Malware Analysis Report

2024-12-07 16:17

Sample ID 241113-p44tbasenj
Target BCApp_release_13Aug_v5.5.0.apk
SHA256 78961a477f1ab9591f45406be9223678bcec69e350720cf61a3938f6239bd86a
Tags
discovery evasion execution impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

78961a477f1ab9591f45406be9223678bcec69e350720cf61a3938f6239bd86a

Threat Level: Likely malicious

The file BCApp_release_13Aug_v5.5.0.apk was found to be: Likely malicious.

Malicious Activity Summary

discovery evasion execution impact persistence

Checks if the Android device is rooted.

Queries information about running processes on the device

Reads information about phone network operator.

Queries information about active data network

Requests dangerous framework permissions

Queries the mobile country code (MCC)

Queries the unique device ID (IMEI, MEID, IMSI)

Checks the presence of a debugger

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Schedules tasks to execute at a specified time

Checks CPU information

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-13 12:54

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to write the user's contacts data. android.permission.WRITE_CONTACTS N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read image files from external storage. android.permission.READ_MEDIA_IMAGES N/A N/A
Allows an application to read video files from external storage. android.permission.READ_MEDIA_VIDEO N/A N/A
Allows an application to read audio files from external storage. android.permission.READ_MEDIA_AUDIO N/A N/A
Allows an app to access location in the background. android.permission.ACCESS_BACKGROUND_LOCATION N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-13 12:53

Reported

2024-11-13 12:57

Platform

android-33-x64-arm64-20240624-en

Max time kernel

47s

Max time network

134s

Command Line

net.ppbl.bcapp

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /system/xbin/su N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Checks the presence of a debugger

evasion

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

net.ppbl.bcapp

Network

Country Destination Domain Proto
GB 142.250.187.228:443 udp
N/A 224.0.0.251:5353 udp
GB 142.250.187.228:443 udp
GB 142.250.187.228:443 udp
GB 142.250.187.228:443 tcp
US 1.1.1.1:53 firebase-settings.crashlytics.com udp
GB 216.58.212.195:443 firebase-settings.crashlytics.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.206:443 android.apis.google.com tcp
GB 216.58.212.206:443 android.apis.google.com tcp
US 216.239.32.36:443 tcp
US 1.1.1.1:53 rcs-acs-tmo-us.jibe.google.com udp
US 216.239.36.155:443 rcs-acs-tmo-us.jibe.google.com tcp
US 1.1.1.1:53 firebaseremoteconfig.googleapis.com udp
GB 142.250.178.10:443 firebaseremoteconfig.googleapis.com tcp
GB 142.250.187.238:443 tcp
GB 142.250.187.238:443 tcp
US 1.1.1.1:53 remoteprovisioning.googleapis.com udp
US 162.159.61.3:443 tcp
US 162.159.61.3:443 tcp
US 162.159.61.3:443 udp
GB 216.58.201.99:443 tcp
GB 216.58.201.99:443 udp
GB 142.250.187.228:443 tcp
GB 142.250.178.4:443 tcp
GB 142.250.178.4:443 tcp
US 1.1.1.1:53 firebaselogging-pa.googleapis.com udp
GB 172.217.16.234:443 firebaselogging-pa.googleapis.com tcp
GB 216.58.204.67:443 tcp

Files

/data/data/net.ppbl.bcapp/files/PersistedInstallation707506996745606841tmp

MD5 2fcfd45a94d8984e759f7e35c27c241a
SHA1 6056f42d9cd588a4254b47071546ebfd91d24736
SHA256 18520704fccc87af40f2fc86af42b5ae1adef7fa15bf10245e65639ea74bd561
SHA512 36e76641737184da94111709b783c4051f9d7d011717baad49da53a67f889e8c5738920cd64a2edd40fc536d554c04fb93d733d544bf3f25fa1ef924fe6b8c03

/data/data/net.ppbl.bcapp/databases/com.google.android.datatransport.events-journal

MD5 78b3d7bba54a7579445ded7ea4919174
SHA1 c6d384a65e44adc97578dce2d180dbbd3affa78b
SHA256 d9edd854623254e8aa7a0c4c5371640d0246be9527b11a7f09515a3c25d8399f
SHA512 539b5414d8d4120376878e8675f1b5bebc84091b75118c62d5db37dcac82212696eb9b6535fa2e2a9efe213dc8718bb606f2d5c50b82bd136b369d63a33e22c9

/data/data/net.ppbl.bcapp/databases/com.google.android.datatransport.events

MD5 10a7822563bf741bc39387f027140536
SHA1 a2ea9a66be55422912aeb8fb7909f129b197e57e
SHA256 825e45a95be039d13c030528ee0aab1087b5eb247da02a8d1452185f1a31b4d2
SHA512 bd13ebb1aba827bfeb11d9f56ab82818eb5a40fda24ce5968e5d893d0f69ae564b2623eb21769ef903c50dcf8d69b1d1dc410b4f292f5fed20fe6da7d956d9f9

/data/data/net.ppbl.bcapp/databases/com.google.android.datatransport.events-journal

MD5 19cde3d887439511345b605775d3bbc8
SHA1 332960454c017023862f0b7a952acb0eb082e497
SHA256 5d267e85bd7cdffdb2e2326cdae99a7d15be2adf2e73c38804ad617721007eef
SHA512 773d735fa2250241e4aef3d037f7ec633e169c359b3b24f2d8b82478d5e4a79ba6cbe550c25a315f8837d4ff0e4f9fbbe1720be4084832c23087559c1d9fb789

/data/data/net.ppbl.bcapp/files/.com.google.firebase.crashlytics.files.v2:net.ppbl.bcapp/open-sessions/6734A1850384000110F65856BAC19D87/report

MD5 c5138b955948ff0dd6a5adaef0d6f556
SHA1 18254119bd57013e3724bd923cb4c8f05e4d24b0
SHA256 06b34482b396ecf85b0f6e779e842a0e0ee815d661ca214bd3d4c133c0807b65
SHA512 0addde2c7a7a5a9b1497f805772438873260bf50ea1b0e4bc3fbba25df6e2a47c8fd87e81bdd29fad9d7f60ef28d3c406e7b6fd5f5297bc6ffece2ec8aca37a5

/data/data/net.ppbl.bcapp/no_backup/androidx.work.workdb-journal

MD5 d2ce45877bb733deb42200a79b90f706
SHA1 4868f44849093a4da45e5fc186bad7e8dd9754b1
SHA256 43fb0ceb3dda819867182498102a32505318385b7f2d660685f299913dd76047
SHA512 798caa45e01c635c5919a403b0bfda0984d89249656a99acb50ec99b1c0b065e94bf284b327d0097c4b43df345a89e217af510e0f630d4441f1c96355655045c

/data/data/net.ppbl.bcapp/no_backup/androidx.work.workdb

MD5 0eb157e1a86d4d00aa601dd2f6ff3ee3
SHA1 fee434f784e73cc7916322e949f727caf8363102
SHA256 b9a8194b71a046e8c0eb30995827b582b4bea834f630a5df2483b778a7d7d8a4
SHA512 b9b79b8c3af8a3f140df230fd89e95206358ba50ff214e7323a2dbbe2937b795f970e588302ffd5d721318bd597ce0a27af26d6cdb07f45569c30209845082a8

/data/data/net.ppbl.bcapp/databases/com.google.android.datatransport.events-journal

MD5 47f0a15367e9ac47c5d51c0e3d55deb5
SHA1 acf3b31b93f86c8425925df33fb00257b667dc5d
SHA256 27b893e3ecae939bb61b2bfb8865fa2254b77bbd61dab4c21aa43fbee9a16a08
SHA512 080bbd6d635fad9fdf036a88160a0562fa0ef50f6752b794ad5983d2358e3e3e32c9e4b5e67ae9f6edcde4ceefd3c18040f095cb23f65bf01883aacf67d89629

/data/data/net.ppbl.bcapp/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/net.ppbl.bcapp/no_backup/androidx.work.workdb-wal

MD5 0afa69b9f075d5fd7a510074db18fc71
SHA1 8893b504e57866cb089470f58a2d4d0aeda60e2a
SHA256 1f9d4f3d1d51a98e95fc38a0b1391be03f3f070bcd2f0d273fa571a36471201b
SHA512 32b6bc43f972eb19fc79c5355515ab562a05f561c9a713dd664e6322dd16c5e514a61ee00821bf0aa77b502374c5ed1bed3e1a18bf5cba45891852bc3acd1b19

/data/data/net.ppbl.bcapp/files/.com.google.firebase.crashlytics.files.v2:net.ppbl.bcapp/com.crashlytics.settings.json

MD5 ae45d05737fa1f4dd8a2e56d2929c61c
SHA1 56cfd396349e10b8fc4c62f651088b7dcb4a6619
SHA256 03f5e3b145b9a2572c51b1b8fe41bffe31918bc613a9b509e9cefe9454144919
SHA512 faf246d1ca3c29b628597a4dc8cf693165e057713f4cfa618465563bcfa290e9e71dd24fdcfdc4564bc80c34093da1e7b56a46a77237c82adf2e545937dbb448

/data/data/net.ppbl.bcapp/no_backup/androidx.work.workdb-wal

MD5 576f4fcb7b61747a1ef0ac26476b9682
SHA1 c707517c7ed9007f96c03591f821b0a3cc7a7fcc
SHA256 c0fdb3390be2384ccf14abfe69ca5e756ab18c2203c6db771373305e5d755843
SHA512 8238c0240d3d1ccccda739245ee849a15e508dc36be2191445d10a230e7023c60ef9ef4f2a5a92306fbc41695d23fe5dc673b4228c30dd7e8ce72f54bb380268

/data/data/net.ppbl.bcapp/files/PersistedInstallation8413046869984538225tmp

MD5 d9bc255be592652aae7b605ccc997995
SHA1 ff125ead0eb4745873781edc89105ac8ba190f92
SHA256 ccadff2716cd71d59b347d902ef9424cb310708981f9b87d6fdf1444455fe75f
SHA512 acf530c524caa05345050092aeb8b92f02a70b5bd150926f11a74c9d4371d32d2c0bb2262bdd530d2244ef22daaf4cf96441c2d3a593524222e770a9197276f3

/data/data/net.ppbl.bcapp/files/frc_1:16055665666:android:75ad86789caa287843131b_firebase_defaults.json

MD5 ed5f5186a4af58982cbccc6891e1a497
SHA1 095da07fbd1d4b6b0417ed3a765439a70d78f3d3
SHA256 cebc515740d0a81c982b9946c84969f418c00607c007846956ba3ab0f9d22ae2
SHA512 e4accf5f5c3ef093a5b4086884aa2e422ce6fbf89a7f97e3eccec8e7e41c8818ab849c787cb642753d7c63337156ac728e76a9e5f32cd2cf0aae408207d932f6

/data/data/net.ppbl.bcapp/databases/com.google.android.datatransport.events-journal

MD5 957e936203217f967b696c4e41bd86de
SHA1 559083230acde5bebac7af8e64402cf2a560f8c7
SHA256 7d1fe8b86c2bbbae6ec74beb7014b61133d0f91a430ac929f2669d45f135c0d0
SHA512 bb48376c9905ecb456d340e99cfbbf44cb40a03314baedbe7a5a159c755e3335dcc92f7a6ef97ff3894264e0d9d026764f22149f3bd2f3d3e4a7a885d664ceeb

/data/data/net.ppbl.bcapp/databases/google_app_measurement_local.db-journal

MD5 af40a32839bba5b39ccf350a990ae770
SHA1 806f7b003853c68e9037d6983a8d765f9a942661
SHA256 02c3c14302a7e227d7ce3580a55bad9614976ae47bbd70aa7d9a94b0d855a265
SHA512 8a9cbd1f59b986c15e612efd5cfd47c71278027551dee26341954400111e3adc466412cca9bcc5ec0df00806a71b247351089bc48717605012a3b3bc56647f55

/data/data/net.ppbl.bcapp/databases/google_app_measurement_local.db

MD5 78540dffb91a57741519118aa65de651
SHA1 b75b6c88ab444372c882f6050b268d641cf684c1
SHA256 b7c54efdff21e57a53fbaf3263a3de8eb060ff23be618c30f93817d925851efa
SHA512 5f59af10dce517685b761e6a2d987b21c32f2dcee8af891543c2dc1145cdab6a309fa733256c0821843e6fd6469e399321e375397ac4036d0a843e967cc8c4f0

/data/data/net.ppbl.bcapp/databases/google_app_measurement_local.db-journal

MD5 79e459c122083153b2b98e88f4ab7bfa
SHA1 57e0609f56948e59c53795dfc95f406e6e6703cc
SHA256 929a7abdd0ccfaec36c6cc277742cfb6616a76df7311ebfd1b613f21545d9591
SHA512 5ab1169e7b400591f2b6990566565ac6b9de36ce168dbe0db98e62a0ca8e47de18c530c0db54fcba2f9a1ad38bac5b7a0b345cb9bad30b1b41ac2e338a4e0868

/data/data/net.ppbl.bcapp/databases/google_app_measurement_local.db-journal

MD5 afacd3b05156aa1abd62588abb042c12
SHA1 f6f9f1ad5f5d59cf30c3f2ed6a83cb51ba533076
SHA256 ab1728f6f64ac13a244c34ca4efcc0c8a1989e7411338e2d5e186263d4295f33
SHA512 1bb2df5bac43ea139f0b8ee41a28b5325cc2cb921bd2d1b984d23ce816e9aa252d032bc48a6dfd1d15208501409e1878e20a406680a34497cdc39988cfec1b37

/data/data/net.ppbl.bcapp/databases/google_app_measurement_local.db-journal

MD5 57454af861bb436ab44ffedbe9643b91
SHA1 1e2f4ac1ea929c54649ee03a5914b5abed4a7efa
SHA256 afcae01468316031aee85465194703debc896647463f6ac16b156a1afc879993
SHA512 7fcc6a7a733f14cd5d6640e64e880ca3e2292e6b427a7075659cdad644b019bb3a22ebed3e4736d3af34faa78406c949a0f4f811839762061b6ce8cae8bd134f

/data/data/net.ppbl.bcapp/databases/google_app_measurement_local.db-journal

MD5 045ef471c8d93a4b63bddca09e7066b1
SHA1 41b75e38ba7a27d554a97593312cde5d1bae296f
SHA256 9d8edf979383e0e123d8fb5aa1640adb937607659bb5bd7dd0f79e2648cfb539
SHA512 aef0baac1caff272669012ccf11620a46a81e619f3e03bae67b3bb3e55315cfcf8fb93f914f0405d8b883a90fffc7a20477ead89c317d302bb9d4f116de95ddf

/data/data/net.ppbl.bcapp/databases/google_app_measurement_local.db-journal

MD5 e47a0f63b8c413b4d1517fad4e9ab04b
SHA1 9d581e4c0da1c1190aff69f13edeabdbae1bc183
SHA256 40f60b63f4dfd8825245d69cc0e1247f252b04fe53bf3f0ed4476750c35f440e
SHA512 2a10b7216613a83fe4b882ec3698a6a5ba6ea7a7a19984cfeb7a6575ac7b60f8a5d3633d01a6d2f49019bf311d65eaf5a93b515602d6ea06f9dd333c6ce361ff

/data/data/net.ppbl.bcapp/databases/google_app_measurement_local.db

MD5 0b50cade80ba5aa7716ac8a67bfc11a2
SHA1 f0969256c6dac2fe8bf91bc64784abfa34ac4fea
SHA256 8b8e1ce0f292ed78766d4e5e56fc295f87fa9ad81d7ad1063775e87a11ccdca2
SHA512 94eb21e1977de5ba5e11d0533bdee2e18eb4e54ca579874bb512f1fbfdd2d2159a5f7a97c71196daf605d7132adc791bebf38d790bd02e4aeeb13203fdca6a37

/data/data/net.ppbl.bcapp/databases/google_app_measurement_local.db

MD5 b258eabbf3cb8c0da55a056ba67bd4ed
SHA1 cacfe86285ec9682750083179363b903a832901a
SHA256 f432bca011e93c2e8f0d3de43eba9d8dd34899800f47af13f17e0f201fd994f5
SHA512 ac778cc14db759ec25359e64937c81697967fabf7ad35d8b466f020d5b601bb7cd2b659fd06ccf221f385339a138241487fa94533cf9386deff42e8e0d3b8cdf

/data/data/net.ppbl.bcapp/files/.com.google.firebase.crashlytics.files.v2:net.ppbl.bcapp/open-sessions/6734A1850384000110F65856BAC19D87/userlog.tmp

MD5 c33583fae4e0b61cde1c5b9227963237
SHA1 fe2ebe4d27469af1460f7e852031a04208ef629b
SHA256 35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512 fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

/data/data/net.ppbl.bcapp/files/.com.google.firebase.crashlytics.files.v2:net.ppbl.bcapp/open-sessions/6734A1850384000110F65856BAC19D87/userlog

MD5 3a232e1fbef7959164e10ac8b00051ff
SHA1 c3cd057e9d52fda7db33c376370c95b4e55ab2dd
SHA256 61235ad3874b4877c9e3051a3787a78c44fd0fb013ac95174eb02fb6af7f0b2c
SHA512 5e51888e82f811b9df3b3cf8a51618e2668ddd4bf534fd5a5d5b90977c43027de709403273a88cf3cccf8b6555bff27f951520a11563f1b2eed2024aa10348d0

/data/data/net.ppbl.bcapp/databases/google_app_measurement_local.db

MD5 3afc1b798e6fe8ab990c5b8b78bfba14
SHA1 25e0e2eb0217528d3bde3ff217df7cdfc44d2a5c
SHA256 2c3463e2040e2b391e7c31d020f26129e62b11a70248c474e1e245738b0cf944
SHA512 c3c2ee11883e9f7d8d47c043db16887901e63a429f2682958313dbf5f644d0273092772aef3af482afeeb0000e251c3be626ffbb685714426f2890c7e2064ff3

/data/data/net.ppbl.bcapp/databases/google_app_measurement_local.db

MD5 155a24fadfb2a1ff82eda7cf5ff67cbb
SHA1 2012c8659b704e39a0d38e093508cda630a788f1
SHA256 c499af6d77ebf8e5a264b58caa829044130efa97483496eb6290bd8dfc370756
SHA512 92a601c1bef495fa7a4e310da987c6d52713531f98e564292cd717c007e50d03b792dc2c7e2b22702eb324758b9cc835b6fbf6a9ae9aaf9c3ddc62789edb8cd0

/data/data/net.ppbl.bcapp/databases/google_app_measurement_local.db

MD5 5de89058316add7398c659c11f8d0f0a
SHA1 a4327a66f4c9ec6df72bb251cc3d42b7dc4d327a
SHA256 dde0b37be7b5cba77e3a71f1149382a43238d8cb3b45948a96ec732b26136474
SHA512 b1c58c552c4f72d3931b1e998fd6215418e1a62fc65dec9a81403ee3db9046eb714004dd972106109e9f9a9b119418f6364b59c434692becc0df100602a3ce61

/data/misc/profiles/cur/0/net.ppbl.bcapp/primary.prof

MD5 fffd8858e926b456ca25e90aa0810acc
SHA1 cb509b808b14764d2a13ff028690604a04ebbaaa
SHA256 93b544a4d9fef50f15c508ad08fddf18b709757ce1c5c1cdf19ecce5d13b6f57
SHA512 097cc0d2aa42bb24a9d94ed60521686b89491de9cd9df69d342a7bbe0a43479b306c864a87c017b2b603f190a9dae62290f3034c2e32aa861a02ef7d843c9eeb

/data/data/net.ppbl.bcapp/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

MD5 88b7d0dbb395669471e5a7df1e0d6ef2
SHA1 1f9578c4c37011b534cb08afb801e05aeb8efff6
SHA256 3ff57ccba78c90d345e9bc45bde9054a2280fedc75854755dbcbb1ab2504207d
SHA512 e766f611ef9d347d070bc064196fc25252bcd4e6424e36786303f9631ae3b6a69db1a98447bf98e4d1402d3f987f76e881734e7efe13ab5f1d00a12cdf3ea822

/data/data/net.ppbl.bcapp/files/profileInstalled

MD5 b077c70fe26ec92574bb70edcaa07255
SHA1 9b73a7709fcb59fa425a89d3d3aeeaf6dba2e105
SHA256 43f6e92ec6bca6e0ee75086e8fbb6b1f49c5b848849681b2f4dc62fa5843352a
SHA512 b7f95ff7f285b7042fc6cad86fbfc68af772b615a4f0f9e347404003da7f235cc29dd64647fd779ecf9bb7139c5075f0ce029f2953c83d52bca68d0c1b9a53d0

/data/data/net.ppbl.bcapp/databases/com.google.android.datatransport.events-journal

MD5 9b6a2817157ba5d2a2843c5f5bd86478
SHA1 8f35ee01d14a6c14673f9ee889b270f6fdf597b1
SHA256 3bc838b73e26edb0c57bfcecfb36cbaa5b4f7c00b83a5fc66a19d1acf2c289ce
SHA512 283f30597cf711b9f92b3484c1f081b6ecde9aa077887f68c5821f8163fa1a826433a178a7a4c5061ac8c54526143bec408d6b0cd66476dbf0820648b2e51301

/data/data/net.ppbl.bcapp/files/frc_1:16055665666:android:75ad86789caa287843131b_firebase_fetch.json

MD5 16efe09d64d3cf24aca6b6fa170f3798
SHA1 ca7862ee8611719b800de10a164580d29c442601
SHA256 5ad642c1591ddb5a7a43c223157fcd0dd39467698f2f0a683ff50def1b9b2774
SHA512 854534a847b94e0dd268ba8d22e0f5bf5761c8c70c7d7edd571e9010175d8e56f051863b8b68973f5c24649e0b8853e809f2a2f3ff5c0ec03224a594787132f5

/data/data/net.ppbl.bcapp/databases/com.google.android.datatransport.events-journal

MD5 8ae800daffa5a8fd27354de10e90f01c
SHA1 77976ae18120f3ce22cc1ab2a2b25562c08b158e
SHA256 75772271b6d15fe729b3c9e257fe513550c733ef81c13706701245e1ff1b9ee4
SHA512 0555fdabf4bf51e1bdd290595f7fcc6a9e58cba2ffafc647001e6eb3bb5489280cb18d9f0bd202d2c9625b6321fc61bd8bc464f4638a88126e9c837dfa1aa7d3

/data/misc/profiles/cur/0/net.ppbl.bcapp/primary.prof

MD5 6ff2024721c35ce8c84f2f0d5d258456
SHA1 fd3bd0acc91150e99c4ac7a3a68a723d2f0304ca
SHA256 ab664ad282283fdad1a7a6d24679a60773690019e7d5188b78d11fa57836aa6e
SHA512 6794578d401cebddbb6f264d1901fd442f23f634deb2ceb4266d8c00d8399f603a58ab986013a79daa7385f16119ac8e9e6142002dc3b805a4ff6082325544bb

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-13 12:53

Reported

2024-11-13 12:57

Platform

android-x86-arm-20240624-en

Max time kernel

26s

Max time network

131s

Command Line

net.ppbl.bcapp

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /sbin/su N/A N/A
N/A /system/app/Superuser.apk N/A N/A
N/A /system/xbin/su N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Checks the presence of a debugger

evasion

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

net.ppbl.bcapp

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.42:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 firebase-settings.crashlytics.com udp
GB 142.250.187.227:443 firebase-settings.crashlytics.com tcp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.201.110:443 android.apis.google.com tcp
US 1.1.1.1:53 firebaseremoteconfig.googleapis.com udp
GB 216.58.213.10:443 firebaseremoteconfig.googleapis.com tcp
GB 142.250.179.234:443 firebaseremoteconfig.googleapis.com tcp
US 1.1.1.1:53 accounts.paytmbank.com udp
GB 23.44.65.213:443 accounts.paytmbank.com tcp
GB 172.217.169.74:443 firebaseremoteconfig.googleapis.com tcp
US 1.1.1.1:53 firebaselogging-pa.googleapis.com udp
GB 142.250.200.10:443 firebaselogging-pa.googleapis.com tcp

Files

/data/data/net.ppbl.bcapp/files/PersistedInstallation3086997735882009981tmp

MD5 a85f2d782e63ced4bab595c975f1fff4
SHA1 1432e7e728c8cbc1db873bf990a319f636e49a8f
SHA256 2039b73e8f2209a20d7bab5010bee094c8842e1d3275c77a197e7fd8e4b269e3
SHA512 6a3d5c430b413a89f3b898364602d6988a24da9bfb3c215ed1ae5f2c21d6a827df7bd9f7a98abad47b2eaa8fe7680ef34cac3a2b9a4fd985c2280f5ac15301e7

/data/data/net.ppbl.bcapp/databases/com.google.android.datatransport.events-journal

MD5 3ddfacdd50f2639ff4ca9fb1c7b565e0
SHA1 db2a807fd6256c11c4f9cca8ff37a0ba80d251dd
SHA256 a76b6bb3581f32e56ceea2b7121a524c1e9f8b0a243a2a13e803701e1cdf1e4d
SHA512 01a59baf28c43a0ca6ddbd7e909150ccb1c3d38961ab8f4e448d2d40feb1413cc8d8e567fae534a4fa488998431c05f65f25e99c90949406c19bcc0f920fb983

/data/data/net.ppbl.bcapp/databases/com.google.android.datatransport.events

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/net.ppbl.bcapp/databases/com.google.android.datatransport.events-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/net.ppbl.bcapp/databases/com.google.android.datatransport.events-wal

MD5 6e98ae5f5a7f4514b5a3bd7908ed2633
SHA1 7969f1e7b50f241dcf872c6f0f47017a16a74c3f
SHA256 42cfd963fcf76023aa162275e718c2461b2aff38262882d966460d27a9f73ecc
SHA512 d090db4b32d297d9d422a25c8f8ad58ecb5bfcb582c141b3678509e9421b51fa82d839e9d3511d8beff506d805064e7601be657bc54f535014c619e548aeea6f

/data/data/net.ppbl.bcapp/files/.com.google.firebase.crashlytics.files.v2:net.ppbl.bcapp/open-sessions/6734A1870173000110A020C20D6709E7/report

MD5 30fcd5701f1b37b86b0b569abf7f1b52
SHA1 235c3d13c13e743869fe15536e541214589b2222
SHA256 e9a311370d81c3abbbd1329c7fe12ab46021f8632fc6a032bbcd578d330a7343
SHA512 c4ed6a4b9b0dbcb15d53f91615831ac4b78857ffd21673bd4ca42f464053e35f628c7df56b77f0d6656d72feb9bb31cf89aed9bb5d6c828955bc26c8ebcb6b88

/data/data/net.ppbl.bcapp/no_backup/androidx.work.workdb-journal

MD5 069ede9afe7007e4e8901d961ff2de6b
SHA1 42f5dcbeb70d9630260552647d152a94374fbf4c
SHA256 29ef2b822cd38c00857c9fb14a6b1e26ddcb38e514e9694431f908de02eeb6bd
SHA512 79556221c1403c3ee75a9d526e21e6832c4e567765ed2aa139492232e3b72dc8a351cd51975d0a4d29883ad866c199736401e0da71d157d0b74b762896126345

/data/data/net.ppbl.bcapp/no_backup/androidx.work.workdb-wal

MD5 fb6bb4008e6bfe710b56e9e3a3813176
SHA1 83d47b5e51b9c00131dc9d8bbfa313d8c5011bd4
SHA256 04d0b660be4b80b6050cd02e9f4fe8a4c10084522e6000f59b07193eff465985
SHA512 6afb57c3444be89bc60b383f7812629a19aac1cc9bd5f217105cd5a2edc79ca85aa734c71453925036de34954e8073ecc7150ef7c483947a3a414377908fd20e

/data/data/net.ppbl.bcapp/files/.com.google.firebase.crashlytics.files.v2:net.ppbl.bcapp/com.crashlytics.settings.json

MD5 d50f0f62f1fe2fe6db8412d61eeafd3b
SHA1 d2d30bbbe161d40be360419edb303c855ad27c5a
SHA256 acc67d3d2c0ccbb05cf404ba6f574c4bd4e127d1cc932379349c40ce520d7585
SHA512 fca7d5c34c93100334b13569889c8982d67f459a09ad5e31944ea3f3668e5423950c5dc13f5f7e4b116688e83d92025793501ab6a3492793475998a6252da1be

/data/data/net.ppbl.bcapp/files/PersistedInstallation5605910890289070092tmp

MD5 c9013333b5a01aaa627d7fa6d358065f
SHA1 6222eb87bdf8fbb7f3e01e04ff80266082e3970b
SHA256 321d75ef62562758463638a63b3d73303308b55401e0e2b496cb76b2948bcc2c
SHA512 40a8e71c25093a3c0c3ff85796bd4633bf6fdaf914445ae91829943edb5a60851a1bc402cfe2a508615b2d8a11e5acf5c213085687cbb95049b3f855c9de73cf

/data/data/net.ppbl.bcapp/no_backup/androidx.work.workdb-wal

MD5 01940422550b65f9d20343297cc4968b
SHA1 3d029d9d69c7f70b8c1d681a412b7e3c6d61e541
SHA256 72b69fad544792de84090c27a1f0a7f053e10be1e00062dd31bdd0695e484f64
SHA512 e14760a1c571eeb854f74e8249e67b4d94b31c27973daa13e8d991bc69e77b766e1b1bc94bed85de033a41e813c30e3b18fd0f5e8f1838d4e8516dbe8be0e1e6

/data/data/net.ppbl.bcapp/files/frc_1:16055665666:android:75ad86789caa287843131b_firebase_defaults.json

MD5 ed5f5186a4af58982cbccc6891e1a497
SHA1 095da07fbd1d4b6b0417ed3a765439a70d78f3d3
SHA256 cebc515740d0a81c982b9946c84969f418c00607c007846956ba3ab0f9d22ae2
SHA512 e4accf5f5c3ef093a5b4086884aa2e422ce6fbf89a7f97e3eccec8e7e41c8818ab849c787cb642753d7c63337156ac728e76a9e5f32cd2cf0aae408207d932f6

/data/data/net.ppbl.bcapp/databases/google_app_measurement_local.db-journal

MD5 8ff9c03e6779bed041625f7480c93c43
SHA1 08d6107878aa28e145d5a5e2e16b06173314c832
SHA256 9f6271a64db135fc1083d301cf1a26367115628c945ac66a07c3fe496bd26e44
SHA512 848b71880102f1767449fc8f249f63cd3698e3311de776a3c601345a56521178dc189cbe1c6ca40431360dea412b253ec569c7bdb626dfb431b0f291578e4444

/data/data/net.ppbl.bcapp/databases/google_app_measurement_local.db

MD5 4d0b21bd413730efd61f56b45acf54cb
SHA1 04787950ed073bfc5399b84f119a5d9f5df9fecb
SHA256 ec93aeed4ffffbf0b424be223173bf965c5d9c5fa776ae26c5864541dbe96d42
SHA512 53d6899e37ed477fa7ded2debd3bef9a6523e41f6fd500812b478346b43d5c0b239a47756584b69acb267375efa78453724b806c15625843ad64b692a408eca8

/data/data/net.ppbl.bcapp/databases/google_app_measurement_local.db-wal

MD5 27a2902881b33707fcfc9b9a8e699529
SHA1 25c0fe06f76e4d89bf7b39050553dbaf7be4ffe4
SHA256 51e620ade99aad6662928ad1b76306dc84b215e2a510254e02a798cf3ca29cf6
SHA512 2ca98f2399709d910b49a763c792148b4fdad4ee9dfec9016ecf81945cac706f086e20579fd5c1d46c7e3bb81608977663ce09456772e67885f33a920938baa2

/data/data/net.ppbl.bcapp/databases/google_app_measurement_local.db-wal

MD5 94d586a2c87c48f87f0b68a6c5b36252
SHA1 699bb0deb0fe4f3443932dbb44043e3f362442e0
SHA256 bb09d7485bd97ae530aedd7502afe676df1a5d6117653a1ea8f2995c73c0ffe9
SHA512 e358c04ae3af1795e804d1b6673eb1d088ae2d2bd16de7f36a052964b411bf571c5527f0042a541039dc2d51f08d11b581f131fb7effce073c0f583bcaa5891c

/data/data/net.ppbl.bcapp/databases/google_app_measurement_local.db

MD5 b3d20528cc9637f1faf7e3d319efc758
SHA1 39591524baad1e53278e8e1632bb2d81753f85db
SHA256 7cd65ed150f840ff11b8f772544e18f9adb333faf34494f1d623031ac3925924
SHA512 4bf711ed4b2faef28bb4e1f5389c6fcc0c8bd4ccdb69c63ff00160463018a7307010e970e24ad6345e47e1e31aa3ed56716d6af7224a75a3cf03a6333b8d5e07

/data/data/net.ppbl.bcapp/databases/google_app_measurement_local.db-wal

MD5 3f6d489bf7c84888b4204b46702fc27b
SHA1 4ec3fca807f4a8ce441fff55089c9baee8e3fb2e
SHA256 8e67864affdca6a75fa733693bd725ab937cdb24d060caf83606b416daa14b75
SHA512 07ab0f518856e261146c16635621ec8a810c7fb6d871937ac69d3d4e26c7f0b45f407060f54aabbf7560c113db1c9dfb8163c9ef29218faaad3467018a5f6d30

/data/data/net.ppbl.bcapp/databases/google_app_measurement_local.db

MD5 7ba871ffe27ad8258f34d0357ede223b
SHA1 3e783acba83c1472697bfd2ae76c3e68f7545c80
SHA256 369500c5b4dde2d6019eb089d218a7a6201b473fe6ac0e87d891e0f821b0285c
SHA512 60969bf32757c077c3fbcb3e135fcc43c48578e6da7b3e22fed20623d67f7c9976ff601bccea3750aa34fd4404d0b5b9280c79df99ddc2a1d1bc465001fbad3a

/data/data/net.ppbl.bcapp/files/.com.google.firebase.crashlytics.files.v2:net.ppbl.bcapp/open-sessions/6734A1870173000110A020C20D6709E7/userlog.tmp

MD5 c33583fae4e0b61cde1c5b9227963237
SHA1 fe2ebe4d27469af1460f7e852031a04208ef629b
SHA256 35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512 fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

/data/data/net.ppbl.bcapp/files/.com.google.firebase.crashlytics.files.v2:net.ppbl.bcapp/open-sessions/6734A1870173000110A020C20D6709E7/userlog

MD5 32e67936a29890e7fe3ae8342c44db8c
SHA1 b670866afc1f6ecdbc56d0cfed9a436750aeb354
SHA256 4f09b99040c05179b1eecf16d4837b50c9cd5071cd1536f19c8bc7fe75188947
SHA512 8b33726885b09d7d7015ba83d3bdcc49cd36538ebe6a92ac7278f93b2ef8ffec9b1417a92e739b9762e77f88f4dae9780629eafc705217b46aeba10e6ac0479c

/data/data/net.ppbl.bcapp/databases/google_app_measurement_local.db-wal

MD5 0b674a70ce0d8e18014d3e5bf1badf02
SHA1 0479e0a6178abdaa9def0abbf6a794bcae1a9e87
SHA256 6c50cac06aaca5c7bbe5a7ece07a6eb1eee7a1701bd11408b244111a22512151
SHA512 91e1dff51b063655651988215384df2b2b6562c1fb5be35b68d4600cb2e4b6c919b036339842ca6cc6f15844886936b78395b9c504c91b2ff7534ae4583cd9ca

/data/data/net.ppbl.bcapp/databases/google_app_measurement_local.db

MD5 2315079505e878cb2c487463981a7aa2
SHA1 6bc5d47e1d216412ca6f132b6818bb8f583e0e84
SHA256 5a49d86a9a7c41fbd282e22cd07110fadbce6370568eed03083163a66401acfd
SHA512 c4dc50044f6efa9867006f5bf75837c2f2b8d7ddfe4335f69ee9e2baa3e9ad0d6279a09bd5359a486aeded7a13fdecdcd60aeac75eaa621ef4babff235c17acd

/data/data/net.ppbl.bcapp/databases/google_app_measurement_local.db-wal

MD5 95841deb51c97313be95cac32c2aaa6a
SHA1 598aecb3df278bdda829563d1c42ca445677a27e
SHA256 332f36481e1925b1da80436ae61b9d7a63720243c218917d0d9b4ef1f7696cd6
SHA512 c0b614a5a1aaf7512bcae189c8a07ebd75090dfb3db7aa7bdfbb9e5a5e0ebb6073da18126cbe8a902840ddd88a8864bf71d4f4a126805cbfe0771da22361124a

/data/data/net.ppbl.bcapp/databases/google_app_measurement_local.db

MD5 5fa23205bb2beb0d965e2b18621fc5ae
SHA1 807c90de5366f5d442cd3d0cda7a0ddebb78bccd
SHA256 450008ec6e289f65a0cd258b244a70786024e453afaa9460f5aca7805b7673cb
SHA512 005c6a7b106d2121a2ba9dd296bddee5066c1c4a8659bc37219e9c1d502dba52892d69f14bb856cfa2744df8df8b3f615e9d7988998148d6a5969a1fd49aa443

/data/data/net.ppbl.bcapp/databases/google_app_measurement_local.db-wal

MD5 d855c3eff9126e9174ccfb478055ff81
SHA1 cbfdf32a128621de71ab0318039ac57e0c2f6ac0
SHA256 1e5d7badb5542e06af30595f5786b0e803759afdc2195ba59ec6940f1f771711
SHA512 0f31d482c6e57301b2e1de5edf9fc9ea7b0c6e839eebf6e0be88b5353da224e5613cdf1e9680a6b28fc53d0564a213b05330e2fb613267327ca5f8d310183b88

/data/data/net.ppbl.bcapp/databases/google_app_measurement_local.db

MD5 bd13486d55b785d5f87e819236520ba3
SHA1 21b82fbb8d736da737e6a66040419f81609dfdf1
SHA256 fae665ff0b99f954f64d23866ff040b5a2fa67657170ae9282d29c38e6b4a301
SHA512 450d0702efd6ede82f5d6019d95b350269989534a1cb42a3eb4b10768fae12d679fd13345fd489cb9ac39c72b610413bdec3a1d0a5991b1f26e6f9285e239303

/data/misc/profiles/cur/0/net.ppbl.bcapp/primary.prof

MD5 847427978468a1178911a1acf67d1040
SHA1 e59f854cf8403726989e66fd502f4c48fe4a8a67
SHA256 9c7f012b6a0df9d26ce3bd534c78f1402b60ccb6fc8bfb4e6983eaca5bc63a1f
SHA512 3fdaa3cc186ef7d97f1f8990875b8e4d6083509e683bf9303a16c118307e95c6c918809d3cd0ce344964e4634a3d3958ffc214603ef47e3f32a1c4c8b176cdb2

/data/data/net.ppbl.bcapp/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

MD5 cbd223818088f4de64e36ef805c8f3c9
SHA1 fc1158283ec7416c3c5264c90cb329e2145931e3
SHA256 b241632b93d8ededea908be28730e1f134dddff5fa077d888a5b4cb7569e44f4
SHA512 6f3d382156d49724371aebce43f62aa889d2b9add75c25d8054c5d76b6c4c04c9df30fc2e50ee2125cc9daef25e4b85e8cff14c9ad470d6893fe070ac8008642

/data/data/net.ppbl.bcapp/files/profileInstalled

MD5 4938549c07b80a43a87a5c10a457270c
SHA1 a00115a0de4e24615412c65f3f7ac8a0f1a3dadc
SHA256 81e2aaa5db497ad152913ae08fc293d380d8424722fdae5b4669049309bd9797
SHA512 3e12d56c63458f61f9068b60d7203fd950d2bd058354f29e4984d5cd8622da4a07d909daa23a361ccae7e8988c683cbfadd621b8ee6ddd8b5d4f8c5d30031ebd

/data/data/net.ppbl.bcapp/files/frc_1:16055665666:android:75ad86789caa287843131b_firebase_fetch.json

MD5 bbbd0c20f2f36163bb1ef3392ea76346
SHA1 bc9987ba6a37e2c3dc83dc50826b629a504d7248
SHA256 479b8e8b228cefeb790113ab9d5efaa80f64a299a9752a4ca01f1a521a2198e7
SHA512 d1fbcc94edc5a9db9d60fc9556ab55cb2dda5dec7275512ad72dd32b16fe6008320236877e3a061f751c764b87f8d682f2b6acb65cbf2764552a5fec8f062f54

/data/data/net.ppbl.bcapp/files/frc_1:16055665666:android:75ad86789caa287843131b_fireperf_fetch.json

MD5 84b03e99df6338a077a5199193aa4804
SHA1 77bd7acefb82ab89c407e5c12fdc9909214d1d66
SHA256 18e816bfb96efec318436187edbd7d4eeaab201746fe681bb208247da401be9e
SHA512 168b56a09d6e13745f837727c6268b0f87b2c97a9a5916e6c4c47e1b347c7757fb1b6cdc3c69ddaa4b53ba7281c2a809978006b6c28dac5c5c9d2889bafe31e2