Analysis

  • max time kernel
    115s
  • max time network
    130s
  • platform
    android_x86
  • resource
    android-x86-arm-20240611.1-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
  • submitted
    14-06-2024 07:29

General

  • Target

    com.tmart.pesoq_2023-11-28.apk

  • Size

    15.0MB

  • MD5

    a32b5cb37df7cf8fbe8b556383584ca5

  • SHA1

    84599f78bef54044e596a877bfd414859fe96fd6

  • SHA256

    a0cd3f8e1907f6002478ac1ea1726a97ccd9c7f1b2d933353377c8f946fba365

  • SHA512

    1d3b617d938f0df4f0a693a94fc8b26ce99812b2fe07c5528facc2022baffe1a3d055feeeb6f4adfa3eeef02532b52df3ec3e8a62f85166d1eec2c7b2a58c2ed

  • SSDEEP

    393216:6O9eNYijZN/RIdwtILPtXe2kRmQrBGxlAVFxtCxnmJf9ELJTV:6O9ojZNZIdEcPipQmVtCi1EP

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 2 IoCs
  • Checks Android system properties for emulator presence. 1 TTPs 1 IoCs
  • Checks known Qemu files. 1 TTPs 3 IoCs

    Checks for known Qemu files that exist on Android virtual device images.

  • Checks known Qemu pipes. 1 TTPs 2 IoCs

    Checks for known pipes used by the Android emulator to communicate with the host.

  • Loads dropped Dex/Jar 1 TTPs 4 IoCs

    Runs executable file dropped to the device during analysis.

  • Acquires the wake lock 1 IoCs
  • Queries information about active data network 1 TTPs 1 IoCs
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.tmart.pesoq
    1⤵
    • Checks if the Android device is rooted.
    • Checks Android system properties for emulator presence.
    • Checks known Qemu files.
    • Checks known Qemu pipes.
    • Loads dropped Dex/Jar
    • Acquires the wake lock
    • Queries information about active data network
    • Queries the mobile country code (MCC)
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:4318

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.tmart.pesoq/databases/com.google.android.datatransport.events
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

  • /data/data/com.tmart.pesoq/databases/com.google.android.datatransport.events-journal
    Filesize

    512B

    MD5

    dc28406753ed31d6430add11b26349e2

    SHA1

    f7f7216cc4de65e52a3cde313dad2afdcdd12f0d

    SHA256

    42d8d44ba96b7705b3aca3e07710f710ee9c91f788e14212f89aaacb9e0c3e9a

    SHA512

    ba2337ee7fded0dfc023ffaa5d69d36361a5f97f5366d9c5590b8268aea948fb22f6411860fcaf91892559c350daa79b62a5e0d4dfaa383121896aafe862db9d

  • /data/data/com.tmart.pesoq/databases/com.google.android.datatransport.events-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

  • /data/data/com.tmart.pesoq/databases/com.google.android.datatransport.events-wal
    Filesize

    68KB

    MD5

    5ca37a7cc34b48ffdf0d1ceb7a11a3a2

    SHA1

    0b307e10b72b04a22e358add2bcc246ddd49e99f

    SHA256

    2db75fe406051fc6382ac5a95a7daed54e8bd12672a48175ca9a3422fb32b0a7

    SHA512

    a389203811dcfd11d3d17215528da91f7a68f229dfe4a1560d5370bfb72bae4fb51a2446dfc22919bf3466a9aa453772da65c70467ee8d3e8b0104ef4b87f3e3

  • /data/data/com.tmart.pesoq/databases/google_app_measurement_local.db
    Filesize

    16KB

    MD5

    45646b26fa47a22af9dad856aed189e6

    SHA1

    1788fd80b960046180a0a36854f2a19f430a237d

    SHA256

    017a041a400fdcf28f320b1232f1aec8d74935d2d1b036782e440ed3cb3438ab

    SHA512

    dc29cfdfe4d1e7cc24055445c523400f77166d746752dff0e1bd5bc8e684769d866be95c809704c44a58ec1278846208841a163aa473dd3baf487847a76b596b

  • /data/data/com.tmart.pesoq/databases/google_app_measurement_local.db
    Filesize

    16KB

    MD5

    a4675b3b99c392fcc654dce672e8a37c

    SHA1

    04ce10ce0382385081ea84a4d9513f29d043a9f3

    SHA256

    f6e304fe5c5e96920b63466c4c544fc8bf08c94cd8279bfdbae407a296556ebf

    SHA512

    a09aad61458fe1c620e1331f2557d36ce7f9ff2a040874dc3b75e18b598eafbe0a221bfa1db80aa8f127cb88a52f70058e545529a301b22804616ce57bab5b81

  • /data/data/com.tmart.pesoq/databases/google_app_measurement_local.db
    Filesize

    16KB

    MD5

    2edeed0839752edda2441d11d680d72f

    SHA1

    62bc41e92a67addcdb4dbda888705a2d3f732dbd

    SHA256

    ede3f3491759b4d9715c377be6b4ef31815e02cb14781e80f8d6786f6d5d4a23

    SHA512

    7bb4ae7d296056940313218dc06a0aa21b6f5af6866308d26ba7e9e584d2976bd79a79a1516646153d7fb112b8451f45f882eec32568e13d835571517c01683f

  • /data/data/com.tmart.pesoq/databases/google_app_measurement_local.db
    Filesize

    16KB

    MD5

    d3039513e984e13d9b94cfefea1ca144

    SHA1

    6a9997d8e052a3932e84728293811bbfda5d7736

    SHA256

    6262673fc3a5a6eaa662e0328f41fe8956ccac3ea5822c8bb81d41bf039689e9

    SHA512

    54788f957e60099e5e6d047a1c98be65940b4b8aed59336c40aedad2ac5d14020039abf0f18ff8a86d9c1efa45a0b4952a4af27025954d7edbdc894580d45949

  • /data/data/com.tmart.pesoq/databases/google_app_measurement_local.db
    Filesize

    16KB

    MD5

    4bbdbdb4ffd37a349beec0d558da5432

    SHA1

    e4080f9a9f4b7b00a63d3d33efec9d63f22e49b5

    SHA256

    55a3062428fbe7d725ac62a357e739f909e5ffd2738b3175c08bcfdbc7b52670

    SHA512

    71ad64294275cc5877ee05748061f9b6cb5c2bdbda429b9c46ab429c0290155bd97681147561963047644afae77c4c0a9d04d9fe052a1422e830d1dfb7774659

  • /data/data/com.tmart.pesoq/databases/google_app_measurement_local.db
    Filesize

    16KB

    MD5

    7237409e0640cfab7bdbd429bf821a3b

    SHA1

    4c3da934842f8d4835dfe2a9c275a300e5123309

    SHA256

    5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

    SHA512

    c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

  • /data/data/com.tmart.pesoq/databases/google_app_measurement_local.db-journal
    Filesize

    512B

    MD5

    f05a68ccf62babc132f0dca658962245

    SHA1

    5e3218219f11fa7de7296aca4b2624529fc2f980

    SHA256

    19e58de939aae579a8a43c91aceb29d48500516d7e61f2342e5932e7a3c52bbb

    SHA512

    0f485c340118f00e8f4d053a99a5152e68c385004c6053ba3908c95862ced79da21c2046297da1c6292ca88219290545a6dd890486358b9e1960bd56babd77bd

  • /data/data/com.tmart.pesoq/databases/google_app_measurement_local.db-wal
    Filesize

    36KB

    MD5

    b447b649ca72538d73a7b0820d395e52

    SHA1

    e920f54fa2950af385e1160497e4aa471ecd547d

    SHA256

    3e593606b8511df646df7ac8126a7f47456364da3e325ebd51bb384d3dba4db2

    SHA512

    035cdbb08e820e9cc71310d583d5000f54f1e81d3c4dda4f778225af678bed446b4e0f4b544bd80c8c7192b0ae6450bc642e800025acfe0f916d4c977555290d

  • /data/data/com.tmart.pesoq/databases/google_app_measurement_local.db-wal
    Filesize

    4KB

    MD5

    ebe1e65db80cc46a6520193882d6b821

    SHA1

    1d37a0ea8055eff8498b41578f7e120a142efb77

    SHA256

    3c5ea0d97e3d7656bc55f17fb16a6e5ec1305adb49a39622a04d0c755c66297c

    SHA512

    54050d487d2eab212402a399c5586f07a25a1b8d0b8105f93d15edce2db242d5b77dc54b2004d16644c89a40fa3353c5feeb9a37eba9f40137f7a30d7c1f8e51

  • /data/data/com.tmart.pesoq/databases/google_app_measurement_local.db-wal
    Filesize

    4KB

    MD5

    2a3122cd975308fd90fec45d03a5676f

    SHA1

    22f33f127665cf6e7db9708df68492902c5b329c

    SHA256

    c7cc7f86b6145af1d0e8333f2d3e8c00922b469a8984fa0315e15e3d896b9339

    SHA512

    03389d0ab9cbcfb621c8060bdaf4cf137b8ee7e1b0a331bada8dd67da7bbf64561670da55adc6b249700707feebc08fcab6a2967ba5ea23003b97561f53d45be

  • /data/data/com.tmart.pesoq/databases/google_app_measurement_local.db-wal
    Filesize

    4KB

    MD5

    990ac9fd2f4296644b960851a3c1d544

    SHA1

    745a4b0ace6974f3cc68525c07897a97a4a8ce5c

    SHA256

    ff2f2458ba76196ab4f806d122b99fd0a0cdc549c1b783cfbcfc74da7e0982d1

    SHA512

    5ed651750a3adcb9bebdcfcc0142e176df5b529351f2c6e60fdbb41716c5b8a988b21e5b094e6724df38567c9ef5fc11e101ae06668d683db9d0d6887fe3ced5

  • /data/data/com.tmart.pesoq/databases/google_app_measurement_local.db-wal
    Filesize

    4KB

    MD5

    ca40a51ffd16c25aa4235ac7a7fff6b4

    SHA1

    7671d877a0e726ea3d81b543e57f4776c53857a2

    SHA256

    4c7e087708423c78e54c7932e5faa5ef5237fd8c0af8bed2207771e1ceec2f5b

    SHA512

    5d4a46c9db937da23df79ced208a06f2c4ccc9404deb136a297c09bfe4858278e28bc6dcc94a195490fb9fe3fc0ced06618b4bd3a4d3da61a55ff480f506af71

  • /data/data/com.tmart.pesoq/databases/google_app_measurement_local.db-wal
    Filesize

    4KB

    MD5

    8e47a7875981161e83a60e9843827f7a

    SHA1

    9d530945cfae44f4655fde58628d204a9fe41f7a

    SHA256

    d7ea30758016579fc5d7dc0e9c00a9217213934a1d34fc6e5990d99bb95511f1

    SHA512

    91bbc6a134eca6b64471000e5e7936d4513965c2d280438e6a53297a8ede1f6ea66e1081d528e2a43e1ed22c3f5015603e4bfaadee0d8c59f2c13bc41c8667c9

  • /data/data/com.tmart.pesoq/files/AFRequestCache/1718350670409
    Filesize

    3KB

    MD5

    b4f6bd1a4dc5f70034d39d523d2bc135

    SHA1

    23e848bf2e572b4cf5b84179a608925dd012e446

    SHA256

    9bb4109babc6bfb87f41b2068d1515593d2267cf6b3b2a9358391a499fe86144

    SHA512

    4b4b22f947216a37b5b93b7a05b31e0f0cc16059ae670fd9a081c0c52c9f2033d51fd77b097057aa438ad16703f02043f68873c5f059baeaac2f503495ec0152

  • /data/data/com.tmart.pesoq/files/AFRequestCache/1718350670778
    Filesize

    3KB

    MD5

    5cf2d8f5ceb27d1817bcccf84a30e446

    SHA1

    36f73751c0a03bab781a56ed04f7df7f1868d7f6

    SHA256

    6e3dcfbf6c68eb4c971c1019901c55f924c585c1e01c836ff41b4b28ab89bcd4

    SHA512

    ab0b58a71e67607a6185caafeecaf768d14c0093697d6a4ad1765752cbae63eea46cbd78e187091839bdea5e86ccab0125f9574c83ebf0903eabdfdbcee61575

  • /data/data/com.tmart.pesoq/files/AFRequestCache/1718350672798
    Filesize

    3KB

    MD5

    be9e4c6819eb43df26406391823351c6

    SHA1

    6aec84071a10ac0c8eafc87fc9fd6d73fe370477

    SHA256

    ec1254412b92802745ad8604f76b7fcddb6fb907c563eccf244de606c5b186ba

    SHA512

    6b5a4cc8df8463a80fa738e4b5686fd7cd38276e2a15e38ec34526ae5af67da2c0d54eb9a178995fbf6565c59e9d7011d15059db43bade28928984b4059375e8

  • /data/data/com.tmart.pesoq/files/AppEventsLogger.persistedevents
    Filesize

    1KB

    MD5

    3033a964d6bb93b1ad7bc33f411ca885

    SHA1

    91857eecfad800a949c5162cf9d38ed2034e49f7

    SHA256

    2b440bf1f71108c22631b691889344d2e8967d919af92af8bd3c1566ab97f444

    SHA512

    7a3e6bb24040dcf40a81b51535e1dbbb9bf57ec9cd6073191b5bd76b77b439a2524b422be5b46a91982c4e069b2e0458a94f994832402f7b845ca90bda585ccd

  • /data/data/com.tmart.pesoq/files/AppEventsLogger.persistedevents
    Filesize

    1KB

    MD5

    31875e533cb7d25d203a8bb314df5aa0

    SHA1

    77afb30ab3c45ac89792c130ed319c75d13bc694

    SHA256

    f0f2e615ac1050359ec1a6d72c18fb7efe2335b900e719618f9eaaa0df00fd94

    SHA512

    e1648f2319e085faf1cb2fae952d527a1ec7074ec9152c356456a370a41ad4eccca2ebbb0fb92960b118f989a2799812e5f95a02b046d42e89946983a29989ad

  • /data/data/com.tmart.pesoq/files/PersistedInstallation2176961453363028995tmp
    Filesize

    90B

    MD5

    c8a7d7e676b395938ed92e25aaa3aacd

    SHA1

    90f43a3b6600c7493f99b7e194ec7dc164b0998b

    SHA256

    d382416e8cb67592c71cf53296ac31d15fddaf2e00117f29448967bfef2b5188

    SHA512

    f121248ce1d6444d26d951e8d0d8a13b268f616bf6d929f69f01449b7b334068771a0533ef36e722ada2441c8850e61276d7aef60182207c66cedc81712a1851

  • /data/data/com.tmart.pesoq/files/mmkv/mmkv.default
    Filesize

    4KB

    MD5

    620f0b67a91f7f74151bc5be745b7110

    SHA1

    1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d

    SHA256

    ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7

    SHA512

    2d23913d3759ef01704a86b4bee3ac8a29002313ecc98a7424425a78170f219577822fd77e4ae96313547696ad7d5949b58e12d5063ef2ee063b595740a3a12d

  • Anonymous-DexFile@0xc37d8000-0xc37ddba8
    Filesize

    22KB

    MD5

    ef1a7adb109b0ad4da578f51e3efc1ae

    SHA1

    39672e1c975ff4ae759b869d0410b90fe1ef7b4a

    SHA256

    3ecedeb07b6b3a7d1bd235b387ce65894d83042a1c1bb641cba0a19c1a1f7146

    SHA512

    936257fe696b8434f5d9cc0aad30736d07f97d14c6b1ff968ca3ba405574a0018d813a3126ce25635c255e8717d0abee485cd6ec974722082fdadc6689acf138

  • Anonymous-DexFile@0xd5a1a000-0xd5a1cea4
    Filesize

    11KB

    MD5

    0bba2eda283057834590001bf869edb7

    SHA1

    e82dc44a92e9607e112a845d8c458afbac7dc6c1

    SHA256

    090eea545887cf6b28c51f795bfef902cdc03cd3f4c02695761086d9fd51d4f2

    SHA512

    cdc0d9a03f4f5bdad02b46bb40f8663cfa6bed0a2a7065422837b4f5439dcb8987eec03df76f104ca06b1cf61988b8ce9965997d9d454aed3bd2c8630eac5bc7

  • Anonymous-DexFile@0xd5aed000-0xd5aef020
    Filesize

    8KB

    MD5

    ac209a0b4dd8c3908ca8e0ec2e5c77d4

    SHA1

    beb86f3c2637666dc238aa2dcfeb78169cbebf62

    SHA256

    f7f2390997b68beea68efa62e75a8c38d2c125b8d2c1a4c25ed00ea5d1e203fa

    SHA512

    d8339e188423223f49f2b4b4521f9e014ecf2f9a17242a6394625ca43686fb86bd4978c0ba79b704137155ec4a89b08e302ac6ed1cf14f8d8bfb0adaaae29c13

  • Anonymous-DexFile@0xde4fc000-0xde4fed00
    Filesize

    11KB

    MD5

    c4d6d35e8dc357f7b63b6eed2d76df9e

    SHA1

    82d1922fd10346d3001d2575dbd89c8836bdb931

    SHA256

    2d286b7081c586db4c2eeeabd8284d7dfec04ec3ff3dd8b15b75dd320dd9f452

    SHA512

    f5e4c28860cc8722f62da3883746a92e65348f9a338c8ad9a3a20212ab5e74485b3c049cc74da6fc085292e478fc18fdb970e6e0a6aa0b181db3521383b047e6