Overview

overview

10

Static

static

6

f6a6fe1369...05.apk

android-9-x86

10

Analysis

  • max time kernel
    47s
  • max time network
    130s
  • platform
    android_x86
  • resource
    android-x86-arm-20240611.1-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
  • submitted
    18-06-2024 19:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f6a6fe13690fb23df4afe0060a4cdbe2bc1efb12e4f049a230598dded5c48c05.apk

  • Size

    2.4MB

  • MD5

    8ae80fb68d0f1da36dff68a85ee5f4e4

  • SHA1

    43ff16331a14389cc132a0ddbad4894389df9910

  • SHA256

    f6a6fe13690fb23df4afe0060a4cdbe2bc1efb12e4f049a230598dded5c48c05

  • SHA512

    15de700f6a8cd775b717f40e5d595aed5737a6163c818d3ef0ff58734c2c69ba325627f05647e7c849247d5a476d993a5c784e7692a4ecc3f68b16b25b9aa270

  • SSDEEP

    49152:+kHmU/4S/89wYgVFl7BPuGOciJFpZO/yw5EEO:+kH9l/84TFBPupx8/ynEO

Score
10/10
tispycollectiondiscoveryevasioninfostealerpersistencespywaretrojan

Malware Config

Extracted

Family

tispy

C2

https://brunoespiao.com.br/esp/appprofile.jsp

Signatures

  • TiSpy

    TiSpy is an Android stalkerware.

    trojaninfostealerspywaretispy
  • Loads dropped Dex/Jar 1 TTPs 3 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    discovery
  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
    discovery
  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

    collectiondiscoveryevasion
  • Acquires the wake lock 1 IoCs
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.sswfgxuv.zziiefmo
    1⤵
    • Loads dropped Dex/Jar
    • Queries information about the current nearby Wi-Fi networks
    • Requests cell location
    • Acquires the wake lock
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks CPU information
    • Checks memory information
    PID:4237
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.sswfgxuv.zziiefmo/files/dex/rCDSiPEQHdtkxvsQU.zip --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/com.sswfgxuv.zziiefmo/files/dex/oat/x86/rCDSiPEQHdtkxvsQU.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4296

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.sswfgxuv.zziiefmo/databases/privatesms.db
    Filesize

    16KB

    MD5

    3621ce0aa81e37bc5c80e2cf881f1dd0

    SHA1

    00365f82dcada94caea07443656848baf60b3bd9

    SHA256

    8620d146b06037c9dc98b8788c3137344eb9d7e1f8b982ffec4c1d8549f24dd5

    SHA512

    76bb7175359d61ce39e95008269752de25769c4e274b4bcf37b920bc2cbfb680b2a4a88de860ed069655d1f47604638b0301c2c6131107cd929348895d73d2bf

    Download Submit
  • /data/data/com.sswfgxuv.zziiefmo/databases/privatesms.db-journal
    Filesize

    512B

    MD5

    5b2d7c7a4b0686538cdf9e5fed26c217

    SHA1

    552cbf9717fd5ce8502bd3c7a2d2aa55cd7e04c7

    SHA256

    ac3f562d6dadcca144ac742327bfb9c2251d01985d668d304814771348f0ddbb

    SHA512

    d19cfb4f320f185bdf6ce88d4b4e7cda44804a8deae73ea0e9693c4f5ffc0eab06471e0a9dba46d8701a379e3083f3b9148ea48cdff9e9c1a1174e576fa023d0

    Download Submit
  • /data/data/com.sswfgxuv.zziiefmo/databases/privatesms.db-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit
  • /data/data/com.sswfgxuv.zziiefmo/databases/privatesms.db-wal
    Filesize

    28KB

    MD5

    724d869d463a8a0a67b1a1a967b4aba4

    SHA1

    0b95063daf38c82c17e9b4ce2f2b02c95d7ec822

    SHA256

    b001673ffa72ce3020c23becb6bc1b190e4a7fd8994ea05e391db63cc88cacd4

    SHA512

    06cc6390bc03b82bb78b44e63e6a93ec3eada006a04b45e098f2567f4cc6f3650d31095793623a056e2640dc1b6f09b6e245899f0fc7ac33b47dfd2952108158

    Download Submit
  • /data/data/com.sswfgxuv.zziiefmo/files/477383.so
    Filesize

    145KB

    MD5

    f274913439bbffdc771318f370e4c4f1

    SHA1

    18c0a156ed8af41198bdd8b1c0473cfe1d8dcfcf

    SHA256

    aa347b304b3b63c10d09b4736d6dc5ee44afe366596702d03bdda9f8ec6823f7

    SHA512

    a1a74ad442c85c8542a20d1e0ac1d87d4dc557dc26490d296c78cd6a111808316dcf1dea6d5c5d52e609ae2d96017daaa1cb0fcf949a66982e90c841e3e8a110

    Download Submit
  • /data/data/com.sswfgxuv.zziiefmo/files/Background/black-wallpapers-for-smartphone-102-700x990.jpg
    Filesize

    3KB

    MD5

    4651e1fd4234ee465d6fe6349f2e178d

    SHA1

    1a86fbd1edd11fa983155172d484959760c1fc0e

    SHA256

    725ccd777793d5b05707aa28438b58a021c15b0f9cf47ace83aada6ea93a921b

    SHA512

    6962571dbc91930f4624e3c80e1ab7a5ac23f8f13ccb4587d1619c5d5f8e9731974ae954e8b9ba2e86084f8e797c6a9d49267667a98e47bd7af9e0af29686b0c

    Download Submit
  • /data/data/com.sswfgxuv.zziiefmo/files/dex/rCDSiPEQHdtkxvsQU.zip
    Filesize

    532KB

    MD5

    5973d3e473e4f00e495515e671b27388

    SHA1

    f19c7c825f5b6ed3732d980f2fc4a90bd6b1f225

    SHA256

    6e0059d51d8bebb0915c52b57aa2f2f339754a7ea0963cd4cc5a735752f0733d

    SHA512

    127e326ab9a8a24be1beeb546187f56e8abf33fc02488c161b8f27f80cd1c1b578a6426472b1d1b3e7df4da7abce585d716a74caa51a20c2ea5af16961614227

    Download Submit
  • /data/data/com.sswfgxuv.zziiefmo/logs/Sistema1718739016076.log
    Filesize

    17KB

    MD5

    7cf0790e086f11b296187992c8995e9e

    SHA1

    6ee901617f8b6794f2ff1d0ce31a7eef984bf6e8

    SHA256

    da8564494d15b103f8e781ebbfb6b41ffac0d1b4ab1b431387d5f9b3c24c26dd

    SHA512

    b656f76af9fe7344d31ae08eb603c9891373d27463d1e56da6ee6029664337129d2218d0a790ab2c07bc28569daa39c0f9829cf65ea94e7d772b434833bdfc24

    Download Submit
  • /data/user/0/com.sswfgxuv.zziiefmo/files/dex/rCDSiPEQHdtkxvsQU.zip
    Filesize

    1.3MB

    MD5

    c5dc81b97f83eebad9bbf85ecb5e071c

    SHA1

    e5b691ae4b189e52a70bbcb5dbcbf900ebfe6d67

    SHA256

    ac83c01ddae008787a1a94e4b7f06dd9999da4eeead756984a9ffbf4360624e5

    SHA512

    f13c8660be7760729952c4241f23840c87ab62d3211dac6a41c1a8554f9bef5343a0c47eefaf995446d42e0bc1a1d13892387f2fe1a7c4be01b4b4dfc5e22c3d

    Download Submit
  • /data/user/0/com.sswfgxuv.zziiefmo/files/dex/rCDSiPEQHdtkxvsQU.zip
    Filesize

    1.3MB

    MD5

    cd79b67c61a1d657154b54ba773d648b

    SHA1

    5785a7996d0182bf82885372888f339f2aa0a8c2

    SHA256

    35ca113c3a79f4b7b786e310b87163d378d0ceda33ae4d1f254ce0d974d6e336

    SHA512

    6aed872617f3ed06458cf3b909c1d479ddebe5bdad3f7b7af7c532f27c0ce7f355202b7b26078131ba3bc5c53a54c85fe8b3e2913c8dbf1f95369e417f05a3cf

    Download Submit