General

  • Target

    527a0180760ee92751def15d3fa434fb6711b8122fb9ab4cf2d03d5908c7245b.apk

  • Size

    3.4MB

  • Sample

    240707-k57t5s1bpd

  • MD5

    acc0d5c1460b87386e1e1789c9626aa3

  • SHA1

    e00520a52d83d9e5f1ff2d90bf3f3f8b91e4bbc8

  • SHA256

    527a0180760ee92751def15d3fa434fb6711b8122fb9ab4cf2d03d5908c7245b

  • SHA512

    d25ad296ef20f09824e8f1981b06ed6aecf75bcf52fc926c0cb62f61dba40cadb4ac520c7652d457bf883b1a233bbda5e9da080a42c412d70ba011d57fd2e3c3

  • SSDEEP

    49152:CaahbnA50c82PJm3kUI4Jo0FKRy/uVaBhHK2xDM9ombpP9FDg7PmwAtGt+un7xST:CaapnkJP644JoRI2VFpk7ewz3n7xSDv

Malware Config

Extracted

Family

tispy

C2

https://auth.familysafty.com/TiSPY/printIPN.jsp?screen=IntroScreen&model=Pixel+2&osversion=28&deviceid=358240051014041&version=3.2.183_06Jul24&rtype=T

Targets

    • Target

      527a0180760ee92751def15d3fa434fb6711b8122fb9ab4cf2d03d5908c7245b.apk

    • Size

      3.4MB

    • MD5

      acc0d5c1460b87386e1e1789c9626aa3

    • SHA1

      e00520a52d83d9e5f1ff2d90bf3f3f8b91e4bbc8

    • SHA256

      527a0180760ee92751def15d3fa434fb6711b8122fb9ab4cf2d03d5908c7245b

    • SHA512

      d25ad296ef20f09824e8f1981b06ed6aecf75bcf52fc926c0cb62f61dba40cadb4ac520c7652d457bf883b1a233bbda5e9da080a42c412d70ba011d57fd2e3c3

    • SSDEEP

      49152:CaahbnA50c82PJm3kUI4Jo0FKRy/uVaBhHK2xDM9ombpP9FDg7PmwAtGt+un7xST:CaapnkJP644JoRI2VFpk7ewz3n7xSDv

    • TiSpy

      TiSpy is an Android stalkerware.

    • TiSpy payload

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Queries information about the current nearby Wi-Fi networks

      Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    • Queries the phone number (MSISDN for GSM devices)

    • Requests cell location

      Uses Android APIs to to get current cell location.

    • Acquires the wake lock

    • Queries information about active data network

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Queries the mobile country code (MCC)

    • Reads information about phone network operator.

MITRE ATT&CK Matrix

Tasks