Overview

overview

10

Static

static

6

4bcb6951c5...e4.apk

android-9-x86

10

Analysis

  • max time kernel
    47s
  • max time network
    50s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    30/08/2024, 15:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4bcb6951c5f78c646c19771ff58c2ea749e734ae3fa916f130aeee8e083ca2e4.apk

  • Size

    3.5MB

  • MD5

    fc91f5ec788858dd0bf446840404b54f

  • SHA1

    bc137d65ca80518a8142dc13e6aebfcccc52170f

  • SHA256

    4bcb6951c5f78c646c19771ff58c2ea749e734ae3fa916f130aeee8e083ca2e4

  • SHA512

    3edcf82701d7efd9000403c30f4511a485e979a81d96175a3e63a40886c6d5f6541e70b8de0ee10ca21399c1f1c872562c8bc9b7d335608395ffada3006ffd0c

  • SSDEEP

    49152:tmqmsPEvtj1o2POM73aZkSPzBpKjGCZdDV19CLVtr2ps8aA9wq+ID9+G1WV7d6lz:tmqmLlj/PH3PcDOB3Cnaq859RIIR

Score
10/10
tispycollectioncredential_accessdiscoveryevasioninfostealerpersistencespywaretrojan

Malware Config

Signatures

  • TiSpy

    TiSpy is an Android stalkerware.

    trojaninfostealerspywaretispy
  • Checks if the Android device is rooted. 1 TTPs 1 IoCs
    evasion
  • Loads dropped Dex/Jar 1 TTPs 6 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    discovery
  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
    discovery
  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

    collectiondiscoveryevasion
  • Acquires the wake lock 1 IoCs
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.juzyuwqt.thxxnjvf
    1⤵
    • Checks if the Android device is rooted.
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Queries information about the current nearby Wi-Fi networks
    • Requests cell location
    • Acquires the wake lock
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks CPU information
    • Checks memory information
    PID:4264
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.juzyuwqt.thxxnjvf/files/dex/95adbfe2f455c0ae.zip --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/com.juzyuwqt.thxxnjvf/files/dex/oat/x86/95adbfe2f455c0ae.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4290
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.juzyuwqt.thxxnjvf/files/dex/UTIwzInMxrMbXrXkJ.zip --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/com.juzyuwqt.thxxnjvf/files/dex/oat/x86/UTIwzInMxrMbXrXkJ.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4314
    • su
      2⤵
        PID:4479
      • getprop ro.miui.ui.version.code
        2⤵
          PID:4501
        • getprop ro.miui.ui.version.name
          2⤵
            PID:4520
          • getprop ro.miui.internal.storage
            2⤵
              PID:4539
            • su
              2⤵
                PID:4558
              • /system/bin/sh
                2⤵
                  PID:4673
                • /system/bin/sh
                  2⤵
                    PID:4694
                  • chmod 700 /data/user/0/com.juzyuwqt.thxxnjvf/files/libwirelesscon.so
                    2⤵
                      PID:4713
                    • /system/bin/sh
                      2⤵
                        PID:4732
                      • /system/bin/sh
                        2⤵
                          PID:4753
                        • /system/bin/sh
                          2⤵
                            PID:4773
                          • /system/bin/sh
                            2⤵
                              PID:4794
                            • /system/bin/sh
                              2⤵
                                PID:4819
                              • /system/bin/sh
                                2⤵
                                  PID:4840

                              Network

                              MITRE ATT&CK Mobile v15

                              Replay Monitor

                              Loading Replay Monitor...

                              Downloads

                              • /data/data/com.juzyuwqt.thxxnjvf/databases/privatesms.db
                                Filesize

                                16KB

                                MD5

                                3621ce0aa81e37bc5c80e2cf881f1dd0

                                SHA1

                                00365f82dcada94caea07443656848baf60b3bd9

                                SHA256

                                8620d146b06037c9dc98b8788c3137344eb9d7e1f8b982ffec4c1d8549f24dd5

                                SHA512

                                76bb7175359d61ce39e95008269752de25769c4e274b4bcf37b920bc2cbfb680b2a4a88de860ed069655d1f47604638b0301c2c6131107cd929348895d73d2bf

                                Download Submit

                              • /data/data/com.juzyuwqt.thxxnjvf/databases/privatesms.db-journal
                                Filesize

                                512B

                                MD5

                                8005912c57ffd514c65523bf83b488bb

                                SHA1

                                531f15504d23fdf4580d497cf642db9b67b3a8cf

                                SHA256

                                4f61d20502e143e323fbc52e143cb7e4671c986ab6c3ddbf2cbf0673b380885f

                                SHA512

                                caf9d2e431878071ee82d166b02744b24318703b470d4cd461686a6fbaa7a83a5d40595a7412519dd16a7dff1f15407923ddd39763a4e6aaf5eb7dc8fa4b2da9

                                Download Submit

                              • /data/data/com.juzyuwqt.thxxnjvf/databases/privatesms.db-shm
                                Filesize

                                32KB

                                MD5

                                bb7df04e1b0a2570657527a7e108ae23

                                SHA1

                                5188431849b4613152fd7bdba6a3ff0a4fd6424b

                                SHA256

                                c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

                                SHA512

                                768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

                                Download Submit

                              • /data/data/com.juzyuwqt.thxxnjvf/databases/privatesms.db-wal
                                Filesize

                                28KB

                                MD5

                                b2a104fb0fd36055a296b97a03089885

                                SHA1

                                c2a4eeee3ff5455c7393ddd6380d344d2c5bbb6e

                                SHA256

                                d1259c3e1f78ab7e5716e283e559c4e5439c0222b7b54e228f629877c0e2101e

                                SHA512

                                4fb36e89b94d6d66a885281b379c99fed47a9e9a98d0e1c7a4841b40e195ec8fd5fefea9f2083aa23d5fa2b986a5d3b762ab9a30faa7d9e7cd595bd82420b7dc

                                Download Submit

                              • /data/data/com.juzyuwqt.thxxnjvf/files/479114.so
                                Filesize

                                145KB

                                MD5

                                9f7955db7f30191ce65c0dfc8c0ce4fb

                                SHA1

                                1174c22e03275dc289b6827222aa41e66650a295

                                SHA256

                                85fbadaa8a7e3fcb05a161cc44f8a99e6b52c1106e11ec898ebd1f5c86afb58c

                                SHA512

                                5a8ee4fc42933b725082d96fe09dc5f8ae1484eeac27c2e2adb8dde4e6eb3a559cf7edb199617b6455bc44f7c4d18beebce6c3ee3c22a59840655457cf2f4380

                                Download Submit

                              • /data/data/com.juzyuwqt.thxxnjvf/files/dex/95adbfe2f455c0ae.zip
                                Filesize

                                548KB

                                MD5

                                8a56d10123d8fb7f7672261c609c7343

                                SHA1

                                0f9046d02f050ef0949fc4c12346b4b64c04a36c

                                SHA256

                                5c67a00a92b3aadc52e21b20bc2a337412253850487056b965fff478c0be7869

                                SHA512

                                876c101e5de4c61b7233b580a151b0845e688a563b7deab28076cb2420c50a93c28b2eeb11ddb13e3396df45aaa926d97692e34fa4ab785bfef252806ed0ca78

                                Download Submit

                              • /data/data/com.juzyuwqt.thxxnjvf/files/dex/UTIwzInMxrMbXrXkJ.zip
                                Filesize

                                649KB

                                MD5

                                660e9ccebedb399da7b3d9fedc6ab638

                                SHA1

                                12e4da8b1b09746b52053265c69a8964d291408c

                                SHA256

                                81f5d456f86af0289e35e217798e370fd94f903cfb6673d6ee49ac3ab7c7512f

                                SHA512

                                ad59915b41b3419274b841dcdf58352271ea077dd73e729528f4ba440fe55b1a2cbd6969ba42472ee7ea1aaa6de3c87beb503c4c95d9b8a5d9602ba79daa5b69

                                Download Submit

                              • /data/data/com.juzyuwqt.thxxnjvf/files/dex/pro_btn_bg_animation_img_0.jpg.zip
                                Filesize

                                8KB

                                MD5

                                7c20a2b01bf3f9df1f0abb72ebbe82be

                                SHA1

                                e601b2e41434623edbeece32867517a3cdec5449

                                SHA256

                                1a10cc3cd2dc21a9be2d2eb758fd19288082619d331245b927d0a9299462ea2e

                                SHA512

                                3faa6efbd3ebf6e1aff7ebe9958c5f94bbfe9c5ff9e11e9092b1b7301bbe6504c01b922d709303147e213b3cadce8e96462220a1d1bf4d6cdaec95b3f84bb1b4

                                Download Submit

                              • /data/data/com.juzyuwqt.thxxnjvf/files/libwirelesscon.so.zip
                                Filesize

                                1KB

                                MD5

                                477f8de0427b45a93de70c678d82505a

                                SHA1

                                d09de74db7f7ded7706575df2f42de521db6213e

                                SHA256

                                133aa147aa94957005c7b1f400e8c786b6080cf233f579a4557062a3394c55b5

                                SHA512

                                91a983e530cd089bcd1c9d0cb598a41d352cfb1125632b197d6ca1fb36c02d453bc36bc5ce23471e103da568d596e3fffc6ec93329da6b0b37a3eb4bdcfc3ad6

                                Download Submit

                              • /data/data/com.juzyuwqt.thxxnjvf/logs/Sistema1725031021940.log
                                Filesize

                                44KB

                                MD5

                                98a9efb58c6ae7505e80c579238a83b0

                                SHA1

                                67c9b633c0016bdb666e3743d9cf90b9bdbce126

                                SHA256

                                eb702904e291d685fd7aca4ef1f896c4362825c405145a5f0be72a567fe0ba0b

                                SHA512

                                a4a5fdf2144553997cf2ba0644df08dabbc95bc42ede86391eee6e32041b5fb92d1241db19e92a484e6b7c8c9a02dc5b6e920144f631863b00e4d949a031380e

                                Download Submit

                              • /data/user/0/com.juzyuwqt.thxxnjvf/files/dex/95adbfe2f455c0ae.zip
                                Filesize

                                1.3MB

                                MD5

                                9f7b1005c3f1c9927950fa42a4a14054

                                SHA1

                                f0db8bf167c1fdefb384a0ddf3f0a154bc1b0a97

                                SHA256

                                80678a47a756d3c8ce38606dee0332a02d5d864d9f3f36b8e896d8d3645e33eb

                                SHA512

                                5e09de4dc351ad052ec76cd2e3c9e5a64b63d4251f3f46ac412959059381d98fbd350a0cf61215d46038af7f48911d4cf869ea551da89c258724924ff0135bdf

                                Download Submit

                              • /data/user/0/com.juzyuwqt.thxxnjvf/files/dex/95adbfe2f455c0ae.zip
                                Filesize

                                1.3MB

                                MD5

                                7ab2793451a957186ac073041c1ea72f

                                SHA1

                                2584cdb12c209f9a7f9c024e702d49a30fe11d62

                                SHA256

                                964f248542766ddba915f7ebafa9972117d46e4f28f654513ed69d7d7a1b5ff4

                                SHA512

                                3228bc50db8bb04ae5a05d210548e4020c567c8d394a5f9f8ed38718635f1535111e9ec068b2398ada172ce65e740f6ce0f8c9235c7131d953540dd894dae44e

                                Download Submit

                              • /data/user/0/com.juzyuwqt.thxxnjvf/files/dex/UTIwzInMxrMbXrXkJ.zip
                                Filesize

                                1.7MB

                                MD5

                                184f051be2142e792b2080d1bc93f8cb

                                SHA1

                                341d8a1c46417f08680e1b2776449f9ad5bd9d53

                                SHA256

                                beb0fd1a4e672aea76cf73c421a4b07d0b3d16372e4c5bfd8f0f70d55d59cefa

                                SHA512

                                13a99e88c7ebba53eac9d3a13e4ea5e3ffebb794d55c436bb8886a56f0c174857f0556bc8222be3ac6a835dfa3b08ffba61826a5a9e9980e66847cc97f2852a5

                                Download Submit

                              • /data/user/0/com.juzyuwqt.thxxnjvf/files/dex/UTIwzInMxrMbXrXkJ.zip
                                Filesize

                                1.7MB

                                MD5

                                861388812b3e120b91cb99a8954dfe03

                                SHA1

                                d41a729936d8dc5cb35be39b2c37a7613ef7054d

                                SHA256

                                775a809d640cefc0aa7e8fd1d5c3e1ebe969d3da6668739a443a6baac9e6bf0a

                                SHA512

                                fdea32dda24cb6d540cab89049db697c3f79a57e2b3bc477995f78f1276c9a2de4d767722c4592da93e9a55aa73554f089420d7ba69d7ddf455b40085c05a906

                                Download Submit