truthspy | 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c

Analysis

max time kernel
13s
max time network
156s
platform
android-10_x64
resource
android-x64-20240910-en
resource tags

arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system
submitted
06/03/2025, 02:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c.apk
Size

3.6MB
MD5

0366ae0abf0ada8aed90322bfe07dfd5
SHA1

2f0779ce64f02944e87674745cb446c5bc620607
SHA256

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c
SHA512

52f50f2f847628b1fb498784660050a6f189d8c7cc520c0d3a06ca28cc35ee4961d0a3daca71a540e263ab930ab629b884c3ff187d4abcd8f58549fdf87f9677
SSDEEP

98304:mD/SWbGiowrvH6Odp/9hBbW+te6lXhAyHtu:mWWbGjuvl9jS+oSc

Score

10^/10

truthspy banker collection credential_access defense_evasion discovery infostealer persistence spyware trojan

Malware Config

Extracted

Family

truthspy

http://protocol-a100.phoneparental.com/protocols

Signatures

Truthspy
Truthspy is an Android stalkerware.
trojan infostealer spyware truthspy
Truthspy family
truthspy

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection defense_evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.systemservice

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.systemservice

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.systemservice

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.systemservice

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.systemservice

com.systemservice
1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:5123

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Connections Discovery

T1421

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.systemservice/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
6631477e7774abad5b5156cf9818d2ba

SHA1
0d0579d991460ffb5a5805e10266293c6f3baff6

SHA256
ce29968e8f5071787a0826f96c9cf4b20aa83ff2e4f2f32476bbd95b4908911e

SHA512
57439a0d079c1c4806f18850f2dabbf51e1704ab9a89a08ec292f6bf47a0fd21e316ad43b41b97ca74c124321c26a84f0ab92c5a1359d0b5335e03b714416df8

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
64442ad195e4c5417b8472534e560aae

SHA1
082520db11c973949f7c4bc82cb0f3b87364f854

SHA256
8659ae5840d3be9869956fe5c38f6fb3217d4fb289fbfa519f6f706b9e6cfb37

SHA512
84e1c6d0257c2ac38667627744538ce33c031a7fb062f9477361e3cee49a0dcc61c17fdc87e11a0b6a06c96e812f409bd68e1d77d614e38601b28dafffff7e40

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
79d0ed06bb2b8658786cb5ff38de02cf

SHA1
a50621665bae765600dbf903f68cf8c3945f90ac

SHA256
f279f370886d7e6104e0f06e9b31146bec659c11b91c7780f1b5de34c5cd3372

SHA512
c2f440f0bc89d2ec90ad72f9a0ca183b168ed9e252b09c9ce9f9cdf7163cd2691d8840f22b1af491c335c98690b34f5d54e3ffdce2089ce9bdaaa7ee819dd177

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
43d05f988cc38178b36ce9b7b2336fb6

SHA1
da16252fc92a5542d1833e4c366858e5befe1735

SHA256
c45ac0465c187a08f0e9dbf7e42baac3b38ef64e9b50dcad1c236e121106a836

SHA512
1b1b012c986e8b7b4fba6457778756def579d31718ec1214773d9b8a2d64f9c52411824f678d27f054a55976becdf839d6afe92fe2f7aedc96d2f41d822e8fa6

Download Submit
/data/data/com.systemservice/databases/core.db

Filesize
36KB

MD5
045489a0639eee27bca52f48828cd93d

SHA1
436e7966e7c019273c44faa4d8c5709b816dfda3

SHA256
0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

SHA512
c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
eb52a90bb70b76e946b62f50b6f7fb85

SHA1
42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0

SHA256
48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4

SHA512
b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
992e2be29e285391988235ed04845a43

SHA1
8fdcf3fdf6982fc7f7daa9c01ce8c7774acdf53c

SHA256
cb1fc49417dfc1041d47f7f056aa22121cf77c4494aba63bd46ea8beb00ec958

SHA512
16422e96574b0b5e967aaa12d1ca88b701b428275983792d154e0f3aeb66f086d7e96fccdbeb31f5518e702a075ecb1e406c3061991b5d0f27bf497a03fb207d

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d1e72e07b605bab691830f9e882989f4

SHA1
4997d84ace1c00825dbfe8d5161dad9a938cc4a5

SHA256
f19ebed899cb42cc7a157e7f81c41dc9d471de31841d029689a2d2bcc136b611

SHA512
9de533c1347bed7d9a34a6879a5173d7115fb11611fbda2436458db50c6dafa2e92e60f80d459fd77cc6afc1b32fa20dfb0dcad17f5b8873dfd25aaf85b209ea

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
5db7f15afeeebc3b245eb06d3fcfbf46

SHA1
3d6a6d68263986fdba00f1244011cee4a5702b83

SHA256
82d8fe77e91b19f997ed37b6ab7d0361909dcd5814c13b47a37e5f9d4aa1dbe2

SHA512
618c6ff962923b99d6912af472715becdb5724c921f737dbd7f46f388ed708f5609d7018c2354ee9794e9f29f2320e9e5fea72e5643dc04a74873beb90791537

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
6315a602bc8f4a867d6f582c7e398636

SHA1
2b4962f43022aaf8cea04028cb04edb3bd28bac4

SHA256
c6c12ed8ff9ce62c817415cd00dfebe47032d97a24fa73d24b4cb51ad9295dcc

SHA512
a391dcb0fbfba5810c7d5ff333acbbeb61fe36a4e8b9afa3a243eed43c94e8d44b6693cae908167a570bfaef206791c429675c3040ecddf794219756817a14ca

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
f871ff700510a56a54fdd56bc41b7541

SHA1
481548c8bc3254a00f497140278597b915460c48

SHA256
ab18f3bb605f3cbedaffc75b2d5a03fe21ab82179d268331ea907bdcd32c23fa

SHA512
12e3d348199566e137f02b63e4c8b4c722aa086128c0f1cea883d512075b8573d40d889d2b4452d9e3d9c02f523716da9775d93750c242a1a2d9e62f50f60fc5

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
842e434f0b2f7128c9fe2b9f9d4850b5

SHA1
312a500d327da2be9ccd4ccb1573ea7f7bbd1a88

SHA256
03301985d8f05949e8bd6186be09b9df02ba639884b4a5a6f769da5074b11699

SHA512
1386dc214c1a8be86a28ccc10260908890a740e59cbf88d8e3bd534e4729c9a60d4bc92bb99262474b7d840a1a2e9dc754837feb3cf3d5bdd3b21bb1a1910080

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
65af4f6de4b749a894c0e7e442f5077d

SHA1
6bd5820197f03ba9a2cb6de5c4aa8d803e9897ff

SHA256
a0e38265a1defbc3b2edb79a24662f23c1dc059d32ec38e5b25a36b09af3c13d

SHA512
d1f4132509323b530a9f20eab08834d69a8c83e2e487aa73df9b8fa04dfbeab9d2fc02eae59c1a4ac3fdfcb5d6a24889c747c31dd5724e6c44ad0e0509b0b1c7

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
99d13dc2f484626113d9d94abecf079a

SHA1
ed4efb9260b066206052895edc9b49873e07f219

SHA256
edfa5291ef263ca4b5e96327a37281c4780df4c77355095081d564363cfd3416

SHA512
ac15d5910807771f16219fd4f72973fa3656463f32308c349ee37659f70832afc99b57472ac13e734e34e881e8d3511575c7bd1d222b4a37bc84647d06d7c50e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
0d79e3404998d1d67fd521586ededd6b

SHA1
b186856a4dd914afcce5f549021e28841a7a295b

SHA256
d83ba2d15716cef5cd1a15a055ac374f7316648f387c8a62816674634598de46

SHA512
ed598360e499a1d56b2151660ec7550f908463e814494a1b3386e6875ffd2b47e47cdac45e6a460acf8ce0e06e0dd6cb624559fdc3a4b75e4d92a74eb7371220

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
b0e1bba361b3f5403cc19daaecf9a12f

SHA1
d9effe6951fbcebc45f95c34bc5ce93212609e2b

SHA256
b24f88720ecb134d37568f2b3b379b53bf8c37f6c1d681dedddf4ecad9da423d

SHA512
b6f86ae1465297e0409d230ea55f1a5ed407934b20789a42419b3d3e896d848f57456a2666ca609173641c4eea1845767ed09d9ab4e2fa3c87ba1e032db5f4eb

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
0b5cbf65a19fb8202a11fb91500a8767

SHA1
fb359bb2bcba658d7b6c6c95964d60680565d07d

SHA256
62d88c6c7a5376f97a9ddc05649bb4a5157e16c5d0b59f786b3ab86de8825db5

SHA512
3d6c1aa2feff66a0c8acec45f6fe45972986d4d4a235f2c825b5d1e050cbc01e445cd00fb7daf9a6e4c26c1fb8a2b96f85d3b3d43114a198ccc733f3066f88b7

Download Submit
/data/data/com.systemservice/files/PersistedInstallation2306438853009806569tmp

Filesize
555B

MD5
5c5fd08ed8aa35c5747b25861a405b33

SHA1
bbd08259602bc3af858c5f0b639a2e45e0a9da8c

SHA256
f322af1b227bd5e83f714e63331e6fd983c66a22cc6f9a477f92e17994e3fbf7

SHA512
984e9e3175305b426823fd1d015a06bb4467fe96f65ca3fbeedb74557a0e04b5f3e313defa705fcba01a9e6f2a6a325ac7edec2b947ec3c71cd6fab07e3241a3

Download Submit
/data/data/com.systemservice/files/PersistedInstallation6300975389311618994tmp

Filesize
90B

MD5
6880cac9b2a8a1b5d20958a729f1eacc

SHA1
7b9cae89a272e3ce6d4866cf9e54e5cebe7a5739

SHA256
74d1ec0f03950b90bd2eea443d8edf83a8d2612a06d81f18d1380485334539cf

SHA512
f9dc5fc648aee776d661b56edc8c572ee91ac256e24be85c3f0314b2622e7c8c6eaf4087ef3cec57382911c5133e4fa5a1612c26f645a9c987b519689b8d33cf

Download Submit
/data/data/com.systemservice/log/log4j.txt

Filesize
6KB

MD5
5b642f1a48c4f8861be5728be90754ac

SHA1
c1c694157eb4968856f7fe5c6b3a9e4ab18c28bf

SHA256
4a2835d798867f70138ea075885c1ecc00e3888268dfcfa8e7d06858b54d483e

SHA512
d2ad004f256b5f1402ff795becdbfc4743ee4d4d0fe11823141a0e11530fc4143cec43e479987e5a88e81a2ffe56cf1739cf05556d7625c0ee838ac5d66e080c

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads