General
-
Target
WiFiService.apk
-
Size
3.1MB
-
Sample
240826-cneg9sygpe
-
MD5
609385e1db0ffdb11a68796b4259d9b6
-
SHA1
258f2274cc7186e6f9b57d26e00e20f5fe091f3a
-
SHA256
183f47f2d56aa7214c54337f3657ab320604d29d0d92b34ee023d92fb2eb68c2
-
SHA512
8ea9399615c156847d085a2c0929cea1f5679fef496ab01bb05c576d51857be2729e9c7a32a05e9ff3f6cbf020dd59749a9cbffdbb74ab954d76eba3ffa32dd7
-
SSDEEP
49152:IfwthOnAJsPPzNwNwdIzfzaz7jLJEUxaamwXLx1OolheKACSegX2zbEHV:IfwtMnUsPbeNzsLJEBSLjOcAChgHV
Malware Config
Extracted
tispy
https://auth.familysafty.com/TiSPY/printIPN.jsp?screen=IntroScreen&model=Pixel+2&osversion=28&deviceid=358240051014041&version=3.2.183_24Aug24&rtype=T
Targets
-
-
Target
WiFiService.apk
-
Size
3.1MB
-
MD5
609385e1db0ffdb11a68796b4259d9b6
-
SHA1
258f2274cc7186e6f9b57d26e00e20f5fe091f3a
-
SHA256
183f47f2d56aa7214c54337f3657ab320604d29d0d92b34ee023d92fb2eb68c2
-
SHA512
8ea9399615c156847d085a2c0929cea1f5679fef496ab01bb05c576d51857be2729e9c7a32a05e9ff3f6cbf020dd59749a9cbffdbb74ab954d76eba3ffa32dd7
-
SSDEEP
49152:IfwthOnAJsPPzNwNwdIzfzaz7jLJEUxaamwXLx1OolheKACSegX2zbEHV:IfwtMnUsPbeNzsLJEBSLjOcAChgHV
Score10/10-
TiSpy
TiSpy is an Android stalkerware.
-
TiSpy payload
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Queries information about the current nearby Wi-Fi networks
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
-
Queries the phone number (MSISDN for GSM devices)
-
Requests cell location
Uses Android APIs to to get current cell location.
-
Acquires the wake lock
-
Queries information about active data network
-
Queries information about the current Wi-Fi connection
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries the mobile country code (MCC)
-