General
-
Target
040b74598ac64dffa90b323730a7cadc8fcf4541823fd15d3a4a56dd8720e392.apk
-
Size
3.2MB
-
Sample
240630-bcwrqs1cpb
-
MD5
27861ffeecc0b65c35bb88b6ae884231
-
SHA1
d53367662179e42d50a73039e07a76521e6b1e4f
-
SHA256
040b74598ac64dffa90b323730a7cadc8fcf4541823fd15d3a4a56dd8720e392
-
SHA512
dac962584ad95b857e6d11562e692e95e9a225d12454490af118afe216dc4687164da3a5b38bc4c89577383e2c1c50b1b255254a19c5c4880d51b0aaa1e834ca
-
SSDEEP
49152:lDKyh/nAj0PLVrIRsFTKDfUfiNjOnVaQsikR9B8rgGwNGjo39txp:lKy9nC0PLVrd2D8TPsNGwNGjoNvp
Malware Config
Extracted
tispy
https://auth.familysafty.com/TiSPY/printIPN.jsp?screen=IntroScreen&model=Pixel+2&osversion=28&deviceid=358240051014041&version=3.2.183_27Jun24&rtype=T
Targets
-
-
Target
040b74598ac64dffa90b323730a7cadc8fcf4541823fd15d3a4a56dd8720e392.apk
-
Size
3.2MB
-
MD5
27861ffeecc0b65c35bb88b6ae884231
-
SHA1
d53367662179e42d50a73039e07a76521e6b1e4f
-
SHA256
040b74598ac64dffa90b323730a7cadc8fcf4541823fd15d3a4a56dd8720e392
-
SHA512
dac962584ad95b857e6d11562e692e95e9a225d12454490af118afe216dc4687164da3a5b38bc4c89577383e2c1c50b1b255254a19c5c4880d51b0aaa1e834ca
-
SSDEEP
49152:lDKyh/nAj0PLVrIRsFTKDfUfiNjOnVaQsikR9B8rgGwNGjo39txp:lKy9nC0PLVrd2D8TPsNGwNGjoNvp
Score10/10-
TiSpy
TiSpy is an Android stalkerware.
-
TiSpy payload
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Queries information about the current nearby Wi-Fi networks
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
-
Queries the phone number (MSISDN for GSM devices)
-
Requests cell location
Uses Android APIs to to get current cell location.
-
Acquires the wake lock
-
Queries information about active data network
-
Queries information about the current Wi-Fi connection
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries the mobile country code (MCC)
-
Reads information about phone network operator.
-