tispy | 2dbd0d8f4b007f7c3ffafbda0d408e5651b5317b0b18e9c4bafa715f42085cf2

Analysis

max time kernel
47s
max time network
148s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
26/05/2024, 01:03

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2dbd0d8f4b007f7c3ffafbda0d408e5651b5317b0b18e9c4bafa715f42085cf2.apk
Size

2.4MB
MD5

56245b2bf25744cbf979246f8e4f7671
SHA1

9044023a96f89ad54d01ba7cd7f7ab5fbd5f2fe5
SHA256

2dbd0d8f4b007f7c3ffafbda0d408e5651b5317b0b18e9c4bafa715f42085cf2
SHA512

a4b1032e2f95dae05759d1595a1701570f139d247f185f07c83815d1938125039cb8ed54336317fdc4a11e8992a525bbc3f81cb42fb5732fc5c34991a6670129
SSDEEP

49152:QzMRUdhRSEJiI8LxMh1pcuqCM5tnDs1VH6ut46SQmPJR2Po1:yMmoEJiHLMzcR7FD0Vt4+mHQu

Score

10^/10

tispy collection discovery evasion infostealer persistence spyware trojan

Malware Config

Extracted

Family

tispy

https://brunoespiao.com.br/esp/appprofile.jsp

Signatures

TiSpy
TiSpy is an Android stalkerware.
trojan infostealer spyware tispy

Requests cell location 2 TTPs 1 IoCs

Uses Android APIs to to get current cell location.

collection discovery evasion

Location Tracking

T1430

Geofencing

T1627.001

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.fjgtewtb.mrihcmuf

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.fjgtewtb.mrihcmuf

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.fjgtewtb.mrihcmuf

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.fjgtewtb.mrihcmuf/files/dex/QyolpGiTXBRpUSAKQ.zip	4237	com.fjgtewtb.mrihcmuf

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.fjgtewtb.mrihcmuf

Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.fjgtewtb.mrihcmuf

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.fjgtewtb.mrihcmuf

Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.fjgtewtb.mrihcmuf

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.fjgtewtb.mrihcmuf

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.fjgtewtb.mrihcmuf

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

com.fjgtewtb.mrihcmuf
1⤵
- Requests cell location
- Checks CPU information
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
PID:4237

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Execution Guardrails

T1627

Geofencing

T1627.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Location Tracking

T1430

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.fjgtewtb.mrihcmuf/databases/privatesms.db

Filesize
16KB

MD5
3621ce0aa81e37bc5c80e2cf881f1dd0

SHA1
00365f82dcada94caea07443656848baf60b3bd9

SHA256
8620d146b06037c9dc98b8788c3137344eb9d7e1f8b982ffec4c1d8549f24dd5

SHA512
76bb7175359d61ce39e95008269752de25769c4e274b4bcf37b920bc2cbfb680b2a4a88de860ed069655d1f47604638b0301c2c6131107cd929348895d73d2bf

Download Submit
/data/data/com.fjgtewtb.mrihcmuf/databases/privatesms.db-journal

Filesize
512B

MD5
7695ac4fad33f1f66ebf1d9fb36583a0

SHA1
a66773faf6b66a90dd5a8d59e64ab598bb36283f

SHA256
7442071976f7b4040eb26866ba0e6ceccdfd43703d031298af67e9fa47e2f1c2

SHA512
c24e420d4cc5208c7ce9729354219c1784a6c7da4cd86efe99e93c0ddad412552d4fb31cd112f040736665f4cac2b4b2d96cbce7ff53ca58ee48623ecdc1919f

Download Submit
/data/data/com.fjgtewtb.mrihcmuf/databases/privatesms.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.fjgtewtb.mrihcmuf/databases/privatesms.db-wal

Filesize
28KB

MD5
cde7841166aedf3d3dd584de1bfdcc4f

SHA1
44efd0f3ce5955de52b7142ce0ba35411fbb715d

SHA256
93cd777037e04d808ec11dff081c682f9c7507488b10a08d2df3388ccc96fe11

SHA512
516fb2ec338bd94744b7a2836ccf0adaee6ce31ff513f401c3c620d4194fbd8c7c8b1b8760f0bb8bfdefad14f1a0a04a0651ec13b53f95d38b1780bce9df3f72

Download Submit
/data/data/com.fjgtewtb.mrihcmuf/files/476831.so

Filesize
145KB

MD5
06e08756f2ae9163edbb65cca68e56e7

SHA1
b0bc7c85f9959652beb073a9ec470e7452b040a5

SHA256
6bf0a4bc91d996882243ba0f1bf4d4975e985e6b55e089974cdc243616dbce0b

SHA512
b2a7d3884b0d6535300ede7cb445e02d1ad10ef7f12bde51714d6580bf12ce1328974c58ebd21beef935fa601011aafd360a6533cd9568c845ec3de32b589e49

Download Submit
/data/data/com.fjgtewtb.mrihcmuf/files/Background/black-wallpapers-for-smartphone-102-700x990.jpg

Filesize
3KB

MD5
4651e1fd4234ee465d6fe6349f2e178d

SHA1
1a86fbd1edd11fa983155172d484959760c1fc0e

SHA256
725ccd777793d5b05707aa28438b58a021c15b0f9cf47ace83aada6ea93a921b

SHA512
6962571dbc91930f4624e3c80e1ab7a5ac23f8f13ccb4587d1619c5d5f8e9731974ae954e8b9ba2e86084f8e797c6a9d49267667a98e47bd7af9e0af29686b0c

Download Submit
/data/data/com.fjgtewtb.mrihcmuf/files/dex/QyolpGiTXBRpUSAKQ.zip

Filesize
529KB

MD5
766ff45d3ea77e48cc83e90cbc943a42

SHA1
790a8521d2bb66651de5bd8cd7489983d9fac0d1

SHA256
9a626f078dc51a75670cd09c70a17a8aea4347eabc65f400f7ec8f7b825ad526

SHA512
9fe4d96e1bc3a9ed523eac7bae51912c54484aaae86aa2dce52d67acbf254ef9438255087f86f5333806d9e5be46e8e21e2286a3c9d396c9139d8f0f62cb84f2

Download Submit
/data/data/com.fjgtewtb.mrihcmuf/logs/Sistema1716685395687.log

Filesize
17KB

MD5
1a5a8bf623f719836b225d859a0a0ef8

SHA1
7fb367193bb796ad434fea3699f7476b98eaf056

SHA256
71cca57f0ec4f30ce8eb4c8e54347c1b1df71cbd1185e6fd4a02c715fead7880

SHA512
be0ffdf6f962fd656f87e3ea51f0bfd387e2785a2fe597757b7419f8dfd30041ffb36ed2795efd778ced4001d51966fb1e3c7e5720d47c4e57398e5d84499081

Download Submit
/data/user/0/com.fjgtewtb.mrihcmuf/files/dex/QyolpGiTXBRpUSAKQ.zip

Filesize
1.3MB

MD5
0b8e95d31856130f706ce73b520944cc

SHA1
28a8a5da69ae443ead9ab9f51f10231bded2dbba

SHA256
8ede303a6525412c6c3ca3224fb759a6bc80f7976125ecf445740486e94fdf09

SHA512
8a48787bde07935e8daf6e601a2b56a74c12fff14da9e1d25ab77f60b1e5f7abc3e732505c5e1d61c707e3eee057d3eeda80908501d014f06fc7104472f9daa5

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads