Overview

overview

10

Static

static

6

b2af3a2bc1...30.apk

android-9-x86

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    500fade2f90314f688edf402c3441d63.bin

  • Size

    2.1MB

  • Sample

    240611-cmmggs1cmj

  • MD5

    c01ac2b33969015120662fb0394520a4

  • SHA1

    9faebb9eeb23bed88d467436b7ebb576068d7061

  • SHA256

    cc3620af714ca663132fcf4c065a0074018c8a9f4bd8726d48434ad005de4bec

  • SHA512

    671e77492a2f2856bb907f0f3d60645a1e1f17044104b9e3968d6470edc28d00673a46697eef0c412f5a91d8aa2d8e953666d576b49484b1516f6d052a56c4fa

  • SSDEEP

    49152:bttPuXt2Swdr3T1HXnm0FzWas30bKgBzKhdkpWRATo3LwRGi3Gm5btS:xpuXWdTpnm0FBWnKzK8i+8LwTGm5b0

Score
10/10
tispyandroidcollectiondiscoveryevasioninfostealerpersistencespywaretrojan

Malware Config

Extracted

Family

tispy

C2

https://brunoespiao.com.br/esp/appprofile.jsp

Targets

    • Target

      b2af3a2bc113a7135989dde1e214f846c9defc8da474395a63faec1c92528130.apk

    • Size

      2.4MB

    • MD5

      500fade2f90314f688edf402c3441d63

    • SHA1

      2319f80bbff1c5e090ff90f65352d3ee0f7e1654

    • SHA256

      b2af3a2bc113a7135989dde1e214f846c9defc8da474395a63faec1c92528130

    • SHA512

      904145ba481e6f2b04852c85d001eb6d252a9d36299f6ed2fbe3a109c6312f475a02f99bb724c9a72d58e91a51fc9583160b2088d62f3917eded5a6811137e78

    • SSDEEP

      49152:BK7t+UXZSiWX5O4MwmWhL0mDIm3T9XtOLt/6dK/uW2v:s7t14LX44MOZIU9X216dKK

    Score
    10/10
    tispycollectiondiscoveryevasioninfostealerpersistencespywaretrojan

    • TiSpy

      TiSpy is an Android stalkerware.

      trojaninfostealerspywaretispy

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Queries information about the current nearby Wi-Fi networks

      Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

      discovery

    • Queries the phone number (MSISDN for GSM devices)

      discovery

    • Requests cell location

      Uses Android APIs to to get current cell location.

      collectiondiscoveryevasion

    • Acquires the wake lock

    • Queries information about active data network

      discovery

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

      discovery

    • Queries the mobile country code (MCC)

      discovery

    • Reads information about phone network operator.

      discovery
    behavioral1

MITRE ATT&CK Mobile v15

Tasks