Overview

overview

10

Static

static

6

5b36bb475c...ef.apk

android-9-x86

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5b36bb475c08ed159c3c12821aeeedfa4939f00ee74cdc375d238fdcad9736ef

  • Size

    2.4MB

  • Sample

    240523-cl7e9saa5s

  • MD5

    2c82df9a565970b1b9b8344a0b9b2e64

  • SHA1

    0ec2572885a39693e60fc6d1f9de4885d39e5b6c

  • SHA256

    5b36bb475c08ed159c3c12821aeeedfa4939f00ee74cdc375d238fdcad9736ef

  • SHA512

    3eae95d5b3173a6f94564ed1da5b66af51ae508476d5233e22ae3b604400f1bd35fffe8b62c50dd7fb41a41d95cf9250c2844103a98c9f3be312e9d523594ae5

  • SSDEEP

    49152:nwt4s1tS3eIFS5m0qmvtMRaopu6S8BllTIvhCf3SDNxBe:nwtP+rFMimtMRa8u6znw0IRe

Score
10/10
tispyandroidcollectiondiscoveryevasioninfostealerpersistencespywaretrojan

Malware Config

Targets

    • Target

      5b36bb475c08ed159c3c12821aeeedfa4939f00ee74cdc375d238fdcad9736ef

    • Size

      2.4MB

    • MD5

      2c82df9a565970b1b9b8344a0b9b2e64

    • SHA1

      0ec2572885a39693e60fc6d1f9de4885d39e5b6c

    • SHA256

      5b36bb475c08ed159c3c12821aeeedfa4939f00ee74cdc375d238fdcad9736ef

    • SHA512

      3eae95d5b3173a6f94564ed1da5b66af51ae508476d5233e22ae3b604400f1bd35fffe8b62c50dd7fb41a41d95cf9250c2844103a98c9f3be312e9d523594ae5

    • SSDEEP

      49152:nwt4s1tS3eIFS5m0qmvtMRaopu6S8BllTIvhCf3SDNxBe:nwtP+rFMimtMRa8u6znw0IRe

    Score
    10/10
    tispycollectiondiscoveryevasioninfostealerpersistencespywaretrojan

    • TiSpy

      TiSpy is an Android stalkerware.

      trojaninfostealerspywaretispy

    • Requests cell location

      Uses Android APIs to to get current cell location.

      collectiondiscoveryevasion

    • Checks CPU information

      Checks CPU information which indicate if the system is an emulator.

      evasiondiscovery

    • Checks memory information

      Checks memory information which indicate if the system is an emulator.

      evasiondiscovery

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

      discovery

    • Queries information about the current nearby Wi-Fi networks

      Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

      discovery

    • Queries the mobile country code (MCC)

      discovery

    • Queries the phone number (MSISDN for GSM devices)

      discovery

    • Registers a broadcast receiver at runtime (usually for listening for system events)

      persistence

    • Acquires the wake lock

    • Checks if the internet connection is available

      discovery
    behavioral1

MITRE ATT&CK Mobile v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.