2f0779ce64f02944e87674745cb446c5bc620607
SHA256

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c
SHA512

52f50f2f847628b1fb498784660050a6f189d8c7cc520c0d3a06ca28cc35ee4961d0a3daca71a540e263ab930ab629b884c3ff187d4abcd8f58549fdf87f9677
SSDEEP

98304:mD/SWbGiowrvH6Odp/9hBbW+te6lXhAyHtu:mWWbGjuvl9jS+oSc

Score

10^/10

truthspy banker collection credential_access defense_evasion discovery infostealer spyware trojan

Malware Config

Extracted

Family

truthspy

http://protocol-a100.phoneparental.com/protocols

Signatures

Truthspy
Truthspy is an Android stalkerware.
trojan infostealer spyware truthspy
Truthspy family
truthspy

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection defense_evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.systemservice

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.systemservice

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.systemservice

com.systemservice
1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Queries information about active data network
PID:4514

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Connections Discovery

T1421

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.systemservice/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
42ea88376cc0f0a9c91e8eaeb44b9030

SHA1
afd45b05ea83fe343318c1bc21b6c85fb6cccaed

SHA256
49c56ca79ed93739671ce0a614aa209cbf499895b790b30726ae170979d7af01

SHA512
34947e55aebacae2ef45e47d0d1f8c49be1c3400d02af20cc26e57dd49d6513b413efd96aabb38af5a98ea725fae27a80a6a80c774be2e89efbc7dd12e810fe1

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
120380a1fbf744d9f9b3e3bcef64f078

SHA1
1579dc6108b152893742001a1d0c92e580ab3173

SHA256
2ccc1f24578eb2f681ae2e146b5080a740973860b3ba27f8297d1a2ad7225465

SHA512
9871e150e7646426ea73b5444b6f69f8cde2ed036eb0a72746f7c3f76b9c99cfb84c98371c0a95cb15c27c1ee78fda4118831a9bf63a2436fe06a7c1854435f4

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
29076f3057796a344970e4104c1b7177

SHA1
bf33c3b1085994c15f1a7a0d0c55038fbb844f33

SHA256
17b0d48945894265594e0dc6c1a7b7c54c99e9b6b7604ba5728e2d702634e640

SHA512
df3344f2e8cb4d2f3bc8e9147b924e317e80209871af49ff33278793a8a873b3b38e9283f44de02dc5c9b70bc80a8dca5d5939c921ebc6f0fccf39d8f9a239c2

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
c6158f3750c23adf356a18f70f26777e

SHA1
8ff2b5858ddf41f09004d59ad17a0337a97c84b5

SHA256
c7127ae041e7f8b801e1eec966dc70ee3577d294c62e7de9cbc3701f0e5acb9c

SHA512
7e60465b38975818cb22e5712b4de1ba3b91fd8d2b399da66b68f8da4fa322d072c8806446ba66e4d98735cf3d8e447bfe4e0e2ba7fedb5469caf37599aa53bc

Download Submit
/data/data/com.systemservice/databases/core.db

Filesize
36KB

MD5
045489a0639eee27bca52f48828cd93d

SHA1
436e7966e7c019273c44faa4d8c5709b816dfda3

SHA256
0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

SHA512
c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
62ad4a05cbdca7f47b3206b7dbda487f

SHA1
4f4044cef7b7b1e5c6184ed9025267fc92bf0cd3

SHA256
18b909096c7c61d51ab076ae8e562effb0d4ada28e2a4ecd0e6b88ef58f6b2a6

SHA512
0936531ed1b2b356a247123200739a43cfc765469ab47a424dcd6e3d1176092a212b0a28591d07f8c2d0cc9d2e0eeddfcea8dde314c2f9343783c61075b071a6

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
bcaa5331d84dcc9528aa229b2cfd4b6d

SHA1
05abc97f595b9019d6163b1ca1be9b46896fc5df

SHA256
7f4786f4b0c794d0199e208276c653a5b30872f915a9dfcf690adde9e01d1b85

SHA512
b79787514bd4c1bf4a10710cb5f62765fd45f0d147104c280b5757ac1fb28fdb61d3dc29126ae178269ed00eb930fb13e0d8618ef06a3e979c998c18087bd6dd

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
48640edf6930bda140644b33fcf1dff0

SHA1
b1ec5799a714a1b42c83d005839afb787bf28fa8

SHA256
635c2eb76ba498a554d3000bfe90d9692c064cb0e6151504a94f2e9604f0724a

SHA512
a72cc58d1b4262ccb4d51820f549a937f1e4cf8cf4255830e735479ff0960165a97502f1e701d1f0595330e48209d116b82d63b44d76d062b2dbae8d9f0696bb

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
656f594cf33d4f9bc866537982c2298e

SHA1
c6dcdc7de2087792a475fef996f728ab4e372567

SHA256
2b8b7080354c94e1869eb4df1ea3e9bc1547803ef09c3dbf2511fcd122370f89

SHA512
e282a320c1263c45e77ca37fe310ca0f1c062b99d08e2262580000b7d15a17861980e382a1f47e7d1e0a90930b4e23310a315da1fbecc27865a364fc01eccfe3

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
43da241d0a4d272f35d955e31331ba1b

SHA1
b17045dbdb4550cca8d3e75095dafebffde608c2

SHA256
bb50c929fe087404dea4161cbe7396c4c9b0c12e96ae2dfe3b1d3c29031cce98

SHA512
d4dfdfc78f5a62c95bfa62f3c048ee6ec30dd705a94eac6df551f2936450aeb50de3042f4c92591bd70981dba8bccfcc42d11db86b33cb5e9fa2d768ddc4e7bd

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
e3f13c7d7678604e5b293f6672bc0ed1

SHA1
b16c998ac7ca1db79cd4983b207a292ac1d96e21

SHA256
486eb5bec4ec277ea7b334a0d0e431e5e62881d3462903e8294640edbe96b2e3

SHA512
b63bab85a373912587e78dfc9daf8b4168a223c7af08fb87de8140d66b9f35042052d2d25694e4ea7c9f2064107e5471318b6dcec39c4e3dc0aa352627fa09f4

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
26decd2fc36159dfe03742d5bc0ee21d

SHA1
49947a484566d0a3b82e3c790861814b97a7ae90

SHA256
9d02e5df72576f95c9c133bded2fd914ff02a1c6f958937fe7a78cb6357d52cc

SHA512
4208940db6b16df09c0b358eea2bb85deffbf984f8a6733356d2b8810bb0db22055156ad13876a4e7139348594950f7d3e1afa34fd441145b8419ad4023f516a

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
8fd0f1a5252c651f9ac9b50eb0dd58fe

SHA1
40a0ad8478f69c3378a6ff57f1d8baed71cad6e6

SHA256
56ec8f54498a364591631e9e82bef18db2f1eed3f27d11c9d0d57dd7afe3ef89

SHA512
3858ebdba120eb8908ec125b8ac17f7602e12eabdeccb67807fae06f6ca5700c095771366b57e7b6aa7913704ab4ca06dafcb82be151d6bc7db78cf60a8ca1fc

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
27cbf68f9e219d7131ab9e16b582c25b

SHA1
c18404fa59c693fcd089f6b4341fee3937f2a70f

SHA256
f21c5299c7063d1191126dd39f57a9724e4781f29cb3b649c8cb0596c3fec64d

SHA512
32bb700e5a90a9244c3329d032faa8ebb4cd1d31cb8b0bfe4be9109a0b2c0eed5f9ac9bf29220032b183e320280046ec4b18db46b2e4823ec4affe656b3d200e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
fb99634722970c4045ae19d7efc40cd1

SHA1
e4132eb2cea6237ad32c07309475ae68926ff9bb

SHA256
b09bbe00e1585d86630d016f8b1eba376a6dbf667bb4edbcff8b0ff96058b6e9

SHA512
d1697554a409fe0f2cde97a4053d93186c74c134855f086e04935dffa169210327a90c90b17161caa73abaa9b15bc30b537d71bcf589471cc7905f6075531dfc

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
2ac32553a364c3eb3c2cef5e90198bfc

SHA1
e073490482b3c027be129eea8fcc35d5cdd91f1a

SHA256
5d32009349884c1d3fc05575aec2c4e757575ac1feade1d4822d671c37926382

SHA512
010638cbff2cbb1926c30f6b597f07a6e3b203585f09901a0abca5d5e0f87b23941dffbae0704390e44de6dab3e71ef119275096a9f46a9335532c1bc21d4fa2

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
5021263aaae7d56d13718cef9da14964

SHA1
ec1d46122ad64f171dc0c81f727c044a19788635

SHA256
a0fc9ce2c0dfccc93f1383e55f5be52b3d271a92e1c9ca41f847dc59024cf992

SHA512
6b6d99ce656c484973da45ca4b2601646272e620ce3ecab0604108e474d4e15f6673f068fbc7c3e58b9e6bdd1af429694af57be09ec413375359343e3d987739

Download Submit
/data/data/com.systemservice/files/PersistedInstallation1282012481468330931tmp

Filesize
90B

MD5
0fc93660d6e18ca7656273951d1a1a20

SHA1
a4c0144fda3179dd4e3818184f404144d8f65741

SHA256
ba03e1a4d40e23e141a5727511b50ac08fe6eaec38497e3ba0566bbc2579e5e4

SHA512
824cdcf8c0a4328d5b1242bfd1b5f218f8999ec8a4821542bf47e8f4a7f203658d3a4c371be1e37b490c29ba8875993de6febfc8b2ee5a25d62273398e6b33f0

Download Submit
/data/data/com.systemservice/files/PersistedInstallation7252409522637905400tmp

Filesize
554B

MD5
2f5a362167d7686b6ca0018ae159f32c

SHA1
f3d47a1e32c8aebc24c41714ef99656f81b8d6c4

SHA256
901c5102288a87cce5c5517b77bc02f9fe4a56d15303a5d1d5bdfef1f6464e50

SHA512
f049f827d3b10639d3a99cd42d34c5482a0432578c9ad5097d9fa1e315420a940b31b5c94ced4b9b90be60477b81b71eb38c65cd87ca07185bd75649514081a1

Download Submit
/data/data/com.systemservice/log/log4j.txt

Filesize
3KB

MD5
a31d52cae8bc58a42c30b3bb84e12f74

SHA1
ca4fa1d728953ffb3d4cef7eebb6fd8489a063c4

SHA256
7d2838cf3ba89de1a4ad037226be8a2086efa30819533503c90ced437fa99d83

SHA512
65e52c419b84f5a48e786535ac47375fd080934268b819656897130ea0214cc6eb3a8b42ec248ac8741edaff411607fe3da040247552657fdec6d7c01e6a2697

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads