General
-
Target
968e34afae7c01ac60e27c91683c500238f81140a475718a0a503043478663e7
-
Size
3.5MB
-
Sample
240802-cngbvsvble
-
MD5
73cc296e7cf5fb25f2c9bc84feced166
-
SHA1
f50713bdb940264f4c3a75165ac2a7d73f1e9fb3
-
SHA256
968e34afae7c01ac60e27c91683c500238f81140a475718a0a503043478663e7
-
SHA512
987397db71888bb6b30fd98000f4b6bf80cfb192c2be5a770bf1e37acb7117c66424ffce5d63f802cbe355344a828a8680247691d8a761338a5dc4ff2f30df71
-
SSDEEP
98304:7Aj8nuQPDfZr4GMGLwYPrabjEF2TEvKJN0obK:7luQbRUGXzaHBAvKJN0o2
Malware Config
Extracted
tispy
https://auth.familysafty.com/TiSPY/printIPN.jsp?screen=IntroScreen&model=Pixel+2&osversion=28&deviceid=358240051014041&version=3.2.183_02Aug24&rtype=T
Targets
-
-
Target
968e34afae7c01ac60e27c91683c500238f81140a475718a0a503043478663e7
-
Size
3.5MB
-
MD5
73cc296e7cf5fb25f2c9bc84feced166
-
SHA1
f50713bdb940264f4c3a75165ac2a7d73f1e9fb3
-
SHA256
968e34afae7c01ac60e27c91683c500238f81140a475718a0a503043478663e7
-
SHA512
987397db71888bb6b30fd98000f4b6bf80cfb192c2be5a770bf1e37acb7117c66424ffce5d63f802cbe355344a828a8680247691d8a761338a5dc4ff2f30df71
-
SSDEEP
98304:7Aj8nuQPDfZr4GMGLwYPrabjEF2TEvKJN0obK:7luQbRUGXzaHBAvKJN0o2
Score10/10-
TiSpy
TiSpy is an Android stalkerware.
-
TiSpy payload
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Queries information about the current nearby Wi-Fi networks
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
-
Queries the phone number (MSISDN for GSM devices)
-
Requests cell location
Uses Android APIs to to get current cell location.
-
Acquires the wake lock
-
Queries information about active data network
-
Queries information about the current Wi-Fi connection
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries the mobile country code (MCC)
-
Reads information about phone network operator.
-