Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

1777a2ba85...b0.apk

android-9-x86

10

5251a35642...3e.apk

android-9-x86

1

5251a35642...3e.apk

android-10-x64

1

5251a35642...3e.apk

android-11-x64

1

7c44519e51...57.apk

android-9-x86

10

FE_Invisib...pt.apk

android-9-x86

7

FE_Invisib...pt.apk

android-10-x64

7

FE_Invisib...pt.apk

android-11-x64

7

HellBoy.apk

android-9-x86

6

HellBoy.apk

android-10-x64

1

HellBoy.apk

android-11-x64

6

Roblox Key...V3.apk

android-9-x86

7

Roblox Key...V3.apk

android-10-x64

7

Roblox Key...V3.apk

android-11-x64

7

Stick War_ Legacy.apk

android-9-x86

7

Stick War_ Legacy.apk

android-10-x64

1

Stick War_ Legacy.apk

android-11-x64

7

Undead_Def...pt.apk

android-9-x86

7

Undead_Def...pt.apk

android-10-x64

7

Undead_Def...pt.apk

android-11-x64

7

antivirus.apk

android-9-x86

7

antivirus.apk

android-10-x64

7

antivirus.apk

android-11-x64

7

b3f23bdd3d...c0.apk

android-9-x86

10

e8947bc9fb...10.apk

android-9-x86

7

insta_followers.apk

android-9-x86

7

insta_followers.apk

android-10-x64

7

insta_followers.apk

android-11-x64

7

xxx.apk

android-9-x86

1

Analysis

  • max time kernel
    26s
  • max time network
    163s
  • platform
    android-9_x86
  • resource
    android-x86-arm-20240910-en
  • resource tags

    arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
  • submitted
    14/01/2025, 05:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b3f23bdd3dea208f05de7a5b9ea928758187b3f2b0f4f5733c8bdb3298818ec0.apk

  • Size

    3.7MB

  • MD5

    f17c846775fe7d69c25b1f9834ec31d9

  • SHA1

    642e9c6595ed94cf6040c9a66e4431b04a62a2a3

  • SHA256

    b3f23bdd3dea208f05de7a5b9ea928758187b3f2b0f4f5733c8bdb3298818ec0

  • SHA512

    2f9883be40f1b9fda7ef9bd432c7d32e5adf6222e5bc9dbeed974f7e101a8c8af39f3bdd059fb0b83cb7e0d034f1ac85bc860bba30eb46b2da7f6d02657c70c9

  • SSDEEP

    98304:qmVDDWjqPP2X1180Q046fgVPwLBqylSWFk5uYUbLCJrn:p3WjqX2l2046qPwLB/lS+kpUnu

Score
10/10
tispycollectiondiscoveryevasioninfostealerpersistencespywaretrojan

Malware Config

Signatures

  • TiSpy

    TiSpy is an Android stalkerware.

    trojaninfostealerspywaretispy
  • Tispy family
    tispy
  • Loads dropped Dex/Jar 1 TTPs 6 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    discovery
  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
    discovery
  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

    collectiondiscoveryevasion
  • Acquires the wake lock 1 IoCs
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence

Processes

  • com.ygvezckt.rwqaztkw
    1⤵
    • Loads dropped Dex/Jar
    • Queries information about the current nearby Wi-Fi networks
    • Requests cell location
    • Acquires the wake lock
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:4315
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.ygvezckt.rwqaztkw/files/dex/316f40170801e947.zip --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/com.ygvezckt.rwqaztkw/files/dex/oat/x86/316f40170801e947.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4341
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.ygvezckt.rwqaztkw/files/dex/lLtoeVfIDbcROVZBX.zip --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/com.ygvezckt.rwqaztkw/files/dex/oat/x86/lLtoeVfIDbcROVZBX.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4365

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.ygvezckt.rwqaztkw/databases/privatesms.db
    Filesize

    16KB

    MD5

    3621ce0aa81e37bc5c80e2cf881f1dd0

    SHA1

    00365f82dcada94caea07443656848baf60b3bd9

    SHA256

    8620d146b06037c9dc98b8788c3137344eb9d7e1f8b982ffec4c1d8549f24dd5

    SHA512

    76bb7175359d61ce39e95008269752de25769c4e274b4bcf37b920bc2cbfb680b2a4a88de860ed069655d1f47604638b0301c2c6131107cd929348895d73d2bf

    Download Submit

  • /data/data/com.ygvezckt.rwqaztkw/databases/privatesms.db-journal
    Filesize

    512B

    MD5

    b3c79dcc25952dfa5f35e8af065c885b

    SHA1

    29d39fc18a43ef6cf5e790f93d643a47a68d2477

    SHA256

    c20444ccf1c0e7926ddbb2a784d456f870ec4dcc7e0435a8e7debe1db80eb6f3

    SHA512

    5f3a2a35bbadcf702a0cb3289f8db14d266c55ca5598e5c45f3b16233305df57bc7614a90c0237b16b7e86948468342456cff2eaabb298895d1d1f0b540bd5a8

    Download Submit

  • /data/data/com.ygvezckt.rwqaztkw/databases/privatesms.db-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/com.ygvezckt.rwqaztkw/databases/privatesms.db-wal
    Filesize

    28KB

    MD5

    9b0d19d1ef1938b10d4516a84025baee

    SHA1

    9190c8d4461614afea2111967a9cdbba9a705522

    SHA256

    23b9ee4d04244e0b315a0d6c72a651d526dfad2790d4c346e1dcba292b099997

    SHA512

    10092428090d4866a4298821ef954262fbd80711fa8a7ec73c1e2f66cd3ad04a6829d5ba3a19570036f272d9ef4ff166e4f907ec72b7c2251ebebed3c07a5bc5

    Download Submit

  • /data/data/com.ygvezckt.rwqaztkw/files/477458.so
    Filesize

    145KB

    MD5

    8767a74133b3328c2a87a24893142ec2

    SHA1

    c1c48bcab9d7bf804cad029656d8b79bf8655d29

    SHA256

    80afd0eea39b125cd5a2f300a3b50302f002ff332943f71bd46d7ce5914e0f82

    SHA512

    96a2d70a2adfef8b8da4fc8c6b2be0b7eed0c33f76770093799fd3bbccf1b766290151cbd65981634c821baabdd8d445a6f66cf955045f0f402286b61aab2d7c

    Download Submit

  • /data/data/com.ygvezckt.rwqaztkw/files/dex/316f40170801e947.zip
    Filesize

    548KB

    MD5

    1b463ebe439550e65863364d145f3633

    SHA1

    06a1d114d31cc0c0735f6e865290de0df66534fc

    SHA256

    402745874a8f4229a51c30bb0a3fc4a383d5d2bdecf43f73920c7ec59f402631

    SHA512

    45be5088110b35464faac2c708084e5337ddf5f89d582001582c47db28e04ab577dc036ee481b02f3743b3bfc1a0bc85cdf9185f23aa8e683a2890833b77be5a

    Download Submit

  • /data/data/com.ygvezckt.rwqaztkw/files/dex/lLtoeVfIDbcROVZBX.zip
    Filesize

    649KB

    MD5

    5631aac4cdaafaf80e13e30ca0f35df4

    SHA1

    a5c11f94c00875c38fcc29debd5ab1f01b6a6d20

    SHA256

    c65d54edc4dfb9bb13a51764be2b1a66e6ef781a6f1a18368d22aeea79f1af6c

    SHA512

    15c45aabc02a08dd369de2b9f3ba736ccdea4cd325e865b079810887d3cfbdf52a7286dbb0516630cc0f83d3fba0a99efcb2a1f37ce3ee0a50bae98eb731eb47

    Download Submit

  • /data/data/com.ygvezckt.rwqaztkw/files/dex/pro_btn_bg_animation_img_0.jpg.zip
    Filesize

    8KB

    MD5

    7c20a2b01bf3f9df1f0abb72ebbe82be

    SHA1

    e601b2e41434623edbeece32867517a3cdec5449

    SHA256

    1a10cc3cd2dc21a9be2d2eb758fd19288082619d331245b927d0a9299462ea2e

    SHA512

    3faa6efbd3ebf6e1aff7ebe9958c5f94bbfe9c5ff9e11e9092b1b7301bbe6504c01b922d709303147e213b3cadce8e96462220a1d1bf4d6cdaec95b3f84bb1b4

    Download Submit

  • /data/data/com.ygvezckt.rwqaztkw/logs/Sistema1736831891192.log
    Filesize

    15KB

    MD5

    c9b555d11d0c0a4ed2d8610ee65051ef

    SHA1

    603d1e3c74703ffc37e988ddbc6e4be250ca5f90

    SHA256

    7c985cec84adafe18cb36185c4947ae3d17a32c315cc4cb84c5683b48423bcdd

    SHA512

    c6db799c1c891bae520d17d42d1a8b8d5f7948d8b47850ee9da6818db8ddbcf1cef812be4a9101426f194e30d37663d249d970365e814cff99ec85578925faee

    Download Submit

  • /data/user/0/com.ygvezckt.rwqaztkw/files/dex/316f40170801e947.zip
    Filesize

    1.3MB

    MD5

    0141ce546517d0ff09558391ffe2c3d1

    SHA1

    c8da2607f42222cf6726f30015fce0e501df3c30

    SHA256

    4f647e2c0402fab82866f27337c18543123212e46abb52914e8c22bcff7382cf

    SHA512

    886f3fd3d8b891a8a1ced7552bb73e82b8eb390bf028570d1e5f1089863399dfe26184c4b6974968cc0a801ac1dadc768af157c386cda3fb0b810279680f48ce

    Download Submit

  • /data/user/0/com.ygvezckt.rwqaztkw/files/dex/316f40170801e947.zip
    Filesize

    1.3MB

    MD5

    c276d68c66d80dfed813846189721519

    SHA1

    3006ae75be916f82d520f683322ce5b8af4be68b

    SHA256

    ba4227db1d3fb1d9befcdc67847e414b5070dd7e9d28e397c4cec1488309053e

    SHA512

    b5c1844af6bc735c26cb736691d864c3cb4ac567d49c8c0f5a3f73c7d8aa7de890900563a99a7e0a1e114cf561955225bea7522df876c338f380d03e502bb497

    Download Submit

  • /data/user/0/com.ygvezckt.rwqaztkw/files/dex/lLtoeVfIDbcROVZBX.zip
    Filesize

    1.7MB

    MD5

    0df030186d9f5c370a15db6223ca2eb7

    SHA1

    33a9951863ceaf037787cd169c4cf61fcb7bba1b

    SHA256

    ecf40b3088a5186d0c043c2248aaa1a509c4336ae7cad299741fb7fc7ba0b11c

    SHA512

    0777b4c68b58b428410554b9e420852cd3fb2f2bcfe7a48487b1564918c386ca5d80327a7dc9b9b2d8d55da5330296aabd1f866db3e068bbfb3a3d7f393547ae

    Download Submit

  • /data/user/0/com.ygvezckt.rwqaztkw/files/dex/lLtoeVfIDbcROVZBX.zip
    Filesize

    1.7MB

    MD5

    eba2e1ec82083be20ece86501cf4a651

    SHA1

    c7296d77e0ff6982396d13e1f6cc54b2be4b5f12

    SHA256

    7cd112ace3c9789beb88d7d75e3c664706505fc8c5ede01fc92fabb9da2700ec

    SHA512

    668f0e05318a9a1d8f28aa9f8796450422b0f5d722704bcb37e003d42951e7033053b2c38ba4bc1144b14bac9114d875e860f5ee8add0986234228e2dc9dfbaf

    Download Submit