Malware Analysis Report

2025-01-19 08:02

Sample ID 240616-rcdtxszdrk
Target b3e253e3fa4f1ad42c410ccc2e0f8335_JaffaCakes118
SHA256 ed33bdcb0049b0efcce2da3ea42e30e257f2e831dd33d9f3a3d90f6a3abb9d32
Tags
discovery impact persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

ed33bdcb0049b0efcce2da3ea42e30e257f2e831dd33d9f3a3d90f6a3abb9d32

Threat Level: Shows suspicious behavior

The file b3e253e3fa4f1ad42c410ccc2e0f8335_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery impact persistence

Queries information about running processes on the device

Requests dangerous framework permissions

Queries information about active data network

Queries information about the current Wi-Fi connection

Reads information about phone network operator.

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Checks CPU information

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-16 14:02

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to write the user's contacts data. android.permission.WRITE_CONTACTS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-06-16 14:02

Reported

2024-06-16 14:05

Platform

android-x64-20240611.1-en

Max time kernel

7s

Max time network

149s

Command Line

tv.pps.bi.biplugin

Signatures

N/A

Processes

tv.pps.bi.biplugin

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.169.42:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.201.104:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp
GB 172.217.169.42:443 tcp
GB 142.250.187.206:443 tcp
GB 142.250.187.194:443 tcp
GB 172.217.169.42:443 tcp
GB 172.217.16.228:443 tcp
GB 172.217.16.228:443 tcp
GB 142.250.179.238:443 android.apis.google.com tcp

Files

/storage/emulated/0/settings/tv.pps.bi.biplugin

MD5 58b07ca175e39f20bf923e21452ae557
SHA1 ea7e4fc0a3c2a89da05d7c38ead35be57ada6a37
SHA256 006cfdf8a84ac13f74ec9c2d90fc7e3f26f085ae0a653486061e138525772991
SHA512 d865f3e23aca4aaf0fcdf993a7e0d001ea5d332d77f43bfc89b0d85faa1b7c9c664e71a0c834a25f468be56553c294287683e71574531554fa310e8a669a56c0

Analysis: behavioral7

Detonation Overview

Submitted

2024-06-16 14:02

Reported

2024-06-16 14:05

Platform

android-x64-arm64-20240611.1-en

Max time kernel

7s

Max time network

167s

Command Line

tv.pps.bi.biplugin

Signatures

N/A

Processes

tv.pps.bi.biplugin

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.204.78:443 tcp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.232:443 ssl.google-analytics.com tcp
GB 142.250.178.4:443 tcp
GB 142.250.178.4:443 tcp
GB 216.58.201.110:443 tcp
GB 216.58.212.194:443 tcp

Files

/storage/emulated/0/settings/tv.pps.bi.biplugin

MD5 58b07ca175e39f20bf923e21452ae557
SHA1 ea7e4fc0a3c2a89da05d7c38ead35be57ada6a37
SHA256 006cfdf8a84ac13f74ec9c2d90fc7e3f26f085ae0a653486061e138525772991
SHA512 d865f3e23aca4aaf0fcdf993a7e0d001ea5d332d77f43bfc89b0d85faa1b7c9c664e71a0c834a25f468be56553c294287683e71574531554fa310e8a669a56c0

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-16 14:02

Reported

2024-06-16 14:05

Platform

android-x86-arm-20240611.1-en

Max time kernel

179s

Max time network

160s

Command Line

tv.pps.mobile

Signatures

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

tv.pps.mobile

mount

cat /proc/cpuinfo

tv.pps.mobile:pluginDownloadService

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 static.qiyi.com udp
SG 118.26.120.1:80 static.qiyi.com tcp
US 1.1.1.1:53 pdata.video.qiyi.com udp
US 1.1.1.1:53 update.ppstream.com udp
US 1.1.1.1:53 list3.ppstream.com udp
GB 216.58.212.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
SG 118.26.120.3:80 list3.ppstream.com tcp
SG 114.119.175.88:80 pdata.video.qiyi.com tcp
SG 118.26.120.3:80 list3.ppstream.com tcp
US 1.1.1.1:53 hmma.baidu.com udp
CN 61.155.106.173:17788 udp
CN 183.61.95.102:17788 udp
CN 118.123.243.49:17788 udp
CN 119.188.40.99:17788 udp
CN 183.61.95.13:17788 udp
CN 183.61.95.34:17788 udp
HK 103.235.47.161:80 hmma.baidu.com tcp
US 1.1.1.1:53 vh01.ppstream.com udp
US 1.1.1.1:53 vh11.ppstream.com udp
US 1.1.1.1:53 vh02.ppstream.com udp
US 1.1.1.1:53 vh12.ppstream.com udp
US 1.1.1.1:53 vh03.ppstream.com udp
US 1.1.1.1:53 vh13.ppstream.com udp
US 1.1.1.1:53 vh04.ppstream.com udp
US 1.1.1.1:53 vh14.ppstream.com udp
US 1.1.1.1:53 aph.ppstream.com udp
SG 114.119.175.88:80 pdata.video.qiyi.com tcp
US 1.1.1.1:53 flux.ppstream.com udp
US 1.1.1.1:53 v2h.ppstream.com udp
US 1.1.1.1:53 flux.hcdn.qiyi.com udp
US 1.1.1.1:53 flux.hcdn.ppstream.com udp
SG 114.119.175.88:80 pdata.video.qiyi.com tcp
SG 114.119.175.88:80 pdata.video.qiyi.com tcp
SG 114.119.175.88:80 pdata.video.qiyi.com tcp

Files

/data/data/tv.pps.mobile/databases/qyvideo.db-journal

MD5 916b7110bcdb11b35bee26a8c5b4d778
SHA1 9e0ea372be42a1d492097018937e6d6cb5338a3e
SHA256 e4e614194f13692ab4b0509e95eca00eae5669d7495ad6422547408323bfb375
SHA512 53cbbea66677cc4378cc3f937982aafefaa19f204611cd6d1b7421f12cd8a38cda659bd7a38e8fe00771decf90f7f7a48f0f5c5f6f3b168cde6c7eb959694e79

/data/data/tv.pps.mobile/databases/qyvideo.db

MD5 a7287455eae6d7548221b575167477bb
SHA1 29e978ac05954ab97b91c40c4579713ebbc6120b
SHA256 3d6056bed0205f52782a7800513deca99895f8f2c17b3eec556da3919205c7fc
SHA512 10303e569646bb7eeed1f047435877423544ecde4bcdd373953c05319cd65a0421724d6bf61bcdeb78912bad43cf8d450111062a611da87fbf18b6ed345e2bf2

/data/data/tv.pps.mobile/databases/qyvideo.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/tv.pps.mobile/databases/qyvideo.db-wal

MD5 e55c4c50b9396782d15fed612b5add9d
SHA1 54716088d75b8df8f03b8e83a308312ed587630a
SHA256 775e932facb216dbb582c57b4d9570da67ae6de90c018b78f6a090e476d2ceb8
SHA512 b351b72539f4caabce485f44eac519eec47416136a256c6e61d69aa6f77ed8c473f28ab7a9560dbbec586e847686ad0704ced50a82c10e321cb3f5cc683e94bc

/data/data/tv.pps.mobile/cache/content_cache/DISCOVERY_MENU

MD5 3fc0411282a0497cfdf371e5205df953
SHA1 b73a2fa33b6f7296f003d5ed4196581c0bff9605
SHA256 1f189a3e5cad53135f42a231006e67cf53bc49a37d5ba6eaf9eb540dd439aa82
SHA512 184be35ca4fd985ff93a480b750aa68bf4b3979d5773e8a241fe7937dffbbc9f5627188c9132c5546981437edbd904adb88d5d01ebf9717dcb359a0aaca8ed06

/data/data/tv.pps.mobile/cache/content_cache/MYMAIN_MENU

MD5 517c2e4a111b75a29541e8af471250a8
SHA1 3a3122c166a13aa561b65d683e3db18c9955065f
SHA256 bb72b3174c1b89cfd81c8ac81aa5be2ede5ba5727c867bcb0afb8be762fdabff
SHA512 6c32a3b1be283055eb6b5a229cb72bd861f79b9cff4b51b8cb5a0eb5e770b219f37f4e7f6d7119e0e2b54f6efe76a8411be03d453309b51055e127120632d4fc

/data/data/tv.pps.mobile/cache/content_cache/CATEGORY_LIST

MD5 1ee8774ae2e55f03265c3e7fb317c9d2
SHA1 e2335791e8736edcbe824b234dcf059d865d41ca
SHA256 cbda74a10c9e72d6aabe77e3b77f388242cacc1bb9f2cc6c6b1abe6083532c8e
SHA512 eff1d3713770923f1fdbac2d434fa5b494f2556b5870a6f3b36da25a9aa15d6792e2bb39ac110b4aeaaf8035d39582e3126f418f123ec244e0fc9d237a78a832

/data/data/tv.pps.mobile/files/qyvideo.db-journal

MD5 c16e56664c4beacecffa03a919e02a57
SHA1 b47da35c5d8b9c9e6f2a15bfca942cf94252a8f3
SHA256 0da2b1426f24b554f0b81042fbeebdc0f80d7dadc1c5cf4b7a2c7955746ac24c
SHA512 b58d40ae41b37f3cc2a6173721886cd0f8616788f28b101c4be2a010884c227e2a9a6d36e327912f42324168a4b18272ba3f65a32a358c9659fffff04100a414

/data/data/tv.pps.mobile/files/qyvideo.db-wal

MD5 ad05f2ea46d0a0bea278d889181f2e70
SHA1 0f3ecd1e43fdb7b83f14231c3754d3bad039875f
SHA256 6e8f1dd133f538867f430fa5ecef1f97fc260fd38ccd8c0b8877b8aaecf48478
SHA512 c8beb9dd41b050977f0d7bc0714ace57442abbdee6af3f9f853bae12541780813cfa617059bb555fc1e84575e80568adb11bf71686fd0351fce604d975c223bd

/data/data/tv.pps.mobile/config/ems.conf

MD5 44226844c7280ab45156aeb9655dd728
SHA1 de7a88dbbe0ec6b5ea0bf6040e8ddd9ba28c2db3
SHA256 b443d9ec9668b20b702e386854811841baece82f225bf82458621d31512696be
SHA512 10b172dbdb6c04717c8eb5b86b750d6b23017c6a15c32b6867e831258a26ea6f78d39871da5feddef964776b4050995a42be465c31428d75570a8ad749c9e538

/data/data/tv.pps.mobile/config/ems.conf

MD5 3e78df08fe31b11f68041f0ce764619c
SHA1 fd038c64cb5c09e2a8bc2363d0b5d307891902a5
SHA256 8bedefdd47f9c5789fd4d312b6478819556d3d21d6833a52366e3a430d23b63c
SHA512 a4d97fac46f44a9a8f99255a859be0f254e3c987c79ce942bb8bfe2a67199661d8f9ab308edabad683b74b15a55292d8dc5e407dd0908dd50139965c40f31d7a

/data/data/tv.pps.mobile/databases/app_store.db-journal

MD5 c7698a2a09f21fd8a80ef467cac32577
SHA1 a40cd2a8bd944b2316b7d4be4523bd68a57f1e0a
SHA256 065fff2eef77f8d47f7b161d7c0be1e75ac74d97f8be7206264276b3dbf84647
SHA512 570046e520d651372f68b3a317eff84d51f14de6f317fea46887b4ad101d80b7f1710d3dd16d1d93440c4a983b1b5c4d99c08333754242819ef0284085a3b43e

/data/data/tv.pps.mobile/databases/app_store.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/tv.pps.mobile/config/PSNetwork.ini

MD5 1dd21e9211d68453417eb18838e93e8f
SHA1 3d4073aa947ff257e685f3cd0b56ed069108828f
SHA256 c0db576a37e7d2c4cf624e173f014d875d1effb3a38a69c778109b1e2d9dcc2b
SHA512 15204b145ebb875c1d3aca9c1603c7170f9f187c27d5fe94cf63fe98513f0c5703830576c6f4ef51df7749dc72edf8af85a649e04b00815aad240574ec6ea891

/data/data/tv.pps.mobile/databases/deliver.db-journal

MD5 7e9ea56630bdb43760b0850838cd0ea4
SHA1 76d6ac958176ec1be51376281e55262eac83b9b8
SHA256 29651b226faedcfb0b550cd5c1a11547fdddca19ef264dd800fc12c83f054bd5
SHA512 7201bd8b7fc3484d2c4388604247c001e901d4a0a46e8ad2c48219a9f2f6285dbaa022f0f0e530a5e87aa2661e99e86e9406f9b558a3fd13abf131d9d3171897

/data/data/tv.pps.mobile/databases/deliver.db

MD5 2490339cd8d5f80b45750e5e493f48b7
SHA1 2aee1dfdd477a67b7515abb8f4c823338f6bce3d
SHA256 361f608b6b59c101ee1f35f4964aa0a67c817a4b2e42bcb91e6b579c57ad20b7
SHA512 d98a92c00d476bcbe2073baabf0210519041c7918e4c340491e6cd9122ebf76f24c5474b4c0b09f9903c7cdf7f95f2d50f3d09b944bbc69e34bbb848ec24be9b

/data/data/tv.pps.mobile/databases/app_store.db-wal

MD5 80d849fb73dd6b303eb37f088844738d
SHA1 b2fedb68e17369146b0c5ae95f43aab743cf5734
SHA256 c5d281d2d998a29b70755598cdf81b3e94653fe221630fc0e5d1a29f9ac86fbb
SHA512 fbb7ad895a196c53773908b1405d2c7e195af6379680ff3e8dabe30100c2dc24b2a29cc9e692748c40fa8e185c75b7bd63e4f54437113b670b0dd7a43283ec9d

/data/data/tv.pps.mobile/databases/deliver.db-wal

MD5 f91836c6ab3a9576fe9a5f6480f97a04
SHA1 2cc61703995caa66875104e70c29c21298e8ee15
SHA256 e9d5919a6f2edf8927a077e8cec74963447f69b81cb084e0bf7295f2ae35de4e
SHA512 2d755a56138c6e6216dc9b3fe09b648dfa5ab9e8be238cf2f0245b73a8e5f7fe1d19ea662c79ea64fc38fe7f7daed849969a30d79e809317349e2321400e9eec

/data/data/tv.pps.mobile/config/PSNetwork.ini

MD5 9bfa0661f36ac7b8b888507178e6b710
SHA1 b4383e9078d6777f536d37805f476ac6ffb8d911
SHA256 a91bb002996ff6c3f33bec503daadd2730090bc208fb604107b95f882634672f
SHA512 e33341c5bc6a7957d72c2d45fccefd07ad81aac9a54abf52675b308356dc79c40774ac9680c80bae6451811b9b0493389c16b720dc44743924648d8205cd113d

/data/data/tv.pps.mobile/config/pgf.cache-journal

MD5 a60174e682f8fd57ae5f9ed3ff8407bf
SHA1 7ce89d2042f2e477a4c58ba183f7cd1a9a3b6042
SHA256 c6f5b9a06652f7bcfee18fce2af530caf9cd2f2b52ed35317f074b242721bbbe
SHA512 e71f61e2d1df1614d02a4e8187d7ca547819ef4add03c04a92e23e9a09be5cbcb8a8887f3d089e70d99fd98c646d5e36f67b6390b19c51cc5edfe341613f5c1e

/data/data/tv.pps.mobile/config/pgf.cache

MD5 97a07616cf9f7b43a6ec7e90223a685f
SHA1 a5a5cfc78eab371debfef5a373fc5032983919d6
SHA256 f12aee37e7f689df194d6aed47ded7f32e458e390ecbbdbb06d9e56871e97b7f
SHA512 6afde4f4dbe820887045eef95b61d17a063cc81c015c511ebaf768e9044dab421e51949c5a2868fbd926f6a4d0498a33928c53c66d48427743f04348a7a69870

/data/data/tv.pps.mobile/config/pgf.cache-journal

MD5 f2f11466732b8338aa562747ef26367f
SHA1 848c6233c9243e5c370d985c90f151191d5db972
SHA256 ee51a2be82de1a34b1380c404206d24782f7d6e1802fda18855df6a3c55d3784
SHA512 1763f72a6244d238486903307b005b6777a4f015e99c5ad270d2112eb2ea9937dd5f3254e6e96c3a61127ce7124733b8e914e5699c39bc25c1be7a40a1710511

/data/data/tv.pps.mobile/config/pgf.cache-journal

MD5 94a054ad6b4028b712fa457cb188d1f9
SHA1 8efd4aa3cb86169153d0b5f558d99f2a61c34a1a
SHA256 4bf75fe1583ba6dc1db5fc79012fe94f266b0e77694bffc1eb7ffd5e3c9834ed
SHA512 3e7fe7727bd66eba660579fb7379001e52de9444baee801e29807b33af358bc8f143735c95853795dc661ec44c9cc1fa0766d7809effafaa481ae78878765cc4

/storage/emulated/0/baidu/.cuid

MD5 8ba4e3baa4fc6582215898b76f47401d
SHA1 56bb6e0d10b62fc809c3daada9b9d71b4c783d8e
SHA256 6d6bcfb3983f18b7c1559fa397e82b93a9b4b2ffcfd09fa6b8f0af1cf9d638aa
SHA512 64d698fdcf913b0f114f788405f95a6fdd5cc83417c2f178c32833a0a66a194c64ca82216613d412a93bc5de09c4f3b08a5f7ecc75cd99c5d1e726bae6c4909c

/data/data/tv.pps.mobile/config/pgf.cache-journal

MD5 5dc08dc9c6ffc753a9a896b8d43ad452
SHA1 7ef5ed599d85e7f230a716fca0a26d9937d290ad
SHA256 7a90417cedb62977fcfe626fd215cb978fb635aacb8e463f467a965cd11d75f2
SHA512 5f5c3bc54b1001a924d01dfc916263e12587778cad028bfc5872478e23cfc90725bb5197e18dac2b16192562852975df7040db3a17c2c19ccbd449224f74b627

/data/data/tv.pps.mobile/config/pgf.cache-journal

MD5 8b2cdde721055036ea1cfa774d063085
SHA1 cf46ac7b6af45de3de3f392be95fa9eef917b459
SHA256 afe52a5f7fa8abaeab90efeae75ed18e0653d5ef1d79a95eac0fc0ca622c23a9
SHA512 a6d92fc9bd3f4b7d911d05228367aca748a61043413d876fa02fadeae10157002a9137084c8beb224d7f9bd3d65ee7fad6cdb795a49947bc552a04df045c6372

/data/data/tv.pps.mobile/config/pgf.cache-journal

MD5 6116e5314315c0ab50a333ee97f46fb7
SHA1 5030d76d11d8b6da6165fdfb5af9ca8284e75097
SHA256 356cded81543de5a9484e6d61ace0547a6cef0c47b3b944b57ace218ea0ce3d8
SHA512 843dfb5c8c7b58d57ce581544e48211940978b1e675b6663965539fae16881c310c80a77812e3efc72b3481143d3093c0229496e21a6c6482e49b34dc0f351ac

/data/data/tv.pps.mobile/config/Download/FDSCache/vodservercfg.blf

MD5 4171efc03e81f976b5fd33736f376609
SHA1 d5af5cabf0e771ad2235af876579e057a646f67f
SHA256 d930b6e1e4b2497fba39333a4e37da642a38fb56ef64573dc73b871797787e85
SHA512 9891aa155d691ff5cccb7770cac4b48f5c80134fa8f603f776e387246abb9a6057e2dd6ba7235c3a4fdcacd97f9258121413e308ade5ae274a7a80e0a4dbd5f1

/data/data/tv.pps.mobile/config/psnetwork.ini

MD5 64c0dfa8502fd90b3d988a86839768ec
SHA1 e17739b35a5fc88f3b27e6af3ccb272d4a715b67
SHA256 82a1f91e1915933971afd18cdec658b08d0688a8cfff414204e43f54a4f2df68
SHA512 22abd45ee649d9dcc0135dc0b1fe9140906e58bed940b51ec36477b70f6fe36b3d43a5740e4720556a98b9dd60c83fd4e263833a558ee32685d9538bedaac277

/data/data/tv.pps.mobile/files/__local_stat_cache.json

MD5 2d805b13f2f28dc3ca9bbcc000f49bb5
SHA1 9eac165b4d81258fd3967cde5cc53b53b1dabcb1
SHA256 c8a6624f390568f0ddcb9841336aec6a564460fdaf6624e562b32935b8956f19
SHA512 5db8c57bab36bcf9db698c1dce70318cbffc156dd1d1c1e09e5b7ba60aff07b598ebbf26c4bd8a2b03bd6e59ef2dde2d944a22a8d8a19ecc8378e83afb7c83b0

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-16 14:02

Reported

2024-06-16 14:02

Platform

android-x86-arm-20240611.1-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-16 14:02

Reported

2024-06-16 14:02

Platform

android-x64-20240611.1-en

Max time network

8s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-16 14:02

Reported

2024-06-16 14:02

Platform

android-x64-arm64-20240611.1-en

Max time network

7s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-06-16 14:02

Reported

2024-06-16 14:05

Platform

android-x86-arm-20240611.1-en

Max time kernel

7s

Max time network

144s

Command Line

tv.pps.bi.biplugin

Signatures

N/A

Processes

tv.pps.bi.biplugin

Network

Country Destination Domain Proto
GB 142.250.180.14:443 tcp
N/A 224.0.0.251:5353 udp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp

Files

/storage/emulated/0/settings/tv.pps.bi.biplugin

MD5 58b07ca175e39f20bf923e21452ae557
SHA1 ea7e4fc0a3c2a89da05d7c38ead35be57ada6a37
SHA256 006cfdf8a84ac13f74ec9c2d90fc7e3f26f085ae0a653486061e138525772991
SHA512 d865f3e23aca4aaf0fcdf993a7e0d001ea5d332d77f43bfc89b0d85faa1b7c9c664e71a0c834a25f468be56553c294287683e71574531554fa310e8a669a56c0