General
-
Target
51baf4bc48db631e887ded88c0beb05b7a2f6f26ad2d122ee7c6cca6678752f5.zip
-
Size
32.5MB
-
Sample
240805-brn1fasfqj
-
MD5
a58b72237a14d709c6eea04b73049210
-
SHA1
786a2d070ea75d7fd858ebd93869063fedd6d705
-
SHA256
51baf4bc48db631e887ded88c0beb05b7a2f6f26ad2d122ee7c6cca6678752f5
-
SHA512
978b868d4ce591570f722d167e14f2b6533d3b341bdaac1048fb3d1196ad26b2009269514d29b5aeb12aa75697ae556ebd3c88af1ed4ea00f8c83289fff7a9b9
-
SSDEEP
786432:xDWCPFc6LHxrdAxglUJMtJg9GzAl8g5lf/F9M6GvHzn9:sUzjxrdAxxJM+l8g5lDM6Gj9
Malware Config
Extracted
tispy
https://auth.familysafty.com/TiSPY/printIPN.jsp?screen=IntroScreen&model=Pixel+2&osversion=28&deviceid=358240051014041&version=3.2.183_22Jun24&rtype=T
https://auth.familysafty.com/TiSPY/printIPN.jsp?screen=IntroScreen&model=Pixel+2&osversion=28&deviceid=358240051014041&version=3.2.183_21Jun24&rtype=T
Targets
-
-
Target
1777a2ba85f831e41c6a60418f84205c9de9c66402f9b7e5be13d29c543a42b0.apk
-
Size
3.2MB
-
MD5
14623d7dc9a647db6984cc6dfdfa2f63
-
SHA1
4784359d681992c1db6e4221a5e51f01c306c24d
-
SHA256
1777a2ba85f831e41c6a60418f84205c9de9c66402f9b7e5be13d29c543a42b0
-
SHA512
955dcf412c8f8dc62562465f0cf0a359fd11c31739e8dbb0d53b75fe5fc24376914f85517dc9ee88763072a5d855e2b9200e801ea906b58119f9736b6e41689f
-
SSDEEP
49152:kkQ7hynArFFP/RI5cHF2+XwTn8JBvvrMNvrsdKcWVftaWcSFhidvbKCH9B8zTAI:kkQ7Qn+nPD2+AIfMtrs09A7dvb5dBA
Score10/10-
TiSpy
TiSpy is an Android stalkerware.
-
TiSpy payload
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Queries information about the current nearby Wi-Fi networks
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
-
Queries the phone number (MSISDN for GSM devices)
-
Requests cell location
Uses Android APIs to to get current cell location.
-
Acquires the wake lock
-
Queries information about active data network
-
Queries information about the current Wi-Fi connection
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries the mobile country code (MCC)
-
Reads information about phone network operator.
-
-
-
Target
5251a356421340a45c8dc6d431ef8a8cbca4078a0305a87f4fbd552e9fc0793e.apk
-
Size
2.7MB
-
MD5
2ddbc785cd696041c5b0c3bd1a8af552
-
SHA1
1269636a5197ee7a1402e406c91177bf6a149652
-
SHA256
5251a356421340a45c8dc6d431ef8a8cbca4078a0305a87f4fbd552e9fc0793e
-
SHA512
30e3187fa0c65981ae80f0bfae4ac753020ceb591d9c001a809040fac08795ab2cb04d9a95645a025d15008c4057f14a84826bec86b75453f389ac52d9b8a1e5
-
SSDEEP
49152:VPctdtUtD6iJjM2M7xZkQPctdtUtD6yJjM2M7xZkpPctdtUtD62JjM2M7xZknJjj:VP04D6ojkxlP04D64jkx4P04D6sjkxin
Score1/10 -
-
-
Target
7c44519e51cc203cdd23f27cefe7cf99de34abddf947ba55951721725f15aa57.apk
-
Size
3.2MB
-
MD5
2f73a6fe62a8ac27d658f15b1dc9a287
-
SHA1
a40118f9d9a54938e6e261ee242716ac3a761e89
-
SHA256
7c44519e51cc203cdd23f27cefe7cf99de34abddf947ba55951721725f15aa57
-
SHA512
480a6c820664ce78b6284678019671edacc4cf98865e335f9816ce84507c2fe42b765db5103e27dab52605f95c5302f58c6691a869e24876df1f396c4d966d89
-
SSDEEP
49152:pVPh+nACbPhX9CR3WHZn0/dwbDnog36hR4F41RemM3zfhVzsv5w:pVPcnzbPhoZW5nhnnHVyRtM3znzQw
Score10/10-
TiSpy
TiSpy is an Android stalkerware.
-
TiSpy payload
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Queries information about the current nearby Wi-Fi networks
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
-
Queries the phone number (MSISDN for GSM devices)
-
Requests cell location
Uses Android APIs to to get current cell location.
-
Acquires the wake lock
-
Queries information about active data network
-
Queries information about the current Wi-Fi connection
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries the mobile country code (MCC)
-
Reads information about phone network operator.
-
-
-
Target
FE_Invisible_Troll_Script.apk
-
Size
3.2MB
-
MD5
3ff43582aa468b8a8d0e063dcfea73bf
-
SHA1
5d1d34fcec8f715ce045a5bda04741d40f29001b
-
SHA256
a6f56581bb7ae7b242fcaab3d97d04ec2c5ac8aa5870e4e64ffbcf0d78899993
-
SHA512
6af7639bc336015161f3087519e1a365ece0d1e0f5f7f20fe1af3243d1e6c3a0f65e38b50dc70f15cd13a232989b22884ca36bf0151630223d37bdba4f250149
-
SSDEEP
49152:hrOpp2RqaP3KdsFeHcEKYC4KiJK5ncPjPuE/UpXSkdkIDk5sSEj6QiVterxzrK:hYgv6dsFt0FQnGD/UsrLEjS81PK
Score7/10-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Obtains sensitive information copied to the device clipboard
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries information about active data network
-
Queries the mobile country code (MCC)
-
Reads information about phone network operator.
-
-
-
Target
HellBoy.apk
-
Size
343KB
-
MD5
b2bf555242160805a704c3daaf8dab9e
-
SHA1
fac7514df4ac0feefc5ebf6870e07d49e28ef824
-
SHA256
e1f8a78fe6c1bc7f8390f2d83dccb82c05e4eafd9b0d8b877131a5574d33975a
-
SHA512
ac65cda4fec4fabb837e563830a1dba5d27493db85a360ecdc0f07b1c0241b773c7f0123fbcffe944ab1f4ccbbaf9e9dc428ef57213104bc996849f3d23a5016
-
SSDEEP
6144:Nv41LzIlR3wC2/ZoDwbCwR+i+Na4iIwsZC9b98frZo1tRZaNRP:NvMIlCC2Vzp47FZ8b9yWRZ4l
Score6/10-
Requests uninstalling the application.
-
-
-
Target
Roblox Keyless Bloxfruits Script HoHo Hub V3.apk
-
Size
3.2MB
-
MD5
35b6944128c7cb11594bfc93e4ad0d7c
-
SHA1
1dd7c14f0d05c7560764a5bd2e9693cddc049a21
-
SHA256
1879320e3bc42bcec7ee18e7e36e8cd579b8711f313d561ab502bcf1d1a559ae
-
SHA512
5a53b65492cc7756c5a014c812cc620458462b7fcde15251068f964adebd98d61756fd340fc51a68392f8ef58d2debbb8b53fb34ccea3b68cf65cfd34dff42ba
-
SSDEEP
98304:fU5DjBYQQ/2Kp7d5QDJCqVuc6TjEj/K8h+5:iDjel/jp7d5+kqN6TY+L5
Score7/10-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Obtains sensitive information copied to the device clipboard
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries information about active data network
-
Queries the mobile country code (MCC)
-
Reads information about phone network operator.
-
-
-
Target
Stick War_ Legacy.apk
-
Size
3.2MB
-
MD5
ae5770ecb741649cd470d645dd611843
-
SHA1
d6d29b4466c5139b9ea5b63d2b85150d6604abc5
-
SHA256
ba39a4b76ab656532003e560476b9a295df488f50195c6b9d7ac523b6d07aab4
-
SHA512
dda845e67dedf51508205f6aa7ffd8d19fcad0f0077178c71b8f65a96cb4096d3f326f52c081ea003f78703fdbbbff79f77b3618fd06717be67987627d0f524f
-
SSDEEP
98304:mO76p/xfKx1ppTyRwkrB0z+X0iXN9ALEjTRVShd:mi6FxfKxjdy66B0z+EiZnKT
Score7/10-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Obtains sensitive information copied to the device clipboard
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries information about active data network
-
Queries the mobile country code (MCC)
-
Reads information about phone network operator.
-
-
-
Target
Undead_Defense_Tycoon_Script.apk
-
Size
3.2MB
-
MD5
fc35546a7395a68b6440de033afa789d
-
SHA1
4afc8724e58084164148b7ce518ede8b203dce3c
-
SHA256
c1b81966fa17c4e7d5137f13b2f4d04704c97d66a54d57dcfc1f42ad1f4029e7
-
SHA512
ae32d9e7d7403a6ab0429da69fe4f803001a077327a0f103ccc9bcb90b17973ef10be8dc2cbf1909549a04f1eff5e85c81c2dfc2d99ba7fa93369efa47beca6c
-
SSDEEP
98304:BaqBN1el9eL+FB8Y2nzDNWbVAneM/EjF+894S:oqX1nk52n05AehERS
Score7/10-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Obtains sensitive information copied to the device clipboard
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries information about active data network
-
Queries the mobile country code (MCC)
-
Reads information about phone network operator.
-
-
-
Target
antivirus.apk
-
Size
533KB
-
MD5
9f01767647e2e72f446d374bbcb20c53
-
SHA1
f6b1adcd7723b525418a05bcede5c671366d7ab3
-
SHA256
fcee982b3d0e1601b40078d98df03503668aec7542721f921ae8248bc3cec3a1
-
SHA512
4b9dc2dc08f015ed96a3ce30978994314d3edca84348eb62e7cb65d4d5477f179c44c80cc0a67863bc119555d0217f57681d047ce98ec405bd5eeaf2da8280ed
-
SSDEEP
12288:kjRH6+O//n3tKpSsM+1HA+x283ecVS3EVqPlR6i0Ci3jM34D9Z:kN6+ONjstg38OOS3EW6i0C+M3SZ
Score7/10-
Reads the contacts stored on the device.
-
Tries to add a device administrator.
-
-
-
Target
b3f23bdd3dea208f05de7a5b9ea928758187b3f2b0f4f5733c8bdb3298818ec0.apk
-
Size
3.7MB
-
MD5
f17c846775fe7d69c25b1f9834ec31d9
-
SHA1
642e9c6595ed94cf6040c9a66e4431b04a62a2a3
-
SHA256
b3f23bdd3dea208f05de7a5b9ea928758187b3f2b0f4f5733c8bdb3298818ec0
-
SHA512
2f9883be40f1b9fda7ef9bd432c7d32e5adf6222e5bc9dbeed974f7e101a8c8af39f3bdd059fb0b83cb7e0d034f1ac85bc860bba30eb46b2da7f6d02657c70c9
-
SSDEEP
98304:qmVDDWjqPP2X1180Q046fgVPwLBqylSWFk5uYUbLCJrn:p3WjqX2l2046qPwLB/lS+kpUnu
Score10/10-
TiSpy
TiSpy is an Android stalkerware.
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Queries information about the current nearby Wi-Fi networks
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
-
Queries the phone number (MSISDN for GSM devices)
-
Requests cell location
Uses Android APIs to to get current cell location.
-
Acquires the wake lock
-
Queries information about active data network
-
Queries information about the current Wi-Fi connection
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries the mobile country code (MCC)
-
Reads information about phone network operator.
-
-
-
Target
e8947bc9fb2bd597daba3064d5fab275d8df2beac92f301063f22fe276dcbc10.apk
-
Size
3.5MB
-
MD5
990bf5a2e9a7c90c75c9c07bf4a5e634
-
SHA1
ade24475ee8a9a2a0eec43772bbc02aeacb5926c
-
SHA256
e8947bc9fb2bd597daba3064d5fab275d8df2beac92f301063f22fe276dcbc10
-
SHA512
40419371a8dd596e8930e298e0d5470efd168a6d1a8425b8aa6eeb4e495cbc49580f234ac4278117600e2ff516ebdd867e6d395d67c80ce56660d1c8ca9ec92f
-
SSDEEP
98304:8mRW7NIyWHAt/2qcPf7K+KjXZKBEjzZST:8R7Wgt/GPjKPFK2XC
Score7/10-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries information about active data network
-
Queries the mobile country code (MCC)
-
Reads information about phone network operator.
-
-
-
Target
insta_followers.apk
-
Size
4.6MB
-
MD5
51064cc8676f45813dec4c5a1c1ce150
-
SHA1
e9d2c7b278c98f85481176c6089b2a74120c6b56
-
SHA256
e232bbfa86980003e46cd2019243e2579b15c844957cd21e70f8d4300ce25f78
-
SHA512
e380e740f4a91013e07e05848ebc4e64ac8278425697cd1da110ec940f6884402d4974302eff493ac685f6969d732e63e95304aaad9742e06f9d8fcd7da3d722
-
SSDEEP
98304:SjbFZKFifcyWk4D+zfro+Pr0hOR6G21GB/EjJ9:IhsFTkP4h8F8b
Score7/10-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
-
-
Target
xxx.apk
-
Size
1.3MB
-
MD5
a36c03f774b76ed4ef5b006a87df6044
-
SHA1
7fe65ebb68b4230ecab0cdb0bd8118bb4977c9aa
-
SHA256
a56cc7c5357f5a7a0e3eb1ac6c0c7a57e8c2fcc3921b6075e200ebfec2154020
-
SHA512
0405ba700fd5149ca38ed8fa1ecc905141512985a081d9ebc612d251ab693d6d861c501351f83c213a4c4036a8f64eec0b1bdd3b1ddb3dd400fdc75e83e291bd
-
SSDEEP
24576:s9VZHdEZhZDzNj/cUh0gY1nR7xBGBv/K3938C4SQHKAeXY+s2xnmRkAYRJzJCO24:s9VZHdEfph7cUSgY1JxovsQqPXz5xnKU
Score1/10 -