Analysis Overview
SHA256
ed33bdcb0049b0efcce2da3ea42e30e257f2e831dd33d9f3a3d90f6a3abb9d32
Threat Level: Shows suspicious behavior
The file b3e253e3fa4f1ad42c410ccc2e0f8335_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Queries information about running processes on the device
Requests dangerous framework permissions
Queries information about active data network
Queries information about the current Wi-Fi connection
Reads information about phone network operator.
Registers a broadcast receiver at runtime (usually for listening for system events)
Uses Crypto APIs (Might try to encrypt user data)
Checks CPU information
Checks memory information
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-16 14:02
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to record audio. | android.permission.RECORD_AUDIO | N/A | N/A |
| Allows an application to read or write the system settings. | android.permission.WRITE_SETTINGS | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
| Allows access to the list of accounts in the Accounts Service. | android.permission.GET_ACCOUNTS | N/A | N/A |
| Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. | android.permission.PROCESS_OUTGOING_CALLS | N/A | N/A |
| Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. | android.permission.SYSTEM_ALERT_WINDOW | N/A | N/A |
| Allows an application to write the user's contacts data. | android.permission.WRITE_CONTACTS | N/A | N/A |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
Analysis: behavioral6
Detonation Overview
Submitted
2024-06-16 14:02
Reported
2024-06-16 14:05
Platform
android-x64-20240611.1-en
Max time kernel
7s
Max time network
149s
Command Line
Signatures
Processes
tv.pps.bi.biplugin
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.169.42:443 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 216.58.201.104:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.179.238:443 | android.apis.google.com | tcp |
| GB | 172.217.169.42:443 | tcp | |
| GB | 142.250.187.206:443 | tcp | |
| GB | 142.250.187.194:443 | tcp | |
| GB | 172.217.169.42:443 | tcp | |
| GB | 172.217.16.228:443 | tcp | |
| GB | 172.217.16.228:443 | tcp | |
| GB | 142.250.179.238:443 | android.apis.google.com | tcp |
Files
/storage/emulated/0/settings/tv.pps.bi.biplugin
| MD5 | 58b07ca175e39f20bf923e21452ae557 |
| SHA1 | ea7e4fc0a3c2a89da05d7c38ead35be57ada6a37 |
| SHA256 | 006cfdf8a84ac13f74ec9c2d90fc7e3f26f085ae0a653486061e138525772991 |
| SHA512 | d865f3e23aca4aaf0fcdf993a7e0d001ea5d332d77f43bfc89b0d85faa1b7c9c664e71a0c834a25f468be56553c294287683e71574531554fa310e8a669a56c0 |
Analysis: behavioral7
Detonation Overview
Submitted
2024-06-16 14:02
Reported
2024-06-16 14:05
Platform
android-x64-arm64-20240611.1-en
Max time kernel
7s
Max time network
167s
Command Line
Signatures
Processes
tv.pps.bi.biplugin
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.204.78:443 | tcp | |
| GB | 216.58.204.78:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.187.232:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.178.4:443 | tcp | |
| GB | 142.250.178.4:443 | tcp | |
| GB | 216.58.201.110:443 | tcp | |
| GB | 216.58.212.194:443 | tcp |
Files
/storage/emulated/0/settings/tv.pps.bi.biplugin
| MD5 | 58b07ca175e39f20bf923e21452ae557 |
| SHA1 | ea7e4fc0a3c2a89da05d7c38ead35be57ada6a37 |
| SHA256 | 006cfdf8a84ac13f74ec9c2d90fc7e3f26f085ae0a653486061e138525772991 |
| SHA512 | d865f3e23aca4aaf0fcdf993a7e0d001ea5d332d77f43bfc89b0d85faa1b7c9c664e71a0c834a25f468be56553c294287683e71574531554fa310e8a669a56c0 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-16 14:02
Reported
2024-06-16 14:05
Platform
android-x86-arm-20240611.1-en
Max time kernel
179s
Max time network
160s
Command Line
Signatures
Queries information about running processes on the device
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Reads information about phone network operator.
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
tv.pps.mobile
mount
cat /proc/cpuinfo
tv.pps.mobile:pluginDownloadService
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | static.qiyi.com | udp |
| SG | 118.26.120.1:80 | static.qiyi.com | tcp |
| US | 1.1.1.1:53 | pdata.video.qiyi.com | udp |
| US | 1.1.1.1:53 | update.ppstream.com | udp |
| US | 1.1.1.1:53 | list3.ppstream.com | udp |
| GB | 216.58.212.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.46:443 | android.apis.google.com | tcp |
| SG | 118.26.120.3:80 | list3.ppstream.com | tcp |
| SG | 114.119.175.88:80 | pdata.video.qiyi.com | tcp |
| SG | 118.26.120.3:80 | list3.ppstream.com | tcp |
| US | 1.1.1.1:53 | hmma.baidu.com | udp |
| CN | 61.155.106.173:17788 | udp | |
| CN | 183.61.95.102:17788 | udp | |
| CN | 118.123.243.49:17788 | udp | |
| CN | 119.188.40.99:17788 | udp | |
| CN | 183.61.95.13:17788 | udp | |
| CN | 183.61.95.34:17788 | udp | |
| HK | 103.235.47.161:80 | hmma.baidu.com | tcp |
| US | 1.1.1.1:53 | vh01.ppstream.com | udp |
| US | 1.1.1.1:53 | vh11.ppstream.com | udp |
| US | 1.1.1.1:53 | vh02.ppstream.com | udp |
| US | 1.1.1.1:53 | vh12.ppstream.com | udp |
| US | 1.1.1.1:53 | vh03.ppstream.com | udp |
| US | 1.1.1.1:53 | vh13.ppstream.com | udp |
| US | 1.1.1.1:53 | vh04.ppstream.com | udp |
| US | 1.1.1.1:53 | vh14.ppstream.com | udp |
| US | 1.1.1.1:53 | aph.ppstream.com | udp |
| SG | 114.119.175.88:80 | pdata.video.qiyi.com | tcp |
| US | 1.1.1.1:53 | flux.ppstream.com | udp |
| US | 1.1.1.1:53 | v2h.ppstream.com | udp |
| US | 1.1.1.1:53 | flux.hcdn.qiyi.com | udp |
| US | 1.1.1.1:53 | flux.hcdn.ppstream.com | udp |
| SG | 114.119.175.88:80 | pdata.video.qiyi.com | tcp |
| SG | 114.119.175.88:80 | pdata.video.qiyi.com | tcp |
| SG | 114.119.175.88:80 | pdata.video.qiyi.com | tcp |
Files
/data/data/tv.pps.mobile/databases/qyvideo.db-journal
| MD5 | 916b7110bcdb11b35bee26a8c5b4d778 |
| SHA1 | 9e0ea372be42a1d492097018937e6d6cb5338a3e |
| SHA256 | e4e614194f13692ab4b0509e95eca00eae5669d7495ad6422547408323bfb375 |
| SHA512 | 53cbbea66677cc4378cc3f937982aafefaa19f204611cd6d1b7421f12cd8a38cda659bd7a38e8fe00771decf90f7f7a48f0f5c5f6f3b168cde6c7eb959694e79 |
/data/data/tv.pps.mobile/databases/qyvideo.db
| MD5 | a7287455eae6d7548221b575167477bb |
| SHA1 | 29e978ac05954ab97b91c40c4579713ebbc6120b |
| SHA256 | 3d6056bed0205f52782a7800513deca99895f8f2c17b3eec556da3919205c7fc |
| SHA512 | 10303e569646bb7eeed1f047435877423544ecde4bcdd373953c05319cd65a0421724d6bf61bcdeb78912bad43cf8d450111062a611da87fbf18b6ed345e2bf2 |
/data/data/tv.pps.mobile/databases/qyvideo.db-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/tv.pps.mobile/databases/qyvideo.db-wal
| MD5 | e55c4c50b9396782d15fed612b5add9d |
| SHA1 | 54716088d75b8df8f03b8e83a308312ed587630a |
| SHA256 | 775e932facb216dbb582c57b4d9570da67ae6de90c018b78f6a090e476d2ceb8 |
| SHA512 | b351b72539f4caabce485f44eac519eec47416136a256c6e61d69aa6f77ed8c473f28ab7a9560dbbec586e847686ad0704ced50a82c10e321cb3f5cc683e94bc |
/data/data/tv.pps.mobile/cache/content_cache/DISCOVERY_MENU
| MD5 | 3fc0411282a0497cfdf371e5205df953 |
| SHA1 | b73a2fa33b6f7296f003d5ed4196581c0bff9605 |
| SHA256 | 1f189a3e5cad53135f42a231006e67cf53bc49a37d5ba6eaf9eb540dd439aa82 |
| SHA512 | 184be35ca4fd985ff93a480b750aa68bf4b3979d5773e8a241fe7937dffbbc9f5627188c9132c5546981437edbd904adb88d5d01ebf9717dcb359a0aaca8ed06 |
/data/data/tv.pps.mobile/cache/content_cache/MYMAIN_MENU
| MD5 | 517c2e4a111b75a29541e8af471250a8 |
| SHA1 | 3a3122c166a13aa561b65d683e3db18c9955065f |
| SHA256 | bb72b3174c1b89cfd81c8ac81aa5be2ede5ba5727c867bcb0afb8be762fdabff |
| SHA512 | 6c32a3b1be283055eb6b5a229cb72bd861f79b9cff4b51b8cb5a0eb5e770b219f37f4e7f6d7119e0e2b54f6efe76a8411be03d453309b51055e127120632d4fc |
/data/data/tv.pps.mobile/cache/content_cache/CATEGORY_LIST
| MD5 | 1ee8774ae2e55f03265c3e7fb317c9d2 |
| SHA1 | e2335791e8736edcbe824b234dcf059d865d41ca |
| SHA256 | cbda74a10c9e72d6aabe77e3b77f388242cacc1bb9f2cc6c6b1abe6083532c8e |
| SHA512 | eff1d3713770923f1fdbac2d434fa5b494f2556b5870a6f3b36da25a9aa15d6792e2bb39ac110b4aeaaf8035d39582e3126f418f123ec244e0fc9d237a78a832 |
/data/data/tv.pps.mobile/files/qyvideo.db-journal
| MD5 | c16e56664c4beacecffa03a919e02a57 |
| SHA1 | b47da35c5d8b9c9e6f2a15bfca942cf94252a8f3 |
| SHA256 | 0da2b1426f24b554f0b81042fbeebdc0f80d7dadc1c5cf4b7a2c7955746ac24c |
| SHA512 | b58d40ae41b37f3cc2a6173721886cd0f8616788f28b101c4be2a010884c227e2a9a6d36e327912f42324168a4b18272ba3f65a32a358c9659fffff04100a414 |
/data/data/tv.pps.mobile/files/qyvideo.db-wal
| MD5 | ad05f2ea46d0a0bea278d889181f2e70 |
| SHA1 | 0f3ecd1e43fdb7b83f14231c3754d3bad039875f |
| SHA256 | 6e8f1dd133f538867f430fa5ecef1f97fc260fd38ccd8c0b8877b8aaecf48478 |
| SHA512 | c8beb9dd41b050977f0d7bc0714ace57442abbdee6af3f9f853bae12541780813cfa617059bb555fc1e84575e80568adb11bf71686fd0351fce604d975c223bd |
/data/data/tv.pps.mobile/config/ems.conf
| MD5 | 44226844c7280ab45156aeb9655dd728 |
| SHA1 | de7a88dbbe0ec6b5ea0bf6040e8ddd9ba28c2db3 |
| SHA256 | b443d9ec9668b20b702e386854811841baece82f225bf82458621d31512696be |
| SHA512 | 10b172dbdb6c04717c8eb5b86b750d6b23017c6a15c32b6867e831258a26ea6f78d39871da5feddef964776b4050995a42be465c31428d75570a8ad749c9e538 |
/data/data/tv.pps.mobile/config/ems.conf
| MD5 | 3e78df08fe31b11f68041f0ce764619c |
| SHA1 | fd038c64cb5c09e2a8bc2363d0b5d307891902a5 |
| SHA256 | 8bedefdd47f9c5789fd4d312b6478819556d3d21d6833a52366e3a430d23b63c |
| SHA512 | a4d97fac46f44a9a8f99255a859be0f254e3c987c79ce942bb8bfe2a67199661d8f9ab308edabad683b74b15a55292d8dc5e407dd0908dd50139965c40f31d7a |
/data/data/tv.pps.mobile/databases/app_store.db-journal
| MD5 | c7698a2a09f21fd8a80ef467cac32577 |
| SHA1 | a40cd2a8bd944b2316b7d4be4523bd68a57f1e0a |
| SHA256 | 065fff2eef77f8d47f7b161d7c0be1e75ac74d97f8be7206264276b3dbf84647 |
| SHA512 | 570046e520d651372f68b3a317eff84d51f14de6f317fea46887b4ad101d80b7f1710d3dd16d1d93440c4a983b1b5c4d99c08333754242819ef0284085a3b43e |
/data/data/tv.pps.mobile/databases/app_store.db
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/tv.pps.mobile/config/PSNetwork.ini
| MD5 | 1dd21e9211d68453417eb18838e93e8f |
| SHA1 | 3d4073aa947ff257e685f3cd0b56ed069108828f |
| SHA256 | c0db576a37e7d2c4cf624e173f014d875d1effb3a38a69c778109b1e2d9dcc2b |
| SHA512 | 15204b145ebb875c1d3aca9c1603c7170f9f187c27d5fe94cf63fe98513f0c5703830576c6f4ef51df7749dc72edf8af85a649e04b00815aad240574ec6ea891 |
/data/data/tv.pps.mobile/databases/deliver.db-journal
| MD5 | 7e9ea56630bdb43760b0850838cd0ea4 |
| SHA1 | 76d6ac958176ec1be51376281e55262eac83b9b8 |
| SHA256 | 29651b226faedcfb0b550cd5c1a11547fdddca19ef264dd800fc12c83f054bd5 |
| SHA512 | 7201bd8b7fc3484d2c4388604247c001e901d4a0a46e8ad2c48219a9f2f6285dbaa022f0f0e530a5e87aa2661e99e86e9406f9b558a3fd13abf131d9d3171897 |
/data/data/tv.pps.mobile/databases/deliver.db
| MD5 | 2490339cd8d5f80b45750e5e493f48b7 |
| SHA1 | 2aee1dfdd477a67b7515abb8f4c823338f6bce3d |
| SHA256 | 361f608b6b59c101ee1f35f4964aa0a67c817a4b2e42bcb91e6b579c57ad20b7 |
| SHA512 | d98a92c00d476bcbe2073baabf0210519041c7918e4c340491e6cd9122ebf76f24c5474b4c0b09f9903c7cdf7f95f2d50f3d09b944bbc69e34bbb848ec24be9b |
/data/data/tv.pps.mobile/databases/app_store.db-wal
| MD5 | 80d849fb73dd6b303eb37f088844738d |
| SHA1 | b2fedb68e17369146b0c5ae95f43aab743cf5734 |
| SHA256 | c5d281d2d998a29b70755598cdf81b3e94653fe221630fc0e5d1a29f9ac86fbb |
| SHA512 | fbb7ad895a196c53773908b1405d2c7e195af6379680ff3e8dabe30100c2dc24b2a29cc9e692748c40fa8e185c75b7bd63e4f54437113b670b0dd7a43283ec9d |
/data/data/tv.pps.mobile/databases/deliver.db-wal
| MD5 | f91836c6ab3a9576fe9a5f6480f97a04 |
| SHA1 | 2cc61703995caa66875104e70c29c21298e8ee15 |
| SHA256 | e9d5919a6f2edf8927a077e8cec74963447f69b81cb084e0bf7295f2ae35de4e |
| SHA512 | 2d755a56138c6e6216dc9b3fe09b648dfa5ab9e8be238cf2f0245b73a8e5f7fe1d19ea662c79ea64fc38fe7f7daed849969a30d79e809317349e2321400e9eec |
/data/data/tv.pps.mobile/config/PSNetwork.ini
| MD5 | 9bfa0661f36ac7b8b888507178e6b710 |
| SHA1 | b4383e9078d6777f536d37805f476ac6ffb8d911 |
| SHA256 | a91bb002996ff6c3f33bec503daadd2730090bc208fb604107b95f882634672f |
| SHA512 | e33341c5bc6a7957d72c2d45fccefd07ad81aac9a54abf52675b308356dc79c40774ac9680c80bae6451811b9b0493389c16b720dc44743924648d8205cd113d |
/data/data/tv.pps.mobile/config/pgf.cache-journal
| MD5 | a60174e682f8fd57ae5f9ed3ff8407bf |
| SHA1 | 7ce89d2042f2e477a4c58ba183f7cd1a9a3b6042 |
| SHA256 | c6f5b9a06652f7bcfee18fce2af530caf9cd2f2b52ed35317f074b242721bbbe |
| SHA512 | e71f61e2d1df1614d02a4e8187d7ca547819ef4add03c04a92e23e9a09be5cbcb8a8887f3d089e70d99fd98c646d5e36f67b6390b19c51cc5edfe341613f5c1e |
/data/data/tv.pps.mobile/config/pgf.cache
| MD5 | 97a07616cf9f7b43a6ec7e90223a685f |
| SHA1 | a5a5cfc78eab371debfef5a373fc5032983919d6 |
| SHA256 | f12aee37e7f689df194d6aed47ded7f32e458e390ecbbdbb06d9e56871e97b7f |
| SHA512 | 6afde4f4dbe820887045eef95b61d17a063cc81c015c511ebaf768e9044dab421e51949c5a2868fbd926f6a4d0498a33928c53c66d48427743f04348a7a69870 |
/data/data/tv.pps.mobile/config/pgf.cache-journal
| MD5 | f2f11466732b8338aa562747ef26367f |
| SHA1 | 848c6233c9243e5c370d985c90f151191d5db972 |
| SHA256 | ee51a2be82de1a34b1380c404206d24782f7d6e1802fda18855df6a3c55d3784 |
| SHA512 | 1763f72a6244d238486903307b005b6777a4f015e99c5ad270d2112eb2ea9937dd5f3254e6e96c3a61127ce7124733b8e914e5699c39bc25c1be7a40a1710511 |
/data/data/tv.pps.mobile/config/pgf.cache-journal
| MD5 | 94a054ad6b4028b712fa457cb188d1f9 |
| SHA1 | 8efd4aa3cb86169153d0b5f558d99f2a61c34a1a |
| SHA256 | 4bf75fe1583ba6dc1db5fc79012fe94f266b0e77694bffc1eb7ffd5e3c9834ed |
| SHA512 | 3e7fe7727bd66eba660579fb7379001e52de9444baee801e29807b33af358bc8f143735c95853795dc661ec44c9cc1fa0766d7809effafaa481ae78878765cc4 |
/storage/emulated/0/baidu/.cuid
| MD5 | 8ba4e3baa4fc6582215898b76f47401d |
| SHA1 | 56bb6e0d10b62fc809c3daada9b9d71b4c783d8e |
| SHA256 | 6d6bcfb3983f18b7c1559fa397e82b93a9b4b2ffcfd09fa6b8f0af1cf9d638aa |
| SHA512 | 64d698fdcf913b0f114f788405f95a6fdd5cc83417c2f178c32833a0a66a194c64ca82216613d412a93bc5de09c4f3b08a5f7ecc75cd99c5d1e726bae6c4909c |
/data/data/tv.pps.mobile/config/pgf.cache-journal
| MD5 | 5dc08dc9c6ffc753a9a896b8d43ad452 |
| SHA1 | 7ef5ed599d85e7f230a716fca0a26d9937d290ad |
| SHA256 | 7a90417cedb62977fcfe626fd215cb978fb635aacb8e463f467a965cd11d75f2 |
| SHA512 | 5f5c3bc54b1001a924d01dfc916263e12587778cad028bfc5872478e23cfc90725bb5197e18dac2b16192562852975df7040db3a17c2c19ccbd449224f74b627 |
/data/data/tv.pps.mobile/config/pgf.cache-journal
| MD5 | 8b2cdde721055036ea1cfa774d063085 |
| SHA1 | cf46ac7b6af45de3de3f392be95fa9eef917b459 |
| SHA256 | afe52a5f7fa8abaeab90efeae75ed18e0653d5ef1d79a95eac0fc0ca622c23a9 |
| SHA512 | a6d92fc9bd3f4b7d911d05228367aca748a61043413d876fa02fadeae10157002a9137084c8beb224d7f9bd3d65ee7fad6cdb795a49947bc552a04df045c6372 |
/data/data/tv.pps.mobile/config/pgf.cache-journal
| MD5 | 6116e5314315c0ab50a333ee97f46fb7 |
| SHA1 | 5030d76d11d8b6da6165fdfb5af9ca8284e75097 |
| SHA256 | 356cded81543de5a9484e6d61ace0547a6cef0c47b3b944b57ace218ea0ce3d8 |
| SHA512 | 843dfb5c8c7b58d57ce581544e48211940978b1e675b6663965539fae16881c310c80a77812e3efc72b3481143d3093c0229496e21a6c6482e49b34dc0f351ac |
/data/data/tv.pps.mobile/config/Download/FDSCache/vodservercfg.blf
| MD5 | 4171efc03e81f976b5fd33736f376609 |
| SHA1 | d5af5cabf0e771ad2235af876579e057a646f67f |
| SHA256 | d930b6e1e4b2497fba39333a4e37da642a38fb56ef64573dc73b871797787e85 |
| SHA512 | 9891aa155d691ff5cccb7770cac4b48f5c80134fa8f603f776e387246abb9a6057e2dd6ba7235c3a4fdcacd97f9258121413e308ade5ae274a7a80e0a4dbd5f1 |
/data/data/tv.pps.mobile/config/psnetwork.ini
| MD5 | 64c0dfa8502fd90b3d988a86839768ec |
| SHA1 | e17739b35a5fc88f3b27e6af3ccb272d4a715b67 |
| SHA256 | 82a1f91e1915933971afd18cdec658b08d0688a8cfff414204e43f54a4f2df68 |
| SHA512 | 22abd45ee649d9dcc0135dc0b1fe9140906e58bed940b51ec36477b70f6fe36b3d43a5740e4720556a98b9dd60c83fd4e263833a558ee32685d9538bedaac277 |
/data/data/tv.pps.mobile/files/__local_stat_cache.json
| MD5 | 2d805b13f2f28dc3ca9bbcc000f49bb5 |
| SHA1 | 9eac165b4d81258fd3967cde5cc53b53b1dabcb1 |
| SHA256 | c8a6624f390568f0ddcb9841336aec6a564460fdaf6624e562b32935b8956f19 |
| SHA512 | 5db8c57bab36bcf9db698c1dce70318cbffc156dd1d1c1e09e5b7ba60aff07b598ebbf26c4bd8a2b03bd6e59ef2dde2d944a22a8d8a19ecc8378e83afb7c83b0 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-16 14:02
Reported
2024-06-16 14:02
Platform
android-x86-arm-20240611.1-en
Max time network
6s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-16 14:02
Reported
2024-06-16 14:02
Platform
android-x64-20240611.1-en
Max time network
8s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-06-16 14:02
Reported
2024-06-16 14:02
Platform
android-x64-arm64-20240611.1-en
Max time network
7s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-06-16 14:02
Reported
2024-06-16 14:05
Platform
android-x86-arm-20240611.1-en
Max time kernel
7s
Max time network
144s
Command Line
Signatures
Processes
tv.pps.bi.biplugin
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.180.14:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
Files
/storage/emulated/0/settings/tv.pps.bi.biplugin
| MD5 | 58b07ca175e39f20bf923e21452ae557 |
| SHA1 | ea7e4fc0a3c2a89da05d7c38ead35be57ada6a37 |
| SHA256 | 006cfdf8a84ac13f74ec9c2d90fc7e3f26f085ae0a653486061e138525772991 |
| SHA512 | d865f3e23aca4aaf0fcdf993a7e0d001ea5d332d77f43bfc89b0d85faa1b7c9c664e71a0c834a25f468be56553c294287683e71574531554fa310e8a669a56c0 |