tispy | f1650d7488a50d35593c1abd1820a65c2369c8a46cbe5c283054d64cc5628a25 | Triage

Sharing

General

Target

f1650d7488a50d35593c1abd1820a65c2369c8a46cbe5c283054d64cc5628a25
Size

2.4MB
Sample

240609-c4mtkscd3z
MD5

b4b02386646deb9cf7e9550dec0f9700
SHA1

10d031670eceddbd4498b2da75ad28b2a2a5ce77
SHA256

f1650d7488a50d35593c1abd1820a65c2369c8a46cbe5c283054d64cc5628a25
SHA512

e07f6ca9fea4141a3ef15746eb9cfbf9026a4b5598795c7151f71082535a895d84be753ffccf091ea48386476e58cebd7dd2b5d287665484927c1c9b825d8a2b
SSDEEP

49152:+oUQbLSzFXcKcTmvXG2WD09ec6keGp6O4hkna:+o/KzFg4XG2d9lTpx4hua

Score

10^/10

tispy android collection discovery evasion infostealer persistence spyware trojan

Malware Config

Extracted

Family

tispy

C2

https://brunoespiao.com.br/esp/appprofile.jsp

Targets

- Target
  
  f1650d7488a50d35593c1abd1820a65c2369c8a46cbe5c283054d64cc5628a25
- Size
  
  2.4MB
- MD5
  
  b4b02386646deb9cf7e9550dec0f9700
- SHA1
  
  10d031670eceddbd4498b2da75ad28b2a2a5ce77
- SHA256
  
  f1650d7488a50d35593c1abd1820a65c2369c8a46cbe5c283054d64cc5628a25
- SHA512
  
  e07f6ca9fea4141a3ef15746eb9cfbf9026a4b5598795c7151f71082535a895d84be753ffccf091ea48386476e58cebd7dd2b5d287665484927c1c9b825d8a2b
- SSDEEP
  
  49152:+oUQbLSzFXcKcTmvXG2WD09ec6keGp6O4hkna:+o/KzFg4XG2d9lTpx4hua
Score

10^/10

tispy collection discovery evasion infostealer persistence spyware trojan
- TiSpy
  TiSpy is an Android stalkerware.
  trojan infostealer spyware tispy
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Queries information about the current nearby Wi-Fi networks
  Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
  discovery
- Queries the phone number (MSISDN for GSM devices)
  discovery
- Requests cell location
  Uses Android APIs to to get current cell location.
  collection discovery evasion
- Acquires the wake lock
- Queries information about active data network
  discovery
- Queries information about the current Wi-Fi connection
  Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
  discovery
- Queries the mobile country code (MCC)
  discovery
behavioral1

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Privilege Escalation

Defense Evasion

Download New Code at Runtime

Execution Guardrails

Geofencing

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

Location Tracking

System Information Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Location Tracking

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

tispycollectiondiscoveryevasioninfostealerpersistencespywaretrojan