Malware Analysis Report

2025-08-10 23:55

Sample ID 240517-wqg6qaca24
Target 50c9e56457174d7ba8a97fd2592ee50b_JaffaCakes118
SHA256 b8c8a5b90f683424d07c00e657f879b430e3d686788aa1ea6dd254dca42c2151
Tags
banker collection discovery evasion impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

b8c8a5b90f683424d07c00e657f879b430e3d686788aa1ea6dd254dca42c2151

Threat Level: Likely malicious

The file 50c9e56457174d7ba8a97fd2592ee50b_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

banker collection discovery evasion impact persistence

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Checks if the Android device is rooted.

Requests cell location

Registers a broadcast receiver at runtime (usually for listening for system events)

Queries the mobile country code (MCC)

Checks CPU information

Checks memory information

Queries information about running processes on the device

Loads dropped Dex/Jar

Queries information about the current Wi-Fi connection

Checks if the internet connection is available

Reads information about phone network operator.

Requests dangerous framework permissions

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-17 18:07

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-17 18:07

Reported

2024-05-17 18:07

Platform

android-x64-20240514-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-05-17 18:07

Reported

2024-05-17 18:07

Platform

android-x64-arm64-20240514-en

Max time network

7s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-17 18:07

Reported

2024-05-17 18:10

Platform

android-x86-arm-20240514-en

Max time kernel

179s

Max time network

189s

Command Line

tv.pps.mobile

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/bin/su N/A N/A
N/A /system/xbin/su N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/tv.pps.mobile/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/tv.pps.mobile/app_push_lib/plugin-deploy.jar N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

tv.pps.mobile

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/tv.pps.mobile/app_push_lib/plugin-deploy.jar --output-vdex-fd=140 --oat-fd=141 --oat-location=/data/user/0/tv.pps.mobile/app_push_lib/oat/x86/plugin-deploy.odex --compiler-filter=quicken --class-loader-context=&

Network

Country Destination Domain Proto
GB 172.217.169.10:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 list1.ppstream.com udp
US 1.1.1.1:53 static.qiyi.com udp
GB 142.250.200.3:443 tcp
SG 118.26.120.3:80 static.qiyi.com tcp
US 1.1.1.1:53 pdata.video.qiyi.com udp
SG 114.119.175.88:80 pdata.video.qiyi.com tcp
CN 113.207.90.56:80 list1.ppstream.com tcp
US 1.1.1.1:53 update.ppstream.com udp
CN 202.108.14.212:80 tcp
US 1.1.1.1:53 m.irs01.com udp
SG 118.26.120.1:80 update.ppstream.com tcp
US 1.1.1.1:53 mobile.api.pps.tv udp
US 1.1.1.1:53 msg.iqiyi.com udp
US 1.1.1.1:53 vh01.ppstream.com udp
CN 61.155.106.175:17788 udp
CN 183.61.95.103:17788 udp
CN 118.123.243.51:17788 udp
CN 119.188.40.101:17788 udp
CN 183.61.95.15:17788 udp
CN 183.61.95.36:17788 udp
SG 118.26.120.1:80 mobile.api.pps.tv tcp
SG 118.26.120.1:80 mobile.api.pps.tv tcp
US 1.1.1.1:53 vh11.ppstream.com udp
US 1.1.1.1:53 stat.ppstream.com udp
CN 111.48.118.157:80 msg.iqiyi.com tcp
US 1.1.1.1:53 vh02.ppstream.com udp
US 1.1.1.1:53 vh12.ppstream.com udp
US 1.1.1.1:53 resource.cupid.iqiyi.com udp
CN 111.48.118.157:80 msg.iqiyi.com tcp
US 1.1.1.1:53 vh03.ppstream.com udp
SG 114.119.175.88:80 pdata.video.qiyi.com tcp
GB 184.85.54.29:80 resource.cupid.iqiyi.com tcp
SG 118.26.120.1:80 mobile.api.pps.tv tcp
CN 113.207.90.56:80 list1.ppstream.com tcp
US 1.1.1.1:53 vh13.ppstream.com udp
US 1.1.1.1:53 vh04.ppstream.com udp
US 1.1.1.1:53 vh14.ppstream.com udp
CN 111.48.118.157:80 msg.iqiyi.com tcp
US 1.1.1.1:53 aph.ppstream.com udp
US 1.1.1.1:53 flux.ppstream.com udp
US 1.1.1.1:53 v2h.ppstream.com udp
US 1.1.1.1:53 flux.hcdn.qiyi.com udp
US 1.1.1.1:53 flux.hcdn.ppstream.com udp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
SG 114.119.175.88:80 pdata.video.qiyi.com tcp
SG 114.119.175.88:80 pdata.video.qiyi.com tcp
CN 113.207.90.42:80 list1.ppstream.com tcp
CN 124.237.225.21:80 msg.iqiyi.com tcp
CN 124.237.225.21:80 msg.iqiyi.com tcp
CN 113.207.90.42:80 list1.ppstream.com tcp
CN 124.237.225.21:80 msg.iqiyi.com tcp
GB 142.250.187.206:443 tcp
GB 172.217.169.10:443 tcp
CN 113.207.90.44:80 list1.ppstream.com tcp
CN 111.48.118.157:80 msg.iqiyi.com tcp
CN 111.48.118.157:80 msg.iqiyi.com tcp
CN 113.207.90.44:80 list1.ppstream.com tcp
CN 111.48.118.157:80 msg.iqiyi.com tcp
SG 114.119.175.88:80 pdata.video.qiyi.com tcp
CN 113.207.90.46:80 list1.ppstream.com tcp
CN 124.237.225.21:80 msg.iqiyi.com tcp
CN 124.237.225.21:80 msg.iqiyi.com tcp
CN 113.207.90.46:80 list1.ppstream.com tcp
CN 124.237.225.21:80 msg.iqiyi.com tcp
CN 113.207.90.56:80 list1.ppstream.com tcp
CN 111.48.118.157:80 msg.iqiyi.com tcp
CN 111.48.118.157:80 msg.iqiyi.com tcp
CN 113.207.90.56:80 list1.ppstream.com tcp
CN 111.48.118.157:80 msg.iqiyi.com tcp
CN 113.207.90.42:80 list1.ppstream.com tcp
CN 124.237.225.21:80 msg.iqiyi.com tcp
CN 124.237.225.21:80 msg.iqiyi.com tcp
CN 113.207.90.42:80 list1.ppstream.com tcp
CN 124.237.225.21:80 msg.iqiyi.com tcp
CN 113.207.90.44:80 list1.ppstream.com tcp
CN 113.207.90.44:80 list1.ppstream.com tcp
CN 113.207.90.46:80 list1.ppstream.com tcp
CN 113.207.90.46:80 list1.ppstream.com tcp
CN 113.207.90.56:80 list1.ppstream.com tcp
CN 113.207.90.56:80 list1.ppstream.com tcp

Files

/storage/emulated/0/Android/data/tv.pps.mobile/cache/ContentCache/journal.tmp

MD5 8c92de9ce46d41a22f3b20f77404cc1d
SHA1 8671a6dca00edb72be47363a7071be65cf270373
SHA256 68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA512 30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

/data/data/tv.pps.mobile/databases/vvtracker.db-journal

MD5 a2667a176e12deb4b1547260e444caf8
SHA1 d3657921a641c0db09dc13296bb722d10d91966f
SHA256 8fe1cd3e27205ce091dfaf555be8d00f4e39510f25c8a6f6ac0bd0a11b90262d
SHA512 a1b8ec87adb343e0bc9340c5846818b5ae3eaf063b4b7dbbdc5ecb6bd378499f433a1e3778d8075880626a63c2024def86da54aa78825b80f5339336e5bd40fd

/data/data/tv.pps.mobile/databases/vvtracker.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/tv.pps.mobile/databases/vvtracker.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/tv.pps.mobile/databases/vvtracker.db-wal

MD5 1b3acb02e8130f9020fbc1cf9facf295
SHA1 52b9098f68b5aba9ae2a9c41adc5d95c9c2b268f
SHA256 5a5ac4b11bfe59815f41ebce6a4c77a497dd918f03c98247adcf68a3ccfe545a
SHA512 5f9caab4a53ead61b8fbfa87e756b48cdcad0d7c62aada00f3f1b81e3b341db5672ce535795f038b8cb39a2163e8b4e33467b79d115630b18df03f80dc00ac9b

/data/data/tv.pps.mobile/config/ems.conf

MD5 5bd37b876c6061b8a081f75405cabfc1
SHA1 0f5d574e6b9d952675c21810c34e7664d1e2f794
SHA256 b0a1fb963c708b8a57f02cf07fba1b7243ab91e4a1343783861d74086800d8a9
SHA512 17617bc2e96ad6161dec71595d52382d9c3d14b3310e951eebdc73b9ec00ae926c0ea813598411be74b54edcec753ee67aadf04a4f58036641c8cacd3e069521

/data/data/tv.pps.mobile/databases/pps_user_data.db-journal

MD5 b845482853edcb022c4e9339eb385fe9
SHA1 a1227fb1b88df806120598a4c1bbcfa5f47ad6e7
SHA256 904840ab4a3320261aab732af1e5e6337388e105757ecb88524ca2c9fdfda261
SHA512 ee083134fadea62ee6015747b6542e184dae60eb97d9636dc8c53e0fed4383ec7996ce57cf911f5626bc68bd5c2ef9079d60eea173fa1ff6e58cb104487625c2

/data/data/tv.pps.mobile/databases/pps_user_data.db-wal

MD5 1128a75b212d216a71b0586fb26ac4ee
SHA1 b76aa8a4fd28552a3514c75500bcb9be1f9bfc88
SHA256 2c7ed81e70ab42d34cbfe77fca7f1863bdfc86eb55dba7d277efb43aefa5282f
SHA512 b990dc0c5a366a0f243f295e614000b53ecca3cf23276bccc68ebfb624f9642e555a616ce987e9d3cc87c2629e2fcb802ba56245905faa600d65a72a3caacd5f

/data/data/tv.pps.mobile/ppscache/PSNetwork.ini

MD5 2132014a1e4962d2def00ad594f321e5
SHA1 56e8836608aa62fbc81e97c0907770eba2c38714
SHA256 77b9a9a9c9347207a6e2fc3624729766e73a9f288c26d3a4592aa883b7b4ea99
SHA512 892f135a7b797bce698d4dc87b9a2440380d1af9fbbfc8320c274fd73f947d5562b068eb93dcef6e27a7175be3439b17657ccabce8a894f3e3487c82db3385cc

/data/data/tv.pps.mobile/ppscache/PSNetwork.ini

MD5 3408825115dba67685c6927924a9f2a7
SHA1 44dd89f7ed268bd685516d9bd3981e70c992f09c
SHA256 0b07376da4dc7b544d496d96d833f6273b4c9dfe609d6e44a0d9ac38ebb37eec
SHA512 e90b5a4f99a53f1fa7c06191bd7de19549012abd251174caa90efdbb61632d9a250ad97b5e974118b79f9e5132fb0f50dd5e560d1b1c7bbf635d0790de238242

/storage/emulated/0/Android/data/tv.pps.mobile/files/test.dat

MD5 098f6bcd4621d373cade4e832627b4f6
SHA1 a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA256 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512 ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

/data/data/tv.pps.mobile/ppscache/pgf.cache-journal

MD5 d96b882f8a363817956f75172017e8dd
SHA1 495c718dc4ae727bfc8f6fc4aa1652f5e0ed8467
SHA256 9c7e881cd744e63ca80641f9c9e5499ea96cd716deeee85a608e92abd8f1db45
SHA512 e53919b9bebee7c9ce5a6e9a919def4d255f9f6bea3fbd0c8caa91d3a68beae1bceda84c8a7c199fca803482a89b9315536c2b97868f6f103423eecfb8ccf89c

/data/data/tv.pps.mobile/databases/_ire-journal

MD5 445ad3ea94984232fca69a56011a8c02
SHA1 aa2f629e4743ed96a4a9039969034941dcb0eacc
SHA256 79be8b4a1255b8896aba6640c9c7170c5d37ac3bbd0870bc4aa2823c1c8b3191
SHA512 9901d1583343192f9679e1697af48d406f4dcd1216651050dfc35509ff95c543c14e4a438fe32725cd91082b163bbffa58e813c2bfa0d10a47ddd037ef1e8602

/data/data/tv.pps.mobile/ppscache/pgf.cache

MD5 97a07616cf9f7b43a6ec7e90223a685f
SHA1 a5a5cfc78eab371debfef5a373fc5032983919d6
SHA256 f12aee37e7f689df194d6aed47ded7f32e458e390ecbbdbb06d9e56871e97b7f
SHA512 6afde4f4dbe820887045eef95b61d17a063cc81c015c511ebaf768e9044dab421e51949c5a2868fbd926f6a4d0498a33928c53c66d48427743f04348a7a69870

/data/data/tv.pps.mobile/databases/_ire-wal

MD5 3b5a72691e92ee5084eaa9bfcd29c6cd
SHA1 afa09d5a9a497244346bc1a4d157ff5d4c2b958f
SHA256 1328b5eb30b961f27ed100f43f44934218606f40bbdeab1fc6eaec436c8c2dfe
SHA512 cc8764e383ea902b56c226a24acd4c9fd1d13de505ccad67b2af04a102047bb086c02d343238e7ed4edaa0d6f0857fbc4391d6ae88453c45ab77997303ea12a2

/data/data/tv.pps.mobile/ppscache/pgf.cache-journal

MD5 b7967075fde718c119c4102a68429770
SHA1 4bb81a555ba68965edd9c638c7e03072c2647b54
SHA256 ddcd4b431e13e61982a06cd8ee40b5723fb9e10407e925598aabae9d5b97d453
SHA512 d0cfcb45c77ffdc2b76784d3126a2d35ef0b6bc5ad15986e17a686a206fcb07a94ef1ecf569c33135e9e5ab996c080fc8ed7f50ea7afde7e8852ccfbeb5cb977

/data/data/tv.pps.mobile/ppscache/pgf.cache-journal

MD5 395e6b94c43c86a46a267a51ad86cf28
SHA1 79791b9b89120270f1e87ed78b8079a277d4c32d
SHA256 9327d65bc9d74c1c5c1c039ffff4c347eb1edf6c6915eb403f377393de0e0401
SHA512 7b230867150b2dba2f9cafe1c5790710976fc1932f85e37c9425fc91e1a176b8554480933a0bdc7507612b61f23b6de36dd0ecccab5727d58c2482b3216354f3

/data/data/tv.pps.mobile/ppscache/pgf.cache-journal

MD5 8c7e21215a3f97711d4a0e57ec50883a
SHA1 0be20e025ed28b99c12676a626ae49a14df95dc4
SHA256 f9329a3279ef38ee901ffbdc20345c6eb3c48a505d993f9366885c634237f286
SHA512 7fca8e6b36874cf6fa397f9200079999cc0e91b34292a99f5f4bba3216d1b4a9a028a44a548464b549d12da5f7c2c86dd15f724eed6c94898b7016de76daacf1

/data/data/tv.pps.mobile/ppscache/pgf.cache-journal

MD5 bb975c13ac57a165d791a6a73f521e01
SHA1 327983889e4b9a9c12eae9c6d780449faf6523bc
SHA256 c4ce0121092c98fabe0be4e0b87da1d99f581547f6e524b0537ed730f4863ddb
SHA512 5c59749a1f27075c8d8edcdf5667491c52471cb4b2cf834051544485039be8607fa87191d204c6dc214c3583e8c100b27b149ad6b58627e828a0f8c22b7b1d33

/data/data/tv.pps.mobile/ppscache/pgf.cache-journal

MD5 6baf3f3e54ffefe227a1439cf0a3a22e
SHA1 d73861c660cd6483acb9d4df7da01cf244fd6467
SHA256 4d015dd933d2656468312aa3bc8ac4a0e6bc0ece3dbdb142f6a8bf01fd79d4bc
SHA512 8adb370677bc40035ecfe914ec5299c1b3a7a8a4ec8870937d63c7c7690a76b085fc52bbf374ea3aa154b9bdf137ae7963fcafa42bef33ffde096b4674772722

/data/data/tv.pps.mobile/ppscache/psnetwork.ini

MD5 9baa35cb48108d59965c220981c65d16
SHA1 dcd61906db2789b82c37e5954bf2f7a2793a065b
SHA256 987fb9e2400a9e7ffceaa6962a32beddd5203ad8ba1cd653f7b414eea9c8986e
SHA512 01de89d5535ec3789e0b310da6b712f2dcc722f80f629f08ecd21480ae9d0c3b6a5856ae9ef162ad2c436463450d482752c1d255c0667a179aaac6a41c073364

/storage/emulated/0/.pps/uuid.data

MD5 a7ae807031d38b65a3475ddfef6bfbbc
SHA1 e8b6a8c480abcbcdf58664edd9db57f3104c4458
SHA256 0c82e13929664217d9dd92899109bef37abdda39566cbcf4077b023c05552a36
SHA512 bf52f814c3e43eec470e12f38e17e2685eae157f3e7bbc12d633c134e7789257984f1235e31ff88ccb575e087801f2e3c83a8ab6331d070d6e82993c5aafdd28

/storage/emulated/0/.pps/parnter.data

MD5 98aa876e2d8a8296926f8c9782d44f40
SHA1 b9e96da8ff663427a473c4897b4999ba3b79b622
SHA256 f3a81c0561ceaeb20c81f2ac5368a7a0dcaeaef3d50adbd612b21550fa0db497
SHA512 0f1799ffef7d90c9f84f2a7a1b442df0b025c71872ce982c86a1be5f4a8d2192b45d966a9086150905ab6edf149baabbd793ee1483ae9b1f5c68a0d144334d5a

/storage/emulated/0/.pps/pps_only.data

MD5 41907cde646c026625c309403afe6c5f
SHA1 78e956479a4f4f970c2ce9c514a3816c7fd6d3df
SHA256 d5ebdc9b1eec96d0ef89907b6421ee6d276066afb5da2078d46d847f4375edfb
SHA512 bef133dce313800fca35435e0b663a334f4a02a1a4d5e6748d65e765da9f004df3a05d2e98b3c02e9f9ee2786a1c516f02e8cfa020a5d50ad755776162f2c125

/data/data/tv.pps.mobile/ppscache/Download/FDSCache/vodservercfg.blf

MD5 4171efc03e81f976b5fd33736f376609
SHA1 d5af5cabf0e771ad2235af876579e057a646f67f
SHA256 d930b6e1e4b2497fba39333a4e37da642a38fb56ef64573dc73b871797787e85
SHA512 9891aa155d691ff5cccb7770cac4b48f5c80134fa8f603f776e387246abb9a6057e2dd6ba7235c3a4fdcacd97f9258121413e308ade5ae274a7a80e0a4dbd5f1

/data/data/tv.pps.mobile/app_push_lib/plugin-deploy.jar

MD5 73221f224e5d32e4f130dbe57ad395c0
SHA1 1a8f63b73dede50dd56f469d0ee9bffa84eb9d63
SHA256 8911616ac34f9c9508d25ad55183ab06dd05f1f80793d70fdf225cd56bf4ad55
SHA512 58a1203866c0c376cfedfb493c21b8733f4796f6743414b810a63aa144b1af0acd9797d132684b8f255b9ebd76ba5405d0b5518c0c353c4a9b8839939a9c5c8a

/data/data/tv.pps.mobile/app_push_lib/plugin-deploy.key

MD5 86d2cda6a246766fc79564aa36d4b4c0
SHA1 5f8909bfaf0a2e9d5055a1be40f84c6b474fe493
SHA256 08a98deb7e4ad6932cf1a6632ce339477187785a516966e2cba54a6d8d56f444
SHA512 fc0e13e78b63c56063bf224806b61b2a08a61c098e3ed6d6ec314bf3847d3f8297b0fcaebe0d93a50e63b0592915e283f3368ed7fce667504b8d181bbd2bce88

/data/data/tv.pps.mobile/databases/moplus_server_config.db-journal

MD5 f717b76ce0b0c8fc1e7ccd5b1fc65446
SHA1 069985e1eac010b6a36fcd3724179c39fdebab35
SHA256 3b6d068c4b31f42dafc9f1c29b64ac5bd422fba87f1254ef6e641307a7c26dad
SHA512 bad363ceb0257211f72cd5be3d2e53476aac041c39881eed82a68ee4ba32db5888d3b7f3ee2b6ec3620b4f631a32dc2e36f8a930e9a5cca50e0deb28b1252606

/storage/emulated/0/.pps/ad/ads.db-journal

MD5 0d8115a6a51b2eaa59c893f51e2f8e01
SHA1 09c1cb3ca3f9f4206ff67ad662cdb12939e5702e
SHA256 3232a98f4a13ae41dddf04ae0863f3d9fb9df1122ab6a0d40fa2bcbbaab78120
SHA512 329b6ebce4be4e92fb1b3759a92b1c8e330dd1ab199df0beecc48ffa4f61209d51c75ca6c3abe33af7948f0a3d3a72265a80bc8409c7a4b990ac833571c6076e

/data/data/tv.pps.mobile/config/56.js

MD5 ffdc8fbe8d6803f7f444db4facacf402
SHA1 d347554c3e0d737d512d50747b54ec82e114eb10
SHA256 10747dfd06757830b5252d1a3feb441f7f6c08e176953d6fd6ffbb3715412397
SHA512 24a9cde2b50eecdd3703737bc2d73875d1dd71e878ff76b244aee2332a0702aed9c5487a3df19f9c18e125040e1742eba906a82905fc0ddf4879674dc5102f55

/data/data/tv.pps.mobile/config/letv.js

MD5 40ed70f05e092fe8065e067680ff9287
SHA1 90b376833dee7758a0057d9ab654547c09578743
SHA256 d8c43452fdd2731ea82e6ffd9c45d85ad4d017385e5eb23e689e282591664e45
SHA512 b3364b71a3d4d2b7337baf186fa6f51d8ffebb8b5749440496607b6ee95ac53de838b0ce8d833388b732eeeb28b5da99a8493085a17ee7c7d5ecb74d1429e407

/data/data/tv.pps.mobile/config/sina.js

MD5 e9622ae967fcb04eb7634907ecc207e8
SHA1 041805643b06939d36191216f9c9071675b978e3
SHA256 633a7924cfbf708d648b8e88b088c456c602aaa33da9111483dcd6296e8c5131
SHA512 2a9f4f2e48b33dfba1892914a604fb85562b37ca527ccd4102e88909aa5818ee7422a280425dbfbe73da1d0f8f369ff26f93b1d6169b00c9471466b051c5fdb8

/data/data/tv.pps.mobile/databases/moplus_server_config.db-wal

MD5 e30dcc0cae3b4205f6e101770e261b4f
SHA1 2991e1df13bd647577bbb8b7e5f3c1be8197c2b4
SHA256 d8115542296a1cf51ac6c1a3dab474cf2bff70ffec0b5208f8315693980f2884
SHA512 a842ce551c8803977a028be31818b88ed40393ff5a0614c5df99e03700a4a7d8ad609c8b7e4eda828c932ea8bf3b08067b9e494ac5d033120bf97a9da64ba900

/data/data/tv.pps.mobile/config/sniffer.js

MD5 cd6d504cadbf2c9ac378db4ba5816f1d
SHA1 9f1627f5dda8803eccaa5f00100a88f66f3d11e7
SHA256 45104c42446d705c017c2ad991cad84cb0a60134fd746f9f0dcfad16667bf91c
SHA512 ec588a2110a9371efa5ab1f1f60e849f6eb0c4bc5b5fa36c02f487d9429a7c4c9bcf1fee5e0152bbc0ccbd5732613c007067609331a5432c4a07d785ad98de18

/storage/emulated/0/.pps/ad/ads.db

MD5 1c40218aa482ae34d1fea70af84f9caa
SHA1 ccdd99b16adf288238778c823c22c1444b249366
SHA256 3c617e91ba0955bcda2b8e9300e652c8d43b4d63e8c6e68ca3a8e2d5c30ab688
SHA512 900e2aa40aae3eadcd043e353863d2d8d3b7f89685c465a0b952574b5fb1b2d914d47882fbcbd7f44c0a8a612f078bccb85b4666062491358a4955a6daf6be5c

/data/data/tv.pps.mobile/databases/deliver.db-journal

MD5 af833edf9aba8bebcbb66291f3976336
SHA1 e904351a5811440545ed9c8cb71686ec51820cf5
SHA256 e577a91aea162e6026cfe92a88c3d104857de1e915ee539da4f4cbb53d342877
SHA512 f2d6280ffc2d61e5318afa928497f94f0a0630b32532546ef137226d6d0c685fca83dfab1e8904689cb4bf417bd54abbe563e7ba7b4278d513e24ace6a9f18a0

/data/data/tv.pps.mobile/config/tvsohu.js

MD5 cee994e863d3d7b8ab2dbf223f140ba8
SHA1 1b0ea66f5c25ba3565c32b54843ecd18fd92f4e2
SHA256 c7b7e29c7a71588778c07dc88caeb1f9cb431c2fab86f1c4e9223d05a4b6fd51
SHA512 5e5348a7a4225810d768d5639f0e0f51ddc01551dd3e404c32b87e81b83698b674f5b2e6146760c89de7a5300d0d67d762a1713306740ad36cd9128f7cf0f3ff

/data/data/tv.pps.mobile/config/youku.js

MD5 d87e63e98e601c0bd5fb25d3e6c811d3
SHA1 a7bcf68d1cabfb51987e75b6e5834551ae811e40
SHA256 6106b05cae94414f022f4fc827db08e41da885a09221e5f0eb7e745cf111ab42
SHA512 1e1369afebe1d2f64d3341a0c4657a525fda2ceb33b3f8e55e2099fecb83d9b8513f4469b60044f1167a9e68c6b28bcaf76e560be93fdcbeab65aa26eaeaeae6

/data/data/tv.pps.mobile/config/yyets.js

MD5 899077b34cfa6f0af5f8e3ba7004778f
SHA1 1409c1703956e0d9ab0f9cb7d2127b24e1ebc3a4
SHA256 2e5515a3e014968cc78afa4a247700e9df825584ecc94d84128cc5373f686a5c
SHA512 ef5785681270246767cda3957227241fcf5218ce4c8bb18e8bb02eca3e3134569c229bb34e9f2b48148576325a0af9654c3a5540ca4b3b6fcc64113693e385b0

/storage/emulated/0/.pps/ad/ads.db-journal

MD5 b5d953a0c556182a860e09de613419c0
SHA1 788ee81d1300183f19756f7a57a4da8aec058e0c
SHA256 97b07a7ba88b106597eaa40accfd5090686605d528b31d4c78193f45adb49c26
SHA512 df5ccfe241d861505cd7bc260295d3a61f06f641243f16c7126a740be5ef234041d5de227af668d42c16e4a748623ce5195eb2b57439502fcc4f862b736f030f

/data/data/tv.pps.mobile/databases/deliver.db-wal

MD5 ffe94f29d37eaa00d880de88fc42a2db
SHA1 ea174252d4e78d12f6a3b3e9ea27813a82c45e89
SHA256 af69c1c51fa34e3e0ff32bf8b8114ea4b68daee5e3bd83d49608956adf1ecac9
SHA512 18a1b4de8bab964b9a65d725d703f31cd98fcd4806fd672e4508fee9ceca9c3a8300c0fa4488c977fc19ab121549693dc52d808e7c0b3da4c4450db707df0667

/storage/emulated/0/.pps/ad/ads.db-journal

MD5 1f202f7b4dd969f0b5f128b6c219d178
SHA1 9df68ec756175b70a23806d25e95d48c66205faa
SHA256 beeb739df4ee40fb4955c5ed163391def0c9471b4bb8377a764cb06b6fa11ba1
SHA512 5e0866f1369fd5d828951fcded5b09b41f3bad762a66f59270e4f6075ef8cef87d4851235133bdbe0d58e74cc151a84aaaf3bac03db4997f82a7414bc96e6927

/storage/emulated/0/.pps/ad/ads.db-journal

MD5 4fb33f69b1caed5f2a72285436252984
SHA1 5d611512247aa5aed82b5369740f8884f3618dd1
SHA256 286abdb0d3406fd32f620e7e14b3bc9d448cd3357e735dbd6a52055a1702b033
SHA512 33a39354842c070b6e7b59adc8f0ff1bd6cb3c67cf318f08ca9708a14be5ad6ae8ff22991e8fb8ee1e40628c9f82fe210383811e65a2477ec1fc1810b10ad6f7

/data/user/0/tv.pps.mobile/app_push_lib/plugin-deploy.jar

MD5 eb172940bb27c649684cc12131db7b7d
SHA1 d022b7d97614de236196d48c40e59625938626b3
SHA256 a641935e2fd81e51e844010c860337a14815605dcc78c96bfb6d8620c47bc55a
SHA512 989219b70ab58fd40111920151d87128c4b18b086074d1ee0d95ac73258f3155a9ca93fa74e702d57a3a881e9e408b5571c4db9fdae6faedce677ae50f2bdd9e

/data/user/0/tv.pps.mobile/app_push_lib/plugin-deploy.jar

MD5 86f78d7f51c3b0e113430319411c2a28
SHA1 b83fe95671ff7322fbf2b72fef0306f8531dc83f
SHA256 488aca21878d63b04052c887a3db9a0916e88fe8db036e2e00200a964268c755
SHA512 4facde88a8971000642953f8f64cdd7beb2ab587463ecc0d5d2c4508e90cc77b4bec8c4cb04f7c43f52f05130d29b950bd8f884a5faca56d129af621512ed4fc

/storage/emulated/0/Android/data/tv.pps.mobile/cache/ContentCache/journal

MD5 ed60af26364951b09977af84421f557e
SHA1 d9f8a8a08e6fef89bb6bdbd6356021fcad429123
SHA256 6fb153dfb43ade155d26bd8424189cf84f3133ac45dbaa806bbd6432078c0276
SHA512 fcab32f9d68b6d2712ca929a0adc704b990ddf53790912a5f5e1d53428e6a1a43070c7bb4fff47b8969ebfd01b2222d8a8ab6f905d724999102bd18a9ac69793

/storage/emulated/0/Android/data/tv.pps.mobile/cache/ContentCache/2d47509439271483e553e8b4b22bc997.0.tmp

MD5 3703b645444d977d127611ff302a34d7
SHA1 175e13979d91b9e52d0f3a75943ecf1047e67023
SHA256 93445d45fee0603fecff23012b1acf5c1d1920bc429f480553875741cd752be0
SHA512 068d0ff9840811b6b0a4d2c332c6bfa573345b24e05529e483192d57d0263fb9255b900149bc5f96919699d0c5359a4cc9444f99d85d2cdf8b3c5e90c4490463

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-17 18:07

Reported

2024-05-17 18:07

Platform

android-x86-arm-20240514-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A