Overview

overview

10

Static

static

6

61198c354e...eb.apk

android-9-x86

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    61198c354e16dcc0bc33def6a78ceeca41a0bedfbe280a77830c267bb53c84eb.zip

  • Size

    3.1MB

  • Sample

    240912-nbbfmashrq

  • MD5

    2cd46c8fc7d9147898ef83e9fda4152c

  • SHA1

    674858afcf993a278ec789e1e7c249c2f2e95593

  • SHA256

    c472c3194ff4213d22454040e7edd87ca0c1c576c5629889b5888c6bf475aa06

  • SHA512

    cf5eb1054cf38d7e64abf6f664e755c3a20540dd7dc45300e1af1f27fd0d4cae9ab6435ae4f5a4f3e375155e6edb304766a61b876b13b90fd4366bc5616c46a6

  • SSDEEP

    98304:UXvsEZuu7/aBpNUds4Ok9GWXkm7XNL2xnDP:UUuL24Ok91Xkm5snDP

Score
10/10
tispyandroidcollectiondiscoveryevasionimpactinfostealerpersistencespywaretrojan

Malware Config

Extracted

Family

tispy

C2

https://auth.familysafty.com/TiSPY/printIPN.jsp?screen=IntroScreen&model=Pixel+2&osversion=28&deviceid=358240051014041&version=3.2.183_28Jul24&rtype=T

https://auth.familysafty.com/TiSPY/printIPN.jsp?screen=Signin&model=Pixel+2&osversion=28&deviceid=358240051014041&version=3.2.183_28Jul24&rtype=T

https://auth.familysafty.com/TiSPY/printIPN.jsp?screen=AuthFail&model=Pixel+2&osversion=28&deviceid=358240051014041&version=3.2.183_28Jul24&rtype=T

Targets

    • Target

      61198c354e16dcc0bc33def6a78ceeca41a0bedfbe280a77830c267bb53c84eb.apk

    • Size

      3.5MB

    • MD5

      baa3341da8895f38c6725f45eee3ec71

    • SHA1

      83ebb525d466c7cc4f216c4b9a4827b25b5fc73c

    • SHA256

      61198c354e16dcc0bc33def6a78ceeca41a0bedfbe280a77830c267bb53c84eb

    • SHA512

      4b3583df3bd3723c77cec2552f1c92747591174bc03444f3a103e0f7e794e227832538a245fbfb479498795f8e0ecfbfee15043e60edffcc5f353523907b31e0

    • SSDEEP

      98304:mHC70nYPPeWydlVQtIpuC0j2ccodW6xdpP+hJjj8b:2LYPRydgzEG1mhJjju

    Score
    10/10
    tispycollectiondiscoveryevasionimpactinfostealerpersistencespywaretrojan

    • TiSpy

      TiSpy is an Android stalkerware.

      trojaninfostealerspywaretispy

    • TiSpy payload

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Queries information about the current nearby Wi-Fi networks

      Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

      discovery

    • Queries the phone number (MSISDN for GSM devices)

      discovery

    • Reads the contacts stored on the device.

      collection

    • Requests cell location

      Uses Android APIs to to get current cell location.

      collectiondiscoveryevasion

    • Acquires the wake lock

    • Queries information about active data network

      discovery

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

      discovery

    • Queries the mobile country code (MCC)

      discovery

    • Reads information about phone network operator.

      discovery
    behavioral1

MITRE ATT&CK Mobile v15

Tasks