Overview

overview

10

Static

static

6

WiFiService.apk

android-10-x64

WiFiService.apk

android-11-x64

10

WiFiService.apk

android-13-x64

10

WiFiService.apk

android-9-x86

10

Resubmissions

12-05-2024 02:06

240512-cjebpsbd81 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    WiFiService.apk

  • Size

    3.2MB

  • Sample

    240517-f8dy1sbg38

  • MD5

    98726b9e9ee65875f831f804a4977df9

  • SHA1

    313fe02c6d3c6bbc6064ecce79bfc3ddaafb4899

  • SHA256

    60274a12b3cf42346ac9de47fdb40267306c1d0512cbeeb329ff894ada5d27c4

  • SHA512

    4c42898b2de72b1636ae7c4ab783f32df06e5244f3d63a270e4f9eb04faaec6db70a21af461196b13344060e5f81490dd0a1c23a42d7c9a865ff921138469fa2

  • SSDEEP

    49152:1KxhmnAqxEB5PGS1GHsxvYB314VGmJLFhenkI/Q1Fari79/fKidK5qk:1KxMnrx8PGS5Y14IM/1h9/iidK5qk

Score
10/10
tispyandroidcollectiondiscoveryevasioninfostealerpersistencespywaretrojan

Malware Config

Extracted

Family

tispy

C2

https://auth.familysafty.com/TiSPY/printIPN.jsp?screen=IntroScreen&model=Pixel+2&osversion=30&deviceid=7808a497e10f49778064790bc71cd512&version=3.2.183_12May24&rtype=T

https://auth.familysafty.com/TiSPY/printIPN.jsp?screen=Signin&model=Pixel+2&osversion=30&deviceid=7808a497e10f49778064790bc71cd512&version=3.2.183_12May24&rtype=T

https://auth.familysafty.com/TiSPY/printIPN.jsp?screen=IntroScreen&model=Pixel+2&osversion=33&deviceid=b4c40d32661c4560a6ad93f9479cb16a&version=3.2.183_12May24&rtype=T

https://auth.familysafty.com/TiSPY/printIPN.jsp?screen=IntroScreen&model=Pixel+2&osversion=28&deviceid=358240051014041&version=3.2.183_12May24&rtype=T

Targets

    • Target

      WiFiService.apk

    • Size

      3.2MB

    • MD5

      98726b9e9ee65875f831f804a4977df9

    • SHA1

      313fe02c6d3c6bbc6064ecce79bfc3ddaafb4899

    • SHA256

      60274a12b3cf42346ac9de47fdb40267306c1d0512cbeeb329ff894ada5d27c4

    • SHA512

      4c42898b2de72b1636ae7c4ab783f32df06e5244f3d63a270e4f9eb04faaec6db70a21af461196b13344060e5f81490dd0a1c23a42d7c9a865ff921138469fa2

    • SSDEEP

      49152:1KxhmnAqxEB5PGS1GHsxvYB314VGmJLFhenkI/Q1Fari79/fKidK5qk:1KxMnrx8PGS5Y14IM/1h9/iidK5qk

    Score
    10/10
    tispycollectiondiscoveryevasioninfostealerspywaretrojanpersistence

    • TiSpy

      TiSpy is an Android stalkerware.

      trojaninfostealerspywaretispy

    • TiSpy payload

    • Requests cell location

      Uses Android APIs to to get current cell location.

      collectiondiscoveryevasion

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

      discovery

    • Queries information about the current nearby Wi-Fi networks

      Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

      discovery

    • Queries the mobile country code (MCC)

      discovery

    • Queries the phone number (MSISDN for GSM devices)

      discovery

    • Reads the contacts stored on the device.

      collection

    • Registers a broadcast receiver at runtime (usually for listening for system events)

      persistence

    • Acquires the wake lock

    • Checks if the internet connection is available

      discovery

    • Reads information about phone network operator.

      discovery
    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Matrix

Tasks