Overview

overview

10

Static

static

6

1f29b4a43b...21.apk

android-9-x86

10

Analysis

  • max time kernel
    47s
  • max time network
    130s
  • platform
    android_x86
  • resource
    android-x86-arm-20240514-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
  • submitted
    28-05-2024 02:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1f29b4a43b7219cb6adfcbae9162916f651f33dcb097fad91999733adaecc821.apk

  • Size

    2.4MB

  • MD5

    cb76f94aa78320a78340a2b368670372

  • SHA1

    fed3861e47201fda164e2c75d0dde23e41b8a27f

  • SHA256

    1f29b4a43b7219cb6adfcbae9162916f651f33dcb097fad91999733adaecc821

  • SHA512

    b6cc901f8b8a81681f2344550e97462a1e148d182c276848c9c2a511a50b4cd23260c6752f907297a145f5acb05993942d61009150aaa5ca00ee85909b9cbb4f

  • SSDEEP

    49152:/bxJIz3SanWKf5Sxw6i4wIR13p8pvoF28PHjs:/bxS2Pfxw6B313Ss2ojs

Score
10/10
tispycollectiondiscoveryevasioninfostealerpersistencespywaretrojan

Malware Config

Extracted

Family

tispy

C2

https://brunoespiao.com.br/esp/appprofile.jsp

Signatures

  • TiSpy

    TiSpy is an Android stalkerware.

    trojaninfostealerspywaretispy
  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

    collectiondiscoveryevasion
  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

    evasiondiscovery
  • Checks memory information 2 TTPs 1 IoCs

    Checks memory information which indicate if the system is an emulator.

    evasiondiscovery
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    discovery
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Acquires the wake lock 1 IoCs
  • Checks if the internet connection is available 1 TTPs 1 IoCs
    discovery

Processes

  • com.hpijayax.mmmqojfl
    1⤵
    • Requests cell location
    • Checks CPU information
    • Checks memory information
    • Loads dropped Dex/Jar
    • Queries information about the current Wi-Fi connection
    • Queries information about the current nearby Wi-Fi networks
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Acquires the wake lock
    • Checks if the internet connection is available
    PID:4209
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.hpijayax.mmmqojfl/files/dex/CBFpUUKjQSrkuSlPK.zip --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/com.hpijayax.mmmqojfl/files/dex/oat/x86/CBFpUUKjQSrkuSlPK.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4236

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.hpijayax.mmmqojfl/databases/privatesms.db
    Filesize

    16KB

    MD5

    3621ce0aa81e37bc5c80e2cf881f1dd0

    SHA1

    00365f82dcada94caea07443656848baf60b3bd9

    SHA256

    8620d146b06037c9dc98b8788c3137344eb9d7e1f8b982ffec4c1d8549f24dd5

    SHA512

    76bb7175359d61ce39e95008269752de25769c4e274b4bcf37b920bc2cbfb680b2a4a88de860ed069655d1f47604638b0301c2c6131107cd929348895d73d2bf

    Download Submit

  • /data/data/com.hpijayax.mmmqojfl/databases/privatesms.db-journal
    Filesize

    512B

    MD5

    0b23b639db8591e15b7e850d7591a68b

    SHA1

    f558bb5362bcf1b3ae0715581f6f6dc8f48dc226

    SHA256

    ab0118b036dd070c40bc82c01e8370a12fb7ef97c624015eb7f4c20baf9c4d73

    SHA512

    699afcea57ba41173c148ec3ae81f4c3ea2ed61153ddc4b57866e200953098a96f88e3c4b789e9f5efc2f81ac5913995b8be7d5908797f53bfd6c0991666cd03

    Download Submit

  • /data/data/com.hpijayax.mmmqojfl/databases/privatesms.db-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/com.hpijayax.mmmqojfl/databases/privatesms.db-wal
    Filesize

    28KB

    MD5

    66ef28819a0afd456f66f341e155d993

    SHA1

    ad116727be613dfff39be2267e7da6e2825da854

    SHA256

    8669d40e6dd9f2657694454ad62ef7b2d71e11f98c66ffe9506e365b8f775b81

    SHA512

    4825d677d6d25ed845f0d6253193e775a8c26fb0954d4cc8732c0c9bfdd1e2e8cc2b5c99eb885c08584b15f32ce3114ad950b8b20bb979c031cb6959c7b2ec16

    Download Submit

  • /data/data/com.hpijayax.mmmqojfl/files/476903.so
    Filesize

    145KB

    MD5

    d0606a0e622c83f113dc748448f79034

    SHA1

    a6b3f142a2e6cabf61f03a0e211e3e3e5e003807

    SHA256

    8dd2c70189724ca19af1837be688b9185fc20046cb2ac751c97e07e67f9b2b35

    SHA512

    6fee06da844e134f3e798ce3b56cef683d281775374a448cdac29a770ef45c9f57a486e6d7cd81e91f62d19a4d2354f5e4ab99674b2049a6897e4d4740632898

    Download Submit

  • /data/data/com.hpijayax.mmmqojfl/files/Background/black-wallpapers-for-smartphone-102-700x990.jpg
    Filesize

    3KB

    MD5

    4651e1fd4234ee465d6fe6349f2e178d

    SHA1

    1a86fbd1edd11fa983155172d484959760c1fc0e

    SHA256

    725ccd777793d5b05707aa28438b58a021c15b0f9cf47ace83aada6ea93a921b

    SHA512

    6962571dbc91930f4624e3c80e1ab7a5ac23f8f13ccb4587d1619c5d5f8e9731974ae954e8b9ba2e86084f8e797c6a9d49267667a98e47bd7af9e0af29686b0c

    Download Submit

  • /data/data/com.hpijayax.mmmqojfl/files/dex/CBFpUUKjQSrkuSlPK.zip
    Filesize

    531KB

    MD5

    115974686fc5ede31473eeebac87a5d2

    SHA1

    9a47b476376a27e87264c289cba29db8f2cf2e9a

    SHA256

    7e3503373f51e9ab328440dec956b795b38f3cbcfe5499b6cb3e35e17c055a4b

    SHA512

    f649331c32b82d274bfb571412009e84fd09ced140f08ed20cdd507777cb285aa6f8aac460198beaa3cd8b3a3dd7c38820bf163df49d7699158937b3d29491a6

    Download Submit

  • /data/data/com.hpijayax.mmmqojfl/logs/Sistema1716861880050.log
    Filesize

    17KB

    MD5

    d30409e977f66b9213aa6a5a83849c18

    SHA1

    714018226a4cfa12f21e287ff5af17101bbb182b

    SHA256

    38145ccb815f9af43540f4b85f7196091ec77e4f169979dcf460b105228f7719

    SHA512

    051f831eeb8098353ed9cb1046baa01fea3c80c6021ab7365cbb822b045c3a0000785a18c065096697b4f87159c6b4a40edd2e2bbfe0dcb0eeeb3621b19fc65b

    Download Submit

  • /data/user/0/com.hpijayax.mmmqojfl/files/dex/CBFpUUKjQSrkuSlPK.zip
    Filesize

    1.3MB

    MD5

    9af0477e1d287d277bca5dc425f20d2e

    SHA1

    faf95c7d607281e8f50fd44c62c6dd24101afa71

    SHA256

    1224c2dff425de8c113c45f84dadf1056131592d663e753960d78d215704092d

    SHA512

    fab492dd3212e223f61478ff7adfce3db7bc18a917fefc4ba6bb47b495f2c1d20ace03dcc78799bfd9940e6ea64e93caeff6b944bb4b246f2ad66a07b5812a20

    Download Submit

  • /data/user/0/com.hpijayax.mmmqojfl/files/dex/CBFpUUKjQSrkuSlPK.zip
    Filesize

    1.3MB

    MD5

    c05fad63aaa1ac7f7dbadd203a377c1b

    SHA1

    d10cd581a618f9f911333f75dfb63313c581af8a

    SHA256

    7075f5ca6bb189578d7b631102a3d83fb112491c5f4fd79a627171de00d8850a

    SHA512

    11f99289f412d97f31f9b23a4996f69031c6ebc4d2a95e6a99a06cb8c4056e1a4f91332a558df6d94fa5ab98fb0b2bf7bdd294f87da0f6b7abf997b495b1b1db

    Download Submit