General

  • Target

    63d2d5a6135137e4b967d487a1f08a026042ff473c87b3d781bac408f322493e

  • Size

    3.1MB

  • Sample

    240816-cla23azalb

  • MD5

    4dc2f707cc033b426d8cf2eab5930913

  • SHA1

    f7d6909cb8a143f101db03b5c71802068891fc9f

  • SHA256

    63d2d5a6135137e4b967d487a1f08a026042ff473c87b3d781bac408f322493e

  • SHA512

    ee6a0bd84e6334c675a19a60bc1eb58b082b9e0699f855e0ca59f118d3a2e78d25427d3e16d8fb1fc962807750eb6aedefd96d1cb568f46b1bcbb35b25786708

  • SSDEEP

    49152:Ac5hFnAUGwPmIC7BM+VgZFYERgbHuUDfxduaROpqoVXuZb0pgPa/qulq90n:Ac5PnxGwPt6yKHuAa/V5gPavlq8

Malware Config

Extracted

Family

tispy

C2

https://auth.familysafty.com/TiSPY/printIPN.jsp?screen=IntroScreen&model=Pixel+2&osversion=28&deviceid=358240051014041&version=3.2.183_16Aug24&rtype=T

Targets

    • Target

      63d2d5a6135137e4b967d487a1f08a026042ff473c87b3d781bac408f322493e

    • Size

      3.1MB

    • MD5

      4dc2f707cc033b426d8cf2eab5930913

    • SHA1

      f7d6909cb8a143f101db03b5c71802068891fc9f

    • SHA256

      63d2d5a6135137e4b967d487a1f08a026042ff473c87b3d781bac408f322493e

    • SHA512

      ee6a0bd84e6334c675a19a60bc1eb58b082b9e0699f855e0ca59f118d3a2e78d25427d3e16d8fb1fc962807750eb6aedefd96d1cb568f46b1bcbb35b25786708

    • SSDEEP

      49152:Ac5hFnAUGwPmIC7BM+VgZFYERgbHuUDfxduaROpqoVXuZb0pgPa/qulq90n:Ac5PnxGwPt6yKHuAa/V5gPavlq8

    • TiSpy

      TiSpy is an Android stalkerware.

    • TiSpy payload

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Queries information about the current nearby Wi-Fi networks

      Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    • Queries the phone number (MSISDN for GSM devices)

    • Requests cell location

      Uses Android APIs to to get current cell location.

    • Acquires the wake lock

    • Queries information about active data network

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Queries the mobile country code (MCC)

MITRE ATT&CK Mobile v15

Tasks