General

  • Target

    WiFiService.apk

  • Size

    3.1MB

  • Sample

    240422-clpv8aee4t

  • MD5

    78d8e34b5bd3f780438dc1e76b916fc0

  • SHA1

    b4e261a744af5cd94782cbbfd9a90f858314bb18

  • SHA256

    524ae68f7bdbf193f42ac592073099129c437ad0891591fa2f643c2452ac1864

  • SHA512

    e3a77cb740ab7b0a5db500e432764da4362f666dbf44fa4e54b7157a4d58f4430403079b4ccfe8e70c3dbc7a1ffbd0662d06ba9d473ad0422897f3eec268987c

  • SSDEEP

    49152:UTNth4nAZWP9nb+xlMBLrocWXzTTZKdAf3POjeP4gh7QxISgGU6RZxd:UTNtanQWP9nb0cr86+3PD5QqGUGZxd

Malware Config

Targets

    • Target

      WiFiService.apk

    • Size

      3.1MB

    • MD5

      78d8e34b5bd3f780438dc1e76b916fc0

    • SHA1

      b4e261a744af5cd94782cbbfd9a90f858314bb18

    • SHA256

      524ae68f7bdbf193f42ac592073099129c437ad0891591fa2f643c2452ac1864

    • SHA512

      e3a77cb740ab7b0a5db500e432764da4362f666dbf44fa4e54b7157a4d58f4430403079b4ccfe8e70c3dbc7a1ffbd0662d06ba9d473ad0422897f3eec268987c

    • SSDEEP

      49152:UTNth4nAZWP9nb+xlMBLrocWXzTTZKdAf3POjeP4gh7QxISgGU6RZxd:UTNtanQWP9nb0cr86+3PD5QqGUGZxd

    • TiSpy

      TiSpy is an Android stalkerware.

    • TiSpy payload

    • Requests cell location

      Uses Android APIs to to get current cell location.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Queries information about the current nearby Wi-Fi networks

      Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    • Queries the mobile country code (MCC)

    • Registers a broadcast receiver at runtime (usually for listening for system events)

    • Acquires the wake lock

    • Checks if the internet connection is available

    • Reads information about phone network operator.

MITRE ATT&CK Mobile v15

Tasks