Overview

overview

10

Static

static

10

7c44519e51...57.apk

android-13-x64

10

Resubmissions

14-01-2025 05:44

250114-gfjt8szrbn 10

14-01-2025 05:43

250114-ge4g9aykgt 10

14-01-2025 05:39

250114-gctj9szqep 10

14-01-2025 05:35

250114-f993vazqak 10

14-01-2025 05:34

250114-f9l11szpgq 10

14-01-2025 05:31

250114-f76yeayjcw 10

14-01-2025 05:30

250114-f68evayjas 10

14-01-2025 05:29

250114-f6m4xazpcq 10

14-01-2025 05:27

250114-f5p7wazpbm 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    virusX.zip

  • Size

    32.5MB

  • Sample

    250114-fxv36axqay

  • MD5

    a58b72237a14d709c6eea04b73049210

  • SHA1

    786a2d070ea75d7fd858ebd93869063fedd6d705

  • SHA256

    51baf4bc48db631e887ded88c0beb05b7a2f6f26ad2d122ee7c6cca6678752f5

  • SHA512

    978b868d4ce591570f722d167e14f2b6533d3b341bdaac1048fb3d1196ad26b2009269514d29b5aeb12aa75697ae556ebd3c88af1ed4ea00f8c83289fff7a9b9

  • SSDEEP

    786432:xDWCPFc6LHxrdAxglUJMtJg9GzAl8g5lf/F9M6GvHzn9:sUzjxrdAxxJM+l8g5lDM6Gj9

Score
10/10
slockertispywipelockandroidcollectiondiscoveryevasioninfostealerspywaretrojan

Malware Config

Extracted

Family

tispy

C2

https://auth.familysafty.com/TiSPY/printIPN.jsp?screen=IntroScreen&model=Pixel+2&osversion=33&deviceid=787b156950dc4fdf8da6d0edde78dfa4&version=3.2.183_21Jun24&rtype=T

https://auth.familysafty.com/TiSPY/printIPN.jsp?screen=Signin&model=Pixel+2&osversion=33&deviceid=787b156950dc4fdf8da6d0edde78dfa4&version=3.2.183_21Jun24&rtype=T

Targets

    • Target

      7c44519e51cc203cdd23f27cefe7cf99de34abddf947ba55951721725f15aa57.apk

    • Size

      3.2MB

    • MD5

      2f73a6fe62a8ac27d658f15b1dc9a287

    • SHA1

      a40118f9d9a54938e6e261ee242716ac3a761e89

    • SHA256

      7c44519e51cc203cdd23f27cefe7cf99de34abddf947ba55951721725f15aa57

    • SHA512

      480a6c820664ce78b6284678019671edacc4cf98865e335f9816ce84507c2fe42b765db5103e27dab52605f95c5302f58c6691a869e24876df1f396c4d966d89

    • SSDEEP

      49152:pVPh+nACbPhX9CR3WHZn0/dwbDnog36hR4F41RemM3zfhVzsv5w:pVPcnzbPhoZW5nhnnHVyRtM3znzQw

    Score
    10/10
    tispycollectiondiscoveryevasioninfostealerspywaretrojan

    • TiSpy

      TiSpy is an Android stalkerware.

      trojaninfostealerspywaretispy

    • TiSpy payload

    • Tispy family

      tispy

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Queries the phone number (MSISDN for GSM devices)

      discovery

    • Reads the contacts stored on the device.

      collection

    • Requests cell location

      Uses Android APIs to to get current cell location.

      collectiondiscoveryevasion

    • Acquires the wake lock

    • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

    • Queries information about active data network

      discovery

    • Queries the mobile country code (MCC)

      discovery

    • Reads information about phone network operator.

      discovery
    behavioral1

MITRE ATT&CK Mobile v15

Tasks