Overview

overview

10

Static

static

6

bruno-sis2.apk

android-9-x86

10

Analysis

  • max time kernel
    47s
  • max time network
    159s
  • platform
    android_x86
  • resource
    android-x86-arm-20240611.1-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
  • submitted
    17-06-2024 02:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bruno-sis2.apk

  • Size

    2.4MB

  • MD5

    8ae80fb68d0f1da36dff68a85ee5f4e4

  • SHA1

    43ff16331a14389cc132a0ddbad4894389df9910

  • SHA256

    f6a6fe13690fb23df4afe0060a4cdbe2bc1efb12e4f049a230598dded5c48c05

  • SHA512

    15de700f6a8cd775b717f40e5d595aed5737a6163c818d3ef0ff58734c2c69ba325627f05647e7c849247d5a476d993a5c784e7692a4ecc3f68b16b25b9aa270

  • SSDEEP

    49152:+kHmU/4S/89wYgVFl7BPuGOciJFpZO/yw5EEO:+kH9l/84TFBPupx8/ynEO

Score
10/10
tispycollectiondiscoveryevasioninfostealerpersistencespywaretrojan

Malware Config

Extracted

Family

tispy

C2

https://brunoespiao.com.br/esp/appprofile.jsp

Signatures

  • TiSpy

    TiSpy is an Android stalkerware.

    trojaninfostealerspywaretispy
  • Loads dropped Dex/Jar 1 TTPs 3 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    discovery
  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
    discovery
  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

    collectiondiscoveryevasion
  • Acquires the wake lock 1 IoCs
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.sswfgxuv.zziiefmo
    1⤵
    • Loads dropped Dex/Jar
    • Queries information about the current nearby Wi-Fi networks
    • Requests cell location
    • Acquires the wake lock
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks CPU information
    • Checks memory information
    PID:4287
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.sswfgxuv.zziiefmo/files/dex/rCDSiPEQHdtkxvsQU.zip --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/com.sswfgxuv.zziiefmo/files/dex/oat/x86/rCDSiPEQHdtkxvsQU.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4349

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.sswfgxuv.zziiefmo/databases/privatesms.db
    Filesize

    16KB

    MD5

    3621ce0aa81e37bc5c80e2cf881f1dd0

    SHA1

    00365f82dcada94caea07443656848baf60b3bd9

    SHA256

    8620d146b06037c9dc98b8788c3137344eb9d7e1f8b982ffec4c1d8549f24dd5

    SHA512

    76bb7175359d61ce39e95008269752de25769c4e274b4bcf37b920bc2cbfb680b2a4a88de860ed069655d1f47604638b0301c2c6131107cd929348895d73d2bf

    Download Submit
  • /data/data/com.sswfgxuv.zziiefmo/databases/privatesms.db-journal
    Filesize

    512B

    MD5

    7175abf308d67693a51ab7e9e6d1f1a4

    SHA1

    47409f43d2f2aa2cdcf0b6b0ed743da8c68c23b5

    SHA256

    76bf7bb3e2ff618c1efaa57c291fbc937181c54a644d0442d518eae02f950555

    SHA512

    da61c9aa9746bea9596f08f4b298cbe7352df689a4b9afa3e8b3255b503685d7cd79319e2750f65d12a3614e2df817972ae1b5f755d80fe9d8f5f65261ddba03

    Download Submit
  • /data/data/com.sswfgxuv.zziiefmo/databases/privatesms.db-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit
  • /data/data/com.sswfgxuv.zziiefmo/databases/privatesms.db-wal
    Filesize

    28KB

    MD5

    0d4de549a575992763e464f56f833eea

    SHA1

    22c20a229e0171b47adb14594c12fb990a05eef2

    SHA256

    a7d84a4e30bf514a352670d124ca1f993c498137cb00fcd57853b012e86b5d8f

    SHA512

    f5f178e486e00f32eca8a8fd0e2ebd33989bbe223aec489dc3e5edb45b6ff6d9ea35bfca070bb52f20637779a4c68520755698aa504563bd42ee3bb521940d26

    Download Submit
  • /data/data/com.sswfgxuv.zziiefmo/files/477383.so
    Filesize

    145KB

    MD5

    f274913439bbffdc771318f370e4c4f1

    SHA1

    18c0a156ed8af41198bdd8b1c0473cfe1d8dcfcf

    SHA256

    aa347b304b3b63c10d09b4736d6dc5ee44afe366596702d03bdda9f8ec6823f7

    SHA512

    a1a74ad442c85c8542a20d1e0ac1d87d4dc557dc26490d296c78cd6a111808316dcf1dea6d5c5d52e609ae2d96017daaa1cb0fcf949a66982e90c841e3e8a110

    Download Submit
  • /data/data/com.sswfgxuv.zziiefmo/files/Background/black-wallpapers-for-smartphone-102-700x990.jpg
    Filesize

    3KB

    MD5

    4651e1fd4234ee465d6fe6349f2e178d

    SHA1

    1a86fbd1edd11fa983155172d484959760c1fc0e

    SHA256

    725ccd777793d5b05707aa28438b58a021c15b0f9cf47ace83aada6ea93a921b

    SHA512

    6962571dbc91930f4624e3c80e1ab7a5ac23f8f13ccb4587d1619c5d5f8e9731974ae954e8b9ba2e86084f8e797c6a9d49267667a98e47bd7af9e0af29686b0c

    Download Submit
  • /data/data/com.sswfgxuv.zziiefmo/files/dex/rCDSiPEQHdtkxvsQU.zip
    Filesize

    532KB

    MD5

    5973d3e473e4f00e495515e671b27388

    SHA1

    f19c7c825f5b6ed3732d980f2fc4a90bd6b1f225

    SHA256

    6e0059d51d8bebb0915c52b57aa2f2f339754a7ea0963cd4cc5a735752f0733d

    SHA512

    127e326ab9a8a24be1beeb546187f56e8abf33fc02488c161b8f27f80cd1c1b578a6426472b1d1b3e7df4da7abce585d716a74caa51a20c2ea5af16961614227

    Download Submit
  • /data/data/com.sswfgxuv.zziiefmo/logs/Sistema1718590359917.log
    Filesize

    17KB

    MD5

    a4bd4c2d1ebe08d9198b5a66a1178256

    SHA1

    75fc957662558c17b2c54a06af82051665ec16e0

    SHA256

    0bc4081a75e5ff38d7f2609e95d451eca727585e52360110ba64008a3da8e5f2

    SHA512

    2f8d5cd3a4309183c5b0977c510dae6455873a01eae253dd400ec39ebf11ab3d16f8e8ba4ec91b9ac747684f3513c1945269c6a0d14345b1cfae1dbdb591d621

    Download Submit
  • /data/user/0/com.sswfgxuv.zziiefmo/files/dex/rCDSiPEQHdtkxvsQU.zip
    Filesize

    1.3MB

    MD5

    c5dc81b97f83eebad9bbf85ecb5e071c

    SHA1

    e5b691ae4b189e52a70bbcb5dbcbf900ebfe6d67

    SHA256

    ac83c01ddae008787a1a94e4b7f06dd9999da4eeead756984a9ffbf4360624e5

    SHA512

    f13c8660be7760729952c4241f23840c87ab62d3211dac6a41c1a8554f9bef5343a0c47eefaf995446d42e0bc1a1d13892387f2fe1a7c4be01b4b4dfc5e22c3d

    Download Submit
  • /data/user/0/com.sswfgxuv.zziiefmo/files/dex/rCDSiPEQHdtkxvsQU.zip
    Filesize

    1.3MB

    MD5

    cd79b67c61a1d657154b54ba773d648b

    SHA1

    5785a7996d0182bf82885372888f339f2aa0a8c2

    SHA256

    35ca113c3a79f4b7b786e310b87163d378d0ceda33ae4d1f254ce0d974d6e336

    SHA512

    6aed872617f3ed06458cf3b909c1d479ddebe5bdad3f7b7af7c532f27c0ce7f355202b7b26078131ba3bc5c53a54c85fe8b3e2913c8dbf1f95369e417f05a3cf

    Download Submit