ab6fa1a9ced9c16430aff26496a2c7cb7bd398501ab6672a86772f889daf6ac4

Analysis

max time kernel
179s
max time network
187s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
15-05-2024 08:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

454678878eab390f09fb73a26ceb6ad0_JaffaCakes118.apk
Size

18.6MB
MD5

454678878eab390f09fb73a26ceb6ad0
SHA1

543bffc4ece59ba8b58ba4cb94f340801d639e3c
SHA256

ab6fa1a9ced9c16430aff26496a2c7cb7bd398501ab6672a86772f889daf6ac4
SHA512

e4664c036660f196bb2c56408b6fa39ce22446d04129cc5125acbaa0207a715c6d87faa1968fd2f37070def05ea0c2a1cbfc1d806f3761b69f7e372cd3d2f304
SSDEEP

393216:hV+WApoip0BKhW5nR+I+3FUNaZm0/mTihWWo+AFU:hV+hfpiKIxR+I+VUNUbCW

Score

8^/10

banker collection discovery evasion impact persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Requests cell location 2 TTPs 1 IoCs

Uses Android APIs to to get current cell location.

collection discovery evasion

Location Tracking

T1430

Geofencing

T1627.001

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	tv.pps.mobile

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	tv.pps.mobile

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	tv.pps.mobile

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	tv.pps.mobile

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	tv.pps.mobile

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	tv.pps.mobile

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	tv.pps.mobile

tv.pps.mobile
1⤵
- Requests cell location
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4271

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Execution Guardrails

T1627

Geofencing

T1627.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Location Tracking

T1430

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/tv.pps.mobile/config/ems.conf

Filesize
193B

MD5
5bd37b876c6061b8a081f75405cabfc1

SHA1
0f5d574e6b9d952675c21810c34e7664d1e2f794

SHA256
b0a1fb963c708b8a57f02cf07fba1b7243ab91e4a1343783861d74086800d8a9

SHA512
17617bc2e96ad6161dec71595d52382d9c3d14b3310e951eebdc73b9ec00ae926c0ea813598411be74b54edcec753ee67aadf04a4f58036641c8cacd3e069521

Download Submit
/data/data/tv.pps.mobile/databases/_ire-journal

Filesize
512B

MD5
1f611ab8183e4f748ad8ec63feaff8bd

SHA1
edbf7c1b347753ceb5b39a2c5151204d3cc60ace

SHA256
e4685c458f1752c2d79689a6969fbd6d6144d24f4125127a1fb20ac39dbc6467

SHA512
fa90804832bbb9db57c47dd9197dddda2f828c3ddb1e8934510b143ba5e6682dd76efbb3474e573dbfaebadc3ec1f39ffe6d33cd9a077e779d522964e90c5557

Download Submit
/data/data/tv.pps.mobile/databases/_ire-wal

Filesize
20KB

MD5
1d8b94fd0b5412d553e25bd04481eb50

SHA1
7fd274cb94f7c518bd00737993c9d40c4cd13cc9

SHA256
cccf0b2179c771fe0b2f9785a07c162ecc9101b3eb313601115af023bddb4f1a

SHA512
c41c61dbf3a7a47d674602026a60f70f11486051e0974a34b4dbef9fadc2f87e395824843735df2e7f69accb1fb1eb2e7428a4c22731a6b1172510a5002dbab9

Download Submit
/data/data/tv.pps.mobile/databases/pps_user_data.db-journal

Filesize
512B

MD5
d4995773bb1aa49345a67b7f50977353

SHA1
695d0de091bf50ab01f06ac2ab6921a16f478da8

SHA256
a2703c655f3b46f086d2706d1ee1226b059946c2c11c4b126f17b823c41925b6

SHA512
5fcbb6d19a5c7661e0216ef9645d9e9430a42e4aee7b97dfb5dbf2f664ec1e95eb83253a51da4aa773212a81be4b7cb81006e1e05172af182135a97cf30a67fc

Download Submit
/data/data/tv.pps.mobile/databases/pps_user_data.db-wal

Filesize
60KB

MD5
878a6b6507ba4fa39de17e845bc94077

SHA1
9369bcc37ca31007f08ce9a3989d0482aa764b3a

SHA256
1398c609e41b71fd2c177c1b26aba17194c2a038a7ac384fbfad2f9e0930a93e

SHA512
8390b422227846ff2347d8cf756c5d2b42c4757add531cb8babd550488cb78671f601dadfa5bc181c6772589c24c750f2c3c6e8e2bab2c7f4ddb597e36cb197d

Download Submit
/data/data/tv.pps.mobile/databases/vvtracker.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/tv.pps.mobile/databases/vvtracker.db-journal

Filesize
512B

MD5
1d9401c417e0729bf39ec46955beb999

SHA1
1a5c414b8bdc8ecb688d817af69c2abdd3446b76

SHA256
479df7584e692ac6b655e41893efaf93f7bde51114136e45565d096747ed2af5

SHA512
a55d659d62e50f29c20d8d3ba597fe380926e268ee423c62d475a2adb1c3784ac40b8212504e8ccba7250456c7c35a26bf18e9fd63d45374ffe4b5259f38acc0

Download Submit
/data/data/tv.pps.mobile/databases/vvtracker.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/tv.pps.mobile/databases/vvtracker.db-wal

Filesize
20KB

MD5
5b0264ccab8e68a079979c346cf535d3

SHA1
5dac19e56bde2129660d45096259aac9fc98c926

SHA256
509e65cc7fedb99753f05f7170b89e3cf2fc483c3e8a14d7cb86e0bb09dba485

SHA512
37fe2848dfb09a87e019dd6f5d180a11b08a989cebcc04ee8b81ae6363cb5bac4b20bb03e144fa677f87f344c7bac48837abaab60a8401ebf6181cb4678b9e3d

Download Submit
/data/data/tv.pps.mobile/ppscache/Download/FDSCache/vodservercfg.blf

Filesize
15KB

MD5
4171efc03e81f976b5fd33736f376609

SHA1
d5af5cabf0e771ad2235af876579e057a646f67f

SHA256
d930b6e1e4b2497fba39333a4e37da642a38fb56ef64573dc73b871797787e85

SHA512
9891aa155d691ff5cccb7770cac4b48f5c80134fa8f603f776e387246abb9a6057e2dd6ba7235c3a4fdcacd97f9258121413e308ade5ae274a7a80e0a4dbd5f1

Download Submit
/data/data/tv.pps.mobile/ppscache/PSNetwork.ini

Filesize
24B

MD5
a52e2a522838a1303d0c0710544fd32d

SHA1
22f719617723363f56e576ef957f75332d778c9d

SHA256
94c34d5376022353142401ec31e6abcdd3a1d1c56eabc24b190e2d4bd0704351

SHA512
93257af881ef6b234429aa1532599984e32201051564d146e05bc8af4a6c4ed242cc91e75699fcb1155a7a8fd89cfbc54714b7f1f515b86cc5efe03e7acc6f1b

Download Submit
/data/data/tv.pps.mobile/ppscache/PSNetwork.ini

Filesize
84B

MD5
2f941e8d6137194915cee877a016a99b

SHA1
5264332690155e8b10be5d7a05a51c5b1c152c74

SHA256
008f391afa55326e63a5a2f662bab921dea00c2e8ff2f3d1fd2617cbfb39fd92

SHA512
dfbedf568788efda53a8b96dfb998ead982580ba704717b4f5178dffacb005ba354bd28f2b569784cdcd255df03c95577bfe6fc330b97fe65bf80c4318954a3c

Download Submit
/data/data/tv.pps.mobile/ppscache/pgf.cache

Filesize
26KB

MD5
97a07616cf9f7b43a6ec7e90223a685f

SHA1
a5a5cfc78eab371debfef5a373fc5032983919d6

SHA256
f12aee37e7f689df194d6aed47ded7f32e458e390ecbbdbb06d9e56871e97b7f

SHA512
6afde4f4dbe820887045eef95b61d17a063cc81c015c511ebaf768e9044dab421e51949c5a2868fbd926f6a4d0498a33928c53c66d48427743f04348a7a69870

Download Submit
/data/data/tv.pps.mobile/ppscache/pgf.cache-journal

Filesize
512B

MD5
840f2f577f5c75494a3f227987c7e34b

SHA1
bcf25f06742f1a08fd84141f9b52d0db2ef5cb4c

SHA256
299d736ba8fad2aee86b4f3c8b4c7ef2132ba46e12f594336a7e856d87ad6b14

SHA512
f3ce9c076044954b75ce5c3f4ea98003b5858524b83d354ae26a7dd81919d544f6caf57d3db216f98f65c7e04760588964362ba1c17faa98ee93e41552828ca2

Download Submit
/data/data/tv.pps.mobile/ppscache/pgf.cache-journal

Filesize
1KB

MD5
55a0cfeee05f9bbc52627197e8b3f20a

SHA1
7a1470e0c189dbece798f30847fcfaeddefee26a

SHA256
3b729f0f8ec482244e5a3b8315287054eb8a01f4339898a8b58ef346dcd3bcb9

SHA512
f394101c70ede8dd68c17727094ebca2d732ea13eeb08d09b64d25590e19828bbc73a87878cb889c9222ae633e70c1ba7f3c41b4b01f472af0b6e7b5cb91e605

Download Submit
/data/data/tv.pps.mobile/ppscache/pgf.cache-journal

Filesize
1KB

MD5
87259929d4e2ecc8009ee0ce4b9f07ea

SHA1
df33e5608e9b3e77c4f11c66a120d6085d5a71b6

SHA256
4efba276906459633d730885bec619b307b631b061d59f81c082c11edec152e2

SHA512
0cfd76723acc0f6c7b423466509f82f5b15372a790029a5f15f93ec26e6105f91b62db22d9264f387b6d765b073ffdc462175ef76e85a43819271e369fa84528

Download Submit
/data/data/tv.pps.mobile/ppscache/pgf.cache-journal

Filesize
1KB

MD5
9b5a892289e39494395b1d54a09bea5a

SHA1
7efb5a8fd9e46206f6a76e749484052f923a29b8

SHA256
bf063a502cfb3e3faa1265227cd8b33878685810a779aa8800414f059bb6630d

SHA512
87cad420d5f04c217448dc6bf75f0c52983acfb8038820341bbe4a176d1862adb85452ecc080120d70405bb05de49cd1ba29495ba01368fa423bf41af0ff37f3

Download Submit
/data/data/tv.pps.mobile/ppscache/pgf.cache-journal

Filesize
2KB

MD5
1635b7dc62ad6f0292d21acaaf3de9d8

SHA1
4c3693b1a5a806a1a4053a4b255dc9cb065e75e0

SHA256
7399aa08ba85f52fa4b65b6202e5756881a580aef1af0118c29a4ddecffb4ad7

SHA512
7125d283d60e5af9bb6cab5f5f743da34b2c6975580dc418a9a7015e1f696c363dd7c8aa18ad820b27a47811edf6ad52c76485928985902ba9da216d572479f0

Download Submit
/data/data/tv.pps.mobile/ppscache/pgf.cache-journal

Filesize
4KB

MD5
2b5e0673e3a2c1e088957a187314821a

SHA1
b9d8436f63c946570b43e0aec755071aa1f8e508

SHA256
1ed40d0334e4278390e785d3d234fa652aa1e31eb582f0482471a4fd71fe680e

SHA512
32a4021a7629a4fd92d7a6702dd650a67abfd1237da802bb9b174529969375f2b4f8f94b8ad996509d9a0bac53c141b97b389b562d3ccc62d098d121b4f09856

Download Submit
/data/data/tv.pps.mobile/ppscache/psnetwork.ini

Filesize
62B

MD5
9baa35cb48108d59965c220981c65d16

SHA1
dcd61906db2789b82c37e5954bf2f7a2793a065b

SHA256
987fb9e2400a9e7ffceaa6962a32beddd5203ad8ba1cd653f7b414eea9c8986e

SHA512
01de89d5535ec3789e0b310da6b712f2dcc722f80f629f08ecd21480ae9d0c3b6a5856ae9ef162ad2c436463450d482752c1d255c0667a179aaac6a41c073364

Download Submit
/storage/emulated/0/Android/data/tv.pps.mobile/cache/ContentCache/journal.tmp

Filesize
31B

MD5
8c92de9ce46d41a22f3b20f77404cc1d

SHA1
8671a6dca00edb72be47363a7071be65cf270373

SHA256
68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

SHA512
30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

Download Submit
/storage/emulated/0/Android/data/tv.pps.mobile/files/test.dat

Filesize
4B

MD5
098f6bcd4621d373cade4e832627b4f6

SHA1
a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

SHA256
9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08

SHA512
ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads