truthspy | 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c

Analysis

max time kernel
13s
max time network
152s
platform
android-9_x86
resource
android-x86-arm-20240910-en
resource tags

arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
submitted
03/03/2025, 02:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c.apk
Size

3.6MB
MD5

0366ae0abf0ada8aed90322bfe07dfd5
SHA1

2f0779ce64f02944e87674745cb446c5bc620607
SHA256

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c
SHA512

52f50f2f847628b1fb498784660050a6f189d8c7cc520c0d3a06ca28cc35ee4961d0a3daca71a540e263ab930ab629b884c3ff187d4abcd8f58549fdf87f9677
SSDEEP

98304:mD/SWbGiowrvH6Odp/9hBbW+te6lXhAyHtu:mWWbGjuvl9jS+oSc

Score

10^/10

truthspy banker collection credential_access defense_evasion discovery impact infostealer persistence spyware trojan

Malware Config

Extracted

Family

truthspy

http://protocol-a100.phoneparental.com/protocols

Signatures

Truthspy
Truthspy is an Android stalkerware.
trojan infostealer spyware truthspy
Truthspy family
truthspy

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection defense_evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.systemservice

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.systemservice

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.systemservice

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.systemservice

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.systemservice

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.systemservice

com.systemservice
1⤵
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4213

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Clipboard Data

T1414

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.systemservice/databases/com.google.android.datatransport.events

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
a2bd4173c9b0dc682e674f53582b11eb

SHA1
d4620fd37e645e669605106108a3a2d1f2c1c647

SHA256
399a899a12b4508cb50967a8c525644ca501ccac313092ff179167f38c6cbb1f

SHA512
71bb553b9d9715079a8d66640092220039c56fd5d48117fe826e0713d08f93a5587c726cbc0cbb1228e18bdf27da3172e77f0bf9bda2e80091fcaf975b51f04d

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-wal

Filesize
68KB

MD5
6755ed827c1205f7f8ac560843e60d52

SHA1
3c352b45629e09b3f19f244952525bc305c5fcff

SHA256
fdd67b4e3547adfa95ae32ffeb6b4bdb8c5b548e79cdd69d72a956ae473a6719

SHA512
7861bda36324566211a817306d679c0791abb42fa612741d91c95e267dcb3fa266f87afbb1442ccc6b2d0dd45bea4e1810fe7f5c19f0f6382d55949a697e89d8

Download Submit
/data/data/com.systemservice/databases/core.db

Filesize
36KB

MD5
045489a0639eee27bca52f48828cd93d

SHA1
436e7966e7c019273c44faa4d8c5709b816dfda3

SHA256
0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

SHA512
c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7237409e0640cfab7bdbd429bf821a3b

SHA1
4c3da934842f8d4835dfe2a9c275a300e5123309

SHA256
5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

SHA512
c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
febb8440d633874117574937d1a4cc7d

SHA1
5a6ea8429b4b1e4f485351e4047a961259ebecd0

SHA256
44ff5a11528184da16ac801fe9368de9c2aec2435f95ca4ea68642832ab1eec0

SHA512
95db926e18953b8c3d619c1f00caf41e0c2cda5f5c9bdd435fbfd7025a0762835156b4fbd1a1001dd71ad470560a1d9377898bfaacf3bdbce08e9bcf4416c1e7

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
78de816823493dfb7035f666de27e795

SHA1
2486e08cee7b4d92dd64c9f7f86164f6f1f30892

SHA256
b448ae7e5459299f1692a0ac89cf2a0bb79ed44f25d9b11ff85308e56c099e63

SHA512
5af557c6cbfc2213b049b7a6531e4b6ed3e1d75723777849a0d12886e7f0dd03acd3a83792843a7006c09a9c2a93bbc5277f569e8f324c7238ca6f7fc8447d41

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
e00162962fedb47ab61315cfe01882b7

SHA1
9ecee52e5352ef2dd56fe90a5f6ccd1753cf4837

SHA256
7dd79d5f949daafd9624fc064ca647e32e8047e4f8487912e9def57b890aa2dc

SHA512
23144d0153003270d072c5698dd43700df2556d27cc5e4e17e1d581090fff856b7a9a4140a06697dab4652a49ff5c9fba14ed1de1469a9fa73b0a4187d87a20a

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
6463eeaf3f419ffd13fcd1c1b05d34f7

SHA1
f163b14f11e13ab7120e7256f259721eab242d14

SHA256
d871d93660b847afb2794a3ebe83eac2d7c8fb2dd700c3ae0835f3650df41781

SHA512
c91d8a7f082480497399a971e70669bdd21787fac51a4f5d77305b3b62897cb239cad9d68da160b7416cb914ee20562033ba31e11111b782a53c40bcb1ab2868

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
835cfc7decf507cdc5e54f602e3f9699

SHA1
4a55d424cb32e766554672cb2d0b3804fc47552f

SHA256
29257dbf2b37d226ace65bd68d001398801235d93ed830a35435bd4bab4de852

SHA512
2ab470c2200d97b545693a4cdc661100e46b0299f3d3890773681bc5f22f29eeda6b6a83a5c627fa22119726f3ce78d40021362a3f018a4f3afb4a08476c253d

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
33e85404a09368f05fd282c7f32f7341

SHA1
905979362661ebc02847f0d35716a32e51b34cd7

SHA256
76a977ba22f4b4dd513711ef4999be824df333a68d08a91bb2287d3d0da9cf2b

SHA512
742549622cc483aee0d716f36984fc37e94b3e48951c384320a74d220865a98440aa5d6fc39bc1b6281f094779a2da4fd9e5ac939fceb6c389b7a0e711e2fb05

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
59375627f278daec474462a832c60f02

SHA1
99f2a7ef4ff6d7b84d098e472ba56a6c3052026f

SHA256
26e2f48c18e1f617163ebf6c06432054b9f97344a6c8f59f89a4d73395518f07

SHA512
3dcfe0de46956e5be26a19128ab6dace5bbdd9140a29ee338f790f84db953112932545cdf8bdaf046a9a89132c20a98c14a596c47667e468fdb2224d7590525f

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
c4d0e03a2e0e693a0d2631ac1f5fff22

SHA1
0a8b51d56e54f989132cb3b4b711edefcd87d2a7

SHA256
8b51b1f49cbb5e754b2a26cc4b57c3bb45ba712dc814b8d3f659ebf5ec0acb9a

SHA512
b79af8b48ea9fea88488a72c18ec0efeb544219f4d65181788b427b0b22a8834e723f715428a4efd6260b262ea4cede5a4c0efb0c1c55f4f57367c33b359b2d9

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
b8f33d329b436f530b5b940e56326de1

SHA1
c1e428cf88df1f82e46f2e2bc952bef7da2cc9a3

SHA256
b05eb23f538bc7a0f4d68f33aaffcd138ff4c746d05568d49b7c16673ebc60dd

SHA512
546ddc6b7012ca5508199160351b9cddd6ed453782b0e9bb77aa0cc953e573184337c93256053b27b07cd18e2249ba6181711b499ea05abbaea342281a02fc1b

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
e41e5f91cac07e17b407babfb916a758

SHA1
167b5df5369321312ab6d83b094d4082d0923273

SHA256
4675b5a5c466e43b8bbe8808e1ae9f5882ea508cdd43144f00947aefbd76ae0b

SHA512
bbf7238d4aff2708d3f384bb37db6c46f4a2922b191d4af51f9cc07eb0677125edb85b7e2b68429747a7e5dfd67c6ee166542de9de27fde7a7c11e9373d3be66

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
aff54b162d6863fb8b67f2b491c2efa9

SHA1
6ad2595a1de8a01adf32198e0531e615c0f52bc2

SHA256
a43df300623de144da4cea4f3ad6d759cf5251a1369536de742ac02fc37938cb

SHA512
f433fca77249cb01b8869d8a560286b657c1b321c9b3c716d457e55ce0ce306f050ff274938efdbf29b9b6551c0127ceba2fb9c96931759cfac0147498cae583

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
60e18627327d5c5adc3b73fd9bc77817

SHA1
4c05d19626895c988c5a9b944e52596b3680ee86

SHA256
ea709af88dd1073639cb2ee07f53c40bc7c27aa04649e29630628dacf26f812a

SHA512
d4ccdcabe0c7c916ae0c4d1b340a3518c86b8f1af05a60251a8ddbbe9e136de040a9d5d226cc085347f1290ed8006e508ddf297fc460fea2d1d020027ad47e94

Download Submit
/data/data/com.systemservice/files/PersistedInstallation15112189232507194tmp

Filesize
90B

MD5
5bbd5b9612be9a8518a87b1c99b2aa8c

SHA1
0921de47213909c72c0969df103dc886c7e8fc72

SHA256
49f09fab539eb3ddb08d45a54843b3638b5771a52c91f0ae95b4ea67964a6a58

SHA512
5841fc15fa05f54fef2c6e1566c4a8b3846e778dada7af61576cf09aa56bb8a4628edea113ead0d049c0f73970235c57f9f05b7d0908006f6da62039baf3e106

Download Submit
/data/data/com.systemservice/files/PersistedInstallation4969291288624909922tmp

Filesize
557B

MD5
5253391c974b142fd2dc61ee485b93a3

SHA1
ad1eb8926fcc7ab69f0c2ee30328155a33bbe7bf

SHA256
9206b2c51ebec976a7e15e2d19ca44a4799ac0fab5c385f64a83708e9ca36e5e

SHA512
beea77b2651ed30ce425246ba2b3b0bbd1eabd4f0dcb2d4a9b895167978850e35c0cf431ae8877f3b7ffab25b5c25cd2175ad81c13be1311668f8c1036260f0c

Download Submit
/data/data/com.systemservice/log/log4j.txt

Filesize
3KB

MD5
c96963d0c734112c22ad49c1c17387fc

SHA1
370eb000600a5fe281a8edf918d0027b98d30120

SHA256
ddb0b6add7c5b3fa0b5a4403890ad0a9781016ca6a9dc8c6b171a5d3a56536a3

SHA512
5bb619fbe6c8d2821aecafdc3f01203dcd1cd696d64e8780c85f8e18e05f58f96665662962dadb9997ecd5663edf19963aaab6a6d880a5ef76b4ef1e04fbfbbf

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads