General

  • Target

    k.apk

  • Size

    3.7MB

  • Sample

    240709-ck49hstbqd

  • MD5

    9218aadce3b27c5cf4e8d5fa3038f703

  • SHA1

    77809c02299adab5b257c1e8825e9c925eb50eeb

  • SHA256

    197d87c6e67ec4b70b72317fdeebef988c7bad119e599406bb9da885a8a788cf

  • SHA512

    c4a111857538a0727456c7963287401e1b6dd97932bdfd0f212fa880d921f64f34c46e7ad1cd27fafa6e9beae833c1360493e7f41dcff6b89e0b8edf0f74a5f1

  • SSDEEP

    98304:km68q/jaP3ozhT3j7p1OFrET9t9+Sheo69Q:QH/jaPoT3fpEFrE5t9pzGQ

Malware Config

Targets

    • Target

      k.apk

    • Size

      3.7MB

    • MD5

      9218aadce3b27c5cf4e8d5fa3038f703

    • SHA1

      77809c02299adab5b257c1e8825e9c925eb50eeb

    • SHA256

      197d87c6e67ec4b70b72317fdeebef988c7bad119e599406bb9da885a8a788cf

    • SHA512

      c4a111857538a0727456c7963287401e1b6dd97932bdfd0f212fa880d921f64f34c46e7ad1cd27fafa6e9beae833c1360493e7f41dcff6b89e0b8edf0f74a5f1

    • SSDEEP

      98304:km68q/jaP3ozhT3j7p1OFrET9t9+Sheo69Q:QH/jaPoT3fpEFrE5t9pzGQ

    • TiSpy

      TiSpy is an Android stalkerware.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Queries information about the current nearby Wi-Fi networks

      Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    • Queries the phone number (MSISDN for GSM devices)

    • Requests cell location

      Uses Android APIs to to get current cell location.

    • Acquires the wake lock

    • Queries information about active data network

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Queries the mobile country code (MCC)

    • Reads information about phone network operator.

MITRE ATT&CK Matrix

Tasks