tispy | 3b2749bfd91ab0a27ef988b84aeafbca81d4d9f3d63ab7e594655b266f27a30f | Triage

Sharing

General

Target

3b2749bfd91ab0a27ef988b84aeafbca81d4d9f3d63ab7e594655b266f27a30f
Size

2.4MB
Sample

240828-cs6gjs1epe
MD5

d9cb1fb9ae7d4adc992d63f33ab714ce
SHA1

175b2182401efda7cdf92b6cf3ccce1fce024dc1
SHA256

3b2749bfd91ab0a27ef988b84aeafbca81d4d9f3d63ab7e594655b266f27a30f
SHA512

12a4c4937e3feb5562dd80b31dbf0915de4def847bdce0e81694d4b7849132cfe06922806cb0d86e90bbfbd3454394c22c44b43b6938957415ca1be103b7c514
SSDEEP

49152:L8hc1WShYmiJUvLjDgfrQT72gTLmqQepX21Gdyr2fQYAK0C:L8eRmmK+n4cT7dnQO2tgEK0C

Score

10^/10

tispy android collection discovery evasion infostealer persistence spyware trojan

Malware Config

Extracted

Family

tispy

C2

https://brunoespiao.com.br/esp/appprofile.jsp

Targets

- Target
  
  3b2749bfd91ab0a27ef988b84aeafbca81d4d9f3d63ab7e594655b266f27a30f
- Size
  
  2.4MB
- MD5
  
  d9cb1fb9ae7d4adc992d63f33ab714ce
- SHA1
  
  175b2182401efda7cdf92b6cf3ccce1fce024dc1
- SHA256
  
  3b2749bfd91ab0a27ef988b84aeafbca81d4d9f3d63ab7e594655b266f27a30f
- SHA512
  
  12a4c4937e3feb5562dd80b31dbf0915de4def847bdce0e81694d4b7849132cfe06922806cb0d86e90bbfbd3454394c22c44b43b6938957415ca1be103b7c514
- SSDEEP
  
  49152:L8hc1WShYmiJUvLjDgfrQT72gTLmqQepX21Gdyr2fQYAK0C:L8eRmmK+n4cT7dnQO2tgEK0C
Score

10^/10

tispy collection discovery evasion infostealer persistence spyware trojan
- TiSpy
  TiSpy is an Android stalkerware.
  trojan infostealer spyware tispy
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Queries information about the current nearby Wi-Fi networks
  Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
  discovery
- Queries the phone number (MSISDN for GSM devices)
  discovery
- Requests cell location
  Uses Android APIs to to get current cell location.
  collection discovery evasion
- Acquires the wake lock
- Queries information about active data network
  discovery
- Queries information about the current Wi-Fi connection
  Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
  discovery
- Queries the mobile country code (MCC)
  discovery
behavioral1

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Privilege Escalation

Defense Evasion

Download New Code at Runtime

Execution Guardrails

Geofencing

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

Location Tracking

System Information Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Location Tracking

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

tispycollectiondiscoveryevasioninfostealerpersistencespywaretrojan