Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

6

f1650d7488...25.apk

android-9-x86

10

Analysis

  • max time kernel
    46s
  • max time network
    131s
  • platform
    android_x86
  • resource
    android-x86-arm-20240603-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240603-enlocale:en-usos:android-9-x86system
  • submitted
    09/06/2024, 02:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f1650d7488a50d35593c1abd1820a65c2369c8a46cbe5c283054d64cc5628a25.apk

  • Size

    2.4MB

  • MD5

    b4b02386646deb9cf7e9550dec0f9700

  • SHA1

    10d031670eceddbd4498b2da75ad28b2a2a5ce77

  • SHA256

    f1650d7488a50d35593c1abd1820a65c2369c8a46cbe5c283054d64cc5628a25

  • SHA512

    e07f6ca9fea4141a3ef15746eb9cfbf9026a4b5598795c7151f71082535a895d84be753ffccf091ea48386476e58cebd7dd2b5d287665484927c1c9b825d8a2b

  • SSDEEP

    49152:+oUQbLSzFXcKcTmvXG2WD09ec6keGp6O4hkna:+o/KzFg4XG2d9lTpx4hua

Score
10/10
tispycollectiondiscoveryevasioninfostealerpersistencespywaretrojan

Malware Config

Extracted

Family

tispy

C2

https://brunoespiao.com.br/esp/appprofile.jsp

Signatures

  • TiSpy

    TiSpy is an Android stalkerware.

    trojaninfostealerspywaretispy
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    discovery
  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
    discovery
  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

    collectiondiscoveryevasion
  • Acquires the wake lock 1 IoCs
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.tndmcphn.pbflhqvr
    1⤵
    • Loads dropped Dex/Jar
    • Queries information about the current nearby Wi-Fi networks
    • Requests cell location
    • Acquires the wake lock
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks CPU information
    • Checks memory information
    PID:4280
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.tndmcphn.pbflhqvr/files/dex/mZvjrMfQEACRdAhUt.zip --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/com.tndmcphn.pbflhqvr/files/dex/oat/x86/mZvjrMfQEACRdAhUt.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4306

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.tndmcphn.pbflhqvr/databases/privatesms.db
    Filesize

    16KB

    MD5

    3621ce0aa81e37bc5c80e2cf881f1dd0

    SHA1

    00365f82dcada94caea07443656848baf60b3bd9

    SHA256

    8620d146b06037c9dc98b8788c3137344eb9d7e1f8b982ffec4c1d8549f24dd5

    SHA512

    76bb7175359d61ce39e95008269752de25769c4e274b4bcf37b920bc2cbfb680b2a4a88de860ed069655d1f47604638b0301c2c6131107cd929348895d73d2bf

    Download Submit

  • /data/data/com.tndmcphn.pbflhqvr/databases/privatesms.db-journal
    Filesize

    512B

    MD5

    aa7b5fc680c2fe9abacf5aac9de40f14

    SHA1

    e709f72b47d1b5f7548f1800fc5b6ac48af70f89

    SHA256

    374cfcbfc94053645163f8382592b3d936c1bc6443e160e783d423605a7ba3d0

    SHA512

    c8e96e292d39cc9a3c33eaf16a425f48e81c07f20f0084298a66c2be2236e635c4b4d5a7e2a2ac010bc95183d5c3aed53d108ea6acd318c0598eb408dcb088a8

    Download Submit

  • /data/data/com.tndmcphn.pbflhqvr/databases/privatesms.db-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/com.tndmcphn.pbflhqvr/databases/privatesms.db-wal
    Filesize

    28KB

    MD5

    8455c5727eb7275c150ca83cecf9e592

    SHA1

    2413c2ce50e20be681e43ba71d8b2cbbf12b72e3

    SHA256

    e2dc051941c52aa261ce557e79a85bea40147bb622df2df0a13cb20a3771aaa9

    SHA512

    d11e65f31a09c8afee2df93f5ddb759b58f04a40568842dfd34f5cfbc7d4c44ba1fb3cd37339b3506042bcb26ae1afbd84b7b1a64c3773f9f50d769b5ba68c03

    Download Submit

  • /data/data/com.tndmcphn.pbflhqvr/files/477191.so
    Filesize

    145KB

    MD5

    db19ee2f80237c276d3a65e038ff3fb1

    SHA1

    14c53162b67a5083fca05658fabc6e441dc49008

    SHA256

    269409d57e6375570c700392230a7534bcba9fc62e7bc83bfe7f7ec7be8592a6

    SHA512

    1318713c9a9f56de9bf08641f3c4177f3b8230ceb7abb7cc4db710363e8c6415dbb828834ad837f9d2e91ffe1546e8ba20c4b2e46957becac7ac08b25b2792c5

    Download Submit

  • /data/data/com.tndmcphn.pbflhqvr/files/Background/black-wallpapers-for-smartphone-102-700x990.jpg
    Filesize

    3KB

    MD5

    4651e1fd4234ee465d6fe6349f2e178d

    SHA1

    1a86fbd1edd11fa983155172d484959760c1fc0e

    SHA256

    725ccd777793d5b05707aa28438b58a021c15b0f9cf47ace83aada6ea93a921b

    SHA512

    6962571dbc91930f4624e3c80e1ab7a5ac23f8f13ccb4587d1619c5d5f8e9731974ae954e8b9ba2e86084f8e797c6a9d49267667a98e47bd7af9e0af29686b0c

    Download Submit

  • /data/data/com.tndmcphn.pbflhqvr/files/dex/mZvjrMfQEACRdAhUt.zip
    Filesize

    531KB

    MD5

    50d78e1dbc1066e433cfbdb728e00dc4

    SHA1

    f61fea7711c841c6064dd39a25deecda9da842de

    SHA256

    721e09d908922941752b942669f1edbe3f5cd3221179ea6fd5ed6de24b87b088

    SHA512

    b3050eedc5fadcc866d6c8cbbae3d915249c68ed07bb628af0dc887d0bf32fdd95dc8d3372e65f9738a0a1d4cb9265e481eca505b7a7572a7c05c39b9439794d

    Download Submit

  • /data/data/com.tndmcphn.pbflhqvr/logs/Sistema1717900728635.log
    Filesize

    17KB

    MD5

    30d8e41fdc6e7553db5f3f30e44352f7

    SHA1

    453d783871412c0bf1dc17bb78f2f038f5e5cf23

    SHA256

    fdf19fc26235742492419eeb33b7c6631883ba0f85ea9a4456e5e77ab276b651

    SHA512

    71b632307a643074657ae8a971f60e903666090e717ecd8dab583aa3d1bee2482e203a4ad86f99b697817111e7c528e4d7c6fb5adec6f3936e7300f601b3ce5c

    Download Submit

  • /data/user/0/com.tndmcphn.pbflhqvr/files/dex/mZvjrMfQEACRdAhUt.zip
    Filesize

    1.3MB

    MD5

    9939a81a288cf2ced10c58a7e3216693

    SHA1

    86af39bd7afbb6a0fc8b8f09f24e9607de906aad

    SHA256

    177488b2ac624ad6625bc3282bada9d76b39471dc7a0399a6893dcc8077cf470

    SHA512

    3485e2a2bd00fe598600ab160d9dec14ac4b2dcde3c1e8f0b4326390fe688f624b9713a916c6f5a98fa71867e8e92632f5dc6b989cb74d17fdedb28c92464779

    Download Submit

  • /data/user/0/com.tndmcphn.pbflhqvr/files/dex/mZvjrMfQEACRdAhUt.zip
    Filesize

    1.3MB

    MD5

    2605a6c20bab31f5a26fb2551c7f1ed3

    SHA1

    f277f85d168e55c47f5fb45b05411b9ce4e25dc6

    SHA256

    f4d0f6519ed32f434ec071a2c0e861f00deaefbe023b4e2ba5e208f953da5d2c

    SHA512

    bcabbaf1111ac4d88bf3df0569d42f4fa91b491ec4fb4a914462f8c071acc8dd8b34a8fee2012a8d3e2e4f20910c8f08f320c012f1160f4d528b72120e2e146f

    Download Submit