Overview

overview

10

Static

static

6

8cf8e9710b...11.apk

android-9-x86

10

Analysis

  • max time kernel
    47s
  • max time network
    130s
  • platform
    android_x86
  • resource
    android-x86-arm-20240514-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
  • submitted
    22-05-2024 01:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8cf8e9710be9a7e2655badc9a43135f76dc9dddd8a9eeba0b92611e381203611.apk

  • Size

    3.0MB

  • MD5

    82ef343412ba55c99cca1eb038946c21

  • SHA1

    4c055e05dc6a1648316e464ba9316c2309118cd4

  • SHA256

    8cf8e9710be9a7e2655badc9a43135f76dc9dddd8a9eeba0b92611e381203611

  • SHA512

    7081a040c219249c5b0dedbf108d25e615821bba4bfd3f5918916def093bb6c852b347e87c8cfa6a9f1b2a978bdbf8283cb4c88a18562f707c225b59ab74bb6e

  • SSDEEP

    98304:+4pm83M0jDsVhPpsDh1C/iRmPWkrqcBI4I2jLa:Jdc0jQVhGDaiRmOkmvQu

Score
10/10
tispycollectiondiscoveryevasioninfostealerpersistencespywaretrojan

Malware Config

Signatures

  • TiSpy

    TiSpy is an Android stalkerware.

    trojaninfostealerspywaretispy
  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

    collectiondiscoveryevasion
  • Loads dropped Dex/Jar 1 TTPs 6 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    discovery
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Acquires the wake lock 1 IoCs
  • Checks if the internet connection is available 1 TTPs 1 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery

Processes

  • com.wuppquad.qwcdbmhl
    1⤵
    • Requests cell location
    • Loads dropped Dex/Jar
    • Queries information about the current Wi-Fi connection
    • Queries information about the current nearby Wi-Fi networks
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Acquires the wake lock
    • Checks if the internet connection is available
    PID:4251
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.wuppquad.qwcdbmhl/files/dex/374121b8f4fdc26f.zip --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/com.wuppquad.qwcdbmhl/files/dex/oat/x86/374121b8f4fdc26f.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4278
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.wuppquad.qwcdbmhl/files/dex/DNsygzydYowxsDAMk.zip --output-vdex-fd=43 --oat-fd=45 --oat-location=/data/user/0/com.wuppquad.qwcdbmhl/files/dex/oat/x86/DNsygzydYowxsDAMk.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4305

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.wuppquad.qwcdbmhl/databases/privatesms.db
    Filesize

    16KB

    MD5

    3621ce0aa81e37bc5c80e2cf881f1dd0

    SHA1

    00365f82dcada94caea07443656848baf60b3bd9

    SHA256

    8620d146b06037c9dc98b8788c3137344eb9d7e1f8b982ffec4c1d8549f24dd5

    SHA512

    76bb7175359d61ce39e95008269752de25769c4e274b4bcf37b920bc2cbfb680b2a4a88de860ed069655d1f47604638b0301c2c6131107cd929348895d73d2bf

    Download Submit

  • /data/data/com.wuppquad.qwcdbmhl/databases/privatesms.db-journal
    Filesize

    512B

    MD5

    5df149f11effcb7cc84362395070e16f

    SHA1

    24c8a89a4d17276fbb8f261efeb640b1864049a5

    SHA256

    20dcf993bd4fc022b019b4cf0fca4a669ce69511f5f400c42306beb0e5907886

    SHA512

    3cb853891f07ca36a2f80af6c2f9e4b2472e7ff26434d01b593fe86c8f43adcfdc13337dda30b391cc19c475836617d0925008cefc9fecda0460e30fe43c2a01

    Download Submit

  • /data/data/com.wuppquad.qwcdbmhl/databases/privatesms.db-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/com.wuppquad.qwcdbmhl/databases/privatesms.db-wal
    Filesize

    28KB

    MD5

    306aa754630d13f2805cebd425ee9310

    SHA1

    19988fee21a7a8d1908a9191e13177534ac171a8

    SHA256

    851a2a87e692fbe51cb94dd9b0907f5fa34f104663d04fd504367bf54c6b8905

    SHA512

    3b997301921e947a6a0bc13f50fa26b4daccd7035bfaa9f29e7c1b93bc66bc3b670a25c9704b21487ffffa2b017b4d18d31d193f122534dd65161e81056ec860

    Download Submit

  • /data/data/com.wuppquad.qwcdbmhl/files/476715.so
    Filesize

    145KB

    MD5

    f02cfa4c095a42b27d287d7b141beea4

    SHA1

    c9fb42c9641ddd8f09947f4679773e7702f30cc7

    SHA256

    6114e1c2091c66002c0e7be2693c5058931dfb28c3a0468d6818bd0f97d966a4

    SHA512

    1e56eccea6b252fbf07acfa153da4b3f9ef429bfaf35a6af10a3334f2e25a572f33f4443946263a542d1f0d267eda56d6187fbbaa93562c4c8841dd43f191da4

    Download Submit

  • /data/data/com.wuppquad.qwcdbmhl/files/dex/374121b8f4fdc26f.zip
    Filesize

    547KB

    MD5

    9514192fd443c898e256dbf9ac2368fe

    SHA1

    9d3aa86fc5d3f95c7e65d97d037185b177ba3d68

    SHA256

    9e651588159c687a7c1aa136e604880c2fe031158cb295af8de4b58075687e2b

    SHA512

    6b92d6c9bca7376ed4c197d043ad54081cc37ce0289909ef962b74852cdaf6e7e03c16664e4e4d6fc3d70ebbea0f15dfc6ac6ca9b3a9808671e402e8cb4e600f

    Download Submit

  • /data/data/com.wuppquad.qwcdbmhl/files/dex/DNsygzydYowxsDAMk.zip
    Filesize

    649KB

    MD5

    e6f8db72e6501faa93e0e396f87ddbb6

    SHA1

    1aa4e455fc6910c2bb32b7ebac8d870817a09d09

    SHA256

    7f164c0c680fb31fef9d6c841e5d1b65ea3e861976a8bb49a4fae6625532b927

    SHA512

    a4039beb16b45f76d1633d12b3d445cecd066091fb2c2a1ed366790feb7e62e8c3e1dad70fcef79c7fa2fe88daca491b39cec682bf618b10c26df69e0bb331be

    Download Submit

  • /data/data/com.wuppquad.qwcdbmhl/files/dex/pro_btn_bg_animation_img_0.jpg.zip
    Filesize

    8KB

    MD5

    7c20a2b01bf3f9df1f0abb72ebbe82be

    SHA1

    e601b2e41434623edbeece32867517a3cdec5449

    SHA256

    1a10cc3cd2dc21a9be2d2eb758fd19288082619d331245b927d0a9299462ea2e

    SHA512

    3faa6efbd3ebf6e1aff7ebe9958c5f94bbfe9c5ff9e11e9092b1b7301bbe6504c01b922d709303147e213b3cadce8e96462220a1d1bf4d6cdaec95b3f84bb1b4

    Download Submit

  • /data/data/com.wuppquad.qwcdbmhl/logs/Sistema1716343075992.log
    Filesize

    15KB

    MD5

    c93a8bbd9d2ac06f794936f8c48e8697

    SHA1

    aae1bda6f2e2dd6e42fe9f4d35026a0b85f1060e

    SHA256

    e9781af8af97ebe4eac35d7f06e9a65a1e9d4cf269f5721e5c866654b4dd0ba2

    SHA512

    b00c1cac052d3d1fb4e18ca7f414b086fc8c1ab6065527a675cae9e4e62f88dcf59e1769fee82acd82b84eb34954c4e32459b8e76167c557770c87556095d903

    Download Submit

  • /data/user/0/com.wuppquad.qwcdbmhl/files/dex/374121b8f4fdc26f.zip
    Filesize

    1.3MB

    MD5

    65992fbc2a1525309951b31b46a06520

    SHA1

    46b41ec9017c65db43446674f2338521e444e162

    SHA256

    74884adb2b5a467b30a0ab095f501e750be0c388b444b22b628471c7c4e08e7a

    SHA512

    3920decabfe0b5c744dae9fa94e50e14b1950b7c65e345350d5759648b932e69e35478930765615c4432646e776f59b6d45883d32d4e19711c28c03f0da126b7

    Download Submit

  • /data/user/0/com.wuppquad.qwcdbmhl/files/dex/374121b8f4fdc26f.zip
    Filesize

    1.3MB

    MD5

    63945b00ff5504117ec1bd44b418802d

    SHA1

    971877266a32cb1d4bf7066736d31be6b9e62900

    SHA256

    dac405c12926efcf21467adcd384dea7965e16b9f76bc15a9386e92779b77533

    SHA512

    ef4dcd6a6577147a26f9baa9a61ee597db0393ae5d44286be9a679cf937efac4aec696bae1fef0b3041e91ecbb38e96a805582a7eed3515c6891c93c09aafe69

    Download Submit

  • /data/user/0/com.wuppquad.qwcdbmhl/files/dex/DNsygzydYowxsDAMk.zip
    Filesize

    1.7MB

    MD5

    5a8f42acba8d2298b165d12448e46742

    SHA1

    02e671896fe4cd7c486ae3114389abe8e7db5800

    SHA256

    3845be9cd658586b5c3ec6edeec58592a8c3609e6a06514dc41f4da2d8d1e5b7

    SHA512

    4be43e7e573e54a51623ca6793e4d9e121ba6f9d4d3444261117dd573bd8a0f22a604f82e34062a65a72df170cd2d9b123147cb375bb4fec0e1e3a295bdd5a3c

    Download Submit

  • /data/user/0/com.wuppquad.qwcdbmhl/files/dex/DNsygzydYowxsDAMk.zip
    Filesize

    1.7MB

    MD5

    5849790ef7965d28be8b7be20ab8da7c

    SHA1

    25d73a2192f66da9408cb5cb7e607e0b816728bc

    SHA256

    55fc2c47034ee35c4c1677a3ac9531fc1592ace6cde700372eb4c094c084986e

    SHA512

    b15a0209aaccc13f139d929a794b414da9e43b6c9e6d74680cf372008a2b5d8b21315479f01f23a232881ad5a98b580cd0cdddac0ed69debcf5af7d462b39107

    Download Submit