3f5fb4b6750e1298a27c3ca583a631ebf0f42ce106023500f1914bc872090537

Analysis

max time kernel
2670389s
max time network
158s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
23-12-2023 15:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3f5fb4b6750e1298a27c3ca583a631ebf0f42ce106023500f1914bc872090537.apk
Size

21.6MB
MD5

185029d9a9b97799fe5e4166f90e050e
SHA1

84d94519ba7e36be9a384d3e0a713ecaf543e1c0
SHA256

3f5fb4b6750e1298a27c3ca583a631ebf0f42ce106023500f1914bc872090537
SHA512

6b3d4cdfde19f7c3385622d626fcc7a5522cd11c7d1ec0cf6424eeb1e21b65b55e50bc26beba33a4b190355d0feb667b9767f802b90a85147d133547e518bb05
SSDEEP

393216:dIyRf1vGkDkZ8pJW/jEbnDGiOzSttoHDeBwaDZHS28NWMOTtbg8r5ahi+bPiwjTu:dIw9ekDkqpy8nDbYeBwaVy2841TtbgaT

Score

8^/10

banker

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 IoCs

banker

description	ioc	Process
Framework service call	android.content.pm.IPackageManager.getInstalledApplications	com.pplive.androidphone:remote

Requests cell location 1 IoCs

Uses Android APIs to to get current cell location.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.pplive.androidphone

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.pplive.androidphone

com.pplive.androidphone
1⤵
- Requests cell location
- Uses Crypto APIs (Might try to encrypt user data)
PID:4209

com.pplive.androidphone:remote
1⤵
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
PID:4338

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.pplive.androidphone/cache/applog.log

Filesize
2KB

MD5
e22973a6e52250dcca8073edc0adf71e

SHA1
b28d1aeba3d3db97750c1bf94fd792aba69e2134

SHA256
7826e351f4eefd2b80f71c1ee7e1ba4988fa9f4de480198a510c481221e836b2

SHA512
ce6949c34d903bd162986a17e1975566a13e93ec55f37cf198691dead2b1ffeaabb4647fb0c43199f5a092d9eda38e045db9b75ef57ae6fe3f8ee550e41124fc

Download Submit
/data/data/com.pplive.androidphone/cache/applog.log

Filesize
413B

MD5
9f3c0a6d7f331ccff8298fcd9a733f8d

SHA1
ce14a3108f9d6d0ccad7784f903538735dc76dcf

SHA256
1d1481ebe4cf5f5d941ea6462aefede9734cb75d578f2608cb776b4bb33aaaff

SHA512
8e08585d0593d4a12365ccb6208beb70ad47d87283dc4a6c76536b65bb0d8215c53f405793de114c9d8a51f2b426ecc6900695af4da565dceaa9d6b20abac762

Download Submit
/data/data/com.pplive.androidphone/cache/applog.log

Filesize
1KB

MD5
439ca9340266c74b6cbdc46b325039f2

SHA1
076833f1f2ef05a5679d2d892277c4425835b5ec

SHA256
f301b503f67eae0e0bf8d3d95fca6b695560d1f5f8f11d0049315a2424d99bf2

SHA512
cf624aa86efb0618a9ffd4093426e5323d3f3e8744661bfc612e0624d35bfc5e44840c533af10a2d0121ca43fb81250f89ecc2db502f7a06e0cb64e0047f657f

Download Submit
/data/data/com.pplive.androidphone/databases/pptv.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.pplive.androidphone/databases/pptv.db-journal

Filesize
512B

MD5
b7445b66dfc8d050245c71fd65f20121

SHA1
8c623b51cfa73db6f10f133453579c18b2ec2aa1

SHA256
150eb9255bfdb579a08b631177594e7219705eedcb9b6c7f7771906bf4329951

SHA512
a3ed1cca80c1d50609298167d1f9e74c1268f15e2dfbbd89a0f22c5fc5c067dedb12464f9ee5c95881c12cdc59c739426935a13a6433db419027853ec474836d

Download Submit
/data/data/com.pplive.androidphone/databases/pptv.db-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.pplive.androidphone/databases/pptv.db-wal

Filesize
16KB

MD5
0b3b7b26174d1acf4cc00f5e662c137d

SHA1
6224e53ac82358bac51aeeb12578d2baeec1798e

SHA256
a4ed8f9cb1be66e045bb570268f30fc064b063d7daf1a1415497da340a537409

SHA512
e42ae14654b0e453e93c5a69145df6b2dbc6175b54dfd2657e4b659fbba2e993070adad20d28708dc9148c21b43b2ab10422f1faf7069e907e44734819cc534d

Download Submit
/data/data/com.pplive.androidphone/files/.imprint

Filesize
847B

MD5
4be3db9f8650e3e4c8f1721fd4bb92b0

SHA1
c45bd4106f73178c808377a7659318dc04008f2a

SHA256
fb84ed2513eeefc595f3c748afc3bdb169b193a751fb936f96fa8e8250bbf22c

SHA512
f2fa942ee95b863d9dcdc7635f16c863b68ed54554411d5ed5016a5bef2eb0fd02e63b9bb0ffa0e60aa2c32cd2f1d2e801789e14f7f701aedc5e01ff4425a8cc

Download Submit
/data/data/com.pplive.androidphone/files/exitadinfo

Filesize
5B

MD5
9dcf2a6f12095ecff342e9fa0c5ca72f

SHA1
c815f34691be353caa9de93bbdb00a31f62a9ed3

SHA256
4e68143408826326220a32d6bff59e1cca3dd85f74b018aebd6723c5686c54e5

SHA512
7ba3449f5ec3363bbee33d47abe471286cf78034dd70379fa4d0de5fd59215e8c58287eddffed1b9c3c74e157f6a9ad69b0c551001a62d04790bba49df48231c

Download Submit
/data/data/com.pplive.androidphone/files/push_db/pp_push_msg.db-journal

Filesize
512B

MD5
6fcdd54baf4e3f52059f514504d22f60

SHA1
9e21ea92a87f8974825af0d93345d8aaf31df23b

SHA256
d133ffbbbd494d3cccbbad9ba8d5216d7e80b06c6b7a3a93d7b15e3851b2b730

SHA512
c7df9ca83c8da1a55c6a4c1c060e863651d549df8c2be8c7b39bf8ac873062174ce2c2bd1a4021bf8bece6b76d6eeba079af121e17ed840f5c9f9d26ba021d6e

Download Submit
/data/data/com.pplive.androidphone/files/push_db/pp_push_msg.db-wal

Filesize
64KB

MD5
bf2af2f75fd175d9d8af07e342aa67d0

SHA1
7050774e37b81f393d886ca94c6f482687fd1a4c

SHA256
3f278805d10ce12856a1e92d605d8e0ad27a1e9fa8dce6fbdb684a22a9d3edb9

SHA512
5b832079f97fba7e8cc90636aafc40333c4a00e3f51570186afeac025ee0a8206aaf52ef658051c4add5c288db9a9179f84f9e6d41145b494a02e10cbb1db1b2

Download Submit
/data/data/com.pplive.androidphone/files/push_key_store/ppmessager.keystore

Filesize
1007B

MD5
5397ad30ed7de7f9dca5466c95933b6b

SHA1
ee90374da985829e1be065fae347211a0863027c

SHA256
0f3539154aa8e0d0f7507e9b66ba79984aff8e73121efeb6fe92dc0b141d02e6

SHA512
5a7bb4d68fbe28f90467fa057d98b5ed202900218d1a9ea2624ab2692db41fe86a8396584534ab87af70b3c6b3acea080c3ef525e17bf1c935f07e86cbb754f7

Download Submit
/data/data/com.pplive.androidphone/files/umeng_it.cache

Filesize
108B

MD5
dbc2a8d0eaef0cd27a7c4e5c2b51b4e6

SHA1
0351d3b361c7c89f4b2726f2406793e4b74c6788

SHA256
dd72cb2085a48e47d58d93f067e3cd7a731275698fb974ef3ad309d341a13a33

SHA512
854d50d7dc57de158bb496144aed150653fecf802869a345f157d1a650dd23f124f13c48105b4a563a98ca8dfbcbaccf99b934106e4722aa2c8a5bde4532a697

Download Submit
/storage/emulated/0/Android/data/com.pplive.androidphone/cache/locationCache/journal.tmp

Filesize
31B

MD5
8c92de9ce46d41a22f3b20f77404cc1d

SHA1
8671a6dca00edb72be47363a7071be65cf270373

SHA256
68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

SHA512
30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

Download Submit
/storage/emulated/0/pptv/vast_ad/gaode_location_file

Filesize
130B

MD5
1c84d0509b08608920f9000bf157e646

SHA1
962132b01ae7938cf250b3106bf771f97c949351

SHA256
ca6e57cc1508a13da3e761ba4095911b1944da1aa0681529e909fcff9fd46a66

SHA512
d8a81d627a2fa022c6d4956e73d3d4294a9f31a9f14ba3faa640bb6ad0484b95fee10c85842ddf2dbf9712fef348bc63b893f6014fa29128465cd8ef8818ecef

Download Submit