Overview

overview

8

Static

static

6

a3e5b3cd34...18.apk

android-9-x86

8

a3e5b3cd34...18.apk

android-13-x64

AlipayMSP2...19.apk

android-9-x86

7

FlappyBirdGame.apk

android-9-x86

1

plugin-deploy.apk

android-9-x86

plugin-deploy.apk

android-10-x64

plugin-deploy.apk

android-11-x64

Analysis

  • max time kernel
    7s
  • max time network
    180s
  • platform
    android_x86
  • resource
    android-x86-arm-20240611.1-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
  • submitted
    13-06-2024 04:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a3e5b3cd344b5490f35522779d842223_JaffaCakes118.apk

  • Size

    19.4MB

  • MD5

    a3e5b3cd344b5490f35522779d842223

  • SHA1

    39e0a4beb5c03c6b9331dd9a614327ec05cbf25b

  • SHA256

    043cd454f61a9fdcb9b39904fa0380892b63b5520dbe5105a752c3082ac185a5

  • SHA512

    0141faf2e8116f4362b02f2486a089e291804828aa0906596bb2e897c4b7fb444048bc78d31c2afa7aa85088354b171c933d114fa0d94614f413b0f3295b5887

  • SSDEEP

    393216:3EPeTNfK1A5Wwoip+VUZGazMjKVd9Z6+s3zsB0T5eIOjXKz0hSKSI4Diq:3EG4Y/fp+VUd/Vn1czsB0Yo0hSE4Gq

Score
8/10
bankercollectiondiscoveryevasionimpactpersistence

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 2 IoCs
    evasion
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    discovery
  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

    collectiondiscoveryevasion
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact
  • Checks CPU information 2 TTPs 1 IoCs

Processes

  • tv.pps.mobile
    1⤵
    • Checks if the Android device is rooted.
    • Queries information about running processes on the device
    • Queries information about the current nearby Wi-Fi networks
    • Requests cell location
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    PID:4263
    • df
      2⤵
        PID:4320
      • mount
        2⤵
          PID:4347

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • /data/data/tv.pps.mobile/databases/_ire-journal
        Filesize

        512B

        MD5

        2ba097bc962de50c8a3cbdfc81de496d

        SHA1

        c5278f780e90fed5be52a0ff1c7bbab052972369

        SHA256

        92426c7834c8981be07dbd927cb740eebbaf7531df020680f76599c85d87602c

        SHA512

        e8b8808ffb913e6b38d4849e753dde97a195eaa8ec886bc062474b0bc7219c80e1fbdfefce9f895773878a0346b1f60543157d5f458df5b0c14b8e31c2d71725

        Download Submit
      • /data/data/tv.pps.mobile/databases/_ire-wal
        Filesize

        20KB

        MD5

        14cf41fb17376261f5caf17722e886c0

        SHA1

        0bd39f628fc64312b7d1b6bad0d98d887498d71a

        SHA256

        9e0be8050a744b390cc23eb92779cb1a8a57c7f4a3bf2bf026fb9a64fd6dc5f8

        SHA512

        338c4385ffe06d2f92ae01bcd508c976feb8fed902d80df022d230e77efc1d90bd1ef4714e7de350ad4666d16d9b45919c6a20bf9c7ee5f9cbe865ea9d1394b1

        Download Submit
      • /data/data/tv.pps.mobile/databases/pps_user_data.db
        Filesize

        4KB

        MD5

        f2b4b0190b9f384ca885f0c8c9b14700

        SHA1

        934ff2646757b5b6e7f20f6a0aa76c7f995d9361

        SHA256

        0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

        SHA512

        ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

        Download Submit
      • /data/data/tv.pps.mobile/databases/pps_user_data.db-journal
        Filesize

        512B

        MD5

        d69aca86eb3a7949dd6db5de4210cbc3

        SHA1

        4a046f5ee7339d931b9639362109b95e27e64e40

        SHA256

        170c5d1d318fd9835f50dcdd432500a0f457e61a9a36a08a0f8ead1909824456

        SHA512

        61923c527ca22d492ea5ba6828ab2d913389e7df7c00123c231f16868817d11ea324552f83dfd95c30644ac5ae4a56dfb7b9b3e4f8a618b79a88e705a76e1f73

        Download Submit
      • /data/data/tv.pps.mobile/databases/pps_user_data.db-shm
        Filesize

        32KB

        MD5

        bb7df04e1b0a2570657527a7e108ae23

        SHA1

        5188431849b4613152fd7bdba6a3ff0a4fd6424b

        SHA256

        c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

        SHA512

        768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

        Download Submit
      • /data/data/tv.pps.mobile/databases/pps_user_data.db-wal
        Filesize

        56KB

        MD5

        5eed07e933a89e2061d7fbc23f54c47a

        SHA1

        407ae92d0905bbc65fea9b88508b7a93a05bd002

        SHA256

        98b378fa09447ab5d85ef5405bbfbf38956c4977b23e7fce0e4fd7be0686fc57

        SHA512

        5c64b8c592d4b5375343daa1814ad930305dc39e5a8b8e43209d53bd57bc4ee89987d0a5a2d11de163b71cba1425a2b1fc1d9b7e545ed54c14834cd339dd907b

        Download Submit
      • /data/data/tv.pps.mobile/files/__local_stat_cache.json
        Filesize

        25B

        MD5

        2d805b13f2f28dc3ca9bbcc000f49bb5

        SHA1

        9eac165b4d81258fd3967cde5cc53b53b1dabcb1

        SHA256

        c8a6624f390568f0ddcb9841336aec6a564460fdaf6624e562b32935b8956f19

        SHA512

        5db8c57bab36bcf9db698c1dce70318cbffc156dd1d1c1e09e5b7ba60aff07b598ebbf26c4bd8a2b03bd6e59ef2dde2d944a22a8d8a19ecc8378e83afb7c83b0

        Download Submit
      • /storage/emulated/0/.pps/parnter.data
        Filesize

        5B

        MD5

        7658a8e6e19f7abccea76cab9f13567b

        SHA1

        9ede6b2b3cf3e310c586b466ccee3ede765d1699

        SHA256

        033a89cca6ef3da3b5586a0c16b9d553cda697ac9bf2b32de96a1bd803b1e654

        SHA512

        c960d4738efd0f1dfefa5399e59c16923293127fa7a1a0d53fae6e84c82dd4900cffbd82e0f66ad2a7a7699ea3720b5b44df726aa90165ee85158b6d832df321

        Download Submit
      • /storage/emulated/0/.pps/uuid.data
        Filesize

        32B

        MD5

        61c90f4a35b254a11225d499a9e70cfd

        SHA1

        a215eb0bd645e8a85019d1de2eb37285bed25b15

        SHA256

        250db5e501fa9e84764206fdcab8ac1792df0c62f1675733e89d5eea5978653d

        SHA512

        ced4986a7ddf3d22dec07f56b8c30da52ff9635ea7b9b54f4b0ae293054a849f13a045d0a935fbbd0764f9fea7f2a72a1720f5613308825b40026e20ab4896f2

        Download Submit
      • /storage/emulated/0/Android/data/tv.pps.mobile/cache/ContentCache/journal.tmp
        Filesize

        31B

        MD5

        8c92de9ce46d41a22f3b20f77404cc1d

        SHA1

        8671a6dca00edb72be47363a7071be65cf270373

        SHA256

        68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

        SHA512

        30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

        Download Submit
      • /storage/emulated/0/baidu/.cuid
        Filesize

        89B

        MD5

        7789e838274069e94245b2cea89795d8

        SHA1

        acff1ba1c6441baeaa2420f25fdf540e19e07bb6

        SHA256

        0a8497a23683dcbbbd97d936967d7e5fe0d1e879229c30f615dcaa08a0dc38ef

        SHA512

        42406aa0a92e280129aa2d06a8c956db2c9564a0059bc12d9dc39e29015c309edbe4b73030c0a166cd5943a8851152771884db5c912339b90cf0727c6cd34494

        Download Submit