General

  • Target

    b425ec7a8a3718744fea6fb6dd012454eeeaa0aa44008da9d7d8000d8cea0009.apk

  • Size

    2.4MB

  • Sample

    240731-12157awckn

  • MD5

    594512812ebc62a8da054e6d76c7804b

  • SHA1

    37f6e5e6bc0e7db45899815b3b0ad3872b046a69

  • SHA256

    b425ec7a8a3718744fea6fb6dd012454eeeaa0aa44008da9d7d8000d8cea0009

  • SHA512

    fcbd697c62cffb415d535484df5aedac5d999e56d06fd7339004b991ea8f9e205650a96d8fb6b106975a90c32d60aef6da3881ee4b5f4e0e816441a2b7889423

  • SSDEEP

    49152:0ceEvHSvdCLZyxxNVnfdejS6ZdzHRST007XjUFjDn4JhfkxfNwIi6p:0claVCoXUdzHRSTFjUFjD4Df0NwJo

Malware Config

Extracted

Family

tispy

C2

https://brunoespiao.com.br/esp/appprofile.jsp

Targets

    • Target

      b425ec7a8a3718744fea6fb6dd012454eeeaa0aa44008da9d7d8000d8cea0009.apk

    • Size

      2.4MB

    • MD5

      594512812ebc62a8da054e6d76c7804b

    • SHA1

      37f6e5e6bc0e7db45899815b3b0ad3872b046a69

    • SHA256

      b425ec7a8a3718744fea6fb6dd012454eeeaa0aa44008da9d7d8000d8cea0009

    • SHA512

      fcbd697c62cffb415d535484df5aedac5d999e56d06fd7339004b991ea8f9e205650a96d8fb6b106975a90c32d60aef6da3881ee4b5f4e0e816441a2b7889423

    • SSDEEP

      49152:0ceEvHSvdCLZyxxNVnfdejS6ZdzHRST007XjUFjDn4JhfkxfNwIi6p:0claVCoXUdzHRSTFjUFjD4Df0NwJo

    • TiSpy

      TiSpy is an Android stalkerware.

    • Checks if the Android device is rooted.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    • Queries information about the current nearby Wi-Fi networks

      Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    • Queries the phone number (MSISDN for GSM devices)

    • Reads the contacts stored on the device.

    • Requests cell location

      Uses Android APIs to to get current cell location.

    • Acquires the wake lock

    • Queries information about active data network

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Queries the mobile country code (MCC)

    • Reads information about phone network operator.

MITRE ATT&CK Mobile v15

Tasks