tispy | a93fcc8a31a544d951efe280e10ac1d89c80cd93ccb7ceb83f7f5d60f9b3ecb6

Analysis

max time kernel
28s
max time network
138s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
24-05-2024 13:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a93fcc8a31a544d951efe280e10ac1d89c80cd93ccb7ceb83f7f5d60f9b3ecb6.apk
Size

2.4MB
MD5

3a868300c9e8ce297a5b5e2dd45c6390
SHA1

734085623c18f941d2a16f22586df0b00044e364
SHA256

a93fcc8a31a544d951efe280e10ac1d89c80cd93ccb7ceb83f7f5d60f9b3ecb6
SHA512

af418e646887118962fb3444a9aba4cec559861f2c69fab56dd28a50e78e9f03f9b041a666322b5cf568550a0855f9790a6ead70528321cac927236e8063094f
SSDEEP

49152:pVc4TA/SkVYiNFR4LeRy4yS8/QBkI+kKUy3emm9:pVvbk+3LeRiVYFzKf3o

Score

10^/10

tispy collection discovery evasion infostealer persistence spyware trojan

Malware Config

Extracted

Family

tispy

https://brunoespiao.com.br/esp/appprofile.jsp

Signatures

TiSpy
TiSpy is an Android stalkerware.
trojan infostealer spyware tispy
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
collection discovery evasion

Location Tracking
T1430

Geofencing
T1627.001

Processes:

com.jkyxgbcs.xbbkaoib

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.jkyxgbcs.xbbkaoib
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.jkyxgbcs.xbbkaoib

description ioc process

File opened for read /proc/cpuinfo com.jkyxgbcs.xbbkaoib
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.jkyxgbcs.xbbkaoib

description ioc process

File opened for read /proc/meminfo com.jkyxgbcs.xbbkaoib
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
evasion

Download New Code at Runtime
T1407

Processes:

com.jkyxgbcs.xbbkaoib

ioc pid process

/data/user/0/com.jkyxgbcs.xbbkaoib/files/dex/cbaGszwzycYFsOooP.zip 4200 com.jkyxgbcs.xbbkaoib
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

System Network Connections Discovery
T1421

Processes:

com.jkyxgbcs.xbbkaoib

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.jkyxgbcs.xbbkaoib
Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
discovery

System Network Connections Discovery
T1421

Processes:

com.jkyxgbcs.xbbkaoib

description ioc process

Framework service call android.net.wifi.IWifiManager.getScanResults com.jkyxgbcs.xbbkaoib
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

System Network Configuration Discovery
T1422

Processes:

com.jkyxgbcs.xbbkaoib

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.jkyxgbcs.xbbkaoib
Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

com.jkyxgbcs.xbbkaoib

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.jkyxgbcs.xbbkaoib
Acquires the wake lock 1 IoCs

Processes:

com.jkyxgbcs.xbbkaoib

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.jkyxgbcs.xbbkaoib
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.jkyxgbcs.xbbkaoib

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.jkyxgbcs.xbbkaoib
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.jkyxgbcs.xbbkaoib

description	ioc	process
File opened for read	/proc/cpuinfo	com.jkyxgbcs.xbbkaoib

description	ioc	process
File opened for read	/proc/meminfo	com.jkyxgbcs.xbbkaoib

ioc	pid	process
/data/user/0/com.jkyxgbcs.xbbkaoib/files/dex/cbaGszwzycYFsOooP.zip	4200	com.jkyxgbcs.xbbkaoib

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.jkyxgbcs.xbbkaoib

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.jkyxgbcs.xbbkaoib

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.jkyxgbcs.xbbkaoib

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.jkyxgbcs.xbbkaoib

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.jkyxgbcs.xbbkaoib

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.jkyxgbcs.xbbkaoib

com.jkyxgbcs.xbbkaoib
1⤵
- Requests cell location
- Checks CPU information
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
PID:4200

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Execution Guardrails

T1627

Geofencing

T1627.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Location Tracking

T1430

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.jkyxgbcs.xbbkaoib/databases/privatesms.db

Filesize
16KB

MD5
3621ce0aa81e37bc5c80e2cf881f1dd0

SHA1
00365f82dcada94caea07443656848baf60b3bd9

SHA256
8620d146b06037c9dc98b8788c3137344eb9d7e1f8b982ffec4c1d8549f24dd5

SHA512
76bb7175359d61ce39e95008269752de25769c4e274b4bcf37b920bc2cbfb680b2a4a88de860ed069655d1f47604638b0301c2c6131107cd929348895d73d2bf

Download Submit
/data/data/com.jkyxgbcs.xbbkaoib/databases/privatesms.db-journal

Filesize
512B

MD5
03c1ae74947a281ff92b04f6795299e3

SHA1
d9901083d42450f192cd72f626c47ce13da83731

SHA256
e16671b6a551522866712f88c730b700a1aad7423552f7b7242bdc4da5683b8d

SHA512
a0a63177df2735f2778960ab87daa6ac3caccdb0c0a318008b522e329384befccfcd10472a004f1d088005f32c651e2cb4be8f6c0272c5e361595f95e20883b3

Download Submit
/data/data/com.jkyxgbcs.xbbkaoib/databases/privatesms.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.jkyxgbcs.xbbkaoib/databases/privatesms.db-wal

Filesize
28KB

MD5
438948090a13dff75e22cf0f3da48e11

SHA1
a539198fb46d00c845c47a9294c5bbf5a9b37ea2

SHA256
5f8829ff414e4e8dad23d5ac7f4fb0eadbc38f202acf576698b91ae6738162fd

SHA512
bd172d402f89208e310789078e08f12b76ea895ad8bfb0fbb3963dc361f0a940d6fef03566be4996d155d1838f97a8708d0a4fbf47a0e79e65a896e03d3855f3

Download Submit
/data/data/com.jkyxgbcs.xbbkaoib/files/476783.so

Filesize
145KB

MD5
fae18a3ba616c445ba116b79915ac95b

SHA1
6197020ed15542472dfadaacf89d0e6299706eb2

SHA256
9f79b3aafaf5fe59d223bb4da50faad03fd483a6709f11525928f33af4f7323d

SHA512
b3c0ce11b2e22a7edc5084f883f0bb327e9177e6e6c671a153e5548222fefc2047570396ec4e7fafb6d530c00d5662e9ae9995c7fba718c3e297f1eb259aee82

Download Submit
/data/data/com.jkyxgbcs.xbbkaoib/files/Background/black-wallpapers-for-smartphone-102-700x990.jpg

Filesize
3KB

MD5
4651e1fd4234ee465d6fe6349f2e178d

SHA1
1a86fbd1edd11fa983155172d484959760c1fc0e

SHA256
725ccd777793d5b05707aa28438b58a021c15b0f9cf47ace83aada6ea93a921b

SHA512
6962571dbc91930f4624e3c80e1ab7a5ac23f8f13ccb4587d1619c5d5f8e9731974ae954e8b9ba2e86084f8e797c6a9d49267667a98e47bd7af9e0af29686b0c

Download Submit
/data/data/com.jkyxgbcs.xbbkaoib/files/dex/cbaGszwzycYFsOooP.zip

Filesize
532KB

MD5
d78a3676281889e8fb2da9659a938bd5

SHA1
201d775a87b0219074325d8ae8e28883584c655f

SHA256
fbcbc6920ecf64aec051d3e7714e2ee2f96279396e25f2266d5dc653a30cea19

SHA512
2206eb460661a55bfa6d3beb280bfb303c3d5c93a1582cee3588803c3b8d54953d50763aad799de438e13423069a058a902d654ded0a7c7660f39cebe508f4ec

Download Submit
/data/data/com.jkyxgbcs.xbbkaoib/logs/Sistema1716558818228.log

Filesize
17KB

MD5
4f623ca3ef165863443bdc1c4b56acc9

SHA1
3779c566de72fca1d97316efd62c73124bfbd58e

SHA256
9c4f232f9a72b3a9b479c1e7f18df5da6960e314050292ab858410a0cc261c08

SHA512
69a48f3bec9967a315c1192e9b7bd1683d4fa8ed8118bfc4b145fa2ce49fdd8d574e76b96e5ee4145af0f005938b0c66975599c8051d593f264ca0f84128ee0d

Download Submit
/data/user/0/com.jkyxgbcs.xbbkaoib/files/dex/cbaGszwzycYFsOooP.zip

Filesize
1.3MB

MD5
ebd9e6899b4c8ecce07155bc54366774

SHA1
18e2ec50c357cf14571166425b8eaa6eb63075e3

SHA256
b33b57961f8d2369daac1c536feabd24ae0ad189f3b7b786ef913f7a52593237

SHA512
c9e30d7ec6979ce8781b1b990513ff9aa7a50b230482c00e833ce455a91250374b8d951e41b8f32b25319ed00574235566082d958d1ec7ba80732be1bcf12ddb

Download Submit