General
-
Target
b335458bdc3904b0cd554cef56bef1f0733d47a1cedef04673a7d33191a5a6e4
-
Size
3.2MB
-
Sample
240604-cw7h1sag75
-
MD5
307762c831d48ee9064ea4d1b4b14ae9
-
SHA1
af2582089739f713972520c340a0327a07e57126
-
SHA256
b335458bdc3904b0cd554cef56bef1f0733d47a1cedef04673a7d33191a5a6e4
-
SHA512
ce7a32b269f9ba5dc4e7d0c08a196288fd29ae29ce6d1b81697ed283d6db28cc0f19c74e47094eb5838544edc63120d52e089296880535be5054aef5787d77d1
-
SSDEEP
98304:JvldRgnTZ5PgQOFByPJsEUrGrLLWeVk/3Cr:P4TZ5VOExUqjWeVk/yr
Malware Config
Extracted
tispy
https://auth.familysafty.com/TiSPY/printIPN.jsp?screen=IntroScreen&model=Pixel+2&osversion=28&deviceid=358240051014041&version=3.2.183_04Jun24&rtype=T
Targets
-
-
Target
b335458bdc3904b0cd554cef56bef1f0733d47a1cedef04673a7d33191a5a6e4
-
Size
3.2MB
-
MD5
307762c831d48ee9064ea4d1b4b14ae9
-
SHA1
af2582089739f713972520c340a0327a07e57126
-
SHA256
b335458bdc3904b0cd554cef56bef1f0733d47a1cedef04673a7d33191a5a6e4
-
SHA512
ce7a32b269f9ba5dc4e7d0c08a196288fd29ae29ce6d1b81697ed283d6db28cc0f19c74e47094eb5838544edc63120d52e089296880535be5054aef5787d77d1
-
SSDEEP
98304:JvldRgnTZ5PgQOFByPJsEUrGrLLWeVk/3Cr:P4TZ5VOExUqjWeVk/yr
Score10/10-
TiSpy
TiSpy is an Android stalkerware.
-
TiSpy payload
-
Requests cell location
Uses Android APIs to to get current cell location.
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Queries information about the current Wi-Fi connection
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries information about the current nearby Wi-Fi networks
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
-
Queries the mobile country code (MCC)
-
Queries the phone number (MSISDN for GSM devices)
-
Registers a broadcast receiver at runtime (usually for listening for system events)
-
Acquires the wake lock
-
Checks if the internet connection is available
-
Reads information about phone network operator.
-