Analysis

  • max time kernel
    179s
  • max time network
    187s
  • platform
    android_x86
  • resource
    android-x86-arm-20240514-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
  • submitted
    03-06-2024 03:36

General

  • Target

    906a9b8b116d95971794bdfb1c44670d_JaffaCakes118.apk

  • Size

    16.8MB

  • MD5

    906a9b8b116d95971794bdfb1c44670d

  • SHA1

    55d422dd1fe040e4edb89242789076e37778c797

  • SHA256

    3d9ec591f829440da0051dd755ecbf326e6f03f83eb3d88c51a6b633cb31b572

  • SHA512

    59dbd73d2517922cd7baa4dd9ad3e4a6621a467b5eafc8c68fe643f493f0d4143d9531d52c5f796ebd58f2e74b20a981a2320c6bf202efe707aaeee8e672b835

  • SSDEEP

    393216:cHXa8UQ6gG3pxsCyyGjpoamTRpMXdmj+O0Vm7zSY9Nro5MYoFEET:cKUG3p2yGjpxuROXde+tVm7mY9BOkEET

Malware Config

Signatures

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

  • Checks memory information 2 TTPs 2 IoCs

    Checks memory information which indicate if the system is an emulator.

  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

  • Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
  • Acquires the wake lock 1 IoCs
  • Checks if the internet connection is available 1 TTPs 2 IoCs
  • Reads information about phone network operator. 1 TTPs

Processes

  • tv.pps.mobile
    1⤵
    • Checks CPU information
    • Checks memory information
    • Makes use of the framework's foreground persistence service
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Acquires the wake lock
    • Checks if the internet connection is available
    PID:4268
    • df
      2⤵
        PID:4340
    • tv.pps.mobile:remote5
      1⤵
      • Requests cell location
      • Checks memory information
      • Queries information about the current Wi-Fi connection
      • Queries information about the current nearby Wi-Fi networks
      • Registers a broadcast receiver at runtime (usually for listening for system events)
      • Checks if the internet connection is available
      PID:4380

    Network

    MITRE ATT&CK Mobile v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • /data/data/tv.pps.mobile/config/ems.conf

      Filesize

      24KB

      MD5

      e035539b3fd8ac46db0f341b111ee1a6

      SHA1

      10bef338afd13bad31e8be41108c73c20ca4471b

      SHA256

      02a5d75dd31acf5720e768aba128d856f56b03c7237f6e5f307e93372dd4cd25

      SHA512

      ef6fe06fce635b20f9fe8f2db1bd0896814ce8551a7c7b4e5ed630f1e23ae4cb01afd4800db635cb39a56a7700e7d77e0634a59ab51f8829e49f00b5a904ff7b

    • /data/data/tv.pps.mobile/config/ems.conf

      Filesize

      32KB

      MD5

      19752653a4563ce98650ae63e410e8f2

      SHA1

      2dfca04714228e1556537c172f57c65914c934b6

      SHA256

      f4dab4bd68bbca6a62a861b90670bfa063887661004d68ba5ef8628817fff7f2

      SHA512

      a2eb75333c917ba7d3a570dd65bddfad250821b7087872e9bef911c4c21d95d39b93bd63109ed20ee4a0628138675b0d990f1977fa589e118d053e61b4f8a247

    • /data/data/tv.pps.mobile/databases/_ire-journal

      Filesize

      512B

      MD5

      b16226d8691f767ae0e0b4a83ea4ef47

      SHA1

      a8c757c7fe95ce9286f2bba0c2b31aa716283772

      SHA256

      7556f94114452e4a5f7547ce28dc86e1f407865a1a7a1aa59203ef409e268e2e

      SHA512

      cad93ff9059f3e074f394cb70d5e55825cf6ecad37af94eced5538276f21831cfcee70aebcc3859b7ea3c765731db7ce259bd5fa18699d0246967a10d5cad502

    • /data/data/tv.pps.mobile/databases/_ire-shm

      Filesize

      32KB

      MD5

      bb7df04e1b0a2570657527a7e108ae23

      SHA1

      5188431849b4613152fd7bdba6a3ff0a4fd6424b

      SHA256

      c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

      SHA512

      768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    • /data/data/tv.pps.mobile/databases/_ire-wal

      Filesize

      20KB

      MD5

      f1bb264f939edf2594f5be723066c74c

      SHA1

      859bae910708588a7e1bc77df4135fe8ae817602

      SHA256

      6a7ecd4aa050bfb66501310a9ce9a2c1b0d62d53dfb171286eff2861ddea8ba9

      SHA512

      f4a4bedd2adbcfb29a7c6122d0b1ff8236ccc916d1276d34a85b5f50b4ba9bd2f65c64c21e159ecb4f277f1595a64ad722c7dbbe8b12068c89118dcbe2151c93

    • /data/data/tv.pps.mobile/databases/pps_user_data.db

      Filesize

      4KB

      MD5

      210316c00fb8661ff2a62ce8eface6d4

      SHA1

      08138e73899e2c1f4fdf8d4126f00f660c5fa80e

      SHA256

      00bc25eb824c3029ea42dc82686a396616df359d629300fbb8f2ad0fd59a9fe1

      SHA512

      8625ce422af51a79e19caf49e7f9ef413d91702bcaf4ce3923ff2a86ae43e06db92095da24bd649d1fb1c249a501d7a83b626369ba9c6ee3c129d65494fdb46b

    • /data/data/tv.pps.mobile/databases/pps_user_data.db-journal

      Filesize

      512B

      MD5

      cc16bce8ccfc6f3339f222f5d62da2e9

      SHA1

      626940c19411b6c48d0917e5ebdd0ae6ea225c95

      SHA256

      e616efdece5e2e0da2a56443c9868b8b40a4bed29134ccd4005804248fa92dc5

      SHA512

      9856dacc978b3e4ff2332269b385c0417878e8d14c4ec39c89c03f74eeff7196034bff5f4b0af4d68fb5dfa1a69d614119bbecbddeb66421898e76b80aa9d3ae

    • /data/data/tv.pps.mobile/databases/pps_user_data.db-shm

      Filesize

      32KB

      MD5

      0ae59507c072e83ec6b9d1e1d19f9cea

      SHA1

      d3fa708bfd73f3be45d18642edb9d55df07a072c

      SHA256

      e529538b12695b407933679669c86809d4757df1f13d01aec10737f812bd2c72

      SHA512

      eda88b9101c5307653a2cf15765bb085d1bba939dc7febced7b4dc732cdc544097b4a88e345a8dbb93c4ea1971c260f95ad94e8eb94d2407d71c223e10a829c1

    • /data/data/tv.pps.mobile/databases/pps_user_data.db-wal

      Filesize

      76KB

      MD5

      eb15de62deb34f3353282d2799dd62a1

      SHA1

      ac18499ae67e8814b4dc58067013576af6b07c5d

      SHA256

      58a0cad104b25e6cc1fd9988ef9afeb19d1780245c196ec0c86e6d92d3e14d42

      SHA512

      90c241130d00e4ec8d4583cd8e3dda02100e5123410ae7b1b34a694da672df1f5c8e36f0842e07e881f96cbf4135af3f6f9ca8e03becdf298f49bcb867bfba58

    • /data/data/tv.pps.mobile/ppscache/PSNetwork.ini

      Filesize

      62B

      MD5

      9baa35cb48108d59965c220981c65d16

      SHA1

      dcd61906db2789b82c37e5954bf2f7a2793a065b

      SHA256

      987fb9e2400a9e7ffceaa6962a32beddd5203ad8ba1cd653f7b414eea9c8986e

      SHA512

      01de89d5535ec3789e0b310da6b712f2dcc722f80f629f08ecd21480ae9d0c3b6a5856ae9ef162ad2c436463450d482752c1d255c0667a179aaac6a41c073364

    • /data/data/tv.pps.mobile/ppscache/PSNetwork.ini

      Filesize

      15KB

      MD5

      4171efc03e81f976b5fd33736f376609

      SHA1

      d5af5cabf0e771ad2235af876579e057a646f67f

      SHA256

      d930b6e1e4b2497fba39333a4e37da642a38fb56ef64573dc73b871797787e85

      SHA512

      9891aa155d691ff5cccb7770cac4b48f5c80134fa8f603f776e387246abb9a6057e2dd6ba7235c3a4fdcacd97f9258121413e308ade5ae274a7a80e0a4dbd5f1

    • /data/data/tv.pps.mobile/ppscache/pgf.cache

      Filesize

      26KB

      MD5

      97a07616cf9f7b43a6ec7e90223a685f

      SHA1

      a5a5cfc78eab371debfef5a373fc5032983919d6

      SHA256

      f12aee37e7f689df194d6aed47ded7f32e458e390ecbbdbb06d9e56871e97b7f

      SHA512

      6afde4f4dbe820887045eef95b61d17a063cc81c015c511ebaf768e9044dab421e51949c5a2868fbd926f6a4d0498a33928c53c66d48427743f04348a7a69870

    • /data/data/tv.pps.mobile/ppscache/pgf.cache-journal

      Filesize

      2KB

      MD5

      5d85768056c8be68376a82e90e258ab6

      SHA1

      8a2189ee3a86068ef6616cd1cfd64aeb908f61ad

      SHA256

      fcf8587c2cc238bf697e6b6e6b049f281fd6b25a9c9fbbd1e0462cfe3c57e809

      SHA512

      bca9d47445c11f5036dd6bc48118384e69eafd5dcb5fa3365ab3d905b99a09a23fa6d9705f598810cbf66b2ecb1101b3e21852680062622f6f5ebd48e78dcf66

    • /data/data/tv.pps.mobile/ppscache/pgf.cache-journal

      Filesize

      512B

      MD5

      5d2b3dfe70dcfa6013c43214c765a0d8

      SHA1

      26bffe95932fbe85d87fd55c90d6babc7de790d7

      SHA256

      2a603358d030fbe945c4a0e4ec547ea257f561570468d9a536b757358b067282

      SHA512

      c59efeb1aec6042013eb0eb0cffe02fad85f1b373cfc27a47d61c5cc7f846c0cdffac06b315a9a6d70609fb1a67124a864d8c4a7bca98a93783d00575c454352

    • /data/data/tv.pps.mobile/ppscache/pgf.cache-journal

      Filesize

      1KB

      MD5

      c52d0984172c9f5245c203cc5dea2f73

      SHA1

      19d7417ad27af5574c61945458226591c9a6fdfd

      SHA256

      8638984ff21276a405837559b6591ecb34d1b2159b24f2607bb7b57048252d84

      SHA512

      75615c09d5e7461ed16a7c0b1b9cbff5f2dcb604b2a85492974dd0b2dab81e1c107b7ce663b838bd2c75d3dda9e0928f5a67c854ad5cee7b71f88d3a1838f159

    • /data/data/tv.pps.mobile/ppscache/pgf.cache-journal

      Filesize

      1KB

      MD5

      1429680bcb0685306f63c882ec2017a9

      SHA1

      770aac0f82d0e374a0b970318e18f3cd9cfb3c4f

      SHA256

      f49ebcb5a95931769fdd3f07152075a5e2559253d95a46d3aeff137ff229da40

      SHA512

      e683cca409dfdaab1640ae5273e5b93983376d3208fc4eec2101922bdc1d464812a570d3e9019824755e3cb8fabf46b0696be43134073dae6952b54ad0304f43

    • /data/data/tv.pps.mobile/ppscache/pgf.cache-journal

      Filesize

      1KB

      MD5

      abfa19d676ffc78f87f8423f5018fc2d

      SHA1

      182f0be13fc14d7a9cc5bac0e692b0cc0018debc

      SHA256

      6c74e6a6fe6af25d0ab652117ad3488caf644247542ab01159534c78bf2930f8

      SHA512

      93448577e33a363de259a5dd1d2543205404dee1ff66cb4589a7c03362c5b9fa30e6eb412fa6d1a92844bf86a615a34742f66dba80b122dbb1400e634dea3e7b

    • /data/data/tv.pps.mobile/ppscache/pgf.cache-journal

      Filesize

      2KB

      MD5

      b8f8a8c13f7cf7505c3f5affabf7bc79

      SHA1

      96bbb6564f87a91c198012f7894eb873bca115fd

      SHA256

      097c7abe613f83e817d2ee1ed5f43b6c3e24af7ba77750fc52e92fef15300341

      SHA512

      0bf2f02c7a808e1b50825e2ede8a095ecb00a28b6cf9a31d4e6c4d89740796a40e4a7dfc1d05de6d247d3b4da4a469f5932a86496a7e24db69187f1ec127aad6

    • /data/data/tv.pps.mobile/ppscache/pgf.cache-journal

      Filesize

      4KB

      MD5

      0d01fa7f87739d61c609e8dd2e10e3d2

      SHA1

      979a617bcac47f79e7ebed9008be30fc926d2f93

      SHA256

      856e57b8b50d622b96d6c931d2e1a18afd9874139e049c106f6a13266df2529c

      SHA512

      a7a236f0c149c85445e3fd56b0aa2d796db4bdac041f3b1ab4b983776960ae2194be1ce1e4a396966921b8438ba60837abe165eb1a5e5eef6e360514f924d8de

    • /storage/emulated/0/.pps/parnter.data

      Filesize

      4KB

      MD5

      f2b4b0190b9f384ca885f0c8c9b14700

      SHA1

      934ff2646757b5b6e7f20f6a0aa76c7f995d9361

      SHA256

      0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

      SHA512

      ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    • /storage/emulated/0/.pps/uuid.data

      Filesize

      193B

      MD5

      5bd37b876c6061b8a081f75405cabfc1

      SHA1

      0f5d574e6b9d952675c21810c34e7664d1e2f794

      SHA256

      b0a1fb963c708b8a57f02cf07fba1b7243ab91e4a1343783861d74086800d8a9

      SHA512

      17617bc2e96ad6161dec71595d52382d9c3d14b3310e951eebdc73b9ec00ae926c0ea813598411be74b54edcec753ee67aadf04a4f58036641c8cacd3e069521

    • /storage/emulated/0/baidu/tempdata/ls.db-journal

      Filesize

      512B

      MD5

      0b23ffddc279ae262261207ad6429e6f

      SHA1

      4479f2a706b4d69890f82054a22838c8163334a0

      SHA256

      2174c4b52370c4ffab2b000fe72e7477d404077eeb218578bf3d66800540d861

      SHA512

      7a17030be5669c467f18139f5af061af967f796301f668732ff95e0b5840e6d45c338abf83432d7db56ee764dd6763a712bbb0502d77f53f0b742722974af409

    • /storage/emulated/0/baidu/tempdata/ls.db-wal

      Filesize

      32KB

      MD5

      8586a9ac214c4be66b309e1916733110

      SHA1

      a85492adfbbef75bde2b477a023a363f60b225eb

      SHA256

      8820488dc7161beb530210e7f7d7d9b3932e4e4e0ad20b4ffd5571a0d2b6bde7

      SHA512

      f2fa9c9671bad0812368002e86a888ffc7a4ebe0fe30e34969de0eedbb89bd14d5566cbcdc27b7e051aa88f681f29cf7616ecd17351590db4804be75bfcbb3cd

    • /storage/emulated/0/settings/tv.pps.mobile

      Filesize

      58B

      MD5

      a163eb0b7740b3aafe6ae2a28ef061ac

      SHA1

      d79294523b7eeb29ed9530459e9cea60dc76eb24

      SHA256

      1e30234a1538a319b8fd81f27006e48fbec43be3a26eda1e26c19d216a712244

      SHA512

      ee209e237ef59b3cf966dbbfa25cd836d39f5bd46584e9772d044bab4a4ee18cf275db3f4819d55595f66d425da09b031f75fae52893b249d3929c9e6950b5a3