Analysis
-
max time kernel
252s -
max time network
260s -
platform
android_x86 -
resource
android-x86-arm-20240611.1-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system -
submitted
14-06-2024 07:45
Static task
static1
Behavioral task
behavioral1
Sample
com.maypera.peso_2024-05-05.apk
Resource
android-x86-arm-20240611.1-en
General
-
Target
com.maypera.peso_2024-05-05.apk
-
Size
17.1MB
-
MD5
a69c82087c22e774ce16a7f50f80cd81
-
SHA1
5ba0a8dff43c6adbcca6e92b0890ae2ed864f579
-
SHA256
34b7dece610c3ee6961c742ca3cbe367fbde00dfbb14d58ed1fdca28a26fc607
-
SHA512
48e8dafdd929d593dc5ac54c5191ee2e5b297cef472c821fca2be22a0addbdcb765f636116e40ecf280cb13e3fa84c4c7a9e91007202dcbfda511f6638fd6814
-
SSDEEP
393216:zfYHi8ilbvg3YCr9T9StIGwhQ3Er1bHxTNENgR6MTXI9W:bYC/ITmIXhQ2bHQqR6Mn
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 3 IoCs
Processes:
com.maypera.pesoioc process /system/app/Superuser.apk com.maypera.peso /system/xbin/su com.maypera.peso /system/bin/su com.maypera.peso -
Loads dropped Dex/Jar 1 TTPs 4 IoCs
Runs executable file dropped to the device during analysis.
Processes:
com.maypera.pesoioc pid process Anonymous-DexFile@0xe5c07000-0xe5c09aa8 4327 com.maypera.peso Anonymous-DexFile@0xde8b3000-0xde8b614c 4327 com.maypera.peso Anonymous-DexFile@0xe5a7a000-0xe5a7cd2c 4327 com.maypera.peso Anonymous-DexFile@0xd0448000-0xd044db38 4327 com.maypera.peso -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.maypera.pesodescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.maypera.peso -
Acquires the wake lock 1 IoCs
Processes:
com.maypera.pesodescription ioc process Framework service call android.os.IPowerManager.acquireWakeLock com.maypera.peso -
Queries information about active data network 1 TTPs 1 IoCs
Processes:
com.maypera.pesodescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.maypera.peso -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
com.maypera.pesodescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.maypera.peso -
Reads information about phone network operator. 1 TTPs
-
Checks the presence of a debugger
-
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
Processes:
com.maypera.pesodescription ioc process Framework API call android.hardware.SensorManager.registerListener com.maypera.peso -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.maypera.pesodescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.maypera.peso -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.maypera.pesodescription ioc process Framework API call javax.crypto.Cipher.doFinal com.maypera.peso -
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
-
com.maypera.peso1⤵
- Checks if the Android device is rooted.
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Listens for changes in the sensor environment (might be used to detect emulation)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.maypera.peso/databases/com.google.android.datatransport.eventsFilesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
/data/data/com.maypera.peso/databases/com.google.android.datatransport.events-journalFilesize
512B
MD5482d41c44159ef7ef25f75ec26a73264
SHA122df622624a4b6de6ada1b2c5238050a34d98920
SHA256ab367b0a280833db608135133513ec9444ec131f4b79293a6ae5239ab7625720
SHA512fe3cf88e0163d68e66599cb6131a93b0e537db5eca60b50eec2295ea5d63bb9b950dfdcb34d68c6b44feb61868f4f969382be8ea349334154b0da4866e17f184
-
/data/data/com.maypera.peso/databases/com.google.android.datatransport.events-shmFilesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
/data/data/com.maypera.peso/databases/com.google.android.datatransport.events-walFilesize
68KB
MD50ccaa4521363406baa18a490d33e9a7a
SHA18bdc24495bde66b19b65a0dfb99b5f99aebb9514
SHA256a3d2d3c02a2c723b5833471a7c160fbd46f82c77bca9a9b4025a42f89a7a652a
SHA51242dc6b38cb1d3c3f11c8f1b4f134672887967fe63218c56cab5ba053fdc6900e528b8d2d0c71f4debe429dde703bb16607d357f2c564ef67d7b2aab80aaad6b0
-
/data/data/com.maypera.peso/databases/google_app_measurement_local.dbFilesize
16KB
MD57237409e0640cfab7bdbd429bf821a3b
SHA14c3da934842f8d4835dfe2a9c275a300e5123309
SHA2565c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa
SHA512c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f
-
/data/data/com.maypera.peso/databases/google_app_measurement_local.dbFilesize
16KB
MD59d305b5459ca6b78da3dd12b51a530f9
SHA18060b3be38a9f7102cd01d7203b375e9596185f3
SHA256c739eed8e6784b1566965b6450d7f94434c1c80ff6f6fc458fe23d2ecf784760
SHA5121eec60b6a3e61664ba7284a59a3228abb63b10939c6fe84fe1d40ebad5ca54cb40b064311ab0c9bf117c2940087692fb6cd0e3f63f059f6efc49f93fd25f641b
-
/data/data/com.maypera.peso/databases/google_app_measurement_local.dbFilesize
16KB
MD59b08215dfd3f89e452519b97fddf0a6d
SHA14a288701dc408d17b76451b6b1d4f8c06512a70e
SHA256f912bbd6a3c80e8ab4aeb64e301ed2c3728e8754864f692137a63100987c5b45
SHA512dec0797d43312b42c7a7ccc241fcc39b2e4aa50f1a78c1a0e78ea6c721b810784e1f3fe6d781a39fc5f5a3613d3fd1c794d2eef9bbd58f1a5bf423595b8eb103
-
/data/data/com.maypera.peso/databases/google_app_measurement_local.dbFilesize
16KB
MD5c7002836350c2b9ffcb429f7439d13f3
SHA1ae83ef37a0120e1b0f39b7747f7792fb65e17add
SHA2567d5119ec8f6e47b1cfd72f6d896dd6b867e687ad32e6efa83733abef7e48fd06
SHA51281c16728ccb41f08e0a0c26663b4843757d35da8ca361cf739b779571088c1f5f1ca71b2c045d246e24b7ffad5260dc0aec76eb2f21500c1722f2167ec4834a4
-
/data/data/com.maypera.peso/databases/google_app_measurement_local.dbFilesize
16KB
MD55b60e9e8259b88dc3c8a67a60cfa82ae
SHA1e3c6d81684dda753d66cdb4e2c683a515e416724
SHA256d17c99532ead72d47f87d394f6a1f0d5154ead319bdc65cba380d3503a01ba48
SHA512a72ce60c6677bee5b35d495aaa5a56c32ea090f4ca9487fcfc327b761754a9f7b2402120564858f69ffc523755d4348ae5ac3f2bbc330a9ddb6fce64953cd266
-
/data/data/com.maypera.peso/databases/google_app_measurement_local.dbFilesize
16KB
MD51b8dec2c5cf3958b219a1dbc224bfba6
SHA15dbfd7ca832fc4d764bf45d9dba2950de3cfe707
SHA256dd9e321c684f6ca1137971ec45cbaf72a0c46b1f60e077a6b519bb516efc64c4
SHA512aaffeb1fd0bd9e4e4fabf5e1edf34c60c0d3d89ac886a2ac64e73c4e23f5fe9a631d503276209db1e7f8d090bb6554f3d5d281d95d980853378f533d1c8f7fde
-
/data/data/com.maypera.peso/databases/google_app_measurement_local.db-journalFilesize
512B
MD50b73951741d50887279cb029c69ae0e1
SHA13b5dbe45993471efd89a5175dbd807cf7e085d14
SHA256d2a5fbe2877273d7956faaf817883ded94c00a2d4e237e7847e3ba77a5db2e0b
SHA512026ede2c2630a3ae409bf42063da442fb5842b59f66df63047d2a1d74e254f7b7a377eb6df5ed0c1e1153724199dfd64180584a9a4242a1a946f33d672ffb5ee
-
/data/data/com.maypera.peso/databases/google_app_measurement_local.db-walFilesize
36KB
MD506e37f80fe2052c40a9474d13fcc71af
SHA119d36c1a079c57c8d6b8069ac1971e9178ab0950
SHA256ad8de637900e4d22691b8df54ffaec81cab5f092b41a624c024d6eb1105356b2
SHA5122c6ed81337679d17b3c8a4a805932584d305351019a9394db999949bb2463f07ebd680859d4d3659f605e6461d027c4fbb1b89cd1faeb5d581390fd82eea3b88
-
/data/data/com.maypera.peso/databases/google_app_measurement_local.db-walFilesize
4KB
MD50fb408c844a917979a198d5fb91b91cd
SHA1c4098758352e2b1798b479cf4f3e9361626f795d
SHA25626709a60d482df7fa3f8ae5df46c5892ef11ca30c9994acf086965ce803fd812
SHA512a1e451ec3b0c73e1e45fb35b4ee2ed5555efdbba0d7f73f1746979e5d9ebb30dd963d9e514c83b23623cbebbbd7ff2e8230c6d9be7593cfa9b383f99b72125df
-
/data/data/com.maypera.peso/databases/google_app_measurement_local.db-walFilesize
4KB
MD524e462a8738e3eafb11cb532fabe7eb3
SHA1d2446b9c3073809ade2c388c8a4fb86dabcba27c
SHA2560ca3bae1df5495cad39ff98d3f34db94467ed1c078f5652f637b19619e2b7739
SHA5127497fa0bbf7c8c4e1f5f7e06472a75b2f5eb2c2d0912d2b76f967ddcff209a2002c30f0b8e30edbb8e34c46f2aca6a29d16c2b163c0f9b2efb8d603c078e62c0
-
/data/data/com.maypera.peso/databases/google_app_measurement_local.db-walFilesize
4KB
MD57e3c7bacd1d4cb4c4e0b40404294b79d
SHA1c25ac01949e180eead3e1ce27b02140e74e43709
SHA256d2b96ff0af11f0e54602c67534a1aaa5752143ef29beb8cc47e91ebb0cee3a4e
SHA512c1805520090fa4c64c062f4e0bde3555e2aa12f457e0c65e8edea4dadc1971039ee6d6aa2f6c34cd4ed193175dc5f6d2ce489161a791a1c993bb5fc4b36d6766
-
/data/data/com.maypera.peso/databases/google_app_measurement_local.db-walFilesize
4KB
MD50d9caa56e533de6c280d36c9dd779eb4
SHA190923eb974f71d27abbac011991c0dc1cb6baa6c
SHA2565b675c064c15a67a128741b3f84c4e8d4cc4a2fca8d0d3dc17f7802cfe15086b
SHA5128ca4fc7b78504cf619fd9f91ab25209cbbe9d66cc6a096e3f8caf879d4cdee38d579e65bd6d8e0e4388d2b3f31093363f0f22c9669624525ada580f5adf18f18
-
/data/data/com.maypera.peso/databases/google_app_measurement_local.db-walFilesize
4KB
MD50a18e1793189e70eb1d3c76db9c6c45c
SHA19bbe2783c2af74385517ff603fd9a9ecad94e35d
SHA256606fae373afcdbb51bb56330dd8521bcb52f6e4d5b825c1f28ebb40fd3dd24d4
SHA5128762c1f8b6ee1af063acab4fd1d57a52604f54b958ddd6fe31550be830f07b360124ee82ec630b2b836e88d251e5f0d64aa6efac0aff4b928f85ad1e6ba2f0ff
-
/data/data/com.maypera.peso/databases/tray.db-journalFilesize
512B
MD529ad7382c20b0162a791abd4fca373b5
SHA18e980d91972104cec4884c5999d3d3d4845583e5
SHA256f06de6ec003cef5554f111bc2d7c26b416119d558de5b145ea58852e3a0d1471
SHA5122951a009a2a2699b7032be3f09d7e086e7cdd1aac9073458aca16f975ef0b2f9af65895a18970d2eb2661451db79bf4138c51e8140d1d6e0357d1034e4bd75ac
-
/data/data/com.maypera.peso/databases/tray.db-walFilesize
56KB
MD585283ecfc4e71445e1a3f70f9b9c2139
SHA1b4ecb2d17d35a51bec8c3961eab12dacd6350927
SHA2566f03422f47f9ef06bf43d9c10511b11a1cb1a071d264e291b78c31195ffed8ed
SHA512f630bcad22512b2c1a540a9bc313efe089aa1a0c96aa1121e1fb9286fe4f8f7d8aeccaa29c14399f788c569d1ca17c699c7f58c5f6e4810dacf4bf60f2da1ac6
-
/data/data/com.maypera.peso/files/.com.google.firebase.crashlytics.files.v2:com.maypera.peso/com.crashlytics.settings.jsonFilesize
712B
MD5d328af672d87167ca9ecc75d4bc1091b
SHA16bfb6c8305628fa5b8f80d2aa9225c6722ae1112
SHA256cc8e6ec6eef727e7d96f73746a2e56942e66d66a0f8d8d97f7eea33a29c96241
SHA512e8fbe5594c4648f290f26733c9172554bee899340b9080e09b3cc7869ff5f3ca62165959dc93c40c90e558b24d6eeafa102252271c60967d49331a9117cb37c7
-
/data/data/com.maypera.peso/files/.com.google.firebase.crashlytics.files.v2:com.maypera.peso/open-sessions/666BF85A0048000110E73B9B6C723A26/reportFilesize
741B
MD5372deca9c397adde2be61d0abae3d2e6
SHA1955555792fe77efaf36af5e7a9ec61fef9726c2b
SHA2568057f2f489a136d5026de109791595985e8679a5a1b16215ef7a4f96c0ab2221
SHA5123f3b1e63146d8da959cf8292909f75a06d97a6c647412bd77fa138906ceeb97e8bebbf0809256e14b5a1b225dc7b119ff38914eeb3908cd094245158da4498c3
-
/data/data/com.maypera.peso/files/.com.google.firebase.crashlytics.files.v2:com.maypera.peso/open-sessions/666BF85A0048000110E73B9B6C723A26/userlogFilesize
911B
MD55b5ff5cf7545306ed5031d262a40ce07
SHA16338b3f9eb31bfada4b2f4e5a5ae31e5d43aff99
SHA256093ef7490006490e908444292ed3163dc9f7501daff02432bd5819cb9226120f
SHA512e4f88d245cff928a7da809538b60fc56117f6b19c72b46aa1128572d05018ff36f245d22a30d101a8c60d33d0aa3e7cc8443d3a27d499c2a306b29fd3526bb64
-
/data/data/com.maypera.peso/files/.com.google.firebase.crashlytics.files.v2:com.maypera.peso/open-sessions/666BF85A0048000110E73B9B6C723A26/userlog.tmpFilesize
16B
MD5c33583fae4e0b61cde1c5b9227963237
SHA1fe2ebe4d27469af1460f7e852031a04208ef629b
SHA25635c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e
-
/data/data/com.maypera.peso/files/AFRequestCache/1718351969095Filesize
2KB
MD5696113fbd82b981b454bfee5a5dd567d
SHA13c82e16f64e8a954ee397015ef8273f53cb0bacb
SHA256914cd21d2f12a1c68b91c19167a147d363f1f7826df64fc6f0d72dc840f1246c
SHA5126c379ba5249513fbf7d2c6d0cbb7eff917d2e7e297fc624e85fa8320aee493a7f503b8365b3a2db574ceb198f76ec25fc87848a64c84c7b7c135fd4d4dfb6dc2
-
/data/data/com.maypera.peso/files/AFRequestCache/1718351974892Filesize
2KB
MD56d8a3e6e3dc90837fb69f50b910596d3
SHA1e3a616273a259f800bb26b86f547fa733a54ff13
SHA25666376a43ebc74f3e0abedcde1eac0bdfb8f913db5e96799129ee0fae9f079e58
SHA512f4e12739a616aee2187821cabe59a7f943a88c40ac1a06535b405d49bfeff4feb9fd602cc3f8c4ac4fe4c8c95439ef53e11e855c6f5005de2f560a544f6fcd45
-
/data/data/com.maypera.peso/files/PersistedInstallation4962794004681411324tmpFilesize
90B
MD5f366bd250f17674b085e222120ea55d9
SHA13eff67d4a85ac34930aa5d443d64587f9add9eb5
SHA256d8301d1e49344da6ab97cc6249c259683e80188ed726f4af3f03cafc84f295e7
SHA5125d52afc2d92fefc12b50941b21dbdf2f95a141acfda6abb426406c7d0ab4315cd0d1e32410240f84e6f2c88007cdccd02ea2822d93402334899fca6d1e298205
-
/data/data/com.maypera.peso/files/PersistedInstallation7017499103451585464tmpFilesize
567B
MD5ca7388958e55b84ca4a08361fe1d3860
SHA152ee9d93932a5bdb58a2515cee4b6b89c76c04bc
SHA2561fb24a48c8b55135abf8c3765457c1fbec3ca1f5d0d732028c40dbff27230cd5
SHA5126a3ab3b437dfd2570bdeab81abe30e5791dfb50fdb82531c0aa0b37c421e602f3b38a9228a157ef5b3eda10901604bc3af77bbe1285f9eeab560f7f4db98afa6
-
/data/data/com.maypera.peso/no_backup/androidx.work.workdb-journalFilesize
512B
MD522b2da31032a0aab4da07225fe533cb0
SHA1091d536480b4a24e9c43f8b6f59e01b29a831261
SHA2567968185cc83fa68c0a24c75174a4c6a2d6d899e5130c57ca9f87bb882b6cc8b7
SHA5126048ecbb131a6c65b8bc1dfe5e771deb74b9986f50c6fe1b16ddbcfe3b3a846bb77edea9d1cc77fa7465ab9d8e26bb76d097dcb1172c7b0a4934f5269b757d87
-
/data/data/com.maypera.peso/no_backup/androidx.work.workdb-walFilesize
16KB
MD5c16aa844ae2280edbd771e54b34cf9a2
SHA1573dc18fa1aa5db0f38af075d58e06d6a0b5c8fd
SHA25649f0ed1a146d2810d7a01f03c1017658d5ae1701c6d66a897c3d35b9c12afaf5
SHA5121bf13dbb121d177f9ca98f448de0c3e7f793929afc6516af6094637c42ee1b962a0683852831e4dc62454de6537236baf5d906028c87c7c9bb4b6ba1e24427fc
-
/data/data/com.maypera.peso/no_backup/androidx.work.workdb-walFilesize
112KB
MD5f6e5d0f4d17d5b7f7c5dbdfe973630d8
SHA1db33829273731156f16a56d21571eb62fe68f4c8
SHA2569dcb07c6e6886b88957fe869b86bdbc268a058b23d62a64241dde8bc38fc3512
SHA51264f60d53d9ce753df1f6b6a57d4fe6e36c292c2ccc4010b34141b52150f6c7bf6a1e00b4b9482e6c0a0a72a7a06e5fe3cab30a48e2c291bdbd35a57a13b20e8a
-
/data/data/com.maypera.peso/no_backup/androidx.work.workdb-walFilesize
120KB
MD5c9f4fd37efdae75a4717386b91a6c8ad
SHA171af665ca1652ca4d3825357bb358ea8c1667a03
SHA2563061a4bb3ca4fe92c30189464ffc86d6e91dc54a1bc9a27a4dd35e6b883b2571
SHA512ad08b8a1ebdc1112edde03583c41d7e6ac394566768e6587a1f2018713d52b9fc72f3d79bc83e934948f54bd57bc239045f24e968aa890cbb7f41cfc37f292a7
-
Anonymous-DexFile@0xd0448000-0xd044db38Filesize
22KB
MD557b9fc36122c38752064ea474051ddec
SHA1264cce700c20cdf09c7f95a0e025cab01c4a2518
SHA25619b314a696d2c932ab6fcdb147b930b0287e036b87fa0ca4b86be91490da2977
SHA512b91d525c1b1d37c9a1c95b26141defa1ba0467da257aa0105da8ee0eb3d9b473c62b2e1106e0dfa0bfa1402fd48dd4db5a8cdb6da1f84ac8c8bea78fa0b43f45
-
Anonymous-DexFile@0xde8b3000-0xde8b614cFilesize
12KB
MD5b48839921953187e835fb5731ad78ad4
SHA12314e0c6e07148b1deb82b4a87947f17d8197ba7
SHA256445db7e82ef1b927f7176a746c353b40b202a18033229c4d18d495163f836874
SHA512340e30e3cb02f05ec88abccfd2dae53d7b49a64db942c5fb8889f481f840d1c5c5e90047dd63c6a09c72ddcbb388495b1bea3aa0de57b0ed54af47a232227dc0
-
Anonymous-DexFile@0xe5a7a000-0xe5a7cd2cFilesize
11KB
MD5e91f7ac648fac3b9fcb31e0faf662dc1
SHA1b1870b65269fe088c5bb4635b735304590c4444d
SHA2566c25e3eeef0b1607ae21ff248b7fa286a5aee41b19fa01167aaa39d3951540c3
SHA512304ed2bedf08e5f17e12b7c4621f64bd6a94d78f9d6404f52d3c26d0c910accc8cdb19deb06b90f730d23900da36ea785f5b8f22a47d4f8458c496765b543b4e
-
Anonymous-DexFile@0xe5c07000-0xe5c09aa8Filesize
10KB
MD5e00990fd74b49515a73bb04c0132a8df
SHA166d7750d27b4a5e8c6822ee8f7df7132c1eecd06
SHA256f4b81ad5a3336f3b7653faf6da2a281edcb4967bb60b5a06b1d88a19e3e39da7
SHA5129dbfaa135a333dd1d261b04232fe814132e3bb0999040b30d327384c2820f804377f6178bb4fd1be8297cf34684b5441decbae1f2997a194b2ae1cc5c7b8a4a6