truthspy | 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c

Analysis

max time kernel
45s
max time network
153s
platform
android-9_x86
resource
android-x86-arm-20240910-en
resource tags

arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
submitted
05/03/2025, 02:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c.apk
Size

3.6MB
MD5

0366ae0abf0ada8aed90322bfe07dfd5
SHA1

2f0779ce64f02944e87674745cb446c5bc620607
SHA256

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c
SHA512

52f50f2f847628b1fb498784660050a6f189d8c7cc520c0d3a06ca28cc35ee4961d0a3daca71a540e263ab930ab629b884c3ff187d4abcd8f58549fdf87f9677
SSDEEP

98304:mD/SWbGiowrvH6Odp/9hBbW+te6lXhAyHtu:mWWbGjuvl9jS+oSc

Score

10^/10

truthspy banker collection credential_access defense_evasion discovery impact infostealer persistence spyware trojan

Malware Config

Extracted

Family

truthspy

http://protocol-a100.phoneparental.com/protocols

Signatures

Truthspy
Truthspy is an Android stalkerware.
trojan infostealer spyware truthspy
Truthspy family
truthspy

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection defense_evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.systemservice

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.systemservice

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.systemservice

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.systemservice

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.systemservice

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.systemservice

com.systemservice
1⤵
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4311

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Clipboard Data

T1414

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.systemservice/databases/com.google.android.datatransport.events

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
69aedab17cb10add4cff8d941cc1e17e

SHA1
f1e0e08b5fd131ff2e2d5da2a3da9e164fd03475

SHA256
c853e04dddce2a35cbf0d56fdd4f1134173805bf7c7f6f820b53e53679797acc

SHA512
d4f70016aa30de5ce6b16d7a8962a42374a9aa933093faf63185c12d34ef62648e15fc54d854ef1e03fed35893df877125724512e9791928f37d5a2067ab1110

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-wal

Filesize
68KB

MD5
fb2468ed3fe0ee9a5b8083faf338571e

SHA1
9ef42c11d2d7d2e26513a0188b6fe3d50276914e

SHA256
74a57ef3106be828e9e23ea983126ef496f63e52a447a072bb1539f1a8e3ba3b

SHA512
66e7c4e8f0f7fae5615db83a993be446ba765dbecb147aeae7f306d08713df4e2d4a31c64f40cdfcf583659496f0e5e8b867c7cf2bdbf20e71f2ddd979a4c079

Download Submit
/data/data/com.systemservice/databases/core.db

Filesize
36KB

MD5
045489a0639eee27bca52f48828cd93d

SHA1
436e7966e7c019273c44faa4d8c5709b816dfda3

SHA256
0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

SHA512
c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7237409e0640cfab7bdbd429bf821a3b

SHA1
4c3da934842f8d4835dfe2a9c275a300e5123309

SHA256
5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

SHA512
c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
6e1890a0be7fe164ea712816e69a0107

SHA1
4de6ef9500dd769fd133d559ac5e118aa919fe90

SHA256
b75f5259aae100038139d1e326380cb5faa8f585ac4769458f23286e26fc9f7b

SHA512
d4f27c5d2737e1fc88aa76acbcfe5cad6fe9485025a2f2d8b5e8867005fecb0f4a7dada8aa1cdf7a8aa0f47fe4b8f483c2a66d2eb0cc6b033c940777e12aca2a

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
400299241c26cdaad0eb141ca4fba310

SHA1
6826ce8125284e09a940ed604ec886c4e3209346

SHA256
3555c4acc33f27b0ff46a048a65ffdb4b975c03b707560ea86d532bc3f239c7e

SHA512
b176c2f6a66f66cdd7e262348c0d9867aa1d37c821874296f2fc71ab003e2e347550146fe28f05cee15bd124e4d65f591d17d3b1e6fbeb20251e859475c7f9b0

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
9a305005a405dc5a6785d943bebb4625

SHA1
23b11d48c96d3e5e1ca81472a0cbf497eeac9c27

SHA256
b132db22d4f0e135a972a1ad1e14253a76d8134bf6433300c89aa6cecedf27c9

SHA512
74c0907a3d94ffaea626b54580029a83b2f33da66e074f1c3413474bed9e78982ef72cf1cdeff62292c7942b6a42130f450b5af3e535dc4d47dc7af43ea27e50

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
a9ab8dc40983ba63cf9eced01989c653

SHA1
68a1d42ef006dffa0b0b369871fa364936d103c9

SHA256
38c9178bdaa2a4a092c8ea0979f3d61232ec6b993083c48bd0fdfb42d90802e9

SHA512
1227baee75243a51e3756b4684a7ced54c3d2e1e280c54705b966363211890a1c3d40ff3340cbd4175b829b54b3167752827bec4f1bf7f92a10d444870ebad01

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
835cfc7decf507cdc5e54f602e3f9699

SHA1
4a55d424cb32e766554672cb2d0b3804fc47552f

SHA256
29257dbf2b37d226ace65bd68d001398801235d93ed830a35435bd4bab4de852

SHA512
2ab470c2200d97b545693a4cdc661100e46b0299f3d3890773681bc5f22f29eeda6b6a83a5c627fa22119726f3ce78d40021362a3f018a4f3afb4a08476c253d

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
895bf86b5958e3a4a4d883282e766ac6

SHA1
fdb485b8027cd00405f358242120022be3b41f34

SHA256
74594e975fd4fe1e3a4c949221bbb2407c71b78854ef62d8b46d229014879616

SHA512
15b0b5a00425cb1f4b782ee05872746566b6dc3631aed9b95c0537998719bc08cf52569736c0d3e22eaed4e7a354d5f50263e7d5f9afb35c0fa9546020aadbe8

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
b03c2d7fa3e4309ac973c1130ad99d22

SHA1
8c2a8ad2d2c804d734d4ff0d3b005383561e214c

SHA256
8522d716e8a30540024aea55a9217cbee429fd5979a9304966b2b724b331d90c

SHA512
d6d6f963d1dc46cd36ac675ecdbb5dfd7e3ad9f891a9eb9c45aaaeabbbcc91b1ec7497a937d0b252363502ac3b4a8767e35cea81d339a7f860eb7571aa5a9e5e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
ce4d66f814742e09e333e7925dff86e3

SHA1
6bbcddfed633ee6b632ca115242157b47a3c0d01

SHA256
0a81d860e8cf278c60a692c970141dd957323ab35635c3152b8a8f6b0b45c9c6

SHA512
c1edb59b16bf3a0a400407ba52fd9419c21f3da8fe90f83a0ca4b4f644339b080326eb55a6334f0e1f8eb702ddc4477afafb086ab92d04899e646b06e5bce21a

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
fb98aaee4da5bb4c68fdc6ce5e98d1b0

SHA1
d9bae8e5fd32057dfcd5d13ff01b0f90bc401b10

SHA256
cd054903e1989382c29c39e855b53bb2cd102e36c45ba430c8ac30eee3ee6f3f

SHA512
59cc825effda063fffb7dbfd8ae6f15966b28119e8a327db7fed4228ff715c35826393fa835f7284dd7ae452514e3d4f6e7bc0222fe07139752379be560f5810

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
5876743afd7719552604d936f893efe6

SHA1
92607ee8c533606560bb1fa8b0523427d4378dc3

SHA256
92bc85f009655def247fb5ff648c44360045eb5f967806b62ea5ab06db5d1862

SHA512
8fc65440cc2e8560d3dcb514d14bac2ed0878e671c4c6825fc8b2126d145ffe96f7bfdd1261b37afa292cfb60d5d14725a1dc3c5c1af9e67ef41001b01c1e878

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
19b5179b3f8a97aba90813ea78b94624

SHA1
3f5f64f5c9439e4c8a400a9c7262a3f63fc5c3d2

SHA256
e49d4d730462041e5ad03ebe4136f31b0bed2a347a2518fce136dc8cb7c08972

SHA512
ba0c4a74fa2ea93824419d82174859cf120d0a849306272e3cccab003204e87322c4847746696c1183125d76ea3cdcd521c7743e082fc9a9efa3ad6e785a7179

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
062d05868c773d63e7cb5e4545be382d

SHA1
7f36b5c6afe6ba0e525924475370a4f56428d7e8

SHA256
ca65dd17b51f43c8fcf226b0029c8be8ee14838ba3c784ba51dfed31240f77d4

SHA512
e08be4d622cb51a19403bfc1656a3ad36719b06dc5717f21a8a818da81ae8bdffaed246e35af929c0c584bc8480877c642eb167df6457e7dfe95dca6379b17ba

Download Submit
/data/data/com.systemservice/files/PersistedInstallation8084743943910007611tmp

Filesize
556B

MD5
3e3fe721a408af0bde754c847851ae3c

SHA1
0eb2b370769dba48d5c565d9209be1d5d63479a0

SHA256
76ede4f2b27daea42dbdfbbfedf4bae7b0e80ec1403be2711d93879cf99565a4

SHA512
7bedb0b2d64aac04e2bfb641943a2a216d44db4189bcaf353d5e6ca03b1a9d37d7c61a7fb29584d25543e5df57ae69293661c04761de428652d50622c4902d41

Download Submit
/data/data/com.systemservice/files/PersistedInstallation8988201341729142071tmp

Filesize
90B

MD5
6150215a8b1d4016a64e57096c804b08

SHA1
5b6d3d21be2c31b317f7104131a4235d3d1ed5d0

SHA256
d4772a494fcf692ed190f4617833e728be724d8b60c7fa42a08edc0ca77587b7

SHA512
6f3d83345d309d3edd68b6a9ce8b63a76e6321bd06cdd353abda1136b7a1cb384e3b83d8d0f97b8633647e6d4961a4190bce90c2ba8b158e95b70e0d8c36005f

Download Submit
/data/data/com.systemservice/log/log4j.txt

Filesize
3KB

MD5
cfbd024982ff556a2655ef14a00ecae3

SHA1
e52a60e9fd22613c179a4bb6c4266d529f8571cb

SHA256
c03598e460c6f7932446eb10dbe72cd4c7ef125006bc81476fcebb7bf0609571

SHA512
8b3d0775e18fa69f89cacd83b3a3113de7b75b5f8f65276384a90b5461dd7cabab0b4ace9a58f1b56efefe74e62a6f5f081b1c76d8086f35b6e5c2c4ec7cd2fb

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads