Analysis
-
max time kernel
65s -
max time network
66s -
platform
android_x86 -
resource
android-x86-arm-20240624-en -
resource tags
-
submitted
26/01/2025, 22:00
General
-
Target
63f02562b5c723abdb1df71b35a151f12a27663034f1e08be8e257631bf83da1.apk
-
Size
3.5MB
-
MD5
5a68447da4766323478de5946e321201
-
SHA1
2df75a1d545d1e65d5c6498730b1e85fdba8a8c3
-
SHA256
63f02562b5c723abdb1df71b35a151f12a27663034f1e08be8e257631bf83da1
-
SHA512
a29660f6c70671dc9f4cc60ea25d5f1a671b9d966f6457f7fb72bf21de0ac70d89be628d738e218bd77c9327b73e072dfc015a6022ee7cf3fb36d1efbaf0284f
-
SSDEEP
98304:tYNnnbQuPQQ3l6VvAMoG6uaS4W4xeGuhxBosLdCAj5pl:t8bQuoQP/9S2sDt5pl
Malware Config
Extracted
tispy
https://auth.familysafty.com/TiSPY/printIPN.jsp?screen=IntroScreen&model=Pixel+2&osversion=28&deviceid=358240051014041&version=3.2.183_29Jul24&rtype=T
https://auth.familysafty.com/TiSPY/printIPN.jsp?screen=Signin&model=Pixel+2&osversion=28&deviceid=358240051014041&version=3.2.183_29Jul24&rtype=T
https://auth.familysafty.com/TiSPY/printIPN.jsp?screen=AuthFail&model=Pixel+2&osversion=28&deviceid=358240051014041&version=3.2.183_29Jul24&rtype=T
Signatures
-
TiSpy
TiSpy is an Android stalkerware.
-
TiSpy payload 2 IoCs
-
Tispy family
-
Loads dropped Dex/Jar 1 TTPs 7 IoCs
Runs executable file dropped to the device during analysis.
-
Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
-
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Reads the contacts stored on the device. 1 TTPs 1 IoCs
-
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
-
Acquires the wake lock 1 IoCs
-
Queries information about active data network 1 TTPs 1 IoCs
-
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
-
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes
-
com.nualjcvx.xxjllsgl1⤵
- Loads dropped Dex/Jar
- Queries information about the current nearby Wi-Fi networks
- Reads the contacts stored on the device.
- Requests cell location
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
-
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.nualjcvx.xxjllsgl/code_cache/1737928842108.dex --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/data/com.nualjcvx.xxjllsgl/code_cache/oat/x86/1737928842108.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
-
-
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.nualjcvx.xxjllsgl/files/dex/KSyvfGZxlBlHKfstd.zip --output-vdex-fd=49 --oat-fd=50 --oat-location=/data/user/0/com.nualjcvx.xxjllsgl/files/dex/oat/x86/KSyvfGZxlBlHKfstd.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
-
-
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.nualjcvx.xxjllsgl/code_cache/1737928849714.dex --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/data/com.nualjcvx.xxjllsgl/code_cache/oat/x86/1737928849714.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
-
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
MD5d3364728f634bf71c4b16542c02c60cb
SHA1f23088362b69935f404f2b81eaa40ed3172efca5
SHA256401f68f4448fd6288b7619a7a2ae4646493cd7268f16aa6714802833fbc1197e
SHA5129378bbda71abcb437676a2d4095d7d3ab6a5a1c1682ec95f3f6d050b9226692cd1a29ba8e7a65dac441c29cfb7b1d5e69e34b5cc32989c90c025909567a662af
-
Filesize
8KB
MD5cf790c0dfb1361b86d4b8bfca1f8814c
SHA1d452d9d6504f6af0c9408d6fdb1ced0ff3c45dee
SHA2565dfcef0f59a512a9d88d21de81e5f9a20ff420d328736a1426b0a45f9459d832
SHA512e2194cf4ab22064206d9df3523afd3b247f4ce72b7fed17056029746d1f79c1a25d340f8f9c7ec77b9590d05dc7549a735d631a368f82c472cd54bb8a1396c47
-
Filesize
8KB
MD5a137b5568de65b8fef35329930d8617f
SHA149a2d6e95d447ba1d448c81691f6a609fb2859ed
SHA256bc5290425eaa32b00a84a94c58976321e7643bc5d668817524ad68a1c7d2082b
SHA5129dd6c25dea7b3424e8ca0150a9f1f6f85ed5fccef69e7fadfa05324014b74cc350365b788cee2a8ce25afccee084908e679eafa7f449e7791c6288485d2c5338
-
Filesize
16KB
MD53621ce0aa81e37bc5c80e2cf881f1dd0
SHA100365f82dcada94caea07443656848baf60b3bd9
SHA2568620d146b06037c9dc98b8788c3137344eb9d7e1f8b982ffec4c1d8549f24dd5
SHA51276bb7175359d61ce39e95008269752de25769c4e274b4bcf37b920bc2cbfb680b2a4a88de860ed069655d1f47604638b0301c2c6131107cd929348895d73d2bf
-
Filesize
512B
MD536214d68d88c82e877cefcdd1b3c24ff
SHA15efb0b40b0029c3aeb955f287d384964b2b1754e
SHA2561f4123d7ac1b1791a4b8e5db779b071513f460c1cab6df26662347aca540e92b
SHA5129f1042c7fe84a6c4190fbd0cfac706ea38f0abb504550855a0947b85df78cd078037835747ee95d59d0b4bbe70f55f1f33ac7a4e6615d07afa60422ff17c83c0
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
28KB
MD53f2ed660a2961bf9e78e6f464069c9cd
SHA142e0af8a1d0dab23b94b8a4a0be0beede1b929d0
SHA2569808d3d3e330cc377292a48782c4fc98b99ee51db0f069eee09ba3bc7aa846fa
SHA512f926d935f8e23d63e8c436f9f35e0ae8148359bb19488e0f9ed9b3089232031ded1eda204d8fd5cce54333e60292fd5192249e7974a920eb431b084e0aac5858
-
Filesize
145KB
MD5d92a616ac95cf878c5fef32617fe2ffe
SHA1703202496ee694a21b410755cf4af9eea0bc8029
SHA2565b0d963376f650fc7f58caba0a6089abb5aa02e43133409de0ae04ef67747547
SHA5124cb3bb8c35118509541523c5fe9670be9e43f5c7909b5f38ec218cf92a86bd9b010da9bec30347c8cc9a9f67c77d55413e0e26a3fcd6f8f6fad265c8cc61ca62
-
Filesize
145KB
MD5e81272e7beb4b4ac14423cced7e9c959
SHA1492e940c7c8ae2088b1d64985f93b50770371158
SHA256f4943f22f3face7e79e21f8d997d0f1ee071554c55a4b35e2be6dc4b84d4e9b4
SHA512f844b4418e942cf3e3b4757d863aea0447cf754216be929774620d5fbcb4bd2b856df5adba4d201261312564032bcc1031120168d621ba0fd1c1610d2445bded
-
Filesize
270KB
MD51bdee5ea5e737395bc4767af0ed7a897
SHA1857f44aa280eb4f24d186f82b60bbf9b71dc53e0
SHA2568a6f0dd5b831de0da92a1af15d49da6741b4142fc34b1e4debd9fdc35e2344fc
SHA5125d70c6780030158bbb5d2a63e1c1c0a6d937a3133ac965df32e6cec7260efde2a0e4db7a939c097af30c49c1db4b21373e1ac6ba5edde505a5d8cd3ffb76ac77
-
Filesize
1.5MB
MD5525e1d75efb9d6272f993122f88b6719
SHA107e37ba7d27def3655b42c885347069ee102cfbf
SHA2562fa09ad15d5d918f61ac39a942ce70cc6eaf36cbb0cfb0574057335babc54d72
SHA512f1980ef096ef8bdb0d0af4eded51c34904d9beb153816c0b94baa2a8081775354d66e88926eea4fa7386392b89e3c6a97bc3d4c631981afdc610b786d2809d13
-
Filesize
636KB
MD58aa1890c8921030b680c2557f9c8386a
SHA18d39dd27c4612354b968b16171f376553e594fab
SHA2565822cb7097bf82fe0a69a343b226bbc61efa2e091f096f5d9f491e2f82d4b51b
SHA512742c6aa33ada9f5a7f68741db731dedb9c1522fdcd2253caed7d709efdbb3b7d4be1ecb6ed2fbba13008ff7c9a2e1c7e98daec8a6c6aafcac3788426898fb4e2
-
Filesize
2.2MB
MD5c6121724a4eabcd69809d4d607e67580
SHA19431787d3e3cdc50d3d55530ad5ec14fc5ac7138
SHA256677919c33e287b71dca8b851dafddaf0a892a4debed24e043da6e378933221cb
SHA5124ae7a681174b52cf1eac476b7ed6ce9ba6f7d441d37ceb4315bf57721e1d1ef373a141f85d3c0c7917c550c954209b7d0c9ddba98645ee9d2e0800e94f556957
-
Filesize
1.6MB
MD52cc8f9b7e95be09168621b46e804eda1
SHA16a2f34c31df9ae9b4c996bc5a3d65ded5eb2f13f
SHA256280c95d71831fee6198324069a631f591af99d0b801f87736f11c3fb8aa2e4f0
SHA5128235515fdb8ae92701b7e2c09ff572006662eb8b9f82fed0294cbc87315969a5038cfd2633bcb720995247f2c3410d30aca29e390929f7e8a8a933d6b7835585
-
Filesize
2.3MB
MD545f29981620e258ef51f68f6c8dd85a2
SHA172eecb18f5e700d41fc870199fd4f2e769fad3c3
SHA256c2f84da138b51cda5ca4e0af40cd90e2f69664d2e27f082cfb4ddc3bbd6f1155
SHA512053c919d8dde4910e1a3f49e7a13288678eae364afe7ce47890c5690639bc618ec206d07bf558501686a94ed141e91ecc045129dcfa34cbcab95cd7da2d5a918
-
Filesize
83KB
MD58fbcb3fc68adeb2d70ec59e3c8c13cf6
SHA1d659c6f31f6b80662ac1b6b57f1678a25def8767
SHA256d3c7a0b0ad264efa0e7456c9e3ee0cb11ab3339d9a117b7841bee46854bf99f0
SHA51287ec51d7f15b7760ce7dd0dfb3ff1227ceedb1696b9d36419dbf80669a4fe151b3429726b7e2bc327998691c33660e3ab5f7a67f3d0babc57c7dae3c66dd773f
-
Filesize
458KB
MD5d530a125f3f6ad057316b66ad8f7689c
SHA1ded91ae72a5124f80cbb806e34e902e4f7690585
SHA2562d76c753f285616f2b4f7c3f9cc11689643ade33e8d47b9bba3d190fd44fd7ec
SHA51246ddfc038ff9d3abeedc83b3d53315482b259fdc242372452169aabce76c12f899fc6b3ed3904f08055328df5d31f1f2679fdf8e04b62716b013ccab9963f431
-
Filesize
432KB
MD5d319fff17b4b3d37f658a4df7d2e9391
SHA14fc3488f35ff2f84f9547cf1493058d412366369
SHA2568649cb08a83ad7beb3f8fe7431c590525cef21550449a8bf94128c4b3133904b
SHA512a12c8a6d2df6e3ebd295a977239408ae6ce1146e2586739de4c460f7ca732f872ef25bf6f50f214b852b7f823e88ba1e464dd648c70d4a49e34128381f9c10bb
-
Filesize
2.7MB
MD51fcba77be0b33d08001bb6a76c858c4a
SHA12e621445cd6cff7d989a90419f153062f4cbc8ba
SHA256ab4b61b860c6ea3dfade56ac55528aef471d9f17fad4187e2f39df4b173d815d
SHA51233493666c95274357114400b3fe1469e3445c90a68a409adbaed7016d391fa1c38ce7607d2bf064da1d0895066f4caa469aa8bbfd69f2ac6e0d72b5a52af7b42
-
Filesize
34KB
MD5ba0011889daf8111d9887987afee1bf8
SHA1c282b6820f8df86bbd46c22b83e226d2da0ace62
SHA2568c236c95598c1ed6ce3a8bc79d9a4f82b78d28dbecd0a2f66955817bc93873fa
SHA512ac02592dc9d9af4f8bb91df129fd32bc6e700ca2961dcd8887574da63d490ba733ac67e39b7446509772d49d9a5292364643239d44e2f40b5693cd89d1ea8058
-
Filesize
1.7MB
MD5401209b06747f49e22c5eedfe92145c6
SHA152eff15cf75ab39326b16db7d867bea6e25a6f32
SHA2569527cb317cc1f954831eb53e94e29779b9bc4ea10734ae6a751b0039e7eb6852
SHA512e3046d78b8d3305ebccaadd24a6752e50ae03e5643a862b4f25efd004022cf96e731e3d0a1d7b78e10ee4a373a32c913ecbdfbcbd15ff2edf1969a2f0c9a7b86
-
Filesize
1.5MB
MD583d947648dab3752898db4c1fa366cfd
SHA12df9f5db92fdae58b3267766934f460542d0ccab
SHA256650c7587c9a69f6c9c81f34ab068810693bcd3c8e5bfc440c6e6c530b1cb88c6
SHA512ac2cf372b60399285fc70664ad2a7ea2de72cfcd48753ac29e858dd132b8362a59e5e1890ab8de9b9683c2510cc4298eda38b3a25c3151f8543d81fcf4d82608
-
Filesize
1.5MB
MD50c015f108130cbcec3c89371904be70e
SHA19b0348a2a1351db4cce88dc086297ac9c0435977
SHA25609dbee56a6ba5dea1a9677b468e29cbdf4cb7317a5e8ebeded039f67ff3e834c
SHA512d2736c7cd3c83afcf5ed30a7cdfbfaa17091eb9a8bea464f281ab524a57b0abc2ff6289d54c0ab8ee83cc4fcd33f5e9d5148930c44b81df013d453ffa8bd1511
-
Filesize
354KB
MD5cdb95b6410572927d41c94f7e961e9bd
SHA1a170070450975129cb7867fb573fdbb49a96ef98
SHA256649397f9d650011c7c0be34dc5e0929829d8f2480828718a31c965dcca57a34d
SHA512db466e690657f5ff0f27023c0c9f2f837650673373185f5af42a4a0fccebd5e5a28f112441b113afe23d9774ae612a6b82dfec72c5130b8f41b4fd45b42704c0
-
Filesize
779KB
MD5d3339871102243250cf1b8af2142df59
SHA1c753a288f72de45a020617a7ebd6c98d94892f32
SHA2565403976a0b7d11734d359959ab63b2ae3d86cb5dfdab42bd12a2d2bb43549b25
SHA512c1c0b65e99260bee1fd63cb3206c4ffd9cd38fd33cbd50170f0a1cac0add00c1622d02062f89db2acb2984bc3ae6a36f244732407ff33fcdfb0b4501aef0f529
-
Filesize
4KB
MD56d180dd5d0b85d07e8de0ef580d3c3f0
SHA180738813df2f692c676c73ef3d0322fe68a67458
SHA256454b4542d7ac8399ea37ca5fb968101b6c7648921e29193c54878d706951025b
SHA5126780147783bf91a7dbc2f1327d5e7a5fa4f180d46edb1651d7cac9b9b13a0e36926490779ff69526855fc2c1418bb80492eed1a9c6372bfc117fe0898223159e
-
Filesize
137KB
MD51222cade02a614cc0ab42e768ab62cc1
SHA1562e83e3d019ed7c884438b411c484df586b8abb
SHA256ec8a6069ba7ed1d3df4bde375e4f62bc8d64be4c0228554c9d5cf99d2ffa956c
SHA51287a19557980f20aae04fad69ae6f771e0b5e7d9257fd0f455b8f6033b6b93d145cf922819d3a58b030ae250b8b3f9c6130c248acad8ce99955a8441fd13fe490
-
Filesize
675KB
MD55c8eb541cab451b1be7a5e92070aeb5d
SHA1d6ce337ca2e9f41e0cf2e64113d237905a8f5783
SHA256dd1540c3444205e614f7df44c5cf3f2f3332d953f55e7af3a26c37f987316fb1
SHA512c879c2824e30b7088899f0ea427c75dbecde44e8c59245bfc318521a29f5797f1ed0b647b5a0b6b52983bee4195bb9dbb0f2947149eaeedc503cbc13c06e40fa
-
Filesize
1.0MB
MD5537226ba9d70113cf97290362ac3c32d
SHA102d833af459bb73bd96f104cb9ef3e44a95a1649
SHA25687c494b724a872bea7e1543647e097afaf1ccbc54a7310a3da5c9e5115670456
SHA512487b99c26cee936865a5b4d10ee1d85dff1faf1994daf9cd7b2e0fa0c7ff39a227bca62e0360113ec43299a9ba77ce2bb9aa7127f3e93aaa43d2075327d12bc3
-
Filesize
13KB
MD5bebbcf56ccbf574d7d9eb27dafc11835
SHA1cf86ee9a24de0be5bf07507a8c7bc9f0909395e0
SHA25636e147263ca768f7e1b364ac6a648bb3cb30f37549b443b46e7379b67aa542da
SHA512642365aabc16c1cc21233d6e9049740ab38cc68ed2194ac120ad02e34752ec14b736fbaf671b5882e2ccd967229f0f341fb86be178858cb96cfcb3a72d26d885
-
Filesize
70KB
MD58371a31761529ca01d7106387c123a64
SHA177adac47a0abbe465b05a155f2b15db1c57b0a97
SHA256b9366ddaae24722be60e387dbeae87205ca67a569b769959a95c2823f7225a8d
SHA512d07c779c8bc497b5b4e066a2f319a598c9f7e09585e6fcc406f2beba5dcc7f2faf4f4849607b35f7ca57dada0e7f15175c4102e2a908def04f24407524d0c76a
-
Filesize
1.5MB
MD510dcfb18c93e96967240150509d8c5c2
SHA144e9a216f5ffdb0362a23cb4ffe4610c56f351a8
SHA2561e842ae11e774f3b9605607896ca2aa7f48d4f9db4c8830763793db1ac170a6b
SHA512b132cbec3e6b73acaa6e907cb5b2b4d5988c73bbe0d75ae3894e5deed3d5aa9e9a49c3d5cff094c6a21264e1934c81d2a0375b9d3713d0a292ba4d6e40e7059f
-
Filesize
26KB
MD51eb9c691e0445efce477395722b73a56
SHA15eb94eacc7a6dc81cfdd430c0fb42aaaf30d6a9e
SHA256a284ca463a0f10d23eb8cd15c880913c250848bb88e62d099bc11b94a3855739
SHA51220af8e34171f40eada47683fa3030458ef3544ca4dda5e1a40ba6b4ed5871f5ad4182d1210021b9b1b48f961cba5ff2659f9377a2f743391f84d7e10ef875831
-
Filesize
3.7MB
MD5513a08a055195d9164675896a72eddb1
SHA15dcadd2b82658a475b4c6dabbdb9a90d1e37a7b2
SHA2563a26fb4874db388a7954dfc990032174dc6b71675ad5103b766fc4a0d5ac9fee
SHA512cc5f065a235bf5f2fd654524dfe4010415d5e51efaf249be538d40cbeaa0b268a61b1a0756aa606ed9f101346e2ca344907669e1db892e20e2686bd9dcbfb414
-
Filesize
3.7MB
MD57feb3b2b2eda2ecc20ebdb23e7065c9b
SHA1db79fba758168bc0e30aaab21d28c668fc99194f
SHA25623b46198319751ba737c08859b401e7c104df10ea4d05038c01fd56d70fe2780
SHA51234bd58fa849f47890afcf8d35bea4dfbc47036dbb6a94122b95f1853787fd280355f2e1a9a46e40fbb8815daa410d8605e3fb2a3a5e01e6faebed564d72f5c37
-
Filesize
90B
MD57cb5509df96698e9a82326ca492bc08e
SHA1da7d123478678132fd8dd820f89ed40cf97ba6c5
SHA256b50a635259e94fe0c8752c626ff876fa25822ae411badef98760d9a27d45b82c
SHA512e4de82b2380a2ddbf2334ef617c68f655c68873e57cfc79161c13547ba1eeab6a8edd36166783d551ad7c8b6e11aa773b2a33e2c61a4ed0a9365ba4efde65da1
