Overview

overview

10

Static

static

6

63f02562b5...a1.apk

android-9-x86

10

Resubmissions

26/01/2025, 22:00

250126-1wv2zsxjhq 10

30/07/2024, 17:06

240730-vmtvnsteng 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    63f02562b5c723abdb1df71b35a151f12a27663034f1e08be8e257631bf83da1.apk

  • Size

    3.5MB

  • Sample

    250126-1wv2zsxjhq

  • MD5

    5a68447da4766323478de5946e321201

  • SHA1

    2df75a1d545d1e65d5c6498730b1e85fdba8a8c3

  • SHA256

    63f02562b5c723abdb1df71b35a151f12a27663034f1e08be8e257631bf83da1

  • SHA512

    a29660f6c70671dc9f4cc60ea25d5f1a671b9d966f6457f7fb72bf21de0ac70d89be628d738e218bd77c9327b73e072dfc015a6022ee7cf3fb36d1efbaf0284f

  • SSDEEP

    98304:tYNnnbQuPQQ3l6VvAMoG6uaS4W4xeGuhxBosLdCAj5pl:t8bQuoQP/9S2sDt5pl

Score
10/10
tispyandroidcollectiondefense_evasiondiscoveryevasionimpactinfostealerpersistencespywaretrojan

Malware Config

Extracted

Family

tispy

C2

https://auth.familysafty.com/TiSPY/printIPN.jsp?screen=IntroScreen&model=Pixel+2&osversion=28&deviceid=358240051014041&version=3.2.183_29Jul24&rtype=T

https://auth.familysafty.com/TiSPY/printIPN.jsp?screen=Signin&model=Pixel+2&osversion=28&deviceid=358240051014041&version=3.2.183_29Jul24&rtype=T

https://auth.familysafty.com/TiSPY/printIPN.jsp?screen=AuthFail&model=Pixel+2&osversion=28&deviceid=358240051014041&version=3.2.183_29Jul24&rtype=T

Targets

    • Target

      63f02562b5c723abdb1df71b35a151f12a27663034f1e08be8e257631bf83da1.apk

    • Size

      3.5MB

    • MD5

      5a68447da4766323478de5946e321201

    • SHA1

      2df75a1d545d1e65d5c6498730b1e85fdba8a8c3

    • SHA256

      63f02562b5c723abdb1df71b35a151f12a27663034f1e08be8e257631bf83da1

    • SHA512

      a29660f6c70671dc9f4cc60ea25d5f1a671b9d966f6457f7fb72bf21de0ac70d89be628d738e218bd77c9327b73e072dfc015a6022ee7cf3fb36d1efbaf0284f

    • SSDEEP

      98304:tYNnnbQuPQQ3l6VvAMoG6uaS4W4xeGuhxBosLdCAj5pl:t8bQuoQP/9S2sDt5pl

    Score
    10/10
    tispycollectiondefense_evasiondiscoveryevasionimpactinfostealerpersistencespywaretrojan

    • TiSpy

      TiSpy is an Android stalkerware.

      trojaninfostealerspywaretispy

    • TiSpy payload

    • Tispy family

      tispy

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Queries information about the current nearby Wi-Fi networks

      Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

      discovery

    • Queries the phone number (MSISDN for GSM devices)

      discovery

    • Reads the contacts stored on the device.

      collection

    • Requests cell location

      Uses Android APIs to to get current cell location.

      collectiondiscoverydefense_evasion

    • Acquires the wake lock

    • Queries information about active data network

      discovery

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

      discovery

    • Queries the mobile country code (MCC)

      discovery

    • Reads information about phone network operator.

      discovery
    behavioral1

MITRE ATT&CK Mobile v15

Tasks