Overview

overview

10

Static

static

6

4f10c7ffc3...07.apk

android-9-x86

10

Analysis

  • max time kernel
    27s
  • max time network
    140s
  • platform
    android_x86
  • resource
    android-x86-arm-20240611.1-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
  • submitted
    18-06-2024 16:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4f10c7ffc34e54c72c82e92f6a1d7992fb5c55ea9a98760195ccf6dc9a541107.apk

  • Size

    2.4MB

  • MD5

    f704ebe7d5ba61ea965d484361bbb672

  • SHA1

    68767821178ed2dd18f0770efbecbaa97f75c7b7

  • SHA256

    4f10c7ffc34e54c72c82e92f6a1d7992fb5c55ea9a98760195ccf6dc9a541107

  • SHA512

    f2f95ac2caed68b316d69918b201223b507e5aac172a3af23d722c299a86da21426910680678b866a41e7d703f7e07ccd72f9890a13d20a78064acbac79e0522

  • SSDEEP

    49152:A6KXkvfSeOHbvgJfU83IPCkGYYPOiSUgWNL0sA/TcnHA:bKUStHbIi83IPrSMUPNJeEHA

Score
10/10
tispycollectiondiscoveryevasioninfostealerpersistencespywaretrojan

Malware Config

Extracted

Family

tispy

C2

https://brunoespiao.com.br/esp/appprofile.jsp

Signatures

  • TiSpy

    TiSpy is an Android stalkerware.

    trojaninfostealerspywaretispy
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    discovery
  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
    discovery
  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

    collectiondiscoveryevasion
  • Acquires the wake lock 1 IoCs
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.nuwrwmqy.sgrnpwsn
    1⤵
    • Loads dropped Dex/Jar
    • Queries information about the current nearby Wi-Fi networks
    • Requests cell location
    • Acquires the wake lock
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks CPU information
    • Checks memory information
    PID:4161

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.nuwrwmqy.sgrnpwsn/databases/privatesms.db
    Filesize

    16KB

    MD5

    3621ce0aa81e37bc5c80e2cf881f1dd0

    SHA1

    00365f82dcada94caea07443656848baf60b3bd9

    SHA256

    8620d146b06037c9dc98b8788c3137344eb9d7e1f8b982ffec4c1d8549f24dd5

    SHA512

    76bb7175359d61ce39e95008269752de25769c4e274b4bcf37b920bc2cbfb680b2a4a88de860ed069655d1f47604638b0301c2c6131107cd929348895d73d2bf

    Download Submit
  • /data/data/com.nuwrwmqy.sgrnpwsn/databases/privatesms.db-journal
    Filesize

    512B

    MD5

    1d8b68ebfd963da968c15ff2d1aa2135

    SHA1

    c9f2f64b80967e8074e6755274d84df1404503ee

    SHA256

    107bdfe685edbfbc96755caafbbe32be30b36666b7dd7c149c23062389569848

    SHA512

    989964fdb4b6bdf85576bfaaffbdaba30de2d15d23e5ccc26eddd7958b6e5be7f786c9914cc10fc34fc4baa0520e54d92a2d787089f42fc9b06a41ed5970fdb2

    Download Submit
  • /data/data/com.nuwrwmqy.sgrnpwsn/databases/privatesms.db-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit
  • /data/data/com.nuwrwmqy.sgrnpwsn/databases/privatesms.db-wal
    Filesize

    28KB

    MD5

    2a03cf0243b3d3da86d3aeb10d08b5c2

    SHA1

    f682b820e4be64c6b466eba8235ef8e2c695885c

    SHA256

    bf148a07edf4bd68ef9ccabc5d5f1a40aaeee83fb84e855ded164d8e1b68fed2

    SHA512

    60be3a4a2c0c193bd22b7ea9d9f0119e9486e839d0266499beedceb7a052a4ca3570b3abf824f9cf187ebbd7d96843705762db814853e10945860f24276a72a2

    Download Submit
  • /data/data/com.nuwrwmqy.sgrnpwsn/files/477383.so
    Filesize

    145KB

    MD5

    fad0ec47f7ac508f31e2b8ce38f0bfaa

    SHA1

    334b8d474a5a2d7a09a82da3a2b064e1e93cd188

    SHA256

    48042289b55dacca46eb8490a240c0d14b4da86f173d47cc70a5cdc71dbdbe1f

    SHA512

    87760fad813907630b5df660cf26209b4681facf821f97823a5abab403e6598d94186fd19a6e7c7564baa03cc86f15e6c9b96823bb497c0ad95ce5211d325346

    Download Submit
  • /data/data/com.nuwrwmqy.sgrnpwsn/files/Background/black-wallpapers-for-smartphone-102-700x990.jpg
    Filesize

    3KB

    MD5

    4651e1fd4234ee465d6fe6349f2e178d

    SHA1

    1a86fbd1edd11fa983155172d484959760c1fc0e

    SHA256

    725ccd777793d5b05707aa28438b58a021c15b0f9cf47ace83aada6ea93a921b

    SHA512

    6962571dbc91930f4624e3c80e1ab7a5ac23f8f13ccb4587d1619c5d5f8e9731974ae954e8b9ba2e86084f8e797c6a9d49267667a98e47bd7af9e0af29686b0c

    Download Submit
  • /data/data/com.nuwrwmqy.sgrnpwsn/files/dex/nbvxqMqfKGfHfKBzh.zip
    Filesize

    535KB

    MD5

    0694f3ac46bfb9327140496abdc29529

    SHA1

    c38e09e31cd09909e4c8808cbcd06102c646bde8

    SHA256

    c48ad644fab5783d91fd59d17be1d568d445bf621ee2e705a592907be8c5c0e3

    SHA512

    629311db7aec2e37361e32d134031682d48036c3dbd1a1ef58840f2da70d17c1dee0757d08eb350056e93e27f2cb64519fb65b2ba9f32473037615c26ce726db

    Download Submit
  • /data/data/com.nuwrwmqy.sgrnpwsn/logs/Sistema1718729868481.log
    Filesize

    17KB

    MD5

    f7067ec436566186acf28af5e750f8b9

    SHA1

    3eb4f9b45f4828669ff31c8580f619ab9860c7af

    SHA256

    3e35b7bcf5e0f98f5266adb9e94c08b9b1e23202770faed66bbe7193e1f11959

    SHA512

    df46a26ba8fbd76f9a206d57930139626e2a2cb791eae093ca7552341ffe68f33662f387f5e32fb977da2b8773d7bee17e7b98b8a680292f29bb97a90c13a607

    Download Submit
  • /data/user/0/com.nuwrwmqy.sgrnpwsn/files/dex/nbvxqMqfKGfHfKBzh.zip
    Filesize

    1.3MB

    MD5

    50b78e4671840df39709a91b9170986c

    SHA1

    905279259f047d6e74b0e18663349f23201fa453

    SHA256

    964e85af9578293672294809c438b26bbe773dd989986f4e1759c6cb9452f87b

    SHA512

    9154ee3b5e0091f5e23a4201a0762abd4904a3cfa2395c80066004f84b285c12459703457ac7d405c4c9d3a011209c0876c1750cff6abf229ec7c3cc460658da

    Download Submit