Overview

overview

10

Static

static

6

8b8351f544...4b.apk

android-9-x86

10

Analysis

  • max time kernel
    27s
  • max time network
    138s
  • platform
    android_x86
  • resource
    android-x86-arm-20240603-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240603-enlocale:en-usos:android-9-x86system
  • submitted
    08-06-2024 02:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8b8351f544ec6727484b42715dfb1b205d78fc466f228928df62c81e68cec34b.apk

  • Size

    3.7MB

  • MD5

    78c51f9e1e00e8946c9017adf4a47a1c

  • SHA1

    05141b68f90819c403d358028eed205ab1fc953c

  • SHA256

    8b8351f544ec6727484b42715dfb1b205d78fc466f228928df62c81e68cec34b

  • SHA512

    782ae666c349d6a142bf73e8a32b5248754fe5c6aed1813546880d82dbc7fa7e70d5d0c6109b654af4517bfbb59be602e8e54343d814bac3e4ece3190b07e160

  • SSDEEP

    49152:hmXG9PEvhjAoB5PKJGQAs+79Q1TCrKF5AM1OshSBKkWiQeFs9fxI0LRbJxe9Je:hmXGiZj7PzQZ1TvlhSBKcQ39prl7ue

Score
10/10
tispycollectiondiscoveryevasioninfostealerpersistencespywaretrojan

Malware Config

Signatures

  • TiSpy

    TiSpy is an Android stalkerware.

    trojaninfostealerspywaretispy
  • Loads dropped Dex/Jar 1 TTPs 4 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    discovery
  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
    discovery
  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

    collectiondiscoveryevasion
  • Acquires the wake lock 1 IoCs
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence

Processes

  • com.isrigzxj.cbtqprrg
    1⤵
    • Loads dropped Dex/Jar
    • Queries information about the current nearby Wi-Fi networks
    • Requests cell location
    • Acquires the wake lock
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:4223

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.isrigzxj.cbtqprrg/databases/privatesms.db
    Filesize

    16KB

    MD5

    3621ce0aa81e37bc5c80e2cf881f1dd0

    SHA1

    00365f82dcada94caea07443656848baf60b3bd9

    SHA256

    8620d146b06037c9dc98b8788c3137344eb9d7e1f8b982ffec4c1d8549f24dd5

    SHA512

    76bb7175359d61ce39e95008269752de25769c4e274b4bcf37b920bc2cbfb680b2a4a88de860ed069655d1f47604638b0301c2c6131107cd929348895d73d2bf

    Download Submit
  • /data/data/com.isrigzxj.cbtqprrg/databases/privatesms.db-journal
    Filesize

    512B

    MD5

    53c8e6919e48d4aaf42af16bf0d91353

    SHA1

    dbad84445c8b481bace17df3d9faf09c68a7b12a

    SHA256

    58e7b63f9c65a0cb9be9daf1398ed272e2e147ed3fd2057defad38cb5544f079

    SHA512

    5fbc4115aeb89783a7aac2caca6ee08941f781ef46ad5e3adb53223cd40a8e5cbbace668952632b5388f1efe9a7ea16a33af1652320f3c562634340b79c6d446

    Download Submit
  • /data/data/com.isrigzxj.cbtqprrg/databases/privatesms.db-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit
  • /data/data/com.isrigzxj.cbtqprrg/databases/privatesms.db-wal
    Filesize

    28KB

    MD5

    0baa9564389f1fe07627a5597e4fd455

    SHA1

    a18c3bd7e9a4864c3e33e2b1dd722d1c9abd1321

    SHA256

    bb3a8eca8821d72135924b9194114326e03e9fa4de340dd65756191fb1b2d16e

    SHA512

    f3b816cf856d52779a551d2a40d49acd9e1c0f0face094061b7cd9e185356103b8d5bd979bf58e04eadb93458e1d258f26242f568522ad0cdd844b383df11728

    Download Submit
  • /data/data/com.isrigzxj.cbtqprrg/files/476930.so
    Filesize

    145KB

    MD5

    f74953102f58b152b02f105be430863b

    SHA1

    aa8ffd18a7b41d78b70dd02c66e99c8d46936647

    SHA256

    e7bf368d0b6f671b30a52659c1c0808efedd80f9d6ab2d7ebf7d135eb4f018cf

    SHA512

    d6251a916869a1474531e56e910b38988f650ae8c74d6ce64e35d5ce63ce5a99d120c6c0dc0b7854c964716d33ae577560be46a44302304cc00751e41df93310

    Download Submit
  • /data/data/com.isrigzxj.cbtqprrg/files/dex/4e980369f2fbb29b.zip
    Filesize

    549KB

    MD5

    62c866a108367ae783d929466f09e520

    SHA1

    b10089574302e09e181b115e6d8f459a0ddb1289

    SHA256

    4b44d4e08342d15ddd6dd119633b02ad8eac9181595ef67e26f30a4c6b006377

    SHA512

    e4822da4a14907b0ee374ee08a6cc6becfa3b4b126b5f905374dc5233acf57da2bb42050f751a45a5a2d42d79b61eb075ee414d8143a7a7dc707855de30459c8

    Download Submit
  • /data/data/com.isrigzxj.cbtqprrg/files/dex/inhsgJPxCwtVVqzwD.zip
    Filesize

    649KB

    MD5

    47ceb452a01d8c194fa7f533c3e61419

    SHA1

    042ec91a633cfef544f19962000220b8d1803465

    SHA256

    e33014c1ea38fe32cd60a59859fad9221be4da7dd964b1d05d350b3cd396d8be

    SHA512

    8097fe583cf1edeb60d892471b6b0e84e35dd431e096e53ae505f69ba3be5b572a7d55723f2214dff8556ab32c7c08420305600fd67cf2b564ec60de84141d07

    Download Submit
  • /data/data/com.isrigzxj.cbtqprrg/files/dex/pro_btn_bg_animation_img_0.jpg.zip
    Filesize

    8KB

    MD5

    7c20a2b01bf3f9df1f0abb72ebbe82be

    SHA1

    e601b2e41434623edbeece32867517a3cdec5449

    SHA256

    1a10cc3cd2dc21a9be2d2eb758fd19288082619d331245b927d0a9299462ea2e

    SHA512

    3faa6efbd3ebf6e1aff7ebe9958c5f94bbfe9c5ff9e11e9092b1b7301bbe6504c01b922d709303147e213b3cadce8e96462220a1d1bf4d6cdaec95b3f84bb1b4

    Download Submit
  • /data/data/com.isrigzxj.cbtqprrg/logs/Sistema1717812138381.log
    Filesize

    14KB

    MD5

    80ce4e5bf1a004578fa38186f553fbb4

    SHA1

    b82d181aaa0eb74ac4da4eebc71db572527c9885

    SHA256

    8767992bcb9fc25319c0541e7a6a88fffb0d5becbe368b8d4eea8698fa26b0e4

    SHA512

    040fa94df1915ee2f2fe836f11f464aa42e3995dc06dddd3e71dbe00540453197f79d1f7745baf97f163814e889d4901ec796af7d506f3b39101543aeb44968a

    Download Submit
  • /data/user/0/com.isrigzxj.cbtqprrg/files/dex/4e980369f2fbb29b.zip
    Filesize

    1.3MB

    MD5

    1d68cee2d48c35b6d1ecab77514c7038

    SHA1

    0bfe331e5587925f8c059ae1d49c6f74dd46b6df

    SHA256

    5a97c14f0f065e1a76385da045cbde4eb796b0e7fb14108a26158a6db5484d94

    SHA512

    9220c3e5cce2e45738d30a8c0b50b9398d4ee6f7ed67ca3e15aa16608dfb148aaefceadc8f2d4c2862f0e53d5411cf75ab231972d8ea93f80ee8da4714e8f95e

    Download Submit
  • /data/user/0/com.isrigzxj.cbtqprrg/files/dex/inhsgJPxCwtVVqzwD.zip
    Filesize

    1.7MB

    MD5

    2c9a66cccee940a9d97e022d58e42a31

    SHA1

    41b803435dcd32c6a9d34b3cdc0a5303f558462a

    SHA256

    bef099bbba7d5eef8f99a2a604da109fab85b1acfc548494fdcf9a5b70ff711f

    SHA512

    aca9db3a864f49d50ae061bcce01cef6b8fd9c9fefcb5cce6ffadfef18ed64abb09c01da84bb7abc8e5251f989b06d556a19d91b708a88b010aefef155312429

    Download Submit