Resubmissions
15-05-2024 07:49
240515-jnrk6afh2w 1015-05-2024 07:48
240515-jm6zfsfh46 610-05-2024 02:08
240510-ckjmtacg2x 10Analysis
-
max time kernel
49s -
max time network
171s -
platform
android_x64 -
resource
android-33-x64-arm64-20240514-en -
resource tags
androidarch:arm64arch:x64image:android-33-x64-arm64-20240514-enlocale:en-usos:android-13-x64system -
submitted
15-05-2024 07:49
Static task
static1
Behavioral task
behavioral1
Sample
WiFiService.apk
Resource
android-33-x64-arm64-20240514-en
General
-
Target
WiFiService.apk
-
Size
3.2MB
-
MD5
ce48f58dbae28bcb25677b8add0ddf64
-
SHA1
e868c6fcaff35940e338e86e41494aea88797aa8
-
SHA256
4e3e24dcd83d8ab0fcedb625bbc4ed75b99161cf0bc60153fa4ebbf13d60636a
-
SHA512
367fd782ca81ac3c5a58f21d1615a6a60776773f6db24caa47a6e5267e83d474c2f7504bb7ff0e06455760d209a598138ad0496c82849825e018763ca67ae7d9
-
SSDEEP
98304:P3/ynojPcxrkRN+wsKUHAUrFPW9/cZ+OEf:P6ojkxrkahFPW9/hOEf
Malware Config
Signatures
-
TiSpy
TiSpy is an Android stalkerware.
-
TiSpy payload 1 IoCs
Processes:
resource yara_rule /data/user/0/com.yxadwqox.sbrcjibw/files/dex/kMqvFqmNzloGVQaCX.zip family_tispy -
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
Processes:
com.yxadwqox.sbrcjibwdescription ioc process Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.yxadwqox.sbrcjibw -
Loads dropped Dex/Jar 1 TTPs 4 IoCs
Runs executable file dropped to the device during analysis.
Processes:
com.yxadwqox.sbrcjibwioc pid process /data/user/0/com.yxadwqox.sbrcjibw/code_cache/1715759380323.dex 4259 com.yxadwqox.sbrcjibw /data/user/0/com.yxadwqox.sbrcjibw/files/dex/kMqvFqmNzloGVQaCX.zip 4259 com.yxadwqox.sbrcjibw /data/user/0/com.yxadwqox.sbrcjibw/code_cache/1715759383455.dex 4259 com.yxadwqox.sbrcjibw /data/user/0/com.yxadwqox.sbrcjibw/files/dex/kMqvFqmNzloGVQaCX.zip 4259 com.yxadwqox.sbrcjibw -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
com.yxadwqox.sbrcjibwdescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.yxadwqox.sbrcjibw -
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Reads the contacts stored on the device. 1 TTPs 1 IoCs
Processes:
com.yxadwqox.sbrcjibwdescription ioc process URI accessed for read content://com.android.contacts/contacts com.yxadwqox.sbrcjibw -
Acquires the wake lock 1 IoCs
Processes:
com.yxadwqox.sbrcjibwdescription ioc process Framework service call android.os.IPowerManager.acquireWakeLock com.yxadwqox.sbrcjibw -
Checks if the internet connection is available 1 TTPs 1 IoCs
Processes:
com.yxadwqox.sbrcjibwdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.yxadwqox.sbrcjibw -
Reads information about phone network operator. 1 TTPs
Processes
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
MD5d3364728f634bf71c4b16542c02c60cb
SHA1f23088362b69935f404f2b81eaa40ed3172efca5
SHA256401f68f4448fd6288b7619a7a2ae4646493cd7268f16aa6714802833fbc1197e
SHA5129378bbda71abcb437676a2d4095d7d3ab6a5a1c1682ec95f3f6d050b9226692cd1a29ba8e7a65dac441c29cfb7b1d5e69e34b5cc32989c90c025909567a662af
-
Filesize
8KB
MD5a137b5568de65b8fef35329930d8617f
SHA149a2d6e95d447ba1d448c81691f6a609fb2859ed
SHA256bc5290425eaa32b00a84a94c58976321e7643bc5d668817524ad68a1c7d2082b
SHA5129dd6c25dea7b3424e8ca0150a9f1f6f85ed5fccef69e7fadfa05324014b74cc350365b788cee2a8ce25afccee084908e679eafa7f449e7791c6288485d2c5338
-
Filesize
160B
MD5a2d080977c098aa2b0b146726b45e91a
SHA14a9564c669734e41e927a0f7eea7f60f22e7ec3b
SHA25653cbd4c1524127af60a0e8ffe98496fc589640b4eba7a851414b12cd28367c03
SHA5125be6e4da1145b8b409fb20131e9193e861c8f583f084e17c326197b559583bc3401d126f436d4ab522dc3a938bfb99a3ce99edefcf46e9258671a0b3f9c19fc9
-
Filesize
160B
MD5e1023575632b0cb6fffee4ca70247e27
SHA1c2cc9d1805d4e4ce128824175c23bb5d859d5318
SHA256e5ea66d35ed211e261d3ff58fe2a5bc462dd359469f37f038e5ac771def64fdc
SHA512451917f1807ef2172767c5e53d1fd25fd671e55737cab354463faeb5a2fb5f4dd03c009a1c91c46f779b79dc5af486961bb575ed12e8e1219819aed2ec35163f
-
Filesize
16KB
MD58a10f85bcb419b77dcf49fbcf348e67d
SHA1de45210ab1cae4be6ff7485386a0be8abed04faf
SHA256a0ff1b8c48b78918fb218515f955a788620ea0b61002f73febba862b47092dda
SHA5128662fc33368068066dfa7bf3543e6b1f68c857699991761afca16c5142995efc4074bac500044591b3af1c221b466bbf4a3e562610494b42cc2019e1f69b1226
-
Filesize
512B
MD5e5a7cd722d8f0d5d3478a61b710c0cc7
SHA17a2445800598e7fd692b17a957b1fee9ce1edf26
SHA2567f58193cf6cb5dbb38ab1c4ee25411fd50aef93cf1b24849d711450c0b8d964f
SHA512ba1d75b8a3849cba749beae90e9adc8861d81b68b1d2723faf1dbae9e2b53853573cf6c8a08cfbfd8d6486b69955d22f9398adc3b9ca457e63379fad6e73e3cd
-
Filesize
8KB
MD5c61697c49f2fa0f9a5c46aa9b1aa810f
SHA11d1d1354ea4ceaa4acace3c044d02295ce6c93ce
SHA2562d96a9a2ba931959fddcb0f881c4b75dd51ca6b2c4208f922cb114c51a85bf39
SHA51255ae373d1398c5e905215e3d5a5e1e249c05b86fe340b3e74a52f863104f5690bbab7459d986190c13aaff091b1741d921440f31aab7e4c18fcc60b4390fdbe7
-
Filesize
8KB
MD5a1cfdcb3c6d32d5b847458d10c921967
SHA10771c56cbc1a521acae23ade92764057d80ff963
SHA2562b19f1360609f7ce939eee3a813f4dcb57157f9bb4f5c15611bde777616f0fad
SHA5127cb91fb113cbc9e4072c2bc45fe1e5523428bc205b8d32b0703aef34fae83f5773d2469d79dc2c4055dfc9760e0a0d8485d9806216524f1d11237ac2d361a235
-
Filesize
145KB
MD5ff86912d3e18cfd8adea2bf05edf45da
SHA16449ad66e9a1e9bf75525584137efef407ff080d
SHA256472b4fc106654cc36e158c82a349b9bbd4a7382037ac53ecc97dd95f97ae3260
SHA51244c86c238598d26a03f4929f2c5cc4da9d9f0c8df5bddaa39a187f948f46a5b0c63519be70456e5db7a185632c6aa5bb9b4c30784441313812133a2593575fd3
-
Filesize
270KB
MD5c2b11edf77ab5ef62ea9d9b15f30296d
SHA1eabc1a33918037f78640a49d867cafc0f966e692
SHA256510ef80b2faefed56441ab6637d185b9230cb4ac4959d36eec11bf661af2085f
SHA512ceef4661bd1fb6dab6e34d6110facea023cf8c43859e2d03adb8d868ed96dbade0fa0cd2193e858e9f8e8975898740347f8354150908a4d5524c1d7d21c7a607
-
Filesize
636KB
MD58aa1890c8921030b680c2557f9c8386a
SHA18d39dd27c4612354b968b16171f376553e594fab
SHA2565822cb7097bf82fe0a69a343b226bbc61efa2e091f096f5d9f491e2f82d4b51b
SHA512742c6aa33ada9f5a7f68741db731dedb9c1522fdcd2253caed7d709efdbb3b7d4be1ecb6ed2fbba13008ff7c9a2e1c7e98daec8a6c6aafcac3788426898fb4e2
-
Filesize
2.2MB
MD5c6121724a4eabcd69809d4d607e67580
SHA19431787d3e3cdc50d3d55530ad5ec14fc5ac7138
SHA256677919c33e287b71dca8b851dafddaf0a892a4debed24e043da6e378933221cb
SHA5124ae7a681174b52cf1eac476b7ed6ce9ba6f7d441d37ceb4315bf57721e1d1ef373a141f85d3c0c7917c550c954209b7d0c9ddba98645ee9d2e0800e94f556957
-
Filesize
1.6MB
MD52cc8f9b7e95be09168621b46e804eda1
SHA16a2f34c31df9ae9b4c996bc5a3d65ded5eb2f13f
SHA256280c95d71831fee6198324069a631f591af99d0b801f87736f11c3fb8aa2e4f0
SHA5128235515fdb8ae92701b7e2c09ff572006662eb8b9f82fed0294cbc87315969a5038cfd2633bcb720995247f2c3410d30aca29e390929f7e8a8a933d6b7835585
-
Filesize
2.3MB
MD545f29981620e258ef51f68f6c8dd85a2
SHA172eecb18f5e700d41fc870199fd4f2e769fad3c3
SHA256c2f84da138b51cda5ca4e0af40cd90e2f69664d2e27f082cfb4ddc3bbd6f1155
SHA512053c919d8dde4910e1a3f49e7a13288678eae364afe7ce47890c5690639bc618ec206d07bf558501686a94ed141e91ecc045129dcfa34cbcab95cd7da2d5a918
-
Filesize
83KB
MD58fbcb3fc68adeb2d70ec59e3c8c13cf6
SHA1d659c6f31f6b80662ac1b6b57f1678a25def8767
SHA256d3c7a0b0ad264efa0e7456c9e3ee0cb11ab3339d9a117b7841bee46854bf99f0
SHA51287ec51d7f15b7760ce7dd0dfb3ff1227ceedb1696b9d36419dbf80669a4fe151b3429726b7e2bc327998691c33660e3ab5f7a67f3d0babc57c7dae3c66dd773f
-
Filesize
458KB
MD5d530a125f3f6ad057316b66ad8f7689c
SHA1ded91ae72a5124f80cbb806e34e902e4f7690585
SHA2562d76c753f285616f2b4f7c3f9cc11689643ade33e8d47b9bba3d190fd44fd7ec
SHA51246ddfc038ff9d3abeedc83b3d53315482b259fdc242372452169aabce76c12f899fc6b3ed3904f08055328df5d31f1f2679fdf8e04b62716b013ccab9963f431
-
Filesize
432KB
MD5d319fff17b4b3d37f658a4df7d2e9391
SHA14fc3488f35ff2f84f9547cf1493058d412366369
SHA2568649cb08a83ad7beb3f8fe7431c590525cef21550449a8bf94128c4b3133904b
SHA512a12c8a6d2df6e3ebd295a977239408ae6ce1146e2586739de4c460f7ca732f872ef25bf6f50f214b852b7f823e88ba1e464dd648c70d4a49e34128381f9c10bb
-
Filesize
2.7MB
MD51fcba77be0b33d08001bb6a76c858c4a
SHA12e621445cd6cff7d989a90419f153062f4cbc8ba
SHA256ab4b61b860c6ea3dfade56ac55528aef471d9f17fad4187e2f39df4b173d815d
SHA51233493666c95274357114400b3fe1469e3445c90a68a409adbaed7016d391fa1c38ce7607d2bf064da1d0895066f4caa469aa8bbfd69f2ac6e0d72b5a52af7b42
-
Filesize
31KB
MD538d5899a1c496b568295d92884653e40
SHA1a6aa1f902cbeb2eb01fd7c7cd751d6f9fd15ea54
SHA2567b40b243b09c922dfe569ff2089b1fe8f998e85f7b9bcf00b1b58400c195b7e3
SHA51246dda5514a1a2679d8b523157651a7c9b35c09b9d81c8c16f2c1fdd2e2a0f6e1a89c2b91b5f47c16d629d1b4abadb18df930cecaf279f55c100351e3423bb784
-
Filesize
1.7MB
MD5401209b06747f49e22c5eedfe92145c6
SHA152eff15cf75ab39326b16db7d867bea6e25a6f32
SHA2569527cb317cc1f954831eb53e94e29779b9bc4ea10734ae6a751b0039e7eb6852
SHA512e3046d78b8d3305ebccaadd24a6752e50ae03e5643a862b4f25efd004022cf96e731e3d0a1d7b78e10ee4a373a32c913ecbdfbcbd15ff2edf1969a2f0c9a7b86
-
Filesize
1.5MB
MD5539a6c55d4a25862187a4b2fb3a7388e
SHA11c97109e7327ebf13a55d1d8f5be5cdd1b09b541
SHA256b68a51b641edfd3102ab2055b4d382df79d2a06db38d757539ca0da580f7c68c
SHA512c74f56373fe87e9599d71acca88ffd0c7c488ccd97e5ca61d66328e0a771c3435908db7844ba5268ff080bbb3932942d3b413f265e1f8388233799e583935350
-
Filesize
3.7MB
MD5a4f6eb369e668afd9258e67799d52dcb
SHA1bbe4cd124a9a495b05cbf1a5ce610e21da5a6a23
SHA25688b164a5551ea0b68ad3f8b3be3b605c11f7a529992b39b7d1669ff877cc2a2f
SHA5123e1f2f79f9d7c784af51bf33610881305f7f103654d1ddf0d1222d25e93fa2027b3ad9c1f393fdb7e528696f7b2c08c95cd4d42fca52e8c7694497cac70d9bda
-
Filesize
1.5MB
MD50c015f108130cbcec3c89371904be70e
SHA19b0348a2a1351db4cce88dc086297ac9c0435977
SHA25609dbee56a6ba5dea1a9677b468e29cbdf4cb7317a5e8ebeded039f67ff3e834c
SHA512d2736c7cd3c83afcf5ed30a7cdfbfaa17091eb9a8bea464f281ab524a57b0abc2ff6289d54c0ab8ee83cc4fcd33f5e9d5148930c44b81df013d453ffa8bd1511
-
Filesize
354KB
MD5cdb95b6410572927d41c94f7e961e9bd
SHA1a170070450975129cb7867fb573fdbb49a96ef98
SHA256649397f9d650011c7c0be34dc5e0929829d8f2480828718a31c965dcca57a34d
SHA512db466e690657f5ff0f27023c0c9f2f837650673373185f5af42a4a0fccebd5e5a28f112441b113afe23d9774ae612a6b82dfec72c5130b8f41b4fd45b42704c0
-
Filesize
779KB
MD5d3339871102243250cf1b8af2142df59
SHA1c753a288f72de45a020617a7ebd6c98d94892f32
SHA2565403976a0b7d11734d359959ab63b2ae3d86cb5dfdab42bd12a2d2bb43549b25
SHA512c1c0b65e99260bee1fd63cb3206c4ffd9cd38fd33cbd50170f0a1cac0add00c1622d02062f89db2acb2984bc3ae6a36f244732407ff33fcdfb0b4501aef0f529
-
Filesize
137KB
MD51222cade02a614cc0ab42e768ab62cc1
SHA1562e83e3d019ed7c884438b411c484df586b8abb
SHA256ec8a6069ba7ed1d3df4bde375e4f62bc8d64be4c0228554c9d5cf99d2ffa956c
SHA51287a19557980f20aae04fad69ae6f771e0b5e7d9257fd0f455b8f6033b6b93d145cf922819d3a58b030ae250b8b3f9c6130c248acad8ce99955a8441fd13fe490
-
Filesize
675KB
MD55c8eb541cab451b1be7a5e92070aeb5d
SHA1d6ce337ca2e9f41e0cf2e64113d237905a8f5783
SHA256dd1540c3444205e614f7df44c5cf3f2f3332d953f55e7af3a26c37f987316fb1
SHA512c879c2824e30b7088899f0ea427c75dbecde44e8c59245bfc318521a29f5797f1ed0b647b5a0b6b52983bee4195bb9dbb0f2947149eaeedc503cbc13c06e40fa
-
Filesize
1.0MB
MD5537226ba9d70113cf97290362ac3c32d
SHA102d833af459bb73bd96f104cb9ef3e44a95a1649
SHA25687c494b724a872bea7e1543647e097afaf1ccbc54a7310a3da5c9e5115670456
SHA512487b99c26cee936865a5b4d10ee1d85dff1faf1994daf9cd7b2e0fa0c7ff39a227bca62e0360113ec43299a9ba77ce2bb9aa7127f3e93aaa43d2075327d12bc3
-
Filesize
63KB
MD5e8211b15b6d39c725a62b559d0102e99
SHA19ab02ae2ce77dad2afc8b9e34b6854406321617e
SHA25639c2b7cb18c88e7f803626a769878f3a1e124070f0885cff9aff414646bda4e5
SHA51283518b34de7b0ab945a8162daed822aa7bee5dac908f6bf9f55f93dd677d355cd2e1328a74544a131fbf92be3c2f678d93f9e1c4266f619cabc469e9d5f1233b
-
Filesize
1.5MB
MD510dcfb18c93e96967240150509d8c5c2
SHA144e9a216f5ffdb0362a23cb4ffe4610c56f351a8
SHA2561e842ae11e774f3b9605607896ca2aa7f48d4f9db4c8830763793db1ac170a6b
SHA512b132cbec3e6b73acaa6e907cb5b2b4d5988c73bbe0d75ae3894e5deed3d5aa9e9a49c3d5cff094c6a21264e1934c81d2a0375b9d3713d0a292ba4d6e40e7059f
-
Filesize
19KB
MD54407f56ac2000586a5d736792ce2780d
SHA182e6a4343f84f9d97a885f9736ca5f93a839c6e0
SHA256519269bcffe62511c76d19633a2b29b1d660dad04f382e974a9bbe9d7a01ec29
SHA512fed05f2ca5c9e7e0ca296ceaf10e5cc90a791f3f4434f1a7cc60dd82def8bc0f5ccd31a4748d5b993769f49a16ad6947b2e6d0370e7f57447635ac4450b34d06