Analysis
-
max time kernel
115s -
max time network
130s -
platform
android_x86 -
resource
android-x86-arm-20240611.1-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system -
submitted
14-06-2024 07:29
Static task
static1
Behavioral task
behavioral1
Sample
com.tmart.pesoq_2023-11-28.apk
Resource
android-x86-arm-20240611.1-en
General
-
Target
com.tmart.pesoq_2023-11-28.apk
-
Size
15.0MB
-
MD5
a32b5cb37df7cf8fbe8b556383584ca5
-
SHA1
84599f78bef54044e596a877bfd414859fe96fd6
-
SHA256
a0cd3f8e1907f6002478ac1ea1726a97ccd9c7f1b2d933353377c8f946fba365
-
SHA512
1d3b617d938f0df4f0a693a94fc8b26ce99812b2fe07c5528facc2022baffe1a3d055feeeb6f4adfa3eeef02532b52df3ec3e8a62f85166d1eec2c7b2a58c2ed
-
SSDEEP
393216:6O9eNYijZN/RIdwtILPtXe2kRmQrBGxlAVFxtCxnmJf9ELJTV:6O9ojZNZIdEcPipQmVtCi1EP
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
Processes:
com.tmart.pesoqioc process /system/bin/su com.tmart.pesoq /system/xbin/su com.tmart.pesoq -
Checks Android system properties for emulator presence. 1 TTPs 1 IoCs
Processes:
com.tmart.pesoqdescription ioc process Accessed system property key: ro.hardware com.tmart.pesoq -
Checks known Qemu files. 1 TTPs 3 IoCs
Checks for known Qemu files that exist on Android virtual device images.
Processes:
com.tmart.pesoqioc process /system/lib/libc_malloc_debug_qemu.so com.tmart.pesoq /sys/qemu_trace com.tmart.pesoq /system/bin/qemu-props com.tmart.pesoq -
Checks known Qemu pipes. 1 TTPs 2 IoCs
Checks for known pipes used by the Android emulator to communicate with the host.
Processes:
com.tmart.pesoqioc process /dev/socket/qemud com.tmart.pesoq /dev/qemu_pipe com.tmart.pesoq -
Loads dropped Dex/Jar 1 TTPs 4 IoCs
Runs executable file dropped to the device during analysis.
Processes:
com.tmart.pesoqioc pid process Anonymous-DexFile@0xde4fc000-0xde4fed00 4318 com.tmart.pesoq Anonymous-DexFile@0xd5aed000-0xd5aef020 4318 com.tmart.pesoq Anonymous-DexFile@0xd5a1a000-0xd5a1cea4 4318 com.tmart.pesoq Anonymous-DexFile@0xc37d8000-0xc37ddba8 4318 com.tmart.pesoq -
Acquires the wake lock 1 IoCs
Processes:
com.tmart.pesoqdescription ioc process Framework service call android.os.IPowerManager.acquireWakeLock com.tmart.pesoq -
Queries information about active data network 1 TTPs 1 IoCs
Processes:
com.tmart.pesoqdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.tmart.pesoq -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
com.tmart.pesoqdescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.tmart.pesoq -
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
Processes:
com.tmart.pesoqdescription ioc process Framework API call android.hardware.SensorManager.registerListener com.tmart.pesoq -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.tmart.pesoqdescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.tmart.pesoq -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.tmart.pesoqdescription ioc process Framework API call javax.crypto.Cipher.doFinal com.tmart.pesoq -
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
-
com.tmart.pesoq1⤵
- Checks if the Android device is rooted.
- Checks Android system properties for emulator presence.
- Checks known Qemu files.
- Checks known Qemu pipes.
- Loads dropped Dex/Jar
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Listens for changes in the sensor environment (might be used to detect emulation)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.tmart.pesoq/databases/com.google.android.datatransport.eventsFilesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
/data/data/com.tmart.pesoq/databases/com.google.android.datatransport.events-journalFilesize
512B
MD5dc28406753ed31d6430add11b26349e2
SHA1f7f7216cc4de65e52a3cde313dad2afdcdd12f0d
SHA25642d8d44ba96b7705b3aca3e07710f710ee9c91f788e14212f89aaacb9e0c3e9a
SHA512ba2337ee7fded0dfc023ffaa5d69d36361a5f97f5366d9c5590b8268aea948fb22f6411860fcaf91892559c350daa79b62a5e0d4dfaa383121896aafe862db9d
-
/data/data/com.tmart.pesoq/databases/com.google.android.datatransport.events-shmFilesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
/data/data/com.tmart.pesoq/databases/com.google.android.datatransport.events-walFilesize
68KB
MD55ca37a7cc34b48ffdf0d1ceb7a11a3a2
SHA10b307e10b72b04a22e358add2bcc246ddd49e99f
SHA2562db75fe406051fc6382ac5a95a7daed54e8bd12672a48175ca9a3422fb32b0a7
SHA512a389203811dcfd11d3d17215528da91f7a68f229dfe4a1560d5370bfb72bae4fb51a2446dfc22919bf3466a9aa453772da65c70467ee8d3e8b0104ef4b87f3e3
-
/data/data/com.tmart.pesoq/databases/google_app_measurement_local.dbFilesize
16KB
MD545646b26fa47a22af9dad856aed189e6
SHA11788fd80b960046180a0a36854f2a19f430a237d
SHA256017a041a400fdcf28f320b1232f1aec8d74935d2d1b036782e440ed3cb3438ab
SHA512dc29cfdfe4d1e7cc24055445c523400f77166d746752dff0e1bd5bc8e684769d866be95c809704c44a58ec1278846208841a163aa473dd3baf487847a76b596b
-
/data/data/com.tmart.pesoq/databases/google_app_measurement_local.dbFilesize
16KB
MD5a4675b3b99c392fcc654dce672e8a37c
SHA104ce10ce0382385081ea84a4d9513f29d043a9f3
SHA256f6e304fe5c5e96920b63466c4c544fc8bf08c94cd8279bfdbae407a296556ebf
SHA512a09aad61458fe1c620e1331f2557d36ce7f9ff2a040874dc3b75e18b598eafbe0a221bfa1db80aa8f127cb88a52f70058e545529a301b22804616ce57bab5b81
-
/data/data/com.tmart.pesoq/databases/google_app_measurement_local.dbFilesize
16KB
MD52edeed0839752edda2441d11d680d72f
SHA162bc41e92a67addcdb4dbda888705a2d3f732dbd
SHA256ede3f3491759b4d9715c377be6b4ef31815e02cb14781e80f8d6786f6d5d4a23
SHA5127bb4ae7d296056940313218dc06a0aa21b6f5af6866308d26ba7e9e584d2976bd79a79a1516646153d7fb112b8451f45f882eec32568e13d835571517c01683f
-
/data/data/com.tmart.pesoq/databases/google_app_measurement_local.dbFilesize
16KB
MD5d3039513e984e13d9b94cfefea1ca144
SHA16a9997d8e052a3932e84728293811bbfda5d7736
SHA2566262673fc3a5a6eaa662e0328f41fe8956ccac3ea5822c8bb81d41bf039689e9
SHA51254788f957e60099e5e6d047a1c98be65940b4b8aed59336c40aedad2ac5d14020039abf0f18ff8a86d9c1efa45a0b4952a4af27025954d7edbdc894580d45949
-
/data/data/com.tmart.pesoq/databases/google_app_measurement_local.dbFilesize
16KB
MD54bbdbdb4ffd37a349beec0d558da5432
SHA1e4080f9a9f4b7b00a63d3d33efec9d63f22e49b5
SHA25655a3062428fbe7d725ac62a357e739f909e5ffd2738b3175c08bcfdbc7b52670
SHA51271ad64294275cc5877ee05748061f9b6cb5c2bdbda429b9c46ab429c0290155bd97681147561963047644afae77c4c0a9d04d9fe052a1422e830d1dfb7774659
-
/data/data/com.tmart.pesoq/databases/google_app_measurement_local.dbFilesize
16KB
MD57237409e0640cfab7bdbd429bf821a3b
SHA14c3da934842f8d4835dfe2a9c275a300e5123309
SHA2565c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa
SHA512c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f
-
/data/data/com.tmart.pesoq/databases/google_app_measurement_local.db-journalFilesize
512B
MD5f05a68ccf62babc132f0dca658962245
SHA15e3218219f11fa7de7296aca4b2624529fc2f980
SHA25619e58de939aae579a8a43c91aceb29d48500516d7e61f2342e5932e7a3c52bbb
SHA5120f485c340118f00e8f4d053a99a5152e68c385004c6053ba3908c95862ced79da21c2046297da1c6292ca88219290545a6dd890486358b9e1960bd56babd77bd
-
/data/data/com.tmart.pesoq/databases/google_app_measurement_local.db-walFilesize
36KB
MD5b447b649ca72538d73a7b0820d395e52
SHA1e920f54fa2950af385e1160497e4aa471ecd547d
SHA2563e593606b8511df646df7ac8126a7f47456364da3e325ebd51bb384d3dba4db2
SHA512035cdbb08e820e9cc71310d583d5000f54f1e81d3c4dda4f778225af678bed446b4e0f4b544bd80c8c7192b0ae6450bc642e800025acfe0f916d4c977555290d
-
/data/data/com.tmart.pesoq/databases/google_app_measurement_local.db-walFilesize
4KB
MD5ebe1e65db80cc46a6520193882d6b821
SHA11d37a0ea8055eff8498b41578f7e120a142efb77
SHA2563c5ea0d97e3d7656bc55f17fb16a6e5ec1305adb49a39622a04d0c755c66297c
SHA51254050d487d2eab212402a399c5586f07a25a1b8d0b8105f93d15edce2db242d5b77dc54b2004d16644c89a40fa3353c5feeb9a37eba9f40137f7a30d7c1f8e51
-
/data/data/com.tmart.pesoq/databases/google_app_measurement_local.db-walFilesize
4KB
MD52a3122cd975308fd90fec45d03a5676f
SHA122f33f127665cf6e7db9708df68492902c5b329c
SHA256c7cc7f86b6145af1d0e8333f2d3e8c00922b469a8984fa0315e15e3d896b9339
SHA51203389d0ab9cbcfb621c8060bdaf4cf137b8ee7e1b0a331bada8dd67da7bbf64561670da55adc6b249700707feebc08fcab6a2967ba5ea23003b97561f53d45be
-
/data/data/com.tmart.pesoq/databases/google_app_measurement_local.db-walFilesize
4KB
MD5990ac9fd2f4296644b960851a3c1d544
SHA1745a4b0ace6974f3cc68525c07897a97a4a8ce5c
SHA256ff2f2458ba76196ab4f806d122b99fd0a0cdc549c1b783cfbcfc74da7e0982d1
SHA5125ed651750a3adcb9bebdcfcc0142e176df5b529351f2c6e60fdbb41716c5b8a988b21e5b094e6724df38567c9ef5fc11e101ae06668d683db9d0d6887fe3ced5
-
/data/data/com.tmart.pesoq/databases/google_app_measurement_local.db-walFilesize
4KB
MD5ca40a51ffd16c25aa4235ac7a7fff6b4
SHA17671d877a0e726ea3d81b543e57f4776c53857a2
SHA2564c7e087708423c78e54c7932e5faa5ef5237fd8c0af8bed2207771e1ceec2f5b
SHA5125d4a46c9db937da23df79ced208a06f2c4ccc9404deb136a297c09bfe4858278e28bc6dcc94a195490fb9fe3fc0ced06618b4bd3a4d3da61a55ff480f506af71
-
/data/data/com.tmart.pesoq/databases/google_app_measurement_local.db-walFilesize
4KB
MD58e47a7875981161e83a60e9843827f7a
SHA19d530945cfae44f4655fde58628d204a9fe41f7a
SHA256d7ea30758016579fc5d7dc0e9c00a9217213934a1d34fc6e5990d99bb95511f1
SHA51291bbc6a134eca6b64471000e5e7936d4513965c2d280438e6a53297a8ede1f6ea66e1081d528e2a43e1ed22c3f5015603e4bfaadee0d8c59f2c13bc41c8667c9
-
/data/data/com.tmart.pesoq/files/AFRequestCache/1718350670409Filesize
3KB
MD5b4f6bd1a4dc5f70034d39d523d2bc135
SHA123e848bf2e572b4cf5b84179a608925dd012e446
SHA2569bb4109babc6bfb87f41b2068d1515593d2267cf6b3b2a9358391a499fe86144
SHA5124b4b22f947216a37b5b93b7a05b31e0f0cc16059ae670fd9a081c0c52c9f2033d51fd77b097057aa438ad16703f02043f68873c5f059baeaac2f503495ec0152
-
/data/data/com.tmart.pesoq/files/AFRequestCache/1718350670778Filesize
3KB
MD55cf2d8f5ceb27d1817bcccf84a30e446
SHA136f73751c0a03bab781a56ed04f7df7f1868d7f6
SHA2566e3dcfbf6c68eb4c971c1019901c55f924c585c1e01c836ff41b4b28ab89bcd4
SHA512ab0b58a71e67607a6185caafeecaf768d14c0093697d6a4ad1765752cbae63eea46cbd78e187091839bdea5e86ccab0125f9574c83ebf0903eabdfdbcee61575
-
/data/data/com.tmart.pesoq/files/AFRequestCache/1718350672798Filesize
3KB
MD5be9e4c6819eb43df26406391823351c6
SHA16aec84071a10ac0c8eafc87fc9fd6d73fe370477
SHA256ec1254412b92802745ad8604f76b7fcddb6fb907c563eccf244de606c5b186ba
SHA5126b5a4cc8df8463a80fa738e4b5686fd7cd38276e2a15e38ec34526ae5af67da2c0d54eb9a178995fbf6565c59e9d7011d15059db43bade28928984b4059375e8
-
/data/data/com.tmart.pesoq/files/AppEventsLogger.persistedeventsFilesize
1KB
MD53033a964d6bb93b1ad7bc33f411ca885
SHA191857eecfad800a949c5162cf9d38ed2034e49f7
SHA2562b440bf1f71108c22631b691889344d2e8967d919af92af8bd3c1566ab97f444
SHA5127a3e6bb24040dcf40a81b51535e1dbbb9bf57ec9cd6073191b5bd76b77b439a2524b422be5b46a91982c4e069b2e0458a94f994832402f7b845ca90bda585ccd
-
/data/data/com.tmart.pesoq/files/AppEventsLogger.persistedeventsFilesize
1KB
MD531875e533cb7d25d203a8bb314df5aa0
SHA177afb30ab3c45ac89792c130ed319c75d13bc694
SHA256f0f2e615ac1050359ec1a6d72c18fb7efe2335b900e719618f9eaaa0df00fd94
SHA512e1648f2319e085faf1cb2fae952d527a1ec7074ec9152c356456a370a41ad4eccca2ebbb0fb92960b118f989a2799812e5f95a02b046d42e89946983a29989ad
-
/data/data/com.tmart.pesoq/files/PersistedInstallation2176961453363028995tmpFilesize
90B
MD5c8a7d7e676b395938ed92e25aaa3aacd
SHA190f43a3b6600c7493f99b7e194ec7dc164b0998b
SHA256d382416e8cb67592c71cf53296ac31d15fddaf2e00117f29448967bfef2b5188
SHA512f121248ce1d6444d26d951e8d0d8a13b268f616bf6d929f69f01449b7b334068771a0533ef36e722ada2441c8850e61276d7aef60182207c66cedc81712a1851
-
/data/data/com.tmart.pesoq/files/mmkv/mmkv.defaultFilesize
4KB
MD5620f0b67a91f7f74151bc5be745b7110
SHA11ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d
SHA256ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7
SHA5122d23913d3759ef01704a86b4bee3ac8a29002313ecc98a7424425a78170f219577822fd77e4ae96313547696ad7d5949b58e12d5063ef2ee063b595740a3a12d
-
Anonymous-DexFile@0xc37d8000-0xc37ddba8Filesize
22KB
MD5ef1a7adb109b0ad4da578f51e3efc1ae
SHA139672e1c975ff4ae759b869d0410b90fe1ef7b4a
SHA2563ecedeb07b6b3a7d1bd235b387ce65894d83042a1c1bb641cba0a19c1a1f7146
SHA512936257fe696b8434f5d9cc0aad30736d07f97d14c6b1ff968ca3ba405574a0018d813a3126ce25635c255e8717d0abee485cd6ec974722082fdadc6689acf138
-
Anonymous-DexFile@0xd5a1a000-0xd5a1cea4Filesize
11KB
MD50bba2eda283057834590001bf869edb7
SHA1e82dc44a92e9607e112a845d8c458afbac7dc6c1
SHA256090eea545887cf6b28c51f795bfef902cdc03cd3f4c02695761086d9fd51d4f2
SHA512cdc0d9a03f4f5bdad02b46bb40f8663cfa6bed0a2a7065422837b4f5439dcb8987eec03df76f104ca06b1cf61988b8ce9965997d9d454aed3bd2c8630eac5bc7
-
Anonymous-DexFile@0xd5aed000-0xd5aef020Filesize
8KB
MD5ac209a0b4dd8c3908ca8e0ec2e5c77d4
SHA1beb86f3c2637666dc238aa2dcfeb78169cbebf62
SHA256f7f2390997b68beea68efa62e75a8c38d2c125b8d2c1a4c25ed00ea5d1e203fa
SHA512d8339e188423223f49f2b4b4521f9e014ecf2f9a17242a6394625ca43686fb86bd4978c0ba79b704137155ec4a89b08e302ac6ed1cf14f8d8bfb0adaaae29c13
-
Anonymous-DexFile@0xde4fc000-0xde4fed00Filesize
11KB
MD5c4d6d35e8dc357f7b63b6eed2d76df9e
SHA182d1922fd10346d3001d2575dbd89c8836bdb931
SHA2562d286b7081c586db4c2eeeabd8284d7dfec04ec3ff3dd8b15b75dd320dd9f452
SHA512f5e4c28860cc8722f62da3883746a92e65348f9a338c8ad9a3a20212ab5e74485b3c049cc74da6fc085292e478fc18fdb970e6e0a6aa0b181db3521383b047e6