Overview

overview

10

Static

static

6

b425ec7a8a...09.apk

android-9-x86

10

Analysis

  • max time kernel
    47s
  • max time network
    130s
  • platform
    android_x86
  • resource
    android-x86-arm-20240603-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240603-enlocale:en-usos:android-9-x86system
  • submitted
    08-06-2024 07:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b425ec7a8a3718744fea6fb6dd012454eeeaa0aa44008da9d7d8000d8cea0009.apk

  • Size

    2.4MB

  • MD5

    594512812ebc62a8da054e6d76c7804b

  • SHA1

    37f6e5e6bc0e7db45899815b3b0ad3872b046a69

  • SHA256

    b425ec7a8a3718744fea6fb6dd012454eeeaa0aa44008da9d7d8000d8cea0009

  • SHA512

    fcbd697c62cffb415d535484df5aedac5d999e56d06fd7339004b991ea8f9e205650a96d8fb6b106975a90c32d60aef6da3881ee4b5f4e0e816441a2b7889423

  • SSDEEP

    49152:0ceEvHSvdCLZyxxNVnfdejS6ZdzHRST007XjUFjDn4JhfkxfNwIi6p:0claVCoXUdzHRSTFjUFjD4Df0NwJo

Score
10/10
tispycollectiondiscoveryevasioninfostealerpersistencespywaretrojan

Malware Config

Extracted

Family

tispy

C2

https://brunoespiao.com.br/esp/appprofile.jsp

Signatures

  • TiSpy

    TiSpy is an Android stalkerware.

    trojaninfostealerspywaretispy
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    discovery
  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
    discovery
  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

    collectiondiscoveryevasion
  • Acquires the wake lock 1 IoCs
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.enbgpwwd.fctuofjx
    1⤵
    • Loads dropped Dex/Jar
    • Queries information about the current nearby Wi-Fi networks
    • Requests cell location
    • Acquires the wake lock
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks CPU information
    • Checks memory information
    PID:4271
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.enbgpwwd.fctuofjx/files/dex/dlHmxrtdXBBuOaeNd.zip --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/com.enbgpwwd.fctuofjx/files/dex/oat/x86/dlHmxrtdXBBuOaeNd.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4299

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.enbgpwwd.fctuofjx/databases/privatesms.db
    Filesize

    16KB

    MD5

    3621ce0aa81e37bc5c80e2cf881f1dd0

    SHA1

    00365f82dcada94caea07443656848baf60b3bd9

    SHA256

    8620d146b06037c9dc98b8788c3137344eb9d7e1f8b982ffec4c1d8549f24dd5

    SHA512

    76bb7175359d61ce39e95008269752de25769c4e274b4bcf37b920bc2cbfb680b2a4a88de860ed069655d1f47604638b0301c2c6131107cd929348895d73d2bf

    Download Submit
  • /data/data/com.enbgpwwd.fctuofjx/databases/privatesms.db-journal
    Filesize

    512B

    MD5

    1edfddcd70df5a59962a7204b09c5e26

    SHA1

    b0f50de5473c71399c6d53797c8719672249fa31

    SHA256

    fe5e774b4c1d75050724765c91393e4e8cfae779d18330be466ff81622a915cb

    SHA512

    0db1de80ae20f8ad41fc9c611a5daf8557a9e668732569387d58ca7d1e94f6170c060e3f537bb3c3d01857f0579d3894e34da22e13d319b7fbdaa2480740504a

    Download Submit
  • /data/data/com.enbgpwwd.fctuofjx/databases/privatesms.db-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit
  • /data/data/com.enbgpwwd.fctuofjx/databases/privatesms.db-wal
    Filesize

    28KB

    MD5

    06398027264854cbc4629c8fbba87de2

    SHA1

    2cab4f412a2f89053e0798d1281a51e0216b79a3

    SHA256

    5a3edeae8233dfa8c5f5c8feed2f81970fdedde0cf561e22c3e0dc43556bcc0f

    SHA512

    37d03831fb7cc25e7064bdc2260936e0f318b50e7a9b480058d309ab242f3d7ce7e23887b3ce9eb01530983720231bf74ec5660920c18d7c07511a3d4ec397fc

    Download Submit
  • /data/data/com.enbgpwwd.fctuofjx/files/477143.so
    Filesize

    145KB

    MD5

    acfc6746b25afc02a77ab719993bb362

    SHA1

    793f56767220d83a22728a3068a6e4ce1b8b7891

    SHA256

    06b83d7260375aa524cfefe704e992de77f8e5989a4a1533e452aa0125a18c61

    SHA512

    24996194249cf46a94e9b49b0fdab0754c03cf35c34bd3198601797f4901fd776f68f7ef4700562193081cb0775ddfa751f37f37effe8bc7ddf16133f80329ef

    Download Submit
  • /data/data/com.enbgpwwd.fctuofjx/files/Background/black-wallpapers-for-smartphone-102-700x990.jpg
    Filesize

    3KB

    MD5

    4651e1fd4234ee465d6fe6349f2e178d

    SHA1

    1a86fbd1edd11fa983155172d484959760c1fc0e

    SHA256

    725ccd777793d5b05707aa28438b58a021c15b0f9cf47ace83aada6ea93a921b

    SHA512

    6962571dbc91930f4624e3c80e1ab7a5ac23f8f13ccb4587d1619c5d5f8e9731974ae954e8b9ba2e86084f8e797c6a9d49267667a98e47bd7af9e0af29686b0c

    Download Submit
  • /data/data/com.enbgpwwd.fctuofjx/files/dex/dlHmxrtdXBBuOaeNd.zip
    Filesize

    529KB

    MD5

    381def38f0d014ae561e665f15efb8a7

    SHA1

    2e546c44050e49f4f8090192cf9de995b2397d67

    SHA256

    f9ae7ad475289ba15026b9f270426f2053137f1b4e6ff9775e7d3b2172cb1011

    SHA512

    c677cde9af2d1c09d17973544dde5aab38d1dd9d342f3e5b129822c804d8ff278adcaf4b25b1fb8ce4b53129313806aa86439d95cf6ca01250252539f0414150

    Download Submit
  • /data/data/com.enbgpwwd.fctuofjx/logs/Sistema1717833161356.log
    Filesize

    17KB

    MD5

    4e6988f61f99240202a3ec2b3b368738

    SHA1

    613646e60d29047405970551992607cf4101fc7a

    SHA256

    50ff0c255f80435d0161f81e1652134c86fadde9c035fed8506e6717e346ade3

    SHA512

    bb5b9cb2a9191b40f2f88716d6d4308ff78a24c5782690cadccb2c530c5b86316ec7cc29c570a99a148bbc0ef97a2365798ed90b6cce7f4c89afbd7061ccf4f9

    Download Submit
  • /data/user/0/com.enbgpwwd.fctuofjx/files/dex/dlHmxrtdXBBuOaeNd.zip
    Filesize

    1.3MB

    MD5

    b547b4d61f0edf4fa53a0325a4c75ecf

    SHA1

    ba080a9e85e7189dfa0150841b2351950f486665

    SHA256

    723638b0d8edc4d9f26958ca64fd54cddc778a27022ee99748b54db97a9c4776

    SHA512

    903657155778ef8e9d1918cef7b4b5d25e3e504fd71655d3872aa28d94c109ee49b087c08951a80222cd98fe5b98d3150e0a67eb0dd62fd04add0645ce953fc4

    Download Submit
  • /data/user/0/com.enbgpwwd.fctuofjx/files/dex/dlHmxrtdXBBuOaeNd.zip
    Filesize

    1.3MB

    MD5

    528f3f20a53122e9d7902bd06fa8f81a

    SHA1

    f927a4d4e289182f33778a0c445543a7ca21a623

    SHA256

    5d3867e4f34f3541faa0be35e6775bf570243b2e6ce62768cf24105a9754d186

    SHA512

    82b15b789ddd1a66832113bb04c9d6ecaa5e8adef1e563c46ee9a1010ae390ca7ff6afdc9bdbee3d63df543d14000e8890c9f3e991804729ac4fb90718b2aa0f

    Download Submit