Analysis Overview
SHA256
1ef0c4d0484f9c859cc0e61223d71579a817736bf741bc6001dab472a95c56b2
Threat Level: Known bad
The file 1ef0c4d0484f9c859cc0e61223d71579a817736bf741bc6001dab472a95c56b2.apk was found to be: Known bad.
Malicious Activity Summary
Irata payload
Irata family
Checks CPU information
Checks memory information
Queries the mobile country code (MCC)
Registers a broadcast receiver at runtime (usually for listening for system events)
Acquires the wake lock
Requests dangerous framework permissions
Checks if the internet connection is available
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-05-16 01:06
Signatures
Irata family
Irata payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an app to post notifications. | android.permission.POST_NOTIFICATIONS | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-16 01:06
Reported
2024-05-16 01:09
Platform
android-x86-arm-20240514-en
Max time kernel
159s
Max time network
131s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Checks if the internet connection is available
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Processes
com.mycarroll.app
ping -c 2 -W 10 -v google.com
ping -c 2 -W 10 -v google.com
Network
| Country | Destination | Domain | Proto |
| GB | 216.58.213.3:443 | tcp | |
| GB | 142.250.200.42:443 | tcp | |
| GB | 142.250.200.14:443 | tcp | |
| GB | 142.250.200.42:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | google.com | udp |
| US | 1.1.1.1:53 | 206.187.250.142.in-addr.arpa | udp |
| GB | 172.217.169.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | irnadl.com | udp |
| DE | 94.130.217.114:443 | irnadl.com | tcp |
| DE | 94.130.217.114:443 | irnadl.com | tcp |
| US | 1.1.1.1:53 | i.ibb.co | udp |
| FR | 162.19.58.158:443 | i.ibb.co | tcp |
Files
/data/data/com.mycarroll.app/files/PersistedInstallation1526369903264478490tmp
| MD5 | 15683f2bf9472b17b65939f925bae028 |
| SHA1 | c45a749d978a05a2ae485a4afa9c18f4ddd57795 |
| SHA256 | 46a365707aae4bbf182b9f1f401220e9acfbb577b87c90034c8d7596ec3d3083 |
| SHA512 | 4ed941471005702a6fe0843c7255375feedfdc34ebac65e32c332a34ed73338414978cc791fa8e8b044b965baedbaebcefe4c494622434e678c876b4bfe9ffb3 |
/data/data/com.mycarroll.app/files/port.txt
| MD5 | b143bb9b14c916972f31e4ce92ce9fb3 |
| SHA1 | 9d365fb5be0934e134cede71eaf6c29e5170f656 |
| SHA256 | bab3ce5611fdd6dcb48e24c4a8f7d34e2f0b2eaca95418ce0c26152e8f2a844c |
| SHA512 | 89993f29ebad7daee5fe55c460082c86eab646647666d2d6113dbf8c7739bd42425857f539b1c071dba7047c590b4ae11b95b0da2f4de3ab9a95639046453ed2 |
/data/data/com.mycarroll.app/cache/~test.test
| MD5 | 098f6bcd4621d373cade4e832627b4f6 |
| SHA1 | a94a8fe5ccb19ba61c4c0873d391e987982fbbd3 |
| SHA256 | 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08 |
| SHA512 | ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-journal
| MD5 | 6085c7f90f80ebbeea3e0a577afeca20 |
| SHA1 | 0818a39168b70443c940f822fea9149f0d7a740a |
| SHA256 | a28c86a22b34042e58b40df82fee1d152dcdc6a455b295f02a7343cc49a56a28 |
| SHA512 | b3c0f7e7ab84ea5c37897747fece2338e1b8c1cbbbeaf6305c40100eaf0d9ed9753be723bcfe62b18c57addafee45a282bef50e81a79951b043f99f1fbdb3a9e |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db
| MD5 | 7237409e0640cfab7bdbd429bf821a3b |
| SHA1 | 4c3da934842f8d4835dfe2a9c275a300e5123309 |
| SHA256 | 5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa |
| SHA512 | c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-wal
| MD5 | 75ee7294d88c53309b27a02dae7f676e |
| SHA1 | 635c01c3ac7cb418ead73cc14081ef92f522e2a6 |
| SHA256 | 1e2d474a1922be68a544a0779b8d2e6f0b17a4decf93ef21bd4f3d46079483d3 |
| SHA512 | efdaeffdfe837b2bc1b14d7e7030dbb7edd97fb9fa553a02d90e0336a029ca74c8298a2e71e992ee11aa8555734fab5dc3637521db76884948daca4e2dbf2828 |
/data/data/com.mycarroll.app/files/PersistedInstallation769603698939267176tmp
| MD5 | b55845a407382bd410579b55d14b97c0 |
| SHA1 | 979ccddebadc579cd52e03b3d4d79fea56911962 |
| SHA256 | 427d73923096d70d7c90c47e7376eb894830f3c30f35c0c0ffb5d76d62bcde8c |
| SHA512 | ce14cca3893631663c66db7f3f59368d55a9ab6112bcb9044ca86074a12b906e3b5bfb12eef4857ef2f837e65a24bdb87562d6f84e0b846ea4ef4021b877c241 |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-wal
| MD5 | f3e0cfdd46fbed9ce733b7d4431c6640 |
| SHA1 | 7e546738ab1db65e4c79bf7adbe5c623a356aae1 |
| SHA256 | 6db6426478467a7cda29743cd5ad40ad0bffd0584065fdf069b27ef6832d0890 |
| SHA512 | 0f85779ea91f1287067eea2b6a9a44cadb66d15d9c1688d42948e801bd062aa51904d5269e7b844986a121bd479e1435203ad6d70b5d2da229b7b851e1c4e605 |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db
| MD5 | 33ef6e4fa77f54ddd1056002ff95671c |
| SHA1 | 3afed5471f5f316c9421acceddfc7cb8a1b73ade |
| SHA256 | 89640da31916359d575fe943d14e613686e71978a3163b9aff8875cf795a9f32 |
| SHA512 | b9fd26fe35e1974b67a45623e2c8bd8615bb1a91d1161b699c1aa4657fb22e0d18b9f4bd13c66d031904c37356d8b49939b8a358595f32241ececbd40a142dea |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-wal
| MD5 | 2b7c189ce20cf85e9513e745f205c9aa |
| SHA1 | af6aa0511d08ece806f6b1a6dee3a565ea703cc9 |
| SHA256 | fe2f1572ef5d4279f7456ea221c157470c99bb540030ad21ff20790f3ca9921b |
| SHA512 | 5d0885f7ab2b28f90bf4d647fc75f6eb5b0fcc3ba3eedd873b7b937670374d0b7e5082981142a1cc0e4a784ff1ffc68fe1498c486ef5c66a1308bb100950a071 |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db
| MD5 | 4137099bb8c2dd742d81d7916c5ab5ff |
| SHA1 | 2e9f141e38fae8668b93c65b5c30aabf91be4a20 |
| SHA256 | 743483d209ed5f5be4b0dc308a0c975fe156284cdc22cbb045354f424ae471a4 |
| SHA512 | 6766d9d3bce0e973efc3686af8a22e8c3837626e9b1522f49c2727443eff30d0a215e2afba0c07d7ae8e311a9b216468abfcdbadf70f7862327a18adb6040f40 |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-wal
| MD5 | 7f49bb428d46b71ae815509bc201c2ab |
| SHA1 | 7f8aaf063d587752ada3be7866fac99794d022dd |
| SHA256 | 5e8086b0f90e7c239e12f2a77720091961b14229c1441c9900dd1444469b0e51 |
| SHA512 | 8311ee8eb7c9b1d68cacc4d92dc67954e9a9bd82114e97f039986246a45eb77d2b5f2513101594ef4e7a026f2621e2cc935b94acdf527e3b5d5ccc5b00756ebb |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db
| MD5 | 058da6d2478ceb4fb344d6d32e7163ea |
| SHA1 | 33c9b7e5c3955d977271fd4fd0ff751eab713469 |
| SHA256 | fc7b365e112e31d87e7097d637a61396b6d745669be13db31c73dedd8047a084 |
| SHA512 | 07ae5863995385e6af3cf2dadf632596b3b442572446e85648cec0eba90555fec0be94d823ffceea4297f8292dd03bbe77608cc6227f3530b781e9e3fd04d929 |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-wal
| MD5 | 4a44c14ace60ce887bdde8bd75557588 |
| SHA1 | c3e502e9899ec88553ace10f69d66584a3e42616 |
| SHA256 | 4af70c24d246515a827502efc2130fd1c9b31b4bd81f233f1b43913f531ecbb1 |
| SHA512 | 29d83c73ed603a8531ebf0564e1851914ed2455c7fd5b411cf6618938d069ffe39b09d8d1669f030004249966253f1066e29da9318659d43b7369d080e278646 |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db
| MD5 | 611401579c78a124522f06f0545ee6e7 |
| SHA1 | 3693490a77894e856094c1b82074e305f45d504e |
| SHA256 | 3a3f425c2a45d0a5f861d90083a087ca6b20c310605ae1d69d6b4f8c14ddbbeb |
| SHA512 | aefd2a855ef8ab173963819ff40319a3a72a2362d334f814845d6b3a28ecf8986f4de1e3b3c83b3112d7fc5c34dcbeb6752209bf751a5d8977b3b860ced21603 |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-wal
| MD5 | 39cf5abc36cf09d96c4580024c44d2fb |
| SHA1 | 8dfce3ded11a58ffa6eb8e8e002441f973d4ea41 |
| SHA256 | a6d2a5182b121b1d6e5b17f400d64e510bdea23eeacc422d3c4cbcdf1183841c |
| SHA512 | 4e526daa12158a0afada6c41e914fc3624131a1f36218148e3d9a9d200ef50301846e52244a4d5d0a347355cbcae5ac5dad97bea94259cabe0c2993b4e4479b9 |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db
| MD5 | 6e51f0580a08c55cb6598dee996c9be5 |
| SHA1 | 225ee2d2dc97eb5e816e7c219c2212f7ac57a835 |
| SHA256 | 6de59d2460af67b546c95f2ac9d7f38945f3bbfc46645c7f291ecb1dcfe05ace |
| SHA512 | baacdfdef9d5d6abab374878f63d6749862f7f2bee7d27ec859ba2655d21fda76721bed71d1bde0799c332b0ebb6ce317d18c08706e36b04b0c0768fabe89f90 |
/data/data/com.mycarroll.app/files/MessageId
| MD5 | c4ca4238a0b923820dcc509a6f75849b |
| SHA1 | 356a192b7913b04c54574d18c28d46e6395428ab |
| SHA256 | 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b |
| SHA512 | 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a |
/data/data/com.mycarroll.app/files/user_code
| MD5 | 8bb4cf25f650a89662962a152efbff00 |
| SHA1 | cf26a52644a7b28598a852aa82ed163604ba415d |
| SHA256 | 3ff96dd3d17f6f84b4e9e82a00d8d3e2e0930950e8fa5d1b546450ea87cc60d5 |
| SHA512 | 17be9dc202163f233c92a654b72ce93c424bddda537835819bcb4f0ee95e2cff9ade19d7c0059627b5bc4fbca072caa1841f84f482f8b6ddd6c4e2e739b5e048 |
/data/data/com.mycarroll.app/cache/1
| MD5 | 8a0e0e38ca6cb99521cf5b6aabc16546 |
| SHA1 | 22ba8b27226a44d4e95d958ddb4dd8d778f6ed68 |
| SHA256 | ddbe28591faa50935ec4aa1eaf0dad65a35236450711525d6c83104d34173a92 |
| SHA512 | 7949721cc010b0f20bb7c3af6e704fa3ae0d1af2f46f2a766ce7a3fdcfe4ea0d883f3d37c06707ad7b34ea0f8202f6383c5ceedc90cf31b1b87f8ba62fef6c47 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-16 01:06
Reported
2024-05-16 01:09
Platform
android-x64-20240514-en
Max time kernel
5s
Max time network
170s
Command Line
Signatures
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Checks if the internet connection is available
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Processes
com.mycarroll.app
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.179.238:443 | android.apis.google.com | tcp |
| GB | 172.217.169.14:443 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 216.58.212.200:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | google.com | udp |
| US | 1.1.1.1:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 1.1.1.1:53 | irnadl.com | udp |
| DE | 94.130.217.114:443 | irnadl.com | tcp |
| DE | 94.130.217.114:443 | irnadl.com | tcp |
| US | 1.1.1.1:53 | i.ibb.co | udp |
| FR | 162.19.58.160:443 | i.ibb.co | tcp |
| GB | 142.250.187.238:443 | tcp | |
| GB | 142.250.200.2:443 | tcp | |
| GB | 172.217.16.228:443 | tcp | |
| GB | 172.217.16.228:443 | tcp |
Files
/data/data/com.mycarroll.app/files/PersistedInstallation3477351480173284065tmp
| MD5 | 17169d7837810ce3259611be0f9e0c0a |
| SHA1 | 22ecfd37a4b9fdcffbd73d6618bce00bd08252dc |
| SHA256 | 52f81891ab283eeeb0c26e7bed8357b6981a10cb2679a998e46c6d8c85077f5a |
| SHA512 | b838eaef1661120c73a7df6abfe4dfee46efab2b4b19dac38c6657c6290bbce302827859ef78ea21bc039211ff1bc9dc32cfbb7890d21a33dba142131daf8539 |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-journal
| MD5 | 41a4e01cac58131c7bd961639698d70d |
| SHA1 | 1cd5f507970f9c0008ff50468f56b76e997c7e73 |
| SHA256 | c948b70b27c7e8e8c37a5a690a6a12e4648c04ef6a0a03b617e0935be1caf492 |
| SHA512 | e256f5924e2d62a138e8492f73b0e6db2991ded14ea92d1711cabbed48a5c076c973a1d0c70e28d5075fa4ca07f60d8a4ac4e8dcd3aeb6ad701c45651e6bfb68 |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db
| MD5 | eb52a90bb70b76e946b62f50b6f7fb85 |
| SHA1 | 42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0 |
| SHA256 | 48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4 |
| SHA512 | b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-journal
| MD5 | b6757d3499e8c0671d514d1f600fa1d9 |
| SHA1 | b6b09fb5929b675348a65557f4e7fbd1760ade83 |
| SHA256 | 0e4f39b09ab654c610aefee2bc5ff89c3131aeca6edf5bd11112fb949fabf955 |
| SHA512 | 418fe09127b4efb9cd3c87ec6f128aa54bd67e209f1a043027692b8d70dab4d84c38f1d9826e2ae51d50137c52bb342742b326c160099259df5d7e107ad54380 |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-journal
| MD5 | 3e89c90e5b8eaf01718c3ac2ce0dbac8 |
| SHA1 | ab032a1ad8d474a7b65e311aae0cc09712a928ff |
| SHA256 | 8345fb85c6ee1aaf1c49fa1df9c2957c0eb52e0476fdc4ba1bad1e8eceea5eb9 |
| SHA512 | a08fb1b1345e2c3eb8b907f6f821ea76bf8909ca72ef94086223befdcbc446e77190c550f0bb62060a9b20e427e08237ebb73d2f55c960fe288fce463b1adbae |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-journal
| MD5 | c6d8c8fbcb09d3b2e6a24a09ae438f12 |
| SHA1 | 219ca3f2ac4bd54860c4f407825efaad361b674b |
| SHA256 | 5afc6d591aada686c00de349685e75a613414ba46998daba62452891a1f95b6b |
| SHA512 | e53cdad3bff22b3f8f35eff8ae0bd73679dcaff3097d0101ee10fb9a54704e4dcc3d732a37877fbceae91bbf7ddd0f57c5cb61efa2a15c266c89cf15f6d0fd93 |
/data/data/com.mycarroll.app/files/PersistedInstallation7787334119095824275tmp
| MD5 | 81ec39188f8c62adb61a65b7a05fcf73 |
| SHA1 | 4b2433ee2c6c06b00cc70c0e65cd3fc9384b941b |
| SHA256 | 6f8bcc480c901ea8aa3f8eced93f11a58f6622d1110e9166e2f4c16f17a793ee |
| SHA512 | f98035173230744d4835023cd4deaff81e2575e4c349391c34c9ebf8b99157a13612b97bfd1f5d3c462647c1538b8d85fb8242383cfadf0564d3b0799a746968 |
/data/data/com.mycarroll.app/files/port.txt
| MD5 | b143bb9b14c916972f31e4ce92ce9fb3 |
| SHA1 | 9d365fb5be0934e134cede71eaf6c29e5170f656 |
| SHA256 | bab3ce5611fdd6dcb48e24c4a8f7d34e2f0b2eaca95418ce0c26152e8f2a844c |
| SHA512 | 89993f29ebad7daee5fe55c460082c86eab646647666d2d6113dbf8c7739bd42425857f539b1c071dba7047c590b4ae11b95b0da2f4de3ab9a95639046453ed2 |
/data/data/com.mycarroll.app/cache/~test.test
| MD5 | 098f6bcd4621d373cade4e832627b4f6 |
| SHA1 | a94a8fe5ccb19ba61c4c0873d391e987982fbbd3 |
| SHA256 | 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08 |
| SHA512 | ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-journal
| MD5 | 26362657da70151579e4ad117937ec1f |
| SHA1 | b79fdd068ed84533bf260b7333056be935c3ec98 |
| SHA256 | e84c0ee1efd4820160c9149b1a526ab7e1d910266e1ffd2e5930bc7eb8ff3a46 |
| SHA512 | 7f1ac0cc8e3796b38d9e6be834fc372c07860d8904ba52c4bfcefd02720a50e13401a54ffe50d3e1da4057031215ce9c5a0dd00b23f5d3d158f7a72d23a5e4bc |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-journal
| MD5 | e7ca2897b6c1e6e9744e47197876d955 |
| SHA1 | 9b881d846f62e3745fe63be0a9fd099682c9b1c0 |
| SHA256 | f340e33bd6be414d384d3d5da42861fefcd29449667ad77e5292ce1be2deccf5 |
| SHA512 | 09de7562745bd070b22b6e497441ff5dfcc2b03a14d3b094ae4d7f895a0a9c2d618c33ba42a7a4d226ba3aebfb8fbfa48edf2988e34be84f7dc2cfafb0d1ab0c |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db
| MD5 | ce1e913b69bf61975d98228d41d238a8 |
| SHA1 | a25da66ee4a0e6306f4f652fcd1959f1cfe29a57 |
| SHA256 | f87366661eb1757d48a7cd1ca5cdf40191ce71a3942cab3754db76035627bc79 |
| SHA512 | 11889638af750e64910ac961c301602f6efa53f8558ffbfa623f0d1d8ab03c4d6066b954a8a553ba2449c119009d0b6e0ffe3a8873e47419adb833b9d07c6154 |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db
| MD5 | 9eb22a2c3eeeb721ff5d94babe5c4f38 |
| SHA1 | d78791e4943c73a20df89a3852b2552cf0b8bd1c |
| SHA256 | 077aadd6f30f56258d9bd9819f8d0c8ec315ffc8049cf0fbe99392fc1e4ef6a1 |
| SHA512 | f822867caf8802e47a3ed3072754a522b948fda6ab54088850d5025164c2eb4a1cac2ef02b676d8bcd68f48d14fb8c13d1414af1dd16af6890f4cf4b4c83a882 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-05-16 01:06
Reported
2024-05-16 01:09
Platform
android-x64-arm64-20240514-en
Max time kernel
123s
Max time network
132s
Command Line
Signatures
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Checks if the internet connection is available
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Processes
com.mycarroll.app
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.187.200:443 | ssl.google-analytics.com | tcp |
| GB | 172.217.169.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.179.238:443 | android.apis.google.com | tcp |
| GB | 142.250.200.36:443 | tcp | |
| GB | 142.250.200.36:443 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 172.217.169.68:443 | www.google.com | tcp |
Files
/data/user/0/com.mycarroll.app/files/PersistedInstallation860418874882998762tmp
| MD5 | d7c75557a3b1a61479b1129536da9ee6 |
| SHA1 | 3aab1a3b6b8f0517af8825542ac2756b7beccc48 |
| SHA256 | 2ed1f397acd8cab2313ce63fae0e2d2ed87e9e29543c5c3e73e94f41dc6040ea |
| SHA512 | bbc72cc7747271e6927babce45b2bda992c3169c66b7739970d8baa618e78962b695578ea2745e35f9e5b8833eafb3df915dc193a1d80d1782a5203ffc755724 |
/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db-journal
| MD5 | 99902d53fe8a10bd7823b477b2ef2612 |
| SHA1 | 280dade509e8555eefda536f1dc2b1b446f21f76 |
| SHA256 | 8265ca9046816e3528c008a08221d9f84f88288115c7d6bec1ff4586d2a8099f |
| SHA512 | 4b52cf08a21e191a182f3691e7d06120252ca9af4e24f95cb06c30df82c7b88b1c29b50571e538712f78eb80453d74aa60cfdbb4bb456294288c866286d9489f |
/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db
| MD5 | d9cf75fdd1c2292d986f6c3d5d60f2c8 |
| SHA1 | 07ecb1d3a26d952ae5fecf54f36699ab498510b1 |
| SHA256 | 2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a |
| SHA512 | 442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb |
/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db-journal
| MD5 | fb7162dd07024c51d664a7c56bc0ffd4 |
| SHA1 | c2483906cdc65990307d5012b017c9f48d5eb73c |
| SHA256 | 0cefd379e21da64978fa7791fabde9f401c4c588a459db90dbd74185233a5815 |
| SHA512 | 33a7c3d4bbdcc8394aea18e156a65e048639ee986489401ff9255c3064c823ada8aff06d8e0e5cfd28773fa6d1a368d669110bc5528a602ed6388d4a6f6a0ffa |
/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db-journal
| MD5 | fd4e1dcc1fcf7c97b27dfac9ec00d511 |
| SHA1 | 9bb8d19f32039eb233b86192a3b115ad022b7b41 |
| SHA256 | 4b60a91f1021e0e33fc7cf3fa1a60a1136155d3ec97b195bf2ee8e94b893fe03 |
| SHA512 | ac12d6adf81e83709b25dfe8c7b593e8f86219761966ee3a5692e509f636e00ec26731c2b236016edc99d03c629ae819ad9a8cd08382c117fe293b03922270af |
/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db-journal
| MD5 | 4c11fb8bb13058a649fef23ac8a6faa2 |
| SHA1 | 486061c0c4c7187c083a335e441844b0ab844dbc |
| SHA256 | 142c929d461d50de5013c4de51424180515c8d7121a91c82215fe3bec3ec554e |
| SHA512 | 037b7bc7cd716e8d6a1d75b1bac9158fa79e9feb4b02322fc071906429568ad502b6be77b3e0dd17008cb28a5489d8b2cbc6c7c0678b1abc3f27b19f1919d463 |
/data/user/0/com.mycarroll.app/files/PersistedInstallation6790467859436629390tmp
| MD5 | a42d0adb66583144dd9bbd5b37ead5c9 |
| SHA1 | 7ca4a95413d7427c1012725f329ebfd9cfd7f82d |
| SHA256 | 37e36502709433c35db7f8fb4ea126525165f556b3eeb195ccfbbb063f36311a |
| SHA512 | 9c72f01bdad53a22dbba41065aae8adbdca07a80441d0000d6b1bb0d253ef717c1bedc7f0a8e33194d20935e3f72acbddfa9982c6dd27c1b5c84d494efb91175 |
/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db-journal
| MD5 | bef07dda973397f24d609991bd101ebe |
| SHA1 | d2e98cb32a6dca9686504320d280e7c855d49b84 |
| SHA256 | dc6b2877241450a74bb6130a90c3e8ad3f3321fac95afbac86e6827e5bd0cab7 |
| SHA512 | 23db45e44add4f6c39435295ac9a4866cb4d8bb14709aff2dc148a6745e355b370afaed435df9ea13b678078972a52a5ddfb61095413fb6e7290db31ce222d88 |
/data/user/0/com.mycarroll.app/files/port.txt
| MD5 | b143bb9b14c916972f31e4ce92ce9fb3 |
| SHA1 | 9d365fb5be0934e134cede71eaf6c29e5170f656 |
| SHA256 | bab3ce5611fdd6dcb48e24c4a8f7d34e2f0b2eaca95418ce0c26152e8f2a844c |
| SHA512 | 89993f29ebad7daee5fe55c460082c86eab646647666d2d6113dbf8c7739bd42425857f539b1c071dba7047c590b4ae11b95b0da2f4de3ab9a95639046453ed2 |
/data/user/0/com.mycarroll.app/cache/~test.test
| MD5 | 098f6bcd4621d373cade4e832627b4f6 |
| SHA1 | a94a8fe5ccb19ba61c4c0873d391e987982fbbd3 |
| SHA256 | 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08 |
| SHA512 | ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff |
/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db-journal
| MD5 | fcf893fcb30433666f4ed9b6e91a3139 |
| SHA1 | 7ddc0fe06f3723307c5ecb048e8ed7049503a547 |
| SHA256 | d47852a29cd2b4e2fde5afa985acf414a31d54a5f9d4b3c3d92bd4641cc96ca7 |
| SHA512 | 56a6f5678966f9ebed855df44a2212fb2adcefa282be8918822284d05f083ff086d04e9fc4165ae7c1bb75952dba0069eda56b25a3f124278a12f49d13c18571 |
/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db
| MD5 | 96b6844504ab2b5c29df05e05f94a7c7 |
| SHA1 | 57aef357375d4848f7c9e36dc9c16992ce886007 |
| SHA256 | d1711698d0f311bed82886eb9300947819c45c3f16e5e4a4188fdf5a6960b8f7 |
| SHA512 | 088f565b6c203474036c4eb41b41ec9891bb9aac95c0c77a708c19be3b7c30be98dd0a990d62f32079b050bebeaf560bd60334b9331954a3479700705dc8f39f |
/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db
| MD5 | d52c0380172b04a330e88909259f82be |
| SHA1 | 9ad1584c6b5efe3c72ecbe98847637e08e955153 |
| SHA256 | f8d5eef1eeca1d5406ef47a20b27a7f1d256a543e3c461a1ca76a9013ca7f81c |
| SHA512 | f539a152da247b66910259e4b5255aa4a9871605ca4c9f873d8a69d86ec611d2266e02b52461d82a1865c66154051a9f903dd39b2cf29b96b642942c9022554a |
/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db
| MD5 | 9db361ae559d9fdcce9da72298dc57ab |
| SHA1 | fcb67421ebb888e4cc6a811a4df7e60903f50f0f |
| SHA256 | 9549d12d510595564519829b05338a03e2028be577d06e4e6b2ce6f8ce6b25dc |
| SHA512 | 7f28ae2abe0bdcaef4822726b1797517351d2aa7f83cad2d20f31e08258d7217378a7d4c7e63bdb17a74f645c6b6eaa08676563b0a5ef2c034afa3175815b93b |