Overview

overview

10

Static

static

6

4bcb6951c5...e4.apk

android-9-x86

10

Analysis

  • max time kernel
    47s
  • max time network
    130s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    30/08/2024, 02:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4bcb6951c5f78c646c19771ff58c2ea749e734ae3fa916f130aeee8e083ca2e4.apk

  • Size

    3.5MB

  • MD5

    fc91f5ec788858dd0bf446840404b54f

  • SHA1

    bc137d65ca80518a8142dc13e6aebfcccc52170f

  • SHA256

    4bcb6951c5f78c646c19771ff58c2ea749e734ae3fa916f130aeee8e083ca2e4

  • SHA512

    3edcf82701d7efd9000403c30f4511a485e979a81d96175a3e63a40886c6d5f6541e70b8de0ee10ca21399c1f1c872562c8bc9b7d335608395ffada3006ffd0c

  • SSDEEP

    49152:tmqmsPEvtj1o2POM73aZkSPzBpKjGCZdDV19CLVtr2ps8aA9wq+ID9+G1WV7d6lz:tmqmLlj/PH3PcDOB3Cnaq859RIIR

Score
10/10
tispycollectiondiscoveryevasioninfostealerpersistencespywaretrojan

Malware Config

Signatures

  • TiSpy

    TiSpy is an Android stalkerware.

    trojaninfostealerspywaretispy
  • Loads dropped Dex/Jar 1 TTPs 6 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    discovery
  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
    discovery
  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

    collectiondiscoveryevasion
  • Acquires the wake lock 1 IoCs
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence

Processes

  • com.juzyuwqt.thxxnjvf
    1⤵
    • Loads dropped Dex/Jar
    • Queries information about the current nearby Wi-Fi networks
    • Requests cell location
    • Acquires the wake lock
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:4309
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.juzyuwqt.thxxnjvf/files/dex/95adbfe2f455c0ae.zip --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/com.juzyuwqt.thxxnjvf/files/dex/oat/x86/95adbfe2f455c0ae.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4342
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.juzyuwqt.thxxnjvf/files/dex/UTIwzInMxrMbXrXkJ.zip --output-vdex-fd=43 --oat-fd=45 --oat-location=/data/user/0/com.juzyuwqt.thxxnjvf/files/dex/oat/x86/UTIwzInMxrMbXrXkJ.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4367

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.juzyuwqt.thxxnjvf/databases/privatesms.db
    Filesize

    16KB

    MD5

    3621ce0aa81e37bc5c80e2cf881f1dd0

    SHA1

    00365f82dcada94caea07443656848baf60b3bd9

    SHA256

    8620d146b06037c9dc98b8788c3137344eb9d7e1f8b982ffec4c1d8549f24dd5

    SHA512

    76bb7175359d61ce39e95008269752de25769c4e274b4bcf37b920bc2cbfb680b2a4a88de860ed069655d1f47604638b0301c2c6131107cd929348895d73d2bf

    Download Submit

  • /data/data/com.juzyuwqt.thxxnjvf/databases/privatesms.db-journal
    Filesize

    512B

    MD5

    d25910a1a273197a74a8c7228bd6d242

    SHA1

    b224ee4d5b43663e995ed11b68297c1f4c182e5c

    SHA256

    d1f935be9fbb860cdecbe6751e4f06233bc8d0186e5cd1ba40f6defc0fe05543

    SHA512

    a377f6ae9746cd7ac65a90dd313b424a1029d8e522bc637f71f3cbd1cad41eb92f06bef36b879f0ea2b50ace277e1fa53653560b1d4d54ab127623c47a64e9ff

    Download Submit

  • /data/data/com.juzyuwqt.thxxnjvf/databases/privatesms.db-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/com.juzyuwqt.thxxnjvf/databases/privatesms.db-wal
    Filesize

    28KB

    MD5

    3b0eab743f04cecea0f17043d20fe958

    SHA1

    958a88b8528e9a9e417ad74e9b5924375e4ed793

    SHA256

    f7ba06ca094696e2f93d801865a5ec4b5353fa19c444cb3a0191b1cdb8da754d

    SHA512

    a0bfce2d050b329b38230438d5c910979492c40fccb7d23524141e0c89389db75f4afcd155c9d8126111cf3d7322948578925a6886cb44a0659cd07c04230322

    Download Submit

  • /data/data/com.juzyuwqt.thxxnjvf/files/479114.so
    Filesize

    145KB

    MD5

    9f7955db7f30191ce65c0dfc8c0ce4fb

    SHA1

    1174c22e03275dc289b6827222aa41e66650a295

    SHA256

    85fbadaa8a7e3fcb05a161cc44f8a99e6b52c1106e11ec898ebd1f5c86afb58c

    SHA512

    5a8ee4fc42933b725082d96fe09dc5f8ae1484eeac27c2e2adb8dde4e6eb3a559cf7edb199617b6455bc44f7c4d18beebce6c3ee3c22a59840655457cf2f4380

    Download Submit

  • /data/data/com.juzyuwqt.thxxnjvf/files/dex/95adbfe2f455c0ae.zip
    Filesize

    548KB

    MD5

    8a56d10123d8fb7f7672261c609c7343

    SHA1

    0f9046d02f050ef0949fc4c12346b4b64c04a36c

    SHA256

    5c67a00a92b3aadc52e21b20bc2a337412253850487056b965fff478c0be7869

    SHA512

    876c101e5de4c61b7233b580a151b0845e688a563b7deab28076cb2420c50a93c28b2eeb11ddb13e3396df45aaa926d97692e34fa4ab785bfef252806ed0ca78

    Download Submit

  • /data/data/com.juzyuwqt.thxxnjvf/files/dex/UTIwzInMxrMbXrXkJ.zip
    Filesize

    649KB

    MD5

    660e9ccebedb399da7b3d9fedc6ab638

    SHA1

    12e4da8b1b09746b52053265c69a8964d291408c

    SHA256

    81f5d456f86af0289e35e217798e370fd94f903cfb6673d6ee49ac3ab7c7512f

    SHA512

    ad59915b41b3419274b841dcdf58352271ea077dd73e729528f4ba440fe55b1a2cbd6969ba42472ee7ea1aaa6de3c87beb503c4c95d9b8a5d9602ba79daa5b69

    Download Submit

  • /data/data/com.juzyuwqt.thxxnjvf/files/dex/pro_btn_bg_animation_img_0.jpg.zip
    Filesize

    8KB

    MD5

    7c20a2b01bf3f9df1f0abb72ebbe82be

    SHA1

    e601b2e41434623edbeece32867517a3cdec5449

    SHA256

    1a10cc3cd2dc21a9be2d2eb758fd19288082619d331245b927d0a9299462ea2e

    SHA512

    3faa6efbd3ebf6e1aff7ebe9958c5f94bbfe9c5ff9e11e9092b1b7301bbe6504c01b922d709303147e213b3cadce8e96462220a1d1bf4d6cdaec95b3f84bb1b4

    Download Submit

  • /data/data/com.juzyuwqt.thxxnjvf/logs/Sistema1724983461435.log
    Filesize

    15KB

    MD5

    10f2b44e890853dc5529b5e125b3a8d5

    SHA1

    1458b1dd3cbcbe3ec316a2a2053029e2a9b76ff2

    SHA256

    7360ddff0cfea6d0ead971f4a0adf0db6a7425416e95fd4f2065fb818da1c2c9

    SHA512

    8a153184f6774cc7a1530915d6980c930dfa7a8481bdfe0918e24d2bd296dbcba8f6e0b5ea5adba065f40b2676aa9bd41eed568a3daf16048269e9a97ba01314

    Download Submit

  • /data/user/0/com.juzyuwqt.thxxnjvf/files/dex/95adbfe2f455c0ae.zip
    Filesize

    1.3MB

    MD5

    9f7b1005c3f1c9927950fa42a4a14054

    SHA1

    f0db8bf167c1fdefb384a0ddf3f0a154bc1b0a97

    SHA256

    80678a47a756d3c8ce38606dee0332a02d5d864d9f3f36b8e896d8d3645e33eb

    SHA512

    5e09de4dc351ad052ec76cd2e3c9e5a64b63d4251f3f46ac412959059381d98fbd350a0cf61215d46038af7f48911d4cf869ea551da89c258724924ff0135bdf

    Download Submit

  • /data/user/0/com.juzyuwqt.thxxnjvf/files/dex/95adbfe2f455c0ae.zip
    Filesize

    1.3MB

    MD5

    7ab2793451a957186ac073041c1ea72f

    SHA1

    2584cdb12c209f9a7f9c024e702d49a30fe11d62

    SHA256

    964f248542766ddba915f7ebafa9972117d46e4f28f654513ed69d7d7a1b5ff4

    SHA512

    3228bc50db8bb04ae5a05d210548e4020c567c8d394a5f9f8ed38718635f1535111e9ec068b2398ada172ce65e740f6ce0f8c9235c7131d953540dd894dae44e

    Download Submit

  • /data/user/0/com.juzyuwqt.thxxnjvf/files/dex/UTIwzInMxrMbXrXkJ.zip
    Filesize

    1.7MB

    MD5

    184f051be2142e792b2080d1bc93f8cb

    SHA1

    341d8a1c46417f08680e1b2776449f9ad5bd9d53

    SHA256

    beb0fd1a4e672aea76cf73c421a4b07d0b3d16372e4c5bfd8f0f70d55d59cefa

    SHA512

    13a99e88c7ebba53eac9d3a13e4ea5e3ffebb794d55c436bb8886a56f0c174857f0556bc8222be3ac6a835dfa3b08ffba61826a5a9e9980e66847cc97f2852a5

    Download Submit

  • /data/user/0/com.juzyuwqt.thxxnjvf/files/dex/UTIwzInMxrMbXrXkJ.zip
    Filesize

    1.7MB

    MD5

    861388812b3e120b91cb99a8954dfe03

    SHA1

    d41a729936d8dc5cb35be39b2c37a7613ef7054d

    SHA256

    775a809d640cefc0aa7e8fd1d5c3e1ebe969d3da6668739a443a6baac9e6bf0a

    SHA512

    fdea32dda24cb6d540cab89049db697c3f79a57e2b3bc477995f78f1276c9a2de4d767722c4592da93e9a55aa73554f089420d7ba69d7ddf455b40085c05a906

    Download Submit