General
-
Target
WiFiService.apk
-
Size
3.2MB
-
Sample
240517-f8dy1sbg38
-
MD5
98726b9e9ee65875f831f804a4977df9
-
SHA1
313fe02c6d3c6bbc6064ecce79bfc3ddaafb4899
-
SHA256
60274a12b3cf42346ac9de47fdb40267306c1d0512cbeeb329ff894ada5d27c4
-
SHA512
4c42898b2de72b1636ae7c4ab783f32df06e5244f3d63a270e4f9eb04faaec6db70a21af461196b13344060e5f81490dd0a1c23a42d7c9a865ff921138469fa2
-
SSDEEP
49152:1KxhmnAqxEB5PGS1GHsxvYB314VGmJLFhenkI/Q1Fari79/fKidK5qk:1KxMnrx8PGS5Y14IM/1h9/iidK5qk
Static task
static1
Behavioral task
behavioral1
Sample
WiFiService.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral2
Sample
WiFiService.apk
Resource
android-x64-arm64-20240514-en
Behavioral task
behavioral3
Sample
WiFiService.apk
Resource
android-33-x64-arm64-20240514-en
Behavioral task
behavioral4
Sample
WiFiService.apk
Resource
android-x86-arm-20240514-en
Malware Config
Extracted
tispy
https://auth.familysafty.com/TiSPY/printIPN.jsp?screen=IntroScreen&model=Pixel+2&osversion=30&deviceid=7808a497e10f49778064790bc71cd512&version=3.2.183_12May24&rtype=T
https://auth.familysafty.com/TiSPY/printIPN.jsp?screen=Signin&model=Pixel+2&osversion=30&deviceid=7808a497e10f49778064790bc71cd512&version=3.2.183_12May24&rtype=T
https://auth.familysafty.com/TiSPY/printIPN.jsp?screen=IntroScreen&model=Pixel+2&osversion=33&deviceid=b4c40d32661c4560a6ad93f9479cb16a&version=3.2.183_12May24&rtype=T
https://auth.familysafty.com/TiSPY/printIPN.jsp?screen=IntroScreen&model=Pixel+2&osversion=28&deviceid=358240051014041&version=3.2.183_12May24&rtype=T
Targets
-
-
Target
WiFiService.apk
-
Size
3.2MB
-
MD5
98726b9e9ee65875f831f804a4977df9
-
SHA1
313fe02c6d3c6bbc6064ecce79bfc3ddaafb4899
-
SHA256
60274a12b3cf42346ac9de47fdb40267306c1d0512cbeeb329ff894ada5d27c4
-
SHA512
4c42898b2de72b1636ae7c4ab783f32df06e5244f3d63a270e4f9eb04faaec6db70a21af461196b13344060e5f81490dd0a1c23a42d7c9a865ff921138469fa2
-
SSDEEP
49152:1KxhmnAqxEB5PGS1GHsxvYB314VGmJLFhenkI/Q1Fari79/fKidK5qk:1KxMnrx8PGS5Y14IM/1h9/iidK5qk
-
TiSpy payload
-
Queries information about the current Wi-Fi connection
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries information about the current nearby Wi-Fi networks
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
-
Queries the mobile country code (MCC)
-
Queries the phone number (MSISDN for GSM devices)
-
Reads the contacts stored on the device.
-
Registers a broadcast receiver at runtime (usually for listening for system events)
-
Acquires the wake lock
-
Checks if the internet connection is available
-
Reads information about phone network operator.
-