General

  • Target

    bruno-sis1.apk

  • Size

    2.4MB

  • Sample

    240606-cnz4zafe42

  • MD5

    d0e92d937b48f8f99c5df2ae38aa0478

  • SHA1

    295edd583e5ba81a1de622f452ee47c171a32019

  • SHA256

    b5a9bf764f474caeeb366f32a7eef7e73408f91ebc44ea8986f79f9c5adb2bcf

  • SHA512

    d2db850fcd80f545bf5ce6245d5cb1e91656394603a20db937864421b4b4c2a93239aefea6c9d3ae972f34ad5b363f731aff3a36dc66f46fd3004a094e5417e5

  • SSDEEP

    49152:+nJiQRNSMcnI1gonYuzsT1bx9NpVp0ekBHg1TuS:+nJVaMcnS/zGb3zUIf

Malware Config

Extracted

Family

tispy

C2

https://brunoespiao.com.br/esp/appprofile.jsp

Targets

    • Target

      bruno-sis1.apk

    • Size

      2.4MB

    • MD5

      d0e92d937b48f8f99c5df2ae38aa0478

    • SHA1

      295edd583e5ba81a1de622f452ee47c171a32019

    • SHA256

      b5a9bf764f474caeeb366f32a7eef7e73408f91ebc44ea8986f79f9c5adb2bcf

    • SHA512

      d2db850fcd80f545bf5ce6245d5cb1e91656394603a20db937864421b4b4c2a93239aefea6c9d3ae972f34ad5b363f731aff3a36dc66f46fd3004a094e5417e5

    • SSDEEP

      49152:+nJiQRNSMcnI1gonYuzsT1bx9NpVp0ekBHg1TuS:+nJVaMcnS/zGb3zUIf

    • TiSpy

      TiSpy is an Android stalkerware.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Queries information about the current nearby Wi-Fi networks

      Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    • Queries the phone number (MSISDN for GSM devices)

    • Requests cell location

      Uses Android APIs to to get current cell location.

    • Acquires the wake lock

    • Queries information about active data network

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Queries the mobile country code (MCC)

    • Reads information about phone network operator.

MITRE ATT&CK Matrix

Tasks