Overview

overview

10

Static

static

6

k.apk

android-9-x86

10

Analysis

  • max time kernel
    47s
  • max time network
    130s
  • platform
    android_x86
  • resource
    android-x86-arm-20240611.1-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
  • submitted
    14/06/2024, 02:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    k.apk

  • Size

    3.7MB

  • MD5

    085e45a58084320319df1ef0fffbdac4

  • SHA1

    9cb8d7e4d84c8abe52a99e373fbc91834c6aa854

  • SHA256

    6a386248e8856ebd0841cb70e0433189b251c4dbe9bc2dce2096d6996266abbe

  • SHA512

    c91b0627d0681346fc6ed00c5da21ad0537a1964061e70b5ea703e2e9c7ce682758b03fa212976b78561e9cc20036b6955f1175def6bdd5053ddc963c02791b3

  • SSDEEP

    98304:9mL/mQjQ6PB/QxfassCyjslc1FTo7lNCQhXY:KOQjRJ/QVzojs+G7XVXY

Score
10/10
tispycollectiondiscoveryevasioninfostealerpersistencespywaretrojan

Malware Config

Signatures

  • TiSpy

    TiSpy is an Android stalkerware.

    trojaninfostealerspywaretispy
  • Loads dropped Dex/Jar 1 TTPs 6 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    discovery
  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
    discovery
  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

    collectiondiscoveryevasion
  • Acquires the wake lock 1 IoCs
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence

Processes

  • com.suyriwhm.ouseqkgn
    1⤵
    • Loads dropped Dex/Jar
    • Queries information about the current nearby Wi-Fi networks
    • Requests cell location
    • Acquires the wake lock
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:4293
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.suyriwhm.ouseqkgn/files/dex/1ff530525b482ffd.zip --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/com.suyriwhm.ouseqkgn/files/dex/oat/x86/1ff530525b482ffd.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4352
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.suyriwhm.ouseqkgn/files/dex/gSovILZiesBTWshqC.zip --output-vdex-fd=45 --oat-fd=47 --oat-location=/data/user/0/com.suyriwhm.ouseqkgn/files/dex/oat/x86/gSovILZiesBTWshqC.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4377

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.suyriwhm.ouseqkgn/databases/privatesms.db
    Filesize

    16KB

    MD5

    3621ce0aa81e37bc5c80e2cf881f1dd0

    SHA1

    00365f82dcada94caea07443656848baf60b3bd9

    SHA256

    8620d146b06037c9dc98b8788c3137344eb9d7e1f8b982ffec4c1d8549f24dd5

    SHA512

    76bb7175359d61ce39e95008269752de25769c4e274b4bcf37b920bc2cbfb680b2a4a88de860ed069655d1f47604638b0301c2c6131107cd929348895d73d2bf

    Download Submit

  • /data/data/com.suyriwhm.ouseqkgn/databases/privatesms.db-journal
    Filesize

    512B

    MD5

    46c1f390f4381c253224da9b86f84621

    SHA1

    091b34561e974c0e6062d318bab9d8629a260576

    SHA256

    487464d55132ce6768e08d2713f8edf5ff799ea82a47b3243a4e86b0bb115783

    SHA512

    b5848f8684c723c74924846d1bc144e6b007961b00a9bbe748598e40e92eb3aa506962b59558b4775e9e14b4d9778b0eba6cd58bd771b7417d53297324d7bc3c

    Download Submit

  • /data/data/com.suyriwhm.ouseqkgn/databases/privatesms.db-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/com.suyriwhm.ouseqkgn/databases/privatesms.db-wal
    Filesize

    28KB

    MD5

    e09ee38165a102e7d6e9a5ba1e60e580

    SHA1

    394513698a5f3fe6dfe11fd23393d74201640105

    SHA256

    f540a51a7f1b590ea18e577a167fb60133df9014e6b3bb4f110d466163bcde98

    SHA512

    9572b4c9827fdf735971dab9d9c6344d6aa93d4c3129d0d84c8f6953ffd08fbd2a5257c35a15a3d523afab662cebc00f1caa34f58997629d9caa09c227c421c8

    Download Submit

  • /data/data/com.suyriwhm.ouseqkgn/files/477290.so
    Filesize

    145KB

    MD5

    5331f946769d9a26661c461c59d031d9

    SHA1

    008d623b0e0564a9a8a8cff8bd5bc327112697ed

    SHA256

    0ef7ca92ae4850cd98d6fe6aaec41901cdbaf64f12a77e110ff632bb2eda6713

    SHA512

    e041db2ece750293fb25da09570d89408325e26aa12e87bd8689bab63843edc8229b920aa8d5d6cc91bf0392ffebccb8491dde69a4495d326821b35146f93c30

    Download Submit

  • /data/data/com.suyriwhm.ouseqkgn/files/dex/1ff530525b482ffd.zip
    Filesize

    549KB

    MD5

    7b292558c6220d30f7ef769a79e05fe9

    SHA1

    9efe8e9ad9f51e446e34f8776ce0a6435111497c

    SHA256

    16a649e6236b950157c3e97efe06ba152822d2631f64bc12e815825164c4d956

    SHA512

    3e6033bb0069d451dc9c18f81cbb56bdb7074d6adae4df7c13e01e8847f13abc3284c4a0f6b0fb5f3c05f2233afd0b0bd8c20ee1f8d16783d75c3e9d6da6f26c

    Download Submit

  • /data/data/com.suyriwhm.ouseqkgn/files/dex/gSovILZiesBTWshqC.zip
    Filesize

    649KB

    MD5

    2dfb3d2eee0ea31e4b8b25c9bd6b1315

    SHA1

    f6cdd15c669ecb614fd51b5070bc96a63a4a5234

    SHA256

    aaa1e60465c5197b87a9ac67b901a71678e23e61143627ff10ab2290d377bdc2

    SHA512

    cf2ca635a8ef7c88860014b36e65124d84e986d3a85ea88a2db5534d5fbde6c8056ff8488fff32ab141e199d546416686f459aee468e9c648e88c93c0f07e2eb

    Download Submit

  • /data/data/com.suyriwhm.ouseqkgn/files/dex/pro_btn_bg_animation_img_0.jpg.zip
    Filesize

    8KB

    MD5

    7c20a2b01bf3f9df1f0abb72ebbe82be

    SHA1

    e601b2e41434623edbeece32867517a3cdec5449

    SHA256

    1a10cc3cd2dc21a9be2d2eb758fd19288082619d331245b927d0a9299462ea2e

    SHA512

    3faa6efbd3ebf6e1aff7ebe9958c5f94bbfe9c5ff9e11e9092b1b7301bbe6504c01b922d709303147e213b3cadce8e96462220a1d1bf4d6cdaec95b3f84bb1b4

    Download Submit

  • /data/data/com.suyriwhm.ouseqkgn/logs/Sistema1718330962133.log
    Filesize

    15KB

    MD5

    26d627710fc1dad781495f586f2f5ec9

    SHA1

    47ee8461789cb4690e528a9a36916217ff371e84

    SHA256

    05c5d48f838c097728ac320c5b32d4f843fd22412b0fd9b4fb02cdca7fb888a1

    SHA512

    c5093ab1f9ed06b56d78ef12904ccb62ee53b11ea815b3e35e0426334753df8892b80d6cd02e60c967dba7613b2ad0e4ac18d184d6ab03fa1a8a6ea46c57d374

    Download Submit

  • /data/user/0/com.suyriwhm.ouseqkgn/files/dex/1ff530525b482ffd.zip
    Filesize

    1.3MB

    MD5

    ecbf331b2f228fa46a091b23b5a1fdc8

    SHA1

    7ecdc443c515c0f315ed8b7ff48e09a2869b82f7

    SHA256

    dcba48863964f874f10917608edf99628682b3f4aac60ffe67c38da674c7311f

    SHA512

    8d032776f2e91978d3ccf1259cbcf0d8a0acc2e0d4701a0f40e2d038a13cd8c40d6e99f84ea7aa4c6882729de52bd82feb9b19c05949a6e2429a75a9d3f04e9f

    Download Submit

  • /data/user/0/com.suyriwhm.ouseqkgn/files/dex/1ff530525b482ffd.zip
    Filesize

    1.3MB

    MD5

    2591b06aa7a25be3da827dbf2364b67e

    SHA1

    4ac197bd24868b7596a1de1486fd694574bd14ba

    SHA256

    2786c5c58a43043a7450d3dcd63a92ef95e8ed1edb850b8030379a179f86fe75

    SHA512

    f78936fa3b5f67b935d9c45f67637c4026b8c814fc805747cfdc6e4e0bff743ec7beeda11c2a48b0efb11a5e5e4f7b3370111f0239fb443a3a180cb65c8866ef

    Download Submit

  • /data/user/0/com.suyriwhm.ouseqkgn/files/dex/gSovILZiesBTWshqC.zip
    Filesize

    1.7MB

    MD5

    969c5bb4705f4cef8da8829c583ea901

    SHA1

    ec8ebfa963243092b19f09ff5a9afa7ea1091352

    SHA256

    c37a1a0955e2cebee5515438b785a89fab33e42d3752c39c52867d4a7787239b

    SHA512

    3a05a1d461cad47a75727ad4f68e11438859c0e0c45beb0482dd7273b93aafbd1e91eb18c4244912e4ee54c9a47c46338c3293f4acb3fdc739197f492741eab9

    Download Submit

  • /data/user/0/com.suyriwhm.ouseqkgn/files/dex/gSovILZiesBTWshqC.zip
    Filesize

    1.7MB

    MD5

    de52e6b4f3b809e01eddd925fb53aa3a

    SHA1

    717c0abe1ce5c3aef541129a957bff94678aa98e

    SHA256

    3724dba2cd6b5acba72b422085bcd9a9c0cdb440168e514f4f8e5d8e7a30a06d

    SHA512

    3e89ddecb5941b8749561458634f151b3c7cc4cb8aafccc9e675e4017af0378a108f096ede750fded3b6326238a0abadf6706373d1b795ac5dae4bfadad2f652

    Download Submit