Overview

overview

10

Static

static

6

b425ec7a8a...09.apk

android-9-x86

10

Analysis

  • max time kernel
    47s
  • max time network
    130s
  • platform
    android_x86
  • resource
    android-x86-arm-20240603-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240603-enlocale:en-usos:android-9-x86system
  • submitted
    07-06-2024 02:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b425ec7a8a3718744fea6fb6dd012454eeeaa0aa44008da9d7d8000d8cea0009.apk

  • Size

    2.4MB

  • MD5

    594512812ebc62a8da054e6d76c7804b

  • SHA1

    37f6e5e6bc0e7db45899815b3b0ad3872b046a69

  • SHA256

    b425ec7a8a3718744fea6fb6dd012454eeeaa0aa44008da9d7d8000d8cea0009

  • SHA512

    fcbd697c62cffb415d535484df5aedac5d999e56d06fd7339004b991ea8f9e205650a96d8fb6b106975a90c32d60aef6da3881ee4b5f4e0e816441a2b7889423

  • SSDEEP

    49152:0ceEvHSvdCLZyxxNVnfdejS6ZdzHRST007XjUFjDn4JhfkxfNwIi6p:0claVCoXUdzHRSTFjUFjD4Df0NwJo

Score
10/10
tispycollectiondiscoveryevasioninfostealerpersistencespywaretrojan

Malware Config

Extracted

Family

tispy

C2

https://brunoespiao.com.br/esp/appprofile.jsp

Signatures

  • TiSpy

    TiSpy is an Android stalkerware.

    trojaninfostealerspywaretispy
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    discovery
  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
    discovery
  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

    collectiondiscoveryevasion
  • Acquires the wake lock 1 IoCs
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.enbgpwwd.fctuofjx
    1⤵
    • Loads dropped Dex/Jar
    • Queries information about the current nearby Wi-Fi networks
    • Requests cell location
    • Acquires the wake lock
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks CPU information
    • Checks memory information
    PID:4279
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.enbgpwwd.fctuofjx/files/dex/dlHmxrtdXBBuOaeNd.zip --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/com.enbgpwwd.fctuofjx/files/dex/oat/x86/dlHmxrtdXBBuOaeNd.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4309

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.enbgpwwd.fctuofjx/databases/privatesms.db
    Filesize

    16KB

    MD5

    3621ce0aa81e37bc5c80e2cf881f1dd0

    SHA1

    00365f82dcada94caea07443656848baf60b3bd9

    SHA256

    8620d146b06037c9dc98b8788c3137344eb9d7e1f8b982ffec4c1d8549f24dd5

    SHA512

    76bb7175359d61ce39e95008269752de25769c4e274b4bcf37b920bc2cbfb680b2a4a88de860ed069655d1f47604638b0301c2c6131107cd929348895d73d2bf

    Download Submit
  • /data/data/com.enbgpwwd.fctuofjx/databases/privatesms.db-journal
    Filesize

    512B

    MD5

    c5a691aa536eb01b90779584f298a15c

    SHA1

    3998cb82961b0223e97addd186ad75de8f9c5b57

    SHA256

    3403147539c745ff3e638ec53151f1abcd46c5cc81475400e03683b7d779cce7

    SHA512

    f86b2bb75407830934e04514a259c30a98f92f9803031e9856ae04dd487efa8e8f7af33b50fc6c87500322670dfa29a414a4f29a3bccf85e53908d9f2eebd242

    Download Submit
  • /data/data/com.enbgpwwd.fctuofjx/databases/privatesms.db-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit
  • /data/data/com.enbgpwwd.fctuofjx/databases/privatesms.db-wal
    Filesize

    28KB

    MD5

    fd2b314c1e2f00bb7d3c4fc9f083f95f

    SHA1

    033193afb221876a9324b853fced7df17a7e103a

    SHA256

    690eff924954a77428e880d18cecf0e2ccf8497d1a6950b250b754ad1400061d

    SHA512

    b8404e0b328f7d1fbb407d886ab28b89554ec53889bfb9f087e525c9549932af8ace346b3a75f9902ec08bded5d0a4c0c8b5da0220c2f176b26f7167e60f8175

    Download Submit
  • /data/data/com.enbgpwwd.fctuofjx/files/477143.so
    Filesize

    145KB

    MD5

    acfc6746b25afc02a77ab719993bb362

    SHA1

    793f56767220d83a22728a3068a6e4ce1b8b7891

    SHA256

    06b83d7260375aa524cfefe704e992de77f8e5989a4a1533e452aa0125a18c61

    SHA512

    24996194249cf46a94e9b49b0fdab0754c03cf35c34bd3198601797f4901fd776f68f7ef4700562193081cb0775ddfa751f37f37effe8bc7ddf16133f80329ef

    Download Submit
  • /data/data/com.enbgpwwd.fctuofjx/files/Background/black-wallpapers-for-smartphone-102-700x990.jpg
    Filesize

    3KB

    MD5

    4651e1fd4234ee465d6fe6349f2e178d

    SHA1

    1a86fbd1edd11fa983155172d484959760c1fc0e

    SHA256

    725ccd777793d5b05707aa28438b58a021c15b0f9cf47ace83aada6ea93a921b

    SHA512

    6962571dbc91930f4624e3c80e1ab7a5ac23f8f13ccb4587d1619c5d5f8e9731974ae954e8b9ba2e86084f8e797c6a9d49267667a98e47bd7af9e0af29686b0c

    Download Submit
  • /data/data/com.enbgpwwd.fctuofjx/files/dex/dlHmxrtdXBBuOaeNd.zip
    Filesize

    529KB

    MD5

    381def38f0d014ae561e665f15efb8a7

    SHA1

    2e546c44050e49f4f8090192cf9de995b2397d67

    SHA256

    f9ae7ad475289ba15026b9f270426f2053137f1b4e6ff9775e7d3b2172cb1011

    SHA512

    c677cde9af2d1c09d17973544dde5aab38d1dd9d342f3e5b129822c804d8ff278adcaf4b25b1fb8ce4b53129313806aa86439d95cf6ca01250252539f0414150

    Download Submit
  • /data/data/com.enbgpwwd.fctuofjx/logs/Sistema1717726938177.log
    Filesize

    17KB

    MD5

    81d33618098c5a8595daa035ff48c3ee

    SHA1

    4a99a658891003332df32683fbacd9f1a3a0fe6a

    SHA256

    1802d2e9be5b3ade0c9e082e08527d9efdf03b12fde773ce5e5e34a66b7fe30d

    SHA512

    7f39c5bc7bdbb3f229ef20b3ad8fb0100afded7ae008bbd9ab6b40cb7481582abed3a84d133996d1aaaf09bd9201910a90581188771801d1de0b969b5ec96d65

    Download Submit
  • /data/user/0/com.enbgpwwd.fctuofjx/files/dex/dlHmxrtdXBBuOaeNd.zip
    Filesize

    1.3MB

    MD5

    b547b4d61f0edf4fa53a0325a4c75ecf

    SHA1

    ba080a9e85e7189dfa0150841b2351950f486665

    SHA256

    723638b0d8edc4d9f26958ca64fd54cddc778a27022ee99748b54db97a9c4776

    SHA512

    903657155778ef8e9d1918cef7b4b5d25e3e504fd71655d3872aa28d94c109ee49b087c08951a80222cd98fe5b98d3150e0a67eb0dd62fd04add0645ce953fc4

    Download Submit
  • /data/user/0/com.enbgpwwd.fctuofjx/files/dex/dlHmxrtdXBBuOaeNd.zip
    Filesize

    1.3MB

    MD5

    528f3f20a53122e9d7902bd06fa8f81a

    SHA1

    f927a4d4e289182f33778a0c445543a7ca21a623

    SHA256

    5d3867e4f34f3541faa0be35e6775bf570243b2e6ce62768cf24105a9754d186

    SHA512

    82b15b789ddd1a66832113bb04c9d6ecaa5e8adef1e563c46ee9a1010ae390ca7ff6afdc9bdbee3d63df543d14000e8890c9f3e991804729ac4fb90718b2aa0f

    Download Submit