General
-
Target
2f56c33c42bee595160639d4a72374fbe7fd0ad9bf14e94b7c319730bee35107
-
Size
3.2MB
-
Sample
240624-csk6lsvdqa
-
MD5
ede9e60685cb8aa814e6287f152bbd29
-
SHA1
58a29b309a8f64bd5dbc38b5a68e376e4c44c949
-
SHA256
2f56c33c42bee595160639d4a72374fbe7fd0ad9bf14e94b7c319730bee35107
-
SHA512
3f6b3f35239f4785811e045f74f2618434dec2595803ecd57c4aa49bf6f680f31175120b89356cf7b113eab45924daa4afe80910b4a1760596ca0381413b21e4
-
SSDEEP
49152:teZZ4h4nAUDCTPiimBqmErRqBFke9j2au7pvbqpR7Lf8wvix2NmyFQyoHozy+g:teZZ4inxuPGOmZ9Cx1efG2syFQyoI0
Malware Config
Extracted
tispy
https://auth.familysafty.com/TiSPY/printIPN.jsp?screen=IntroScreen&model=Pixel+2&osversion=28&deviceid=358240051014041&version=3.2.183_24Jun24&rtype=T
Targets
-
-
Target
2f56c33c42bee595160639d4a72374fbe7fd0ad9bf14e94b7c319730bee35107
-
Size
3.2MB
-
MD5
ede9e60685cb8aa814e6287f152bbd29
-
SHA1
58a29b309a8f64bd5dbc38b5a68e376e4c44c949
-
SHA256
2f56c33c42bee595160639d4a72374fbe7fd0ad9bf14e94b7c319730bee35107
-
SHA512
3f6b3f35239f4785811e045f74f2618434dec2595803ecd57c4aa49bf6f680f31175120b89356cf7b113eab45924daa4afe80910b4a1760596ca0381413b21e4
-
SSDEEP
49152:teZZ4h4nAUDCTPiimBqmErRqBFke9j2au7pvbqpR7Lf8wvix2NmyFQyoHozy+g:teZZ4inxuPGOmZ9Cx1efG2syFQyoI0
Score10/10-
TiSpy
TiSpy is an Android stalkerware.
-
TiSpy payload
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Queries information about the current nearby Wi-Fi networks
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
-
Queries the phone number (MSISDN for GSM devices)
-
Requests cell location
Uses Android APIs to to get current cell location.
-
Acquires the wake lock
-
Queries information about active data network
-
Queries information about the current Wi-Fi connection
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries the mobile country code (MCC)
-