tispy | d61f465d9c05e4bd97dd456d8f64671774879dca754c2617d1e67832a86d2560 | Triage

Submit
Reports

Overview

overview

Static

static

d61f465d9c...60.apk

android-9-x86

Sharing

Copy URL Twitter E-mail

General

Target

d61f465d9c05e4bd97dd456d8f64671774879dca754c2617d1e67832a86d2560
Size

3.1MB
Sample

240417-cdrd3scb2s
MD5

d46259cc21634bdad5be18d4ebb4be51
SHA1

4191a02c23a8aacff6caf2369e49ddc6780c3f24
SHA256

d61f465d9c05e4bd97dd456d8f64671774879dca754c2617d1e67832a86d2560
SHA512

a05bdc6a77ac58f4e5f181e4727a864a089cb284092b11bb5368792cb7bdda91e014213e899818439a973d72d73d0bc9b7bd2890d82f521d01fda6b5f8c91e48
SSDEEP

49152:tpZh+nAniPeNY7Jw3S9E7n6Bs5Hpj8CppPdRL2T69mZka8SBnWFr+aw:tpZcnSiPpNXO5RppP7STnZP/BnWFr+/

Score

10^/10

tispy android collection discovery evasion infostealer spyware trojan

Static task

static1

5 signatures

Behavioral task

behavioral1

Sample

d61f465d9c05e4bd97dd456d8f64671774879dca754c2617d1e67832a86d2560.apk

Resource

android-x86-arm-20240221-en

tispy collection discovery evasion infostealer spyware trojan

android-9-x86

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  d61f465d9c05e4bd97dd456d8f64671774879dca754c2617d1e67832a86d2560
- Size
  
  3.1MB
- MD5
  
  d46259cc21634bdad5be18d4ebb4be51
- SHA1
  
  4191a02c23a8aacff6caf2369e49ddc6780c3f24
- SHA256
  
  d61f465d9c05e4bd97dd456d8f64671774879dca754c2617d1e67832a86d2560
- SHA512
  
  a05bdc6a77ac58f4e5f181e4727a864a089cb284092b11bb5368792cb7bdda91e014213e899818439a973d72d73d0bc9b7bd2890d82f521d01fda6b5f8c91e48
- SSDEEP
  
  49152:tpZh+nAniPeNY7Jw3S9E7n6Bs5Hpj8CppPdRL2T69mZka8SBnWFr+aw:tpZcnSiPpNXO5RppP7STnZP/BnWFr+/
Score

10^/10

tispy collection discovery evasion infostealer spyware trojan
- TiSpy
  TiSpy is an Android stalkerware.
  trojan infostealer spyware tispy
- TiSpy payload
- Requests cell location
  Uses Android APIs to to get current cell location.
  collection discovery
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Queries information about the current Wi-Fi connection.
  Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
  discovery
- Queries information about the current nearby Wi-Fi networks.
  Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
  discovery
- Acquires the wake lock
- Reads information about phone network operator.
  discovery
behavioral1

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

Credential Access

Discovery

Location Tracking

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Location Tracking

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

tispycollectiondiscoveryevasioninfostealerspywaretrojan

© 2018-2025

Terms | Privacy