Overview

overview

10

Static

static

6

2cd080cf2b...cc.apk

android-10-x64

2cd080cf2b...cc.apk

android-11-x64

10

2cd080cf2b...cc.apk

android-13-x64

10

2cd080cf2b...cc.apk

android-9-x86

10

Resubmissions

07-05-2024 01:11

240507-bkgb1sbf9t 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2cd080cf2bb345cfe22cbfab37098c899a811d9d999a12965fad4afc4b760bcc.apk

  • Size

    3.2MB

  • Sample

    240517-gdp88sbg91

  • MD5

    6f590bf9e27e87de1620e26f725487d3

  • SHA1

    de9c1c8cb89205c8382ff3f4276393f472ebcb08

  • SHA256

    2cd080cf2bb345cfe22cbfab37098c899a811d9d999a12965fad4afc4b760bcc

  • SHA512

    1b9a49f58ed6ba994f4cb3b8be5125f1f0e380cc2def32b7b38b192ac75348525cfc145852f15c1b3519337dbaf607be3d5991fd9ce55df89bd494845e8b104c

  • SSDEEP

    98304:MzVh9nnvpPBMtMbLdd4GiEVLtKWD0tG6l5:mtnRCMbxrDkIS

Score
10/10
tispyandroidcollectiondiscoveryevasioninfostealerpersistencespywaretrojan

Malware Config

Extracted

Family

tispy

C2

https://ua.tispy.me/TiSPY/printIPN.jsp?screen=IntroScreen&model=Pixel+2&osversion=30&deviceid=620ccc60ccac4fcfba869bc0a3e0201e&version=3.2.183_06May24&rtype=T

https://ua.tispy.me/TiSPY/printIPN.jsp?screen=IntroScreen&model=Pixel+2&osversion=33&deviceid=e9e6db7470194aa990ebda908f9008ce&version=3.2.183_06May24&rtype=T

https://ua.tispy.me/TiSPY/printIPN.jsp?screen=IntroScreen&model=Pixel+2&osversion=28&deviceid=358240051014041&version=3.2.183_06May24&rtype=T

Targets

    • Target

      2cd080cf2bb345cfe22cbfab37098c899a811d9d999a12965fad4afc4b760bcc.apk

    • Size

      3.2MB

    • MD5

      6f590bf9e27e87de1620e26f725487d3

    • SHA1

      de9c1c8cb89205c8382ff3f4276393f472ebcb08

    • SHA256

      2cd080cf2bb345cfe22cbfab37098c899a811d9d999a12965fad4afc4b760bcc

    • SHA512

      1b9a49f58ed6ba994f4cb3b8be5125f1f0e380cc2def32b7b38b192ac75348525cfc145852f15c1b3519337dbaf607be3d5991fd9ce55df89bd494845e8b104c

    • SSDEEP

      98304:MzVh9nnvpPBMtMbLdd4GiEVLtKWD0tG6l5:mtnRCMbxrDkIS

    Score
    10/10
    tispycollectiondiscoveryevasioninfostealerspywaretrojanpersistence

    • TiSpy

      TiSpy is an Android stalkerware.

      trojaninfostealerspywaretispy

    • TiSpy payload

    • Requests cell location

      Uses Android APIs to to get current cell location.

      collectiondiscoveryevasion

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

      discovery

    • Queries information about the current nearby Wi-Fi networks

      Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

      discovery

    • Queries the mobile country code (MCC)

      discovery

    • Queries the phone number (MSISDN for GSM devices)

      discovery

    • Registers a broadcast receiver at runtime (usually for listening for system events)

      persistence

    • Acquires the wake lock

    • Checks if the internet connection is available

      discovery

    • Reads information about phone network operator.

      discovery
    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Matrix

Tasks