Resubmissions

11-08-2024 15:42

240811-s5szzszgjh 10

06-08-2024 20:37

240806-zegbtstcnf 10

General

  • Target

    ec34a9ac83d8d31923ebe7f82d4fbd011c977faadfe358ba8f97adb14fa07d7c.zip

  • Size

    3.1MB

  • Sample

    240806-zegbtstcnf

  • MD5

    373b274feabef2c4324ffa371c82b6c0

  • SHA1

    00ed0aea6d6d23e6600391010883c6e19615ba9d

  • SHA256

    ce6d85487553f884a357e9707510e7e3cb36da543b5f93e7f3e6da25413f175e

  • SHA512

    0b4f43827c9819835334e3204d1f1309a1591d3cf2d6e4bea2be53ecb5d18d021b51a003465e56face34c4873ca84c1d4c3406c765640eede6c0ebc2c9860e33

  • SSDEEP

    98304:hwwRtH6TjOdhuGnfZHCcfBXC7flXRIjp0fjl0UK45:hw46TadhuGVC+A7f5RIN0h75

Malware Config

Extracted

Family

tispy

C2

https://auth.familysafty.com/TiSPY/printIPN.jsp?screen=IntroScreen&model=Pixel+2&osversion=28&deviceid=358240051014041&version=3.2.183_20Jul24&rtype=T

Targets

    • Target

      ec34a9ac83d8d31923ebe7f82d4fbd011c977faadfe358ba8f97adb14fa07d7c.apk

    • Size

      3.5MB

    • MD5

      cf76efa7ddd12116694a73ce6a6a3018

    • SHA1

      769f254451b2f3919e69478fcd1705bb3c0005ac

    • SHA256

      ec34a9ac83d8d31923ebe7f82d4fbd011c977faadfe358ba8f97adb14fa07d7c

    • SHA512

      9196ca11168f898f2cd34cb39e6a713cbd1cc536bfcc9cfe0203172d0b8682368dc9902a28655e0d83abae67a5444d3022d55e390dd9846b8bae3c0fbeb74fb9

    • SSDEEP

      98304:lbITfnTkRPqNHCtzyX20CkNFB4nU4jnEQa3C01MfW:JeTkRMHk/CNFKfjkSoM+

    • TiSpy

      TiSpy is an Android stalkerware.

    • TiSpy payload

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Queries information about the current nearby Wi-Fi networks

      Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    • Queries the phone number (MSISDN for GSM devices)

    • Requests cell location

      Uses Android APIs to to get current cell location.

    • Acquires the wake lock

    • Queries information about active data network

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Queries the mobile country code (MCC)

MITRE ATT&CK Mobile v15

Tasks