General

  • Target

    8be55a75729fcdd6015d687e5ff581ad72ac5f866857ef54e08c8c168ea84197

  • Size

    2.4MB

  • Sample

    240605-cq9q7acb48

  • MD5

    5e23e2a6a5665457bda500afe88247c4

  • SHA1

    0054929a694b7f979a317dd16f60f701885af211

  • SHA256

    8be55a75729fcdd6015d687e5ff581ad72ac5f866857ef54e08c8c168ea84197

  • SHA512

    dfbb5e4bd83944d18c09c53767999dff114be86c5ba0caadfc1652f33534369c66db5c4c0d617124f89bf959c3f8afb3f1e3648e1b1ad58ccfd35b311004102a

  • SSDEEP

    49152:EkScFDS4CcLa8wSg7dT6k84XB+oM2ogUhO2Xt0x:EkJ04PmBSg7z84XW2ogcz0

Malware Config

Extracted

Family

tispy

C2

https://brunoespiao.com.br/esp/appprofile.jsp

Targets

    • Target

      8be55a75729fcdd6015d687e5ff581ad72ac5f866857ef54e08c8c168ea84197

    • Size

      2.4MB

    • MD5

      5e23e2a6a5665457bda500afe88247c4

    • SHA1

      0054929a694b7f979a317dd16f60f701885af211

    • SHA256

      8be55a75729fcdd6015d687e5ff581ad72ac5f866857ef54e08c8c168ea84197

    • SHA512

      dfbb5e4bd83944d18c09c53767999dff114be86c5ba0caadfc1652f33534369c66db5c4c0d617124f89bf959c3f8afb3f1e3648e1b1ad58ccfd35b311004102a

    • SSDEEP

      49152:EkScFDS4CcLa8wSg7dT6k84XB+oM2ogUhO2Xt0x:EkJ04PmBSg7z84XW2ogcz0

    • TiSpy

      TiSpy is an Android stalkerware.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Queries information about the current nearby Wi-Fi networks

      Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    • Queries the phone number (MSISDN for GSM devices)

    • Requests cell location

      Uses Android APIs to to get current cell location.

    • Acquires the wake lock

    • Queries information about active data network

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Queries the mobile country code (MCC)

MITRE ATT&CK Matrix

Tasks