Overview

overview

10

Static

static

6

cd5c46c49c...cc.apk

android-9-x86

10

Analysis

  • max time kernel
    48s
  • max time network
    131s
  • platform
    android_x86
  • resource
    android-x86-arm-20240514-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
  • submitted
    17-05-2024 10:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cd5c46c49c436ff6caa16a0bba9751b4024e6799112dd83de94bdb0e611e41cc.apk

  • Size

    3.0MB

  • MD5

    50370307adf849ed8db647456c79c9e3

  • SHA1

    df5395cd26bbcce3e4753c22b4735a6c369292b4

  • SHA256

    cd5c46c49c436ff6caa16a0bba9751b4024e6799112dd83de94bdb0e611e41cc

  • SHA512

    8753d586e80c855b59cc982f36d83678e83f4a7b509ba4259788c52bee2aa41d21ae5df4bc72ddc6d6a89947c3e65bc8a31838ab8acc76b4d2f38a5498259123

  • SSDEEP

    98304:lL0mCncdjDPDSpd4Z0ZLMcRku3+knMY8Va:VAcdjDr0A0LMwku3+MMY8A

Score
10/10
tispycollectiondiscoveryevasioninfostealerpersistencespywaretrojan

Malware Config

Signatures

  • TiSpy

    TiSpy is an Android stalkerware.

    trojaninfostealerspywaretispy
  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

    collectiondiscoveryevasion
  • Loads dropped Dex/Jar 1 TTPs 6 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    discovery
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Acquires the wake lock 1 IoCs
  • Checks if the internet connection is available 1 TTPs 1 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery

Processes

  • com.kazuvija.bgtfxdop
    1⤵
    • Requests cell location
    • Loads dropped Dex/Jar
    • Queries information about the current Wi-Fi connection
    • Queries information about the current nearby Wi-Fi networks
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Acquires the wake lock
    • Checks if the internet connection is available
    PID:4297
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.kazuvija.bgtfxdop/files/dex/f9701cd839f479ab.zip --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/com.kazuvija.bgtfxdop/files/dex/oat/x86/f9701cd839f479ab.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4326
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.kazuvija.bgtfxdop/files/dex/wpaLZCRErwZPtcmlk.zip --output-vdex-fd=45 --oat-fd=47 --oat-location=/data/user/0/com.kazuvija.bgtfxdop/files/dex/oat/x86/wpaLZCRErwZPtcmlk.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4350

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.kazuvija.bgtfxdop/databases/privatesms.db
    Filesize

    16KB

    MD5

    3621ce0aa81e37bc5c80e2cf881f1dd0

    SHA1

    00365f82dcada94caea07443656848baf60b3bd9

    SHA256

    8620d146b06037c9dc98b8788c3137344eb9d7e1f8b982ffec4c1d8549f24dd5

    SHA512

    76bb7175359d61ce39e95008269752de25769c4e274b4bcf37b920bc2cbfb680b2a4a88de860ed069655d1f47604638b0301c2c6131107cd929348895d73d2bf

    Download Submit

  • /data/data/com.kazuvija.bgtfxdop/databases/privatesms.db-journal
    Filesize

    512B

    MD5

    4de0e88702a735cd4c22f235df8faa68

    SHA1

    6f1d693c6b7ffbb775f3c808b10816279d7134b0

    SHA256

    1fb22ae9569cb9382040644209c0351231e7a8c93a6d1e9f94b6c97a43eff8d7

    SHA512

    d93cdc489d95812f457a0216ce46ec580654b7e9405e478c6f7a04a1bbae07479c6931a33bae54fcca2b7768567e3e78f7803bb77635b0ab76164093c6b6b8ab

    Download Submit

  • /data/data/com.kazuvija.bgtfxdop/databases/privatesms.db-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/com.kazuvija.bgtfxdop/databases/privatesms.db-wal
    Filesize

    28KB

    MD5

    98f6f4ffb7afa769afe41c7904dbe68f

    SHA1

    53a751de37f98cbe3b22ae143492c731faafdebb

    SHA256

    e9b9e01ebcef7d655fba3431bc7cdaa949e73f484720d45b034996e7ec6121bb

    SHA512

    c778256a311c8b920470e06fc50257dfb7122841378900578dfa2775f52856977e56523da5e3bb1f16e515dee785ba2187a7c2dc36b747a113693e701e8a5eda

    Download Submit

  • /data/data/com.kazuvija.bgtfxdop/files/476426.so
    Filesize

    145KB

    MD5

    4e8f77cd5768d63eebb60e7cbc0440aa

    SHA1

    43fc88de7cdbd6bb30d4d16d0534b96a41ccab5a

    SHA256

    686e1f8998d71c5322a9944e3b36d89837ee501083b8770a42465dcc3e52cb06

    SHA512

    187b0b2980498b93887def826b8ed3ce29c94a7c9d0ebf0c580bd578cd958d88743097ad04fb1bbf292537f197bf2537009241616e08c02a4fbaeb65c59f74c5

    Download Submit

  • /data/data/com.kazuvija.bgtfxdop/files/dex/f9701cd839f479ab.zip
    Filesize

    548KB

    MD5

    d7c7cdb24ad1a91efdac6edac26718d3

    SHA1

    07438995a3849106f48cb921709821b81983da84

    SHA256

    3f586069b749e3d452d983ac682d1172d0008561dab1e89c62a897782da09f38

    SHA512

    19da10353691d6fe1c7fd18b7208833b075d47bbf81f271f57143c819feb98242af3c32b4c0bdb3e4d2d2bdda8560e788cdf212e347df14c3bdd32269cdb11cf

    Download Submit

  • /data/data/com.kazuvija.bgtfxdop/files/dex/pro_btn_bg_animation_img_0.jpg.zip
    Filesize

    8KB

    MD5

    7c20a2b01bf3f9df1f0abb72ebbe82be

    SHA1

    e601b2e41434623edbeece32867517a3cdec5449

    SHA256

    1a10cc3cd2dc21a9be2d2eb758fd19288082619d331245b927d0a9299462ea2e

    SHA512

    3faa6efbd3ebf6e1aff7ebe9958c5f94bbfe9c5ff9e11e9092b1b7301bbe6504c01b922d709303147e213b3cadce8e96462220a1d1bf4d6cdaec95b3f84bb1b4

    Download Submit

  • /data/data/com.kazuvija.bgtfxdop/files/dex/wpaLZCRErwZPtcmlk.zip
    Filesize

    649KB

    MD5

    301af54524d2ec400a5e4b9a00d28f63

    SHA1

    3c7dd366cbb9c2efcdc5f006e0b4067c420aa405

    SHA256

    dda236be4fe731530c6473fb4d526e1bb958745b85cf3a84f8f432c75eb0b879

    SHA512

    71950f93a8ec4ede9f64c03255aa43976a4f44f7adbc304f4ceabd17b2879b36803f33a3baf5f4c3933ac68f357644f2995dd05d49b5927f3c4fdf70b0695462

    Download Submit

  • /data/data/com.kazuvija.bgtfxdop/logs/Sistema1715942651531.log
    Filesize

    15KB

    MD5

    b99441a0f7eac8fd0fa7d775d677f224

    SHA1

    2f0189769503f4407786e69cd7e235cba5f8cb7f

    SHA256

    7a1e61a0a2d83363f45b1ef3d00b224647f38d7fcd7f8c390609595dec0467a5

    SHA512

    4b961acd9f38ad049328d0bd2bc45fb420c90016803ba133c07b4a951a5d31613a110fa11d57105b4c7059d4c748c22ab65c560383b9d0b7d34590edc9bf20d4

    Download Submit

  • /data/user/0/com.kazuvija.bgtfxdop/files/dex/f9701cd839f479ab.zip
    Filesize

    1.3MB

    MD5

    fde32c10e795aae479dfd073dfd253e8

    SHA1

    2e540320a57d56826b05f62d7b17c9fe4607c461

    SHA256

    ba43400e2112282d71246ef4db2c5fb23727547e49465174bba4787238eba389

    SHA512

    68b5fe13c77d0044dd5020d04ca8f00d3c81a2c64eaac085e48ae254f96c4b127c8c9106f27dddfd72bf51ce10887825bacfc58d239d29be0503352040b3009e

    Download Submit

  • /data/user/0/com.kazuvija.bgtfxdop/files/dex/f9701cd839f479ab.zip
    Filesize

    1.3MB

    MD5

    9a650627a2c813a790ba4f8cb0943d4a

    SHA1

    e8d4542a5de038522f06d48de34917466d82e744

    SHA256

    9457d51859c571b49a4c96052ec65d4f830451f6cb47b0300bde0f32bcad05c1

    SHA512

    0715f9be2ed7ca4a2f5376cc996477d2a592ac98a23973cdc2c05f00571a5628fd96ea2b964ff8dff302463725eb82f643b4071ea9b8ee63e763e102bc59ee4e

    Download Submit

  • /data/user/0/com.kazuvija.bgtfxdop/files/dex/wpaLZCRErwZPtcmlk.zip
    Filesize

    1.7MB

    MD5

    f0ed25a659560ad30bcb41fdca914e4d

    SHA1

    c824cdf9c9ba8bcb62d58b48bf3b713bf700a2b3

    SHA256

    cd696ff0fb8ada72f0c70481d3b993d0810497633829ca203f470d387c2a4f8f

    SHA512

    f71b5ba45712ee45aed2b667985160f3e620372229712b202c312ac991886b06291d81c094ca7223a7ac299c06b6599839708c2d2a7ef5221dd2569ccf562d65

    Download Submit

  • /data/user/0/com.kazuvija.bgtfxdop/files/dex/wpaLZCRErwZPtcmlk.zip
    Filesize

    1.7MB

    MD5

    488cfd6c31269f83c81217ad02031279

    SHA1

    e38a209a28c76cca966dfb5a3b7fef8609145928

    SHA256

    7589f9c6eb10f0f495d369889f2e817af256e018c8cc43741793669dcb6ecc76

    SHA512

    177469cf2aa324ff525a8ae9571a1d9e16f3816225f308548f946ac133c4670b90b81503954d2048f4894a4895af6a3d84d75cb47412fcaf9e1e6fe2757363da

    Download Submit