General
-
Target
c35983b0754cf274ea4c071bd2f9c0fb45972e893d805f62ec8a1fc8ee97e9e3
-
Size
2.4MB
-
Sample
240615-ck2tdswbje
-
MD5
b8a1d58e2865c0b2b9ede0a884eac8b8
-
SHA1
5ed0813f4d0434e3e25395b3adba50f69c2f514d
-
SHA256
c35983b0754cf274ea4c071bd2f9c0fb45972e893d805f62ec8a1fc8ee97e9e3
-
SHA512
fea468fc2ac2f5a5f53b2f955b30e6953c99ab4fe037cddf812b4a3aab36f715a538ad9ee82743ad00613eae6b857320143b658fc86f05843db3a7fe9d9e2b7b
-
SSDEEP
49152:yabWGUffStZRIBZ7c6I+17Wi172EPV9YZ12z3RwnQHsm:yabWlStZRI37c6b7LEjeW+sm
Malware Config
Extracted
tispy
https://brunoespiao.com.br/esp/appprofile.jsp
Targets
-
-
Target
c35983b0754cf274ea4c071bd2f9c0fb45972e893d805f62ec8a1fc8ee97e9e3
-
Size
2.4MB
-
MD5
b8a1d58e2865c0b2b9ede0a884eac8b8
-
SHA1
5ed0813f4d0434e3e25395b3adba50f69c2f514d
-
SHA256
c35983b0754cf274ea4c071bd2f9c0fb45972e893d805f62ec8a1fc8ee97e9e3
-
SHA512
fea468fc2ac2f5a5f53b2f955b30e6953c99ab4fe037cddf812b4a3aab36f715a538ad9ee82743ad00613eae6b857320143b658fc86f05843db3a7fe9d9e2b7b
-
SSDEEP
49152:yabWGUffStZRIBZ7c6I+17Wi172EPV9YZ12z3RwnQHsm:yabWlStZRI37c6b7LEjeW+sm
Score10/10-
TiSpy
TiSpy is an Android stalkerware.
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Queries information about the current nearby Wi-Fi networks
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
-
Queries the phone number (MSISDN for GSM devices)
-
Requests cell location
Uses Android APIs to to get current cell location.
-
Acquires the wake lock
-
Queries information about active data network
-
Queries information about the current Wi-Fi connection
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries the mobile country code (MCC)
-
Reads information about phone network operator.
-
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Execution Guardrails
1Geofencing
1Virtualization/Sandbox Evasion
2System Checks
2