Overview

overview

10

Static

static

6

6a386248e8...be.apk

android-9-x86

10

Analysis

  • max time kernel
    28s
  • max time network
    139s
  • platform
    android_x86
  • resource
    android-x86-arm-20240611.1-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
  • submitted
    19-06-2024 02:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6a386248e8856ebd0841cb70e0433189b251c4dbe9bc2dce2096d6996266abbe.apk

  • Size

    3.7MB

  • MD5

    085e45a58084320319df1ef0fffbdac4

  • SHA1

    9cb8d7e4d84c8abe52a99e373fbc91834c6aa854

  • SHA256

    6a386248e8856ebd0841cb70e0433189b251c4dbe9bc2dce2096d6996266abbe

  • SHA512

    c91b0627d0681346fc6ed00c5da21ad0537a1964061e70b5ea703e2e9c7ce682758b03fa212976b78561e9cc20036b6955f1175def6bdd5053ddc963c02791b3

  • SSDEEP

    98304:9mL/mQjQ6PB/QxfassCyjslc1FTo7lNCQhXY:KOQjRJ/QVzojs+G7XVXY

Score
10/10
tispycollectiondiscoveryevasioninfostealerpersistencespywaretrojan

Malware Config

Signatures

  • TiSpy

    TiSpy is an Android stalkerware.

    trojaninfostealerspywaretispy
  • Loads dropped Dex/Jar 1 TTPs 4 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    discovery
  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
    discovery
  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

    collectiondiscoveryevasion
  • Acquires the wake lock 1 IoCs
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence

Processes

  • com.suyriwhm.ouseqkgn
    1⤵
    • Loads dropped Dex/Jar
    • Queries information about the current nearby Wi-Fi networks
    • Requests cell location
    • Acquires the wake lock
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:4187

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.suyriwhm.ouseqkgn/databases/privatesms.db
    Filesize

    16KB

    MD5

    3621ce0aa81e37bc5c80e2cf881f1dd0

    SHA1

    00365f82dcada94caea07443656848baf60b3bd9

    SHA256

    8620d146b06037c9dc98b8788c3137344eb9d7e1f8b982ffec4c1d8549f24dd5

    SHA512

    76bb7175359d61ce39e95008269752de25769c4e274b4bcf37b920bc2cbfb680b2a4a88de860ed069655d1f47604638b0301c2c6131107cd929348895d73d2bf

    Download Submit
  • /data/data/com.suyriwhm.ouseqkgn/databases/privatesms.db-journal
    Filesize

    512B

    MD5

    6720bbb5b21b19745abe24a59cd7bb71

    SHA1

    b28f5d08374afc8b80652b4a5f874513b06b0950

    SHA256

    57f28f6a4abae03a95650098a69f1dcbacc4f45eff249a56055cc062d86be5ca

    SHA512

    a4c2059435dfa970295e910c5655f3d88204d52c2be6427e4b706f3d33deb713ce3c9ba4f78794dd17f2b70da8b9c74244de17b6d50df545b693f3d3bc284670

    Download Submit
  • /data/data/com.suyriwhm.ouseqkgn/databases/privatesms.db-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit
  • /data/data/com.suyriwhm.ouseqkgn/databases/privatesms.db-wal
    Filesize

    28KB

    MD5

    65f13e98633c9e0f1b2d9cddcb2640da

    SHA1

    726fb6a71c0419a36cae3843fc3a8a445e2f3172

    SHA256

    d09a58cd8e568a0da4ae81411c9ef2c67d69f9a5f98f89b029e8548030d25801

    SHA512

    36dfbcc32397d7701aca2bfd95fdf863d4c0bcc615dce4c6b8c63e0310f1ace30b6c75ac2a0d36c5bdd7c9ceb9583675cff90335090576fa63203fc9171b27f5

    Download Submit
  • /data/data/com.suyriwhm.ouseqkgn/files/477290.so
    Filesize

    145KB

    MD5

    5331f946769d9a26661c461c59d031d9

    SHA1

    008d623b0e0564a9a8a8cff8bd5bc327112697ed

    SHA256

    0ef7ca92ae4850cd98d6fe6aaec41901cdbaf64f12a77e110ff632bb2eda6713

    SHA512

    e041db2ece750293fb25da09570d89408325e26aa12e87bd8689bab63843edc8229b920aa8d5d6cc91bf0392ffebccb8491dde69a4495d326821b35146f93c30

    Download Submit
  • /data/data/com.suyriwhm.ouseqkgn/files/dex/1ff530525b482ffd.zip
    Filesize

    549KB

    MD5

    7b292558c6220d30f7ef769a79e05fe9

    SHA1

    9efe8e9ad9f51e446e34f8776ce0a6435111497c

    SHA256

    16a649e6236b950157c3e97efe06ba152822d2631f64bc12e815825164c4d956

    SHA512

    3e6033bb0069d451dc9c18f81cbb56bdb7074d6adae4df7c13e01e8847f13abc3284c4a0f6b0fb5f3c05f2233afd0b0bd8c20ee1f8d16783d75c3e9d6da6f26c

    Download Submit
  • /data/data/com.suyriwhm.ouseqkgn/files/dex/gSovILZiesBTWshqC.zip
    Filesize

    649KB

    MD5

    2dfb3d2eee0ea31e4b8b25c9bd6b1315

    SHA1

    f6cdd15c669ecb614fd51b5070bc96a63a4a5234

    SHA256

    aaa1e60465c5197b87a9ac67b901a71678e23e61143627ff10ab2290d377bdc2

    SHA512

    cf2ca635a8ef7c88860014b36e65124d84e986d3a85ea88a2db5534d5fbde6c8056ff8488fff32ab141e199d546416686f459aee468e9c648e88c93c0f07e2eb

    Download Submit
  • /data/data/com.suyriwhm.ouseqkgn/files/dex/pro_btn_bg_animation_img_0.jpg.zip
    Filesize

    8KB

    MD5

    7c20a2b01bf3f9df1f0abb72ebbe82be

    SHA1

    e601b2e41434623edbeece32867517a3cdec5449

    SHA256

    1a10cc3cd2dc21a9be2d2eb758fd19288082619d331245b927d0a9299462ea2e

    SHA512

    3faa6efbd3ebf6e1aff7ebe9958c5f94bbfe9c5ff9e11e9092b1b7301bbe6504c01b922d709303147e213b3cadce8e96462220a1d1bf4d6cdaec95b3f84bb1b4

    Download Submit
  • /data/data/com.suyriwhm.ouseqkgn/logs/Sistema1718762709787.log
    Filesize

    15KB

    MD5

    6555fc4460bf7c45b83af48ae74cdeb8

    SHA1

    b347d3a5786f4fa0ec50ce13e2a39d32c4910ad7

    SHA256

    a00870d9c112b10b68d6b37856b64dfe75839fed812c13fd9deebd4aba51cc4a

    SHA512

    4fa47e6c368deffcdecb4444b558be32652447f4f8ca3be6cd831fdb9a2aa3c0853d0fa7fd80c7481aa7484957c42eb229b9ff3a05b0ee8f89e1a18191bff100

    Download Submit
  • /data/user/0/com.suyriwhm.ouseqkgn/files/dex/1ff530525b482ffd.zip
    Filesize

    1.3MB

    MD5

    2591b06aa7a25be3da827dbf2364b67e

    SHA1

    4ac197bd24868b7596a1de1486fd694574bd14ba

    SHA256

    2786c5c58a43043a7450d3dcd63a92ef95e8ed1edb850b8030379a179f86fe75

    SHA512

    f78936fa3b5f67b935d9c45f67637c4026b8c814fc805747cfdc6e4e0bff743ec7beeda11c2a48b0efb11a5e5e4f7b3370111f0239fb443a3a180cb65c8866ef

    Download Submit
  • /data/user/0/com.suyriwhm.ouseqkgn/files/dex/gSovILZiesBTWshqC.zip
    Filesize

    1.7MB

    MD5

    de52e6b4f3b809e01eddd925fb53aa3a

    SHA1

    717c0abe1ce5c3aef541129a957bff94678aa98e

    SHA256

    3724dba2cd6b5acba72b422085bcd9a9c0cdb440168e514f4f8e5d8e7a30a06d

    SHA512

    3e89ddecb5941b8749561458634f151b3c7cc4cb8aafccc9e675e4017af0378a108f096ede750fded3b6326238a0abadf6706373d1b795ac5dae4bfadad2f652

    Download Submit