General
-
Target
2cd080cf2bb345cfe22cbfab37098c899a811d9d999a12965fad4afc4b760bcc.apk
-
Size
3.2MB
-
Sample
240517-gdp88sbg91
-
MD5
6f590bf9e27e87de1620e26f725487d3
-
SHA1
de9c1c8cb89205c8382ff3f4276393f472ebcb08
-
SHA256
2cd080cf2bb345cfe22cbfab37098c899a811d9d999a12965fad4afc4b760bcc
-
SHA512
1b9a49f58ed6ba994f4cb3b8be5125f1f0e380cc2def32b7b38b192ac75348525cfc145852f15c1b3519337dbaf607be3d5991fd9ce55df89bd494845e8b104c
-
SSDEEP
98304:MzVh9nnvpPBMtMbLdd4GiEVLtKWD0tG6l5:mtnRCMbxrDkIS
Static task
static1
Behavioral task
behavioral1
Sample
2cd080cf2bb345cfe22cbfab37098c899a811d9d999a12965fad4afc4b760bcc.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral2
Sample
2cd080cf2bb345cfe22cbfab37098c899a811d9d999a12965fad4afc4b760bcc.apk
Resource
android-x64-arm64-20240514-en
Behavioral task
behavioral3
Sample
2cd080cf2bb345cfe22cbfab37098c899a811d9d999a12965fad4afc4b760bcc.apk
Resource
android-33-x64-arm64-20240514-en
Behavioral task
behavioral4
Sample
2cd080cf2bb345cfe22cbfab37098c899a811d9d999a12965fad4afc4b760bcc.apk
Resource
android-x86-arm-20240514-en
Malware Config
Extracted
tispy
https://ua.tispy.me/TiSPY/printIPN.jsp?screen=IntroScreen&model=Pixel+2&osversion=30&deviceid=620ccc60ccac4fcfba869bc0a3e0201e&version=3.2.183_06May24&rtype=T
https://ua.tispy.me/TiSPY/printIPN.jsp?screen=IntroScreen&model=Pixel+2&osversion=33&deviceid=e9e6db7470194aa990ebda908f9008ce&version=3.2.183_06May24&rtype=T
https://ua.tispy.me/TiSPY/printIPN.jsp?screen=IntroScreen&model=Pixel+2&osversion=28&deviceid=358240051014041&version=3.2.183_06May24&rtype=T
Targets
-
-
Target
2cd080cf2bb345cfe22cbfab37098c899a811d9d999a12965fad4afc4b760bcc.apk
-
Size
3.2MB
-
MD5
6f590bf9e27e87de1620e26f725487d3
-
SHA1
de9c1c8cb89205c8382ff3f4276393f472ebcb08
-
SHA256
2cd080cf2bb345cfe22cbfab37098c899a811d9d999a12965fad4afc4b760bcc
-
SHA512
1b9a49f58ed6ba994f4cb3b8be5125f1f0e380cc2def32b7b38b192ac75348525cfc145852f15c1b3519337dbaf607be3d5991fd9ce55df89bd494845e8b104c
-
SSDEEP
98304:MzVh9nnvpPBMtMbLdd4GiEVLtKWD0tG6l5:mtnRCMbxrDkIS
-
TiSpy payload
-
Queries information about the current Wi-Fi connection
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries information about the current nearby Wi-Fi networks
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
-
Queries the mobile country code (MCC)
-
Queries the phone number (MSISDN for GSM devices)
-
Registers a broadcast receiver at runtime (usually for listening for system events)
-
Acquires the wake lock
-
Checks if the internet connection is available
-
Reads information about phone network operator.
-