General

  • Target

    8f8806f6f242381ef3625fc018faf6e9a2407b5ed974f589f4bdcabc8363294f

  • Size

    2.4MB

  • Sample

    240530-cgfrrabe76

  • MD5

    bbf5247392810af246310f03a046dcda

  • SHA1

    d29bfc7cf5f00c18f22db78d60b6313770fb0839

  • SHA256

    8f8806f6f242381ef3625fc018faf6e9a2407b5ed974f589f4bdcabc8363294f

  • SHA512

    2a8ba1f8e36e1b5fc10b51c2e044cb37471fd90a67723cd30cc50df0eeb594ca49cd0fe3af368465bd7416727b101305d18d3168aa5a15f5b1e4f3612c522862

  • SSDEEP

    49152:x6L4JMWSxjhXm4CpiFGdyAaSblo/jwnVFoQkaSjvu0:x60qx9XmL+GdLewn/oxu0

Malware Config

Extracted

Family

tispy

C2

https://brunoespiao.com.br/esp/appprofile.jsp

Targets

    • Target

      8f8806f6f242381ef3625fc018faf6e9a2407b5ed974f589f4bdcabc8363294f

    • Size

      2.4MB

    • MD5

      bbf5247392810af246310f03a046dcda

    • SHA1

      d29bfc7cf5f00c18f22db78d60b6313770fb0839

    • SHA256

      8f8806f6f242381ef3625fc018faf6e9a2407b5ed974f589f4bdcabc8363294f

    • SHA512

      2a8ba1f8e36e1b5fc10b51c2e044cb37471fd90a67723cd30cc50df0eeb594ca49cd0fe3af368465bd7416727b101305d18d3168aa5a15f5b1e4f3612c522862

    • SSDEEP

      49152:x6L4JMWSxjhXm4CpiFGdyAaSblo/jwnVFoQkaSjvu0:x60qx9XmL+GdLewn/oxu0

    • TiSpy

      TiSpy is an Android stalkerware.

    • Requests cell location

      Uses Android APIs to to get current cell location.

    • Checks CPU information

      Checks CPU information which indicate if the system is an emulator.

    • Checks memory information

      Checks memory information which indicate if the system is an emulator.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Queries information about the current nearby Wi-Fi networks

      Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    • Queries the mobile country code (MCC)

    • Queries the phone number (MSISDN for GSM devices)

    • Registers a broadcast receiver at runtime (usually for listening for system events)

    • Acquires the wake lock

    • Checks if the internet connection is available

    • Reads information about phone network operator.

MITRE ATT&CK Matrix

Tasks