7c84e7db0428a7a1b70e5b17a658f8f81bb40b4df2396754b7aff37bb50cfdc1

Analysis

max time kernel
179s
max time network
130s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
27/05/2024, 01:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

778558a8388202723839a73a45d9bc81_JaffaCakes118.apk
Size

20.3MB
MD5

778558a8388202723839a73a45d9bc81
SHA1

04019d3908f3e4f0fce77165a6323b6045f4612d
SHA256

7c84e7db0428a7a1b70e5b17a658f8f81bb40b4df2396754b7aff37bb50cfdc1
SHA512

142fb1bc7c4641b4a758b209537c2a250d00c2cc9aa9f24abb466caa445fa83ec4d6f6b89a8df6983a4d9a0b2f01613419b5435643398e55156cab48ca1b3313
SSDEEP

393216:Vz+WTm2g0XthEMzX981k4othHFUK1O4oGAmCOpPXgffKry+wOVY1CWpvWyQ:x+YXXHRzXO1kT5oupXgqm+3K1vPQ

Score

7^/10

discovery evasion impact persistence

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	cat /proc/cpuinfo

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	tv.pps.mobile

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	tv.pps.mobile
Framework service call	android.app.IActivityManager.getRunningAppProcesses	tv.pps.mobile:pluginDownloadService

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	tv.pps.mobile

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	tv.pps.mobile

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	tv.pps.mobile

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	tv.pps.mobile:pluginDownloadService
Framework API call	javax.crypto.Cipher.doFinal	tv.pps.mobile

tv.pps.mobile
1⤵
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4274
- mount
  2⤵
  PID:4314
- cat /proc/cpuinfo
  2⤵
  - Checks CPU information
  PID:4365

tv.pps.mobile:pluginDownloadService
1⤵
- Queries information about running processes on the device
- Uses Crypto APIs (Might try to encrypt user data)
PID:4423

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/tv.pps.mobile/cache/content_cache/CATEGORY_LIST

Filesize
62KB

MD5
1ee8774ae2e55f03265c3e7fb317c9d2

SHA1
e2335791e8736edcbe824b234dcf059d865d41ca

SHA256
cbda74a10c9e72d6aabe77e3b77f388242cacc1bb9f2cc6c6b1abe6083532c8e

SHA512
eff1d3713770923f1fdbac2d434fa5b494f2556b5870a6f3b36da25a9aa15d6792e2bb39ac110b4aeaaf8035d39582e3126f418f123ec244e0fc9d237a78a832

Download Submit
/data/data/tv.pps.mobile/cache/content_cache/DISCOVERY_MENU

Filesize
1KB

MD5
3fc0411282a0497cfdf371e5205df953

SHA1
b73a2fa33b6f7296f003d5ed4196581c0bff9605

SHA256
1f189a3e5cad53135f42a231006e67cf53bc49a37d5ba6eaf9eb540dd439aa82

SHA512
184be35ca4fd985ff93a480b750aa68bf4b3979d5773e8a241fe7937dffbbc9f5627188c9132c5546981437edbd904adb88d5d01ebf9717dcb359a0aaca8ed06

Download Submit
/data/data/tv.pps.mobile/cache/content_cache/MYMAIN_MENU

Filesize
2KB

MD5
517c2e4a111b75a29541e8af471250a8

SHA1
3a3122c166a13aa561b65d683e3db18c9955065f

SHA256
bb72b3174c1b89cfd81c8ac81aa5be2ede5ba5727c867bcb0afb8be762fdabff

SHA512
6c32a3b1be283055eb6b5a229cb72bd861f79b9cff4b51b8cb5a0eb5e770b219f37f4e7f6d7119e0e2b54f6efe76a8411be03d453309b51055e127120632d4fc

Download Submit
/data/data/tv.pps.mobile/config/Download/FDSCache/vodservercfg.blf

Filesize
15KB

MD5
4171efc03e81f976b5fd33736f376609

SHA1
d5af5cabf0e771ad2235af876579e057a646f67f

SHA256
d930b6e1e4b2497fba39333a4e37da642a38fb56ef64573dc73b871797787e85

SHA512
9891aa155d691ff5cccb7770cac4b48f5c80134fa8f603f776e387246abb9a6057e2dd6ba7235c3a4fdcacd97f9258121413e308ade5ae274a7a80e0a4dbd5f1

Download Submit
/data/data/tv.pps.mobile/config/PSNetwork.ini

Filesize
24B

MD5
1704dd217c057ac051e2eb5c85e33a0d

SHA1
e50046d7ef81bc264ae6f06a9a2079656350071b

SHA256
4f364b3ccc1f0a703b63fe835554ff11d456741530da3e330e719199a13d146b

SHA512
cd3335ed8839d0b1b4c0555d41436b2404b379634f04743b80a0fa5a86794a9e0a093cc5c5185f3f29991f58ccb387210b5fd9fb4e7a6d3da3a26a5be855619c

Download Submit
/data/data/tv.pps.mobile/config/PSNetwork.ini

Filesize
84B

MD5
47e5cc290af04fcc493e81e3be0b3a1f

SHA1
55d1f88c89e04504b39ca8ee793ba5d55aa987fd

SHA256
bc4d9d285537870635d2fa69007fa8b07b091b9d85455ac693cb4f83e95c85d5

SHA512
789641fbe2d32276363aa997fc75381efa968f8a576150b3a9878a0d9e787b7a4177f56161a8bde66c50b0f0cd66346f0c43a6201d4e09609b3c7af7ef97b7f6

Download Submit
/data/data/tv.pps.mobile/config/ems.conf

Filesize
194B

MD5
44226844c7280ab45156aeb9655dd728

SHA1
de7a88dbbe0ec6b5ea0bf6040e8ddd9ba28c2db3

SHA256
b443d9ec9668b20b702e386854811841baece82f225bf82458621d31512696be

SHA512
10b172dbdb6c04717c8eb5b86b750d6b23017c6a15c32b6867e831258a26ea6f78d39871da5feddef964776b4050995a42be465c31428d75570a8ad749c9e538

Download Submit
/data/data/tv.pps.mobile/config/ems.conf

Filesize
193B

MD5
3e78df08fe31b11f68041f0ce764619c

SHA1
fd038c64cb5c09e2a8bc2363d0b5d307891902a5

SHA256
8bedefdd47f9c5789fd4d312b6478819556d3d21d6833a52366e3a430d23b63c

SHA512
a4d97fac46f44a9a8f99255a859be0f254e3c987c79ce942bb8bfe2a67199661d8f9ab308edabad683b74b15a55292d8dc5e407dd0908dd50139965c40f31d7a

Download Submit
/data/data/tv.pps.mobile/config/pgf.cache

Filesize
26KB

MD5
97a07616cf9f7b43a6ec7e90223a685f

SHA1
a5a5cfc78eab371debfef5a373fc5032983919d6

SHA256
f12aee37e7f689df194d6aed47ded7f32e458e390ecbbdbb06d9e56871e97b7f

SHA512
6afde4f4dbe820887045eef95b61d17a063cc81c015c511ebaf768e9044dab421e51949c5a2868fbd926f6a4d0498a33928c53c66d48427743f04348a7a69870

Download Submit
/data/data/tv.pps.mobile/config/pgf.cache-journal

Filesize
512B

MD5
29f4c3f4240a73f378b289c67a5ca1d5

SHA1
efd6a0fcb68aa425c5d3203739877650703bf2e5

SHA256
adc03227268d5259d4efca5d5d5f4805e3bcc79c556d08f8cf093b7fcb01f6fb

SHA512
16e39b32eb830e5e9866d760305a6986073a2c19324dbe478d3fd706513a3477ba754b54cb6559e6fc4f3eb006d762f324b3a77237a68c299a3f96fb8fc6c54a

Download Submit
/data/data/tv.pps.mobile/config/pgf.cache-journal

Filesize
1KB

MD5
61dc2a8b1719227531226d33d218b76c

SHA1
f65c382b3a79817cc1e2951c4721ff40f369f1a8

SHA256
2d2906156b372915dcd054717613f38ccf63f6fd78a827d79b798a4651bcc6fa

SHA512
8bb66ef774358e0e1c2c761d6e43fdf1a6e20cdf1b0bbfc3cf9ae2f195b604d7c3f2313a7e1ec6eb3e81de90972ab1515605d714e8f5e75ac69fbf6e48a84292

Download Submit
/data/data/tv.pps.mobile/config/pgf.cache-journal

Filesize
1KB

MD5
adf9bde2531617ec60cdc7953080dca4

SHA1
8eb1d5d71365f29bd80ae3f51f9d48814099cc26

SHA256
1a1cbb2d861928bd7fc1d96b73afde5128888e7347714110bf7f41b2b8592327

SHA512
c2706e29fdde5135ae4b5afd6faf450590dc37e2e086cb1ba3932c365697592af5047020c96208343b87d58f8df79c54dcfb21242d951d78aef3d298e246ba72

Download Submit
/data/data/tv.pps.mobile/config/pgf.cache-journal

Filesize
1KB

MD5
c0205b057be6adb0cd7c1acd6a3da70b

SHA1
a73e2b3e4dfea7ada6959e17c62778999ab2e190

SHA256
9ee3ed42c22a0fd8674d04fbb1d0cd467381abee8884893064afaddc23768c56

SHA512
e9c2935f318213773a19c4ffeed64430f92d46c011dde1970d7ca40efd670c7abe32e945227611fa3d742e3d19dceaa1c3b6ec53c2915e09cba4b0961ffe3eb5

Download Submit
/data/data/tv.pps.mobile/config/pgf.cache-journal

Filesize
2KB

MD5
a570f5fabeced8892513d76465503daa

SHA1
008ef041f3819b3ff7157b39dae0022996a0cfa0

SHA256
0336397a7e984632bcc3561a620a8cf7cf1642bb1f2474432bcc19e1567bb975

SHA512
a3f0abf3122a4e59682e0bf4beefcca14a371845e07ae94bc196150705781e3fce8d08457dc900e7e75ea992bedc8b1ec33651a685ba474c7a26664f6a795f38

Download Submit
/data/data/tv.pps.mobile/config/pgf.cache-journal

Filesize
4KB

MD5
4d99d435bf7e988b0affffad77bfebf8

SHA1
3a22d0cc76b03885af0c21ba121ed81c90e5a377

SHA256
720446e78b467b8bdbd931537a320ae3f74aea91e484dd1b32f0f6f7d7d17776

SHA512
1df39a9ec86685d5838134ee0d303e91cb3c679634e1590944f3d5706d7b200ab31889503462b77c8d9c12302bb03a872c5599bb0d9d1be0ab131db23ca00436

Download Submit
/data/data/tv.pps.mobile/config/psnetwork.ini

Filesize
62B

MD5
64c0dfa8502fd90b3d988a86839768ec

SHA1
e17739b35a5fc88f3b27e6af3ccb272d4a715b67

SHA256
82a1f91e1915933971afd18cdec658b08d0688a8cfff414204e43f54a4f2df68

SHA512
22abd45ee649d9dcc0135dc0b1fe9140906e58bed940b51ec36477b70f6fe36b3d43a5740e4720556a98b9dd60c83fd4e263833a558ee32685d9538bedaac277

Download Submit
/data/data/tv.pps.mobile/databases/app_store.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/tv.pps.mobile/databases/app_store.db-journal

Filesize
512B

MD5
505ab8ccb6cda5c258db6e646c49cd46

SHA1
28c658a3c91a5f2a811ff051851c6f9b81f38bb0

SHA256
13daef68e92e197e5f14582301ba3760d2e12f527698f80329da9b60b89db83f

SHA512
a23f274d51ef9f5855bbb10ae52724cfb47e25f96dcdcdb5ae1c590fec7933d738cd2372615421bc8feef438e6ebe3908799be5cd8b866c7277a09d46e7eea25

Download Submit
/data/data/tv.pps.mobile/databases/app_store.db-wal

Filesize
32KB

MD5
501e81910541b21ee3e4c00d1592ff8c

SHA1
9f3694f24961251825ebe4bd2195c38422c50d5d

SHA256
6831cd04be8a3dde9c37a6ebbcdd288e6b66a63f3ce361d4d56323f488c0f5ec

SHA512
a300fd2dc80ac70dfb74a9e68e5d1eca4ac26221c61abfccc632c2a7629a6c7989edba76588e1e410b52b2289aa37d41eb0d69a12fc74b6cc98704818286dbcd

Download Submit
/data/data/tv.pps.mobile/databases/deliver.db

Filesize
20KB

MD5
2490339cd8d5f80b45750e5e493f48b7

SHA1
2aee1dfdd477a67b7515abb8f4c823338f6bce3d

SHA256
361f608b6b59c101ee1f35f4964aa0a67c817a4b2e42bcb91e6b579c57ad20b7

SHA512
d98a92c00d476bcbe2073baabf0210519041c7918e4c340491e6cd9122ebf76f24c5474b4c0b09f9903c7cdf7f95f2d50f3d09b944bbc69e34bbb848ec24be9b

Download Submit
/data/data/tv.pps.mobile/databases/deliver.db-journal

Filesize
512B

MD5
1b01b55e3d0408790e4e8efa40c1f263

SHA1
1619cb4c8e23d3d2c08875f67f087f1fe472b91a

SHA256
887cfcf7ac45d9b2af2ec60ca01246f5fe7a88afcbca9973ccf2aa5bf13dfbf4

SHA512
f266e79d6eabf919bbcc1bd3afa4c079718aac230156b2014caac1ca961819cc6b8025692627977d4d364dcc30e0327e27fb67cba6b421d57fe9976772699998

Download Submit
/data/data/tv.pps.mobile/databases/deliver.db-wal

Filesize
32KB

MD5
94511a792e27db544a4b3b0157c88971

SHA1
24e87d8946e48642a9abf51a8156420172791cdb

SHA256
255a9b2a9bbc679818cee59959b1768a97076648b2122cf2df41ced2d806f0f3

SHA512
d630902b9e5a92d08acd6b755c87b34cf0d0bc89b2b5a3db7ec438106020b214f28620197a6b48002fa3121fdb53c2888ea8bba030968c37fa35bd974de15c47

Download Submit
/data/data/tv.pps.mobile/databases/qyvideo.db

Filesize
68KB

MD5
a7287455eae6d7548221b575167477bb

SHA1
29e978ac05954ab97b91c40c4579713ebbc6120b

SHA256
3d6056bed0205f52782a7800513deca99895f8f2c17b3eec556da3919205c7fc

SHA512
10303e569646bb7eeed1f047435877423544ecde4bcdd373953c05319cd65a0421724d6bf61bcdeb78912bad43cf8d450111062a611da87fbf18b6ed345e2bf2

Download Submit
/data/data/tv.pps.mobile/databases/qyvideo.db-journal

Filesize
512B

MD5
dff37f7c50dc43dfdefb5aa37a060d09

SHA1
c8e375ab5f715f7f3350b0dbbca2cdddd00ba6fd

SHA256
90591f55e4272777b084ab863581b6bc2ee6aa1272db44306c68a5ab751a32f4

SHA512
dc8946db5358c1ba753862cc161f452baa8cdcd26a076211a8f6ec3f15c474c096bf6e0c3d70a52f82650a32c8f15ba2327425b43362bc740406a45b662e06c4

Download Submit
/data/data/tv.pps.mobile/databases/qyvideo.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/tv.pps.mobile/databases/qyvideo.db-wal

Filesize
80KB

MD5
689bf5d5a3cb6c0b38bcbd002aec972b

SHA1
9ae834be85ffee7d5a2e444a913cc846c24a5399

SHA256
6bd12a3969fadfa7cb036d1e2789ae496d399a1813fe5fcf9da1bb43d22e3883

SHA512
1a69d4c120d241bb3e4c95cc60b5b4f75638918a775e8bb111c1ad7bfb873838f136d5b7354e48a5c167bdf7566ff5e052ed6229f1154d24d4993ac2fb30c509

Download Submit
/data/data/tv.pps.mobile/files/__local_stat_cache.json

Filesize
25B

MD5
2d805b13f2f28dc3ca9bbcc000f49bb5

SHA1
9eac165b4d81258fd3967cde5cc53b53b1dabcb1

SHA256
c8a6624f390568f0ddcb9841336aec6a564460fdaf6624e562b32935b8956f19

SHA512
5db8c57bab36bcf9db698c1dce70318cbffc156dd1d1c1e09e5b7ba60aff07b598ebbf26c4bd8a2b03bd6e59ef2dde2d944a22a8d8a19ecc8378e83afb7c83b0

Download Submit
/data/data/tv.pps.mobile/files/qyvideo.db-journal

Filesize
512B

MD5
306429484facb8e60104901d11bfbdac

SHA1
8a671a98c350526249cdfb7751a578b6213a4cb8

SHA256
aaf40fad3fe278e7c65fbff3c70a01a947a2509338d7d685f7e494c569b0efa7

SHA512
844f7a04eac654c35adb8007923b2fe9e06caef8fef58d872108424f3f7e251e6570564a1fd52a085b68b89b24e6b67fef6afa2c48e6592ea9645ac5c6b1fbfe

Download Submit
/data/data/tv.pps.mobile/files/qyvideo.db-wal

Filesize
80KB

MD5
d701085e87a9f81055df3b7923cf0efe

SHA1
e8b99edf36957cb4215575d5686c9900d0596d55

SHA256
a2f0368a35679271ae12ec9934eb45d4a5cf931641fd5e0168ca72eaf1c16dd5

SHA512
feb2bad835660361511378ec225bd6f3b57d2b4a548a3eda331d8727e8fc2c8e128dec843e2312e807e0bcd944b9e1a612a2509cb01dc697a9985ea4a4970468

Download Submit
/storage/emulated/0/baidu/.cuid

Filesize
89B

MD5
bc6d5c82c80a2c6fe4be1a660192104c

SHA1
a15f84a2c1856ab9c3d4581223732e70cdd7e89e

SHA256
c9ee240d76a21ebfdd08a969175086c1eb388881a281b8dcbd4372c7c5bdd959

SHA512
250b5dbc3f7ccbd8e25e814850292d4a4fc365309d49c55426e03d5fcdd6019cae0660336f1141aba1709247c9f8332ba78d0a52b66dbf07e9a52b62f2e6116e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads