Overview

overview

10

Static

static

6

bruno-wi1.apk

android-9-x86

10

Analysis

  • max time kernel
    28s
  • max time network
    151s
  • platform
    android_x86
  • resource
    android-x86-arm-20240603-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240603-enlocale:en-usos:android-9-x86system
  • submitted
    07-06-2024 02:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bruno-wi1.apk

  • Size

    2.4MB

  • MD5

    594512812ebc62a8da054e6d76c7804b

  • SHA1

    37f6e5e6bc0e7db45899815b3b0ad3872b046a69

  • SHA256

    b425ec7a8a3718744fea6fb6dd012454eeeaa0aa44008da9d7d8000d8cea0009

  • SHA512

    fcbd697c62cffb415d535484df5aedac5d999e56d06fd7339004b991ea8f9e205650a96d8fb6b106975a90c32d60aef6da3881ee4b5f4e0e816441a2b7889423

  • SSDEEP

    49152:0ceEvHSvdCLZyxxNVnfdejS6ZdzHRST007XjUFjDn4JhfkxfNwIi6p:0claVCoXUdzHRSTFjUFjD4Df0NwJo

Score
10/10
tispycollectiondiscoveryevasioninfostealerpersistencespywaretrojan

Malware Config

Extracted

Family

tispy

C2

https://brunoespiao.com.br/esp/appprofile.jsp

Signatures

  • TiSpy

    TiSpy is an Android stalkerware.

    trojaninfostealerspywaretispy
  • Loads dropped Dex/Jar 1 TTPs 1 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    discovery
  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
    discovery
  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

    collectiondiscoveryevasion
  • Acquires the wake lock 1 IoCs
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.enbgpwwd.fctuofjx
    1⤵
    • Loads dropped Dex/Jar
    • Queries information about the current nearby Wi-Fi networks
    • Requests cell location
    • Acquires the wake lock
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks CPU information
    • Checks memory information
    PID:4241

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.enbgpwwd.fctuofjx/databases/privatesms.db
    Filesize

    16KB

    MD5

    3621ce0aa81e37bc5c80e2cf881f1dd0

    SHA1

    00365f82dcada94caea07443656848baf60b3bd9

    SHA256

    8620d146b06037c9dc98b8788c3137344eb9d7e1f8b982ffec4c1d8549f24dd5

    SHA512

    76bb7175359d61ce39e95008269752de25769c4e274b4bcf37b920bc2cbfb680b2a4a88de860ed069655d1f47604638b0301c2c6131107cd929348895d73d2bf

    Download Submit
  • /data/data/com.enbgpwwd.fctuofjx/databases/privatesms.db-journal
    Filesize

    512B

    MD5

    abaa3daf96916addb0246f5dc1151f5e

    SHA1

    1427ebffe210fe4752e5188cddf7b04def1b0341

    SHA256

    454369c74693831005e2f48c032e58bf9b4e19193ddb1814603e10613aea6977

    SHA512

    fed75dbf18ea089cba7bc0aa08042afc02ba5a3e5fbfb74968c0c85d61d01693d9e59474ca1c8628f9767eb0439c18fd7359bde624c587fdc2df19ceb00d8ebc

    Download Submit
  • /data/data/com.enbgpwwd.fctuofjx/databases/privatesms.db-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit
  • /data/data/com.enbgpwwd.fctuofjx/databases/privatesms.db-wal
    Filesize

    28KB

    MD5

    f9e2d42d8abfff75d4ceb52215a36d29

    SHA1

    fb0219f2d48ec1c4e82567b0d7bc27da732dd837

    SHA256

    4e1ff20cbf84946b1a34ec9c8f848bf07b6b2701b3abf821a6374c472bd10d0c

    SHA512

    454517360b3466a88dd001053bc65397c9aa4b15036e76b89c740bc8e1e7b6e10158b3fb0fc2831c4a489045131eb38e5190cebb604486d5d85a4d54d53eaf35

    Download Submit
  • /data/data/com.enbgpwwd.fctuofjx/files/477143.so
    Filesize

    145KB

    MD5

    acfc6746b25afc02a77ab719993bb362

    SHA1

    793f56767220d83a22728a3068a6e4ce1b8b7891

    SHA256

    06b83d7260375aa524cfefe704e992de77f8e5989a4a1533e452aa0125a18c61

    SHA512

    24996194249cf46a94e9b49b0fdab0754c03cf35c34bd3198601797f4901fd776f68f7ef4700562193081cb0775ddfa751f37f37effe8bc7ddf16133f80329ef

    Download Submit
  • /data/data/com.enbgpwwd.fctuofjx/files/Background/black-wallpapers-for-smartphone-102-700x990.jpg
    Filesize

    3KB

    MD5

    4651e1fd4234ee465d6fe6349f2e178d

    SHA1

    1a86fbd1edd11fa983155172d484959760c1fc0e

    SHA256

    725ccd777793d5b05707aa28438b58a021c15b0f9cf47ace83aada6ea93a921b

    SHA512

    6962571dbc91930f4624e3c80e1ab7a5ac23f8f13ccb4587d1619c5d5f8e9731974ae954e8b9ba2e86084f8e797c6a9d49267667a98e47bd7af9e0af29686b0c

    Download Submit
  • /data/data/com.enbgpwwd.fctuofjx/files/dex/dlHmxrtdXBBuOaeNd.zip
    Filesize

    529KB

    MD5

    381def38f0d014ae561e665f15efb8a7

    SHA1

    2e546c44050e49f4f8090192cf9de995b2397d67

    SHA256

    f9ae7ad475289ba15026b9f270426f2053137f1b4e6ff9775e7d3b2172cb1011

    SHA512

    c677cde9af2d1c09d17973544dde5aab38d1dd9d342f3e5b129822c804d8ff278adcaf4b25b1fb8ce4b53129313806aa86439d95cf6ca01250252539f0414150

    Download Submit
  • /data/data/com.enbgpwwd.fctuofjx/logs/Sistema1717726946270.log
    Filesize

    17KB

    MD5

    a87f49e09c1bea044a0be577277c5e88

    SHA1

    06a684be05321390d99f77a7edaae39609ab281b

    SHA256

    d8f39b59a836b37f9b87f627b1816a0822f502c112dfd454f4551bec52b8d765

    SHA512

    cb573c89da773cd91b9fbc72d83d8bf052b476de8e571010be6e8e02b1dc3f0b79ca08c4eb323cd12ee47764c183c2d0a5fc2a9642dfdf8b67cf6daa64fe6c2b

    Download Submit
  • /data/user/0/com.enbgpwwd.fctuofjx/files/dex/dlHmxrtdXBBuOaeNd.zip
    Filesize

    1.3MB

    MD5

    528f3f20a53122e9d7902bd06fa8f81a

    SHA1

    f927a4d4e289182f33778a0c445543a7ca21a623

    SHA256

    5d3867e4f34f3541faa0be35e6775bf570243b2e6ce62768cf24105a9754d186

    SHA512

    82b15b789ddd1a66832113bb04c9d6ecaa5e8adef1e563c46ee9a1010ae390ca7ff6afdc9bdbee3d63df543d14000e8890c9f3e991804729ac4fb90718b2aa0f

    Download Submit