tispy | 5b29c4e0126e0b72e904d9583ab08d4712f7e23d76f763b8af4d06d5289cd491

Analysis

max time kernel
47s
max time network
128s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
27/08/2024, 02:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5b29c4e0126e0b72e904d9583ab08d4712f7e23d76f763b8af4d06d5289cd491.apk
Size

3.5MB
MD5

01c49f92e5128a6ccb5afddadc5f17d7
SHA1

2fd0b46339f85b1c98eef7d562bfd98ad1cc2d2a
SHA256

5b29c4e0126e0b72e904d9583ab08d4712f7e23d76f763b8af4d06d5289cd491
SHA512

de30e510fbe7260b1e4b2808cce2f0fbeba4557c00062c1d5c81aeeed17b7ae0e835a0e3b2eca46a8588a8c47d0de5307f009ebc82d2f35570681a00c872c259
SSDEEP

98304:om591ljxPKdUPXYPDZxdWA30iu8OllYeN:bnljxCWPoPDZDW+0iu8Slp

Score

10^/10

tispy collection discovery evasion infostealer persistence spyware trojan

Malware Config

Signatures

TiSpy
TiSpy is an Android stalkerware.
trojan infostealer spyware tispy

Loads dropped Dex/Jar 1 TTPs 6 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.jmjxbsvp.iuvivhov/files/dex/14224d7f4faca4c7.zip	4281	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.jmjxbsvp.iuvivhov/files/dex/14224d7f4faca4c7.zip --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/com.jmjxbsvp.iuvivhov/files/dex/oat/x86/14224d7f4faca4c7.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.jmjxbsvp.iuvivhov/files/dex/14224d7f4faca4c7.zip	4254	com.jmjxbsvp.iuvivhov
/data/user/0/com.jmjxbsvp.iuvivhov/files/dex/lzfBvUpIxUAObfnhI.zip	4306	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.jmjxbsvp.iuvivhov/files/dex/lzfBvUpIxUAObfnhI.zip --output-vdex-fd=43 --oat-fd=45 --oat-location=/data/user/0/com.jmjxbsvp.iuvivhov/files/dex/oat/x86/lzfBvUpIxUAObfnhI.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.jmjxbsvp.iuvivhov/files/dex/lzfBvUpIxUAObfnhI.zip	4254	com.jmjxbsvp.iuvivhov
/data/user/0/com.jmjxbsvp.iuvivhov/files/dex/14224d7f4faca4c7.zip	4254	com.jmjxbsvp.iuvivhov
/data/user/0/com.jmjxbsvp.iuvivhov/files/dex/lzfBvUpIxUAObfnhI.zip	4254	com.jmjxbsvp.iuvivhov

Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.jmjxbsvp.iuvivhov

Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Requests cell location 2 TTPs 1 IoCs

Uses Android APIs to to get current cell location.

collection discovery evasion

Location Tracking

T1430

Geofencing

T1627.001

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.jmjxbsvp.iuvivhov

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.jmjxbsvp.iuvivhov

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.jmjxbsvp.iuvivhov

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.jmjxbsvp.iuvivhov

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.jmjxbsvp.iuvivhov

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.jmjxbsvp.iuvivhov

com.jmjxbsvp.iuvivhov
1⤵
- Loads dropped Dex/Jar
- Queries information about the current nearby Wi-Fi networks
- Requests cell location
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4254
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.jmjxbsvp.iuvivhov/files/dex/14224d7f4faca4c7.zip --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/com.jmjxbsvp.iuvivhov/files/dex/oat/x86/14224d7f4faca4c7.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4281
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.jmjxbsvp.iuvivhov/files/dex/lzfBvUpIxUAObfnhI.zip --output-vdex-fd=43 --oat-fd=45 --oat-location=/data/user/0/com.jmjxbsvp.iuvivhov/files/dex/oat/x86/lzfBvUpIxUAObfnhI.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4306

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Execution Guardrails

T1627

Geofencing

T1627.001

Credential Access

Discovery

Location Tracking

T1430

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.jmjxbsvp.iuvivhov/databases/privatesms.db

Filesize
16KB

MD5
3621ce0aa81e37bc5c80e2cf881f1dd0

SHA1
00365f82dcada94caea07443656848baf60b3bd9

SHA256
8620d146b06037c9dc98b8788c3137344eb9d7e1f8b982ffec4c1d8549f24dd5

SHA512
76bb7175359d61ce39e95008269752de25769c4e274b4bcf37b920bc2cbfb680b2a4a88de860ed069655d1f47604638b0301c2c6131107cd929348895d73d2bf

Download Submit
/data/data/com.jmjxbsvp.iuvivhov/databases/privatesms.db-journal

Filesize
512B

MD5
e34914e02e0733977be38e9d96c07e79

SHA1
29e15041aac3faa3b4f96722b94cb7ed856981c1

SHA256
74634fcc39438527deeb3b3df63bbc2c63030ad78d3668edbc6ce3b70c123e89

SHA512
4ecf0166398dac858c9d5308fb96d6ff7b9f9528a65d6ab8e31f172b853b34c53992c5414db6fa2c8b0c6e4d86241cc2ef65087a7d727c992f65a15a28efda77

Download Submit
/data/data/com.jmjxbsvp.iuvivhov/databases/privatesms.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.jmjxbsvp.iuvivhov/databases/privatesms.db-wal

Filesize
28KB

MD5
a5a6a7788492696361bcf5d770fa7c6e

SHA1
053d6d8410d43e9f2045e1ee8fe4f416fe07f695

SHA256
13478d7685e7fde23d91c6aa94391ddee637b3a39aef63575c4b3a0c7d61c36d

SHA512
a2ffe85ee18826c303e66995188d9dd37b303451085ac30a30ee45c5af65dcab151259550ce1507b769d6f346df309c12893fabc9be383941f0025d92b4149c2

Download Submit
/data/data/com.jmjxbsvp.iuvivhov/files/478850.so

Filesize
145KB

MD5
8a5aca5c41cc5dfb165510bf75272035

SHA1
a25cc40ef82c64773d35c10027605bb155afd843

SHA256
57e962cb3054bbdba8c101107746dc660ae2e18e685be7befbe396d5a3099e7f

SHA512
2c09df4bbf1936be915719c0dcee912f040d40877b13cefb1c577efac35a63f28fe2163c835b0e19ff971c44f79d5561c69b2a49a2467ec9bfea8f742bddd4f5

Download Submit
/data/data/com.jmjxbsvp.iuvivhov/files/dex/14224d7f4faca4c7.zip

Filesize
548KB

MD5
c4ebc28b4ef3d3ed8e0b34bbfe5630ac

SHA1
727fe7c099461851fc34218ba9e8a45cd1dc5236

SHA256
396a9ea0358fdcb008405562209b51b2aaf478ee67afb018d801ca5bee3bcdbd

SHA512
b372b2b6c9c95fbde13f94b5a9e7a82ebb911fa6d53cff66d0e21c6dac8e179c466039b1fdd77d3c9a4ac7da280818e77cfac4dd15a9b0bbd8cea6e286762fdb

Download Submit
/data/data/com.jmjxbsvp.iuvivhov/files/dex/lzfBvUpIxUAObfnhI.zip

Filesize
649KB

MD5
b27a3cd0942c9306f6f1a155193afa9c

SHA1
77cc569e347f763a03472df17eb3363af483c273

SHA256
38dc384bd5d2260dfc19d820920ed9c7af2068aa6dfa905e8bf73cea15d661f0

SHA512
ab4b964cbbe69b9756bbcf905648d35c37180b437f13621958590b4036ae031006fb5c24b8fd5f029e431ef2c051b1fcdeb31c4f3a4cc0b065e590adf78ad084

Download Submit
/data/data/com.jmjxbsvp.iuvivhov/files/dex/pro_btn_bg_animation_img_0.jpg.zip

Filesize
8KB

MD5
7c20a2b01bf3f9df1f0abb72ebbe82be

SHA1
e601b2e41434623edbeece32867517a3cdec5449

SHA256
1a10cc3cd2dc21a9be2d2eb758fd19288082619d331245b927d0a9299462ea2e

SHA512
3faa6efbd3ebf6e1aff7ebe9958c5f94bbfe9c5ff9e11e9092b1b7301bbe6504c01b922d709303147e213b3cadce8e96462220a1d1bf4d6cdaec95b3f84bb1b4

Download Submit
/data/data/com.jmjxbsvp.iuvivhov/logs/Sistema1724725646291.log

Filesize
15KB

MD5
d32497c077ee0e6756180f5171a663a9

SHA1
b166bb2d31edae83f1ee07c4a374954e7cec35bb

SHA256
82416fe1406dfff7524dd94fd5ca2332369e144a7207d5da4ccf029a4a903fef

SHA512
6a790afd5a7367810f239585f21a24d47db1861f2dfb96e3114daac2ac50379c9a4823c590ec950fbc261c75f34973b38bac2c3ba6ea59cceb4d97ba833f9ff4

Download Submit
/data/user/0/com.jmjxbsvp.iuvivhov/files/dex/14224d7f4faca4c7.zip

Filesize
1.3MB

MD5
a77bdca16285935ad31e7dc571c9175d

SHA1
afe4098a0ab93db576986486e7742858ac16a56b

SHA256
4d7cd9d8327f4189188ced460a4c3a2abea3ff06e621243ac1aba2433dfc70b9

SHA512
fe199fbd7d82fa3396ccb1eda140b05bca827b08ef2a213954b5be48768869e5c954f96ce6f6dcced7b5198c42edf066bb246952ef6757b9b78b3b5f4511bf7f

Download Submit
/data/user/0/com.jmjxbsvp.iuvivhov/files/dex/14224d7f4faca4c7.zip

Filesize
1.3MB

MD5
ae554b440090d83f79d0e367e954c647

SHA1
c7849ccd3ba936269a4d04384550cb21f7c40935

SHA256
3d86114b545f2f10a017a4959a5906b2dc3b87bbd4d7cb0b2bde63579a8fa88e

SHA512
ac6b5406390b20cfa5006e20e53754f9d74e1db38192a31c43257862b37f0f3e9468ed31d03c06deb0e410a061284fece65fd0de74fedc578dff1e034abc3b4d

Download Submit
/data/user/0/com.jmjxbsvp.iuvivhov/files/dex/lzfBvUpIxUAObfnhI.zip

Filesize
1.7MB

MD5
18ed7624766b72b0022c4ad373446939

SHA1
1f4ecec6c6486b4ccf9ba2a0f1908c15980ea528

SHA256
f71f350cbb18c5a2a0678f639f614c1c7ed2717cea40e9ca52c0dcf2f401d82a

SHA512
6d96683fe295b2cb96a85be5976b2d7bb908147f8983f89480e21f55814f7a45cf7db00eb404d25bc24296178a247771af68a52e147193cfdd1a1e9387a3ecee

Download Submit
/data/user/0/com.jmjxbsvp.iuvivhov/files/dex/lzfBvUpIxUAObfnhI.zip

Filesize
1.7MB

MD5
55fe90cd0c61de828cbc160a0b01ff2f

SHA1
449130e6ac36fc109e0fe0738abb1db3321b8235

SHA256
e7a1016c51e9cd4be46ca20cec695f169d259645983ef44fd2565760613f09ca

SHA512
30994b07346866be6cda420bd9dfd42146c8b7c43a76fd647af33d5561e37174a64642361da84b6a4c6377604c028c71393889df5f46c5aac5632e9c7eea5e50

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads