Overview

overview

10

Static

static

6

7c44519e51...57.apk

android-9-x86

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7c44519e51cc203cdd23f27cefe7cf99de34abddf947ba55951721725f15aa57.apk

  • Size

    3.2MB

  • Sample

    240901-11rv5atflh

  • MD5

    2f73a6fe62a8ac27d658f15b1dc9a287

  • SHA1

    a40118f9d9a54938e6e261ee242716ac3a761e89

  • SHA256

    7c44519e51cc203cdd23f27cefe7cf99de34abddf947ba55951721725f15aa57

  • SHA512

    480a6c820664ce78b6284678019671edacc4cf98865e335f9816ce84507c2fe42b765db5103e27dab52605f95c5302f58c6691a869e24876df1f396c4d966d89

  • SSDEEP

    49152:pVPh+nACbPhX9CR3WHZn0/dwbDnog36hR4F41RemM3zfhVzsv5w:pVPcnzbPhoZW5nhnnHVyRtM3znzQw

Score
10/10
tispyandroidcollectiondiscoveryevasioninfostealerpersistencespywaretrojan

Malware Config

Extracted

Family

tispy

C2

https://auth.familysafty.com/TiSPY/printIPN.jsp?screen=IntroScreen&model=Pixel+2&osversion=28&deviceid=358240051014041&version=3.2.183_21Jun24&rtype=T

https://auth.familysafty.com/TiSPY/printIPN.jsp?screen=Signin&model=Pixel+2&osversion=28&deviceid=358240051014041&version=3.2.183_21Jun24&rtype=T

Targets

    • Target

      7c44519e51cc203cdd23f27cefe7cf99de34abddf947ba55951721725f15aa57.apk

    • Size

      3.2MB

    • MD5

      2f73a6fe62a8ac27d658f15b1dc9a287

    • SHA1

      a40118f9d9a54938e6e261ee242716ac3a761e89

    • SHA256

      7c44519e51cc203cdd23f27cefe7cf99de34abddf947ba55951721725f15aa57

    • SHA512

      480a6c820664ce78b6284678019671edacc4cf98865e335f9816ce84507c2fe42b765db5103e27dab52605f95c5302f58c6691a869e24876df1f396c4d966d89

    • SSDEEP

      49152:pVPh+nACbPhX9CR3WHZn0/dwbDnog36hR4F41RemM3zfhVzsv5w:pVPcnzbPhoZW5nhnnHVyRtM3znzQw

    Score
    10/10
    tispycollectiondiscoveryevasioninfostealerpersistencespywaretrojan

    • TiSpy

      TiSpy is an Android stalkerware.

      trojaninfostealerspywaretispy

    • TiSpy payload

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Queries information about the current nearby Wi-Fi networks

      Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

      discovery

    • Queries the phone number (MSISDN for GSM devices)

      discovery

    • Reads the contacts stored on the device.

      collection

    • Requests cell location

      Uses Android APIs to to get current cell location.

      collectiondiscoveryevasion

    • Acquires the wake lock

    • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

    • Queries information about active data network

      discovery

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

      discovery

    • Queries the mobile country code (MCC)

      discovery

    • Reads information about phone network operator.

      discovery
    behavioral1

MITRE ATT&CK Mobile v15

Tasks