Analysis

  • max time kernel
    252s
  • max time network
    260s
  • platform
    android_x86
  • resource
    android-x86-arm-20240611.1-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
  • submitted
    14-06-2024 07:45

General

  • Target

    com.maypera.peso_2024-05-05.apk

  • Size

    17.1MB

  • MD5

    a69c82087c22e774ce16a7f50f80cd81

  • SHA1

    5ba0a8dff43c6adbcca6e92b0890ae2ed864f579

  • SHA256

    34b7dece610c3ee6961c742ca3cbe367fbde00dfbb14d58ed1fdca28a26fc607

  • SHA512

    48e8dafdd929d593dc5ac54c5191ee2e5b297cef472c821fca2be22a0addbdcb765f636116e40ecf280cb13e3fa84c4c7a9e91007202dcbfda511f6638fd6814

  • SSDEEP

    393216:zfYHi8ilbvg3YCr9T9StIGwhQ3Er1bHxTNENgR6MTXI9W:bYC/ITmIXhQ2bHQqR6Mn

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 3 IoCs
  • Loads dropped Dex/Jar 1 TTPs 4 IoCs

    Runs executable file dropped to the device during analysis.

  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Acquires the wake lock 1 IoCs
  • Queries information about active data network 1 TTPs 1 IoCs
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
  • Reads information about phone network operator. 1 TTPs
  • Checks the presence of a debugger
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.maypera.peso
    1⤵
    • Checks if the Android device is rooted.
    • Loads dropped Dex/Jar
    • Queries information about running processes on the device
    • Acquires the wake lock
    • Queries information about active data network
    • Queries the mobile country code (MCC)
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:4327

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.maypera.peso/databases/com.google.android.datatransport.events
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

  • /data/data/com.maypera.peso/databases/com.google.android.datatransport.events-journal
    Filesize

    512B

    MD5

    482d41c44159ef7ef25f75ec26a73264

    SHA1

    22df622624a4b6de6ada1b2c5238050a34d98920

    SHA256

    ab367b0a280833db608135133513ec9444ec131f4b79293a6ae5239ab7625720

    SHA512

    fe3cf88e0163d68e66599cb6131a93b0e537db5eca60b50eec2295ea5d63bb9b950dfdcb34d68c6b44feb61868f4f969382be8ea349334154b0da4866e17f184

  • /data/data/com.maypera.peso/databases/com.google.android.datatransport.events-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

  • /data/data/com.maypera.peso/databases/com.google.android.datatransport.events-wal
    Filesize

    68KB

    MD5

    0ccaa4521363406baa18a490d33e9a7a

    SHA1

    8bdc24495bde66b19b65a0dfb99b5f99aebb9514

    SHA256

    a3d2d3c02a2c723b5833471a7c160fbd46f82c77bca9a9b4025a42f89a7a652a

    SHA512

    42dc6b38cb1d3c3f11c8f1b4f134672887967fe63218c56cab5ba053fdc6900e528b8d2d0c71f4debe429dde703bb16607d357f2c564ef67d7b2aab80aaad6b0

  • /data/data/com.maypera.peso/databases/google_app_measurement_local.db
    Filesize

    16KB

    MD5

    7237409e0640cfab7bdbd429bf821a3b

    SHA1

    4c3da934842f8d4835dfe2a9c275a300e5123309

    SHA256

    5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

    SHA512

    c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

  • /data/data/com.maypera.peso/databases/google_app_measurement_local.db
    Filesize

    16KB

    MD5

    9d305b5459ca6b78da3dd12b51a530f9

    SHA1

    8060b3be38a9f7102cd01d7203b375e9596185f3

    SHA256

    c739eed8e6784b1566965b6450d7f94434c1c80ff6f6fc458fe23d2ecf784760

    SHA512

    1eec60b6a3e61664ba7284a59a3228abb63b10939c6fe84fe1d40ebad5ca54cb40b064311ab0c9bf117c2940087692fb6cd0e3f63f059f6efc49f93fd25f641b

  • /data/data/com.maypera.peso/databases/google_app_measurement_local.db
    Filesize

    16KB

    MD5

    9b08215dfd3f89e452519b97fddf0a6d

    SHA1

    4a288701dc408d17b76451b6b1d4f8c06512a70e

    SHA256

    f912bbd6a3c80e8ab4aeb64e301ed2c3728e8754864f692137a63100987c5b45

    SHA512

    dec0797d43312b42c7a7ccc241fcc39b2e4aa50f1a78c1a0e78ea6c721b810784e1f3fe6d781a39fc5f5a3613d3fd1c794d2eef9bbd58f1a5bf423595b8eb103

  • /data/data/com.maypera.peso/databases/google_app_measurement_local.db
    Filesize

    16KB

    MD5

    c7002836350c2b9ffcb429f7439d13f3

    SHA1

    ae83ef37a0120e1b0f39b7747f7792fb65e17add

    SHA256

    7d5119ec8f6e47b1cfd72f6d896dd6b867e687ad32e6efa83733abef7e48fd06

    SHA512

    81c16728ccb41f08e0a0c26663b4843757d35da8ca361cf739b779571088c1f5f1ca71b2c045d246e24b7ffad5260dc0aec76eb2f21500c1722f2167ec4834a4

  • /data/data/com.maypera.peso/databases/google_app_measurement_local.db
    Filesize

    16KB

    MD5

    5b60e9e8259b88dc3c8a67a60cfa82ae

    SHA1

    e3c6d81684dda753d66cdb4e2c683a515e416724

    SHA256

    d17c99532ead72d47f87d394f6a1f0d5154ead319bdc65cba380d3503a01ba48

    SHA512

    a72ce60c6677bee5b35d495aaa5a56c32ea090f4ca9487fcfc327b761754a9f7b2402120564858f69ffc523755d4348ae5ac3f2bbc330a9ddb6fce64953cd266

  • /data/data/com.maypera.peso/databases/google_app_measurement_local.db
    Filesize

    16KB

    MD5

    1b8dec2c5cf3958b219a1dbc224bfba6

    SHA1

    5dbfd7ca832fc4d764bf45d9dba2950de3cfe707

    SHA256

    dd9e321c684f6ca1137971ec45cbaf72a0c46b1f60e077a6b519bb516efc64c4

    SHA512

    aaffeb1fd0bd9e4e4fabf5e1edf34c60c0d3d89ac886a2ac64e73c4e23f5fe9a631d503276209db1e7f8d090bb6554f3d5d281d95d980853378f533d1c8f7fde

  • /data/data/com.maypera.peso/databases/google_app_measurement_local.db-journal
    Filesize

    512B

    MD5

    0b73951741d50887279cb029c69ae0e1

    SHA1

    3b5dbe45993471efd89a5175dbd807cf7e085d14

    SHA256

    d2a5fbe2877273d7956faaf817883ded94c00a2d4e237e7847e3ba77a5db2e0b

    SHA512

    026ede2c2630a3ae409bf42063da442fb5842b59f66df63047d2a1d74e254f7b7a377eb6df5ed0c1e1153724199dfd64180584a9a4242a1a946f33d672ffb5ee

  • /data/data/com.maypera.peso/databases/google_app_measurement_local.db-wal
    Filesize

    36KB

    MD5

    06e37f80fe2052c40a9474d13fcc71af

    SHA1

    19d36c1a079c57c8d6b8069ac1971e9178ab0950

    SHA256

    ad8de637900e4d22691b8df54ffaec81cab5f092b41a624c024d6eb1105356b2

    SHA512

    2c6ed81337679d17b3c8a4a805932584d305351019a9394db999949bb2463f07ebd680859d4d3659f605e6461d027c4fbb1b89cd1faeb5d581390fd82eea3b88

  • /data/data/com.maypera.peso/databases/google_app_measurement_local.db-wal
    Filesize

    4KB

    MD5

    0fb408c844a917979a198d5fb91b91cd

    SHA1

    c4098758352e2b1798b479cf4f3e9361626f795d

    SHA256

    26709a60d482df7fa3f8ae5df46c5892ef11ca30c9994acf086965ce803fd812

    SHA512

    a1e451ec3b0c73e1e45fb35b4ee2ed5555efdbba0d7f73f1746979e5d9ebb30dd963d9e514c83b23623cbebbbd7ff2e8230c6d9be7593cfa9b383f99b72125df

  • /data/data/com.maypera.peso/databases/google_app_measurement_local.db-wal
    Filesize

    4KB

    MD5

    24e462a8738e3eafb11cb532fabe7eb3

    SHA1

    d2446b9c3073809ade2c388c8a4fb86dabcba27c

    SHA256

    0ca3bae1df5495cad39ff98d3f34db94467ed1c078f5652f637b19619e2b7739

    SHA512

    7497fa0bbf7c8c4e1f5f7e06472a75b2f5eb2c2d0912d2b76f967ddcff209a2002c30f0b8e30edbb8e34c46f2aca6a29d16c2b163c0f9b2efb8d603c078e62c0

  • /data/data/com.maypera.peso/databases/google_app_measurement_local.db-wal
    Filesize

    4KB

    MD5

    7e3c7bacd1d4cb4c4e0b40404294b79d

    SHA1

    c25ac01949e180eead3e1ce27b02140e74e43709

    SHA256

    d2b96ff0af11f0e54602c67534a1aaa5752143ef29beb8cc47e91ebb0cee3a4e

    SHA512

    c1805520090fa4c64c062f4e0bde3555e2aa12f457e0c65e8edea4dadc1971039ee6d6aa2f6c34cd4ed193175dc5f6d2ce489161a791a1c993bb5fc4b36d6766

  • /data/data/com.maypera.peso/databases/google_app_measurement_local.db-wal
    Filesize

    4KB

    MD5

    0d9caa56e533de6c280d36c9dd779eb4

    SHA1

    90923eb974f71d27abbac011991c0dc1cb6baa6c

    SHA256

    5b675c064c15a67a128741b3f84c4e8d4cc4a2fca8d0d3dc17f7802cfe15086b

    SHA512

    8ca4fc7b78504cf619fd9f91ab25209cbbe9d66cc6a096e3f8caf879d4cdee38d579e65bd6d8e0e4388d2b3f31093363f0f22c9669624525ada580f5adf18f18

  • /data/data/com.maypera.peso/databases/google_app_measurement_local.db-wal
    Filesize

    4KB

    MD5

    0a18e1793189e70eb1d3c76db9c6c45c

    SHA1

    9bbe2783c2af74385517ff603fd9a9ecad94e35d

    SHA256

    606fae373afcdbb51bb56330dd8521bcb52f6e4d5b825c1f28ebb40fd3dd24d4

    SHA512

    8762c1f8b6ee1af063acab4fd1d57a52604f54b958ddd6fe31550be830f07b360124ee82ec630b2b836e88d251e5f0d64aa6efac0aff4b928f85ad1e6ba2f0ff

  • /data/data/com.maypera.peso/databases/tray.db-journal
    Filesize

    512B

    MD5

    29ad7382c20b0162a791abd4fca373b5

    SHA1

    8e980d91972104cec4884c5999d3d3d4845583e5

    SHA256

    f06de6ec003cef5554f111bc2d7c26b416119d558de5b145ea58852e3a0d1471

    SHA512

    2951a009a2a2699b7032be3f09d7e086e7cdd1aac9073458aca16f975ef0b2f9af65895a18970d2eb2661451db79bf4138c51e8140d1d6e0357d1034e4bd75ac

  • /data/data/com.maypera.peso/databases/tray.db-wal
    Filesize

    56KB

    MD5

    85283ecfc4e71445e1a3f70f9b9c2139

    SHA1

    b4ecb2d17d35a51bec8c3961eab12dacd6350927

    SHA256

    6f03422f47f9ef06bf43d9c10511b11a1cb1a071d264e291b78c31195ffed8ed

    SHA512

    f630bcad22512b2c1a540a9bc313efe089aa1a0c96aa1121e1fb9286fe4f8f7d8aeccaa29c14399f788c569d1ca17c699c7f58c5f6e4810dacf4bf60f2da1ac6

  • /data/data/com.maypera.peso/files/.com.google.firebase.crashlytics.files.v2:com.maypera.peso/com.crashlytics.settings.json
    Filesize

    712B

    MD5

    d328af672d87167ca9ecc75d4bc1091b

    SHA1

    6bfb6c8305628fa5b8f80d2aa9225c6722ae1112

    SHA256

    cc8e6ec6eef727e7d96f73746a2e56942e66d66a0f8d8d97f7eea33a29c96241

    SHA512

    e8fbe5594c4648f290f26733c9172554bee899340b9080e09b3cc7869ff5f3ca62165959dc93c40c90e558b24d6eeafa102252271c60967d49331a9117cb37c7

  • /data/data/com.maypera.peso/files/.com.google.firebase.crashlytics.files.v2:com.maypera.peso/open-sessions/666BF85A0048000110E73B9B6C723A26/report
    Filesize

    741B

    MD5

    372deca9c397adde2be61d0abae3d2e6

    SHA1

    955555792fe77efaf36af5e7a9ec61fef9726c2b

    SHA256

    8057f2f489a136d5026de109791595985e8679a5a1b16215ef7a4f96c0ab2221

    SHA512

    3f3b1e63146d8da959cf8292909f75a06d97a6c647412bd77fa138906ceeb97e8bebbf0809256e14b5a1b225dc7b119ff38914eeb3908cd094245158da4498c3

  • /data/data/com.maypera.peso/files/.com.google.firebase.crashlytics.files.v2:com.maypera.peso/open-sessions/666BF85A0048000110E73B9B6C723A26/userlog
    Filesize

    911B

    MD5

    5b5ff5cf7545306ed5031d262a40ce07

    SHA1

    6338b3f9eb31bfada4b2f4e5a5ae31e5d43aff99

    SHA256

    093ef7490006490e908444292ed3163dc9f7501daff02432bd5819cb9226120f

    SHA512

    e4f88d245cff928a7da809538b60fc56117f6b19c72b46aa1128572d05018ff36f245d22a30d101a8c60d33d0aa3e7cc8443d3a27d499c2a306b29fd3526bb64

  • /data/data/com.maypera.peso/files/.com.google.firebase.crashlytics.files.v2:com.maypera.peso/open-sessions/666BF85A0048000110E73B9B6C723A26/userlog.tmp
    Filesize

    16B

    MD5

    c33583fae4e0b61cde1c5b9227963237

    SHA1

    fe2ebe4d27469af1460f7e852031a04208ef629b

    SHA256

    35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

    SHA512

    fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

  • /data/data/com.maypera.peso/files/AFRequestCache/1718351969095
    Filesize

    2KB

    MD5

    696113fbd82b981b454bfee5a5dd567d

    SHA1

    3c82e16f64e8a954ee397015ef8273f53cb0bacb

    SHA256

    914cd21d2f12a1c68b91c19167a147d363f1f7826df64fc6f0d72dc840f1246c

    SHA512

    6c379ba5249513fbf7d2c6d0cbb7eff917d2e7e297fc624e85fa8320aee493a7f503b8365b3a2db574ceb198f76ec25fc87848a64c84c7b7c135fd4d4dfb6dc2

  • /data/data/com.maypera.peso/files/AFRequestCache/1718351974892
    Filesize

    2KB

    MD5

    6d8a3e6e3dc90837fb69f50b910596d3

    SHA1

    e3a616273a259f800bb26b86f547fa733a54ff13

    SHA256

    66376a43ebc74f3e0abedcde1eac0bdfb8f913db5e96799129ee0fae9f079e58

    SHA512

    f4e12739a616aee2187821cabe59a7f943a88c40ac1a06535b405d49bfeff4feb9fd602cc3f8c4ac4fe4c8c95439ef53e11e855c6f5005de2f560a544f6fcd45

  • /data/data/com.maypera.peso/files/PersistedInstallation4962794004681411324tmp
    Filesize

    90B

    MD5

    f366bd250f17674b085e222120ea55d9

    SHA1

    3eff67d4a85ac34930aa5d443d64587f9add9eb5

    SHA256

    d8301d1e49344da6ab97cc6249c259683e80188ed726f4af3f03cafc84f295e7

    SHA512

    5d52afc2d92fefc12b50941b21dbdf2f95a141acfda6abb426406c7d0ab4315cd0d1e32410240f84e6f2c88007cdccd02ea2822d93402334899fca6d1e298205

  • /data/data/com.maypera.peso/files/PersistedInstallation7017499103451585464tmp
    Filesize

    567B

    MD5

    ca7388958e55b84ca4a08361fe1d3860

    SHA1

    52ee9d93932a5bdb58a2515cee4b6b89c76c04bc

    SHA256

    1fb24a48c8b55135abf8c3765457c1fbec3ca1f5d0d732028c40dbff27230cd5

    SHA512

    6a3ab3b437dfd2570bdeab81abe30e5791dfb50fdb82531c0aa0b37c421e602f3b38a9228a157ef5b3eda10901604bc3af77bbe1285f9eeab560f7f4db98afa6

  • /data/data/com.maypera.peso/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    22b2da31032a0aab4da07225fe533cb0

    SHA1

    091d536480b4a24e9c43f8b6f59e01b29a831261

    SHA256

    7968185cc83fa68c0a24c75174a4c6a2d6d899e5130c57ca9f87bb882b6cc8b7

    SHA512

    6048ecbb131a6c65b8bc1dfe5e771deb74b9986f50c6fe1b16ddbcfe3b3a846bb77edea9d1cc77fa7465ab9d8e26bb76d097dcb1172c7b0a4934f5269b757d87

  • /data/data/com.maypera.peso/no_backup/androidx.work.workdb-wal
    Filesize

    16KB

    MD5

    c16aa844ae2280edbd771e54b34cf9a2

    SHA1

    573dc18fa1aa5db0f38af075d58e06d6a0b5c8fd

    SHA256

    49f0ed1a146d2810d7a01f03c1017658d5ae1701c6d66a897c3d35b9c12afaf5

    SHA512

    1bf13dbb121d177f9ca98f448de0c3e7f793929afc6516af6094637c42ee1b962a0683852831e4dc62454de6537236baf5d906028c87c7c9bb4b6ba1e24427fc

  • /data/data/com.maypera.peso/no_backup/androidx.work.workdb-wal
    Filesize

    112KB

    MD5

    f6e5d0f4d17d5b7f7c5dbdfe973630d8

    SHA1

    db33829273731156f16a56d21571eb62fe68f4c8

    SHA256

    9dcb07c6e6886b88957fe869b86bdbc268a058b23d62a64241dde8bc38fc3512

    SHA512

    64f60d53d9ce753df1f6b6a57d4fe6e36c292c2ccc4010b34141b52150f6c7bf6a1e00b4b9482e6c0a0a72a7a06e5fe3cab30a48e2c291bdbd35a57a13b20e8a

  • /data/data/com.maypera.peso/no_backup/androidx.work.workdb-wal
    Filesize

    120KB

    MD5

    c9f4fd37efdae75a4717386b91a6c8ad

    SHA1

    71af665ca1652ca4d3825357bb358ea8c1667a03

    SHA256

    3061a4bb3ca4fe92c30189464ffc86d6e91dc54a1bc9a27a4dd35e6b883b2571

    SHA512

    ad08b8a1ebdc1112edde03583c41d7e6ac394566768e6587a1f2018713d52b9fc72f3d79bc83e934948f54bd57bc239045f24e968aa890cbb7f41cfc37f292a7

  • Anonymous-DexFile@0xd0448000-0xd044db38
    Filesize

    22KB

    MD5

    57b9fc36122c38752064ea474051ddec

    SHA1

    264cce700c20cdf09c7f95a0e025cab01c4a2518

    SHA256

    19b314a696d2c932ab6fcdb147b930b0287e036b87fa0ca4b86be91490da2977

    SHA512

    b91d525c1b1d37c9a1c95b26141defa1ba0467da257aa0105da8ee0eb3d9b473c62b2e1106e0dfa0bfa1402fd48dd4db5a8cdb6da1f84ac8c8bea78fa0b43f45

  • Anonymous-DexFile@0xde8b3000-0xde8b614c
    Filesize

    12KB

    MD5

    b48839921953187e835fb5731ad78ad4

    SHA1

    2314e0c6e07148b1deb82b4a87947f17d8197ba7

    SHA256

    445db7e82ef1b927f7176a746c353b40b202a18033229c4d18d495163f836874

    SHA512

    340e30e3cb02f05ec88abccfd2dae53d7b49a64db942c5fb8889f481f840d1c5c5e90047dd63c6a09c72ddcbb388495b1bea3aa0de57b0ed54af47a232227dc0

  • Anonymous-DexFile@0xe5a7a000-0xe5a7cd2c
    Filesize

    11KB

    MD5

    e91f7ac648fac3b9fcb31e0faf662dc1

    SHA1

    b1870b65269fe088c5bb4635b735304590c4444d

    SHA256

    6c25e3eeef0b1607ae21ff248b7fa286a5aee41b19fa01167aaa39d3951540c3

    SHA512

    304ed2bedf08e5f17e12b7c4621f64bd6a94d78f9d6404f52d3c26d0c910accc8cdb19deb06b90f730d23900da36ea785f5b8f22a47d4f8458c496765b543b4e

  • Anonymous-DexFile@0xe5c07000-0xe5c09aa8
    Filesize

    10KB

    MD5

    e00990fd74b49515a73bb04c0132a8df

    SHA1

    66d7750d27b4a5e8c6822ee8f7df7132c1eecd06

    SHA256

    f4b81ad5a3336f3b7653faf6da2a281edcb4967bb60b5a06b1d88a19e3e39da7

    SHA512

    9dbfaa135a333dd1d261b04232fe814132e3bb0999040b30d327384c2820f804377f6178bb4fd1be8297cf34684b5441decbae1f2997a194b2ae1cc5c7b8a4a6