654e2cd54529f03d48dd196c65051db18af984e59f88c48a5f2bd8c538581bcc

Analysis

max time kernel
10s
max time network
155s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
16-05-2024 12:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

صیانت.apk
Size

2.8MB
MD5

beccc97980716f98f9edd058018bc90f
SHA1

a0f0da9b1306f2a1ce64246161467b2694190ec6
SHA256

654e2cd54529f03d48dd196c65051db18af984e59f88c48a5f2bd8c538581bcc
SHA512

461e298e37e57c075dd2dd43c3dda5f223c6b62d5a910215ed7701318e2db9940c79f0a5234297b3abc712eaa7ce35e9a034663de92edd1ec7bd64197ce226c5
SSDEEP

49152:4/QsZrOCIQVl2KGQx472EXF0/BgrUIwGoKUOPNUzgwcLAB3nxNd3JFaWY:m26lZS72EXF0/8VwxKjPWzMLAhxP3Haf

Score

7^/10

discovery evasion persistence

Malware Config

Signatures

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.mycarroll.app

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.mycarroll.app

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.mycarroll.app

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.mycarroll.app

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.mycarroll.app

com.mycarroll.app
1⤵
- Checks memory information
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
PID:4268
- ping -c 2 -W 10 -v google.com
  2⤵
  PID:4311
- ping -c 2 -W 10 -v google.com
  2⤵
  PID:4436

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.mycarroll.app/cache/~test.test

Filesize
4B

MD5
098f6bcd4621d373cade4e832627b4f6

SHA1
a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

SHA256
9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08

SHA512
ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

Download Submit
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db

Filesize
16KB

MD5
4b83882c330c52c15dcb889a607caaf7

SHA1
e2081ca475e90bebec6a97b8671ba04888ce3f29

SHA256
0ea13c61996e3655fb1608846857b55a9a1504c8dfd2c8b04bf25fa20b33b3c3

SHA512
55a05d152cad001d9f78552d7b332dd5107b2d698d32b504876fd67db996fea8c7183d2027e1b6b34d2e006ab3276bb92e5066acdd33aec12273f6dfdf2b12fc

Download Submit
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db

Filesize
16KB

MD5
538e2b5faacdfc02ffeef10e59fc5e68

SHA1
2eb17edc8ce908ede2fd32856fb09439a3924436

SHA256
9d04dc67ee43874e50bd3472aabe09444cf997418c9593175ae147fa61de46b7

SHA512
9eccfc9ebd52d9d0a7eed56cf58f7f30e428236c35f4467f0d09ace3b68d7e4aff061897a9af19008077c9865cb30640352f999d34bd5ceb2d92a96ff0da25cd

Download Submit
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db

Filesize
16KB

MD5
ba63df148c90ea3ab7e01ac6f6066d36

SHA1
57433a5735d999a4ef0c9dd72f0ede1147186f98

SHA256
f2fbf5a86e6f7d3a231b37cfc8499ac616cf85826d78ceabfddba6d4bb36483f

SHA512
8250003f436ba580bf497d57c92fef9fd58426b07139c888ee5ce0e60598d147ea0cef9648e981bf9bd6631f523d338f33a72cbc879fd63093a861a57586007d

Download Submit
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db

Filesize
16KB

MD5
8886448a20953912a6a8f25de6ed72cb

SHA1
4ecd5c679bb8408ee45020acdbb4509ad768bc82

SHA256
67c42e2f806935fc3b36d515cfe90f3b49a363dfc39465e140ed18b5abdd0b35

SHA512
54d32b370692c6b2c719aafd0238b95263a5fc8206237b8bec697539f230fdc06e869fafb3b29ad2a1ddb31f9fe3e14f15ea9b682809f4bca6fa6dbe2f4fcc97

Download Submit
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db

Filesize
16KB

MD5
6e51f0580a08c55cb6598dee996c9be5

SHA1
225ee2d2dc97eb5e816e7c219c2212f7ac57a835

SHA256
6de59d2460af67b546c95f2ac9d7f38945f3bbfc46645c7f291ecb1dcfe05ace

SHA512
baacdfdef9d5d6abab374878f63d6749862f7f2bee7d27ec859ba2655d21fda76721bed71d1bde0799c332b0ebb6ce317d18c08706e36b04b0c0768fabe89f90

Download Submit
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7237409e0640cfab7bdbd429bf821a3b

SHA1
4c3da934842f8d4835dfe2a9c275a300e5123309

SHA256
5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

SHA512
c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

Download Submit
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
bf0adf3d1b29020bb584e52d1fbf9990

SHA1
109ca12342bb1d2d35d61a411baebc3a6bcdfd8e

SHA256
4fa63cf5d1e7f0bfb3910fb85198123bbffd13bb637cb548a150c923da910a41

SHA512
320fdd277f9ad434b00bef7853bf98e48b314d11108b133348598418c9e18307bc54a964ab1d56038355a184da81811558a1dad065bbb72b0610eacee38abe24

Download Submit
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
e83fa030c9cf207cd25123c2c0158081

SHA1
4a0be1051d17f77fc953730dfd757e9a8fbf27f4

SHA256
742e7aab9e7816b331dc3aa6b25fc91bd88a9d73f738b41b8c5b62499dfefa46

SHA512
c669f6148c0f9d6bfe6e66e3fe04297a05d2db6822b253128a0182fa0ae8889810ba322213a0152d2776fcd6b77f0164ea017543a1b1549c9524bc721f131951

Download Submit
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
0b5448153236c0e37b86d27344ea2c7b

SHA1
4bbbf5d0bef4af72c00c162141668e6a93021592

SHA256
6669b0320563229cfafc8d988f0ffde784f05b021a106f9f60eb10cf365177b2

SHA512
fa6d38e7f324d9322c2c9ce8efd02ff2c2adde53b7b7bfb124864f696564b777e18f0756495a54be7cc99f210c7808f19724976f6d17c5e68a31376b71b60525

Download Submit
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
9a2db90ee37599be3c96b477e8c57be7

SHA1
e02f383ff772cebd9aadb38b35819214dc4bc7cd

SHA256
a93d1c0337bb125010ba23f22956275644a6135b18d7b933aa1fd961ddbee8f4

SHA512
44df3fb240f71cefb6353c484e210b530c427ae2e31d2cfcd9b6ae32c9b6f4f6680d4b21a05b741c72f738daa72d23ac0153a75c7808bf16f134dcf0e6e7f24e

Download Submit
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
ca385a1f7e0067e150d9c1318974496b

SHA1
989fae46dd6b421ca16d9a7125bc7674a1658de2

SHA256
2a4f73c6a15479dee7441c281bf9583264cad1a07e57ef9a6fa6ac45e81c7e1c

SHA512
b386aec042ac2c4761884427c82115d8fc4aa073e8aa5b3fa77459abba9592e3e2ecda949ff52a1ce1bd4080ebdc13c2ecb96b69347f2cba97cfa537084e0f64

Download Submit
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
bf20fb47225faf01ce1886a6266d9bd0

SHA1
709a69aaa983622bbf13a79bb1339430201803ea

SHA256
4563b4d4c0d86f307048789c44fb72df8b3e5c19eb9024d0098fb5ca5f390bdf

SHA512
8d5861402b7d8d097897f0908de485369455b9d659f7967a2eb35ed67e5d3824abed5778efcd479d52e4c032e82b14974b072652c4819b0a3707f61660c58c47

Download Submit
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
1bbda18e8b33659a62f7b6173f4fe775

SHA1
2fa03847110168427fcf7ca5f3279fc86081d532

SHA256
3d028cc137e20cf41a5632b4dadbecbd951c2d7c8333405430a68675c239ae15

SHA512
c273f6caa62a3eb1cf78d62232a32ee85d2590ddf976aad44aeba7eb98b701b8b3e5b3809f1ac86edfad12aecc22f4f98b5c51c769fb6d37d05ebd1c28859bb6

Download Submit
/data/data/com.mycarroll.app/files/MessageId

Filesize
1B

MD5
c4ca4238a0b923820dcc509a6f75849b

SHA1
356a192b7913b04c54574d18c28d46e6395428ab

SHA256
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

SHA512
4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

Download Submit
/data/data/com.mycarroll.app/files/PersistedInstallation3538522754602776632tmp

Filesize
569B

MD5
21aa633108ac48b036c9e1a4bfdfd13a

SHA1
ff4357b4e7c74ce605ca7f52d00c5b3a4f2b163e

SHA256
1972026e35d561a0e6223a3f8415dd28bacdea0265f155e69632756fb3c4e903

SHA512
3ad9a4c36c6aa7566c6876e45b21929ce1c5ebbf8b32754c390522fd10c1d3020a6f9d778e6f9b2e1254a0e1cffbcef4dd78efa0d23a046ed9ef48b484c9481e

Download Submit
/data/data/com.mycarroll.app/files/PersistedInstallation7085745479334042542tmp

Filesize
90B

MD5
2ebfd9332776a08bee207d3ef506fa37

SHA1
38778ba9e489727fbf7d53a17caedae08928ef69

SHA256
a0b4d3cc56cea85367bae5f202a69e10baa050cf3114f2ec45c06c308f2faf96

SHA512
34e0e5d9a63843be27ca026da7eabc1f97976a1f4bcbb102044a1498d1bec9b44de37584e92cefb824ba20e3fff02d006252800e663d568491dd9b4f11363b4f

Download Submit
/data/data/com.mycarroll.app/files/port.txt

Filesize
3B

MD5
4f030a02e1a1b7c16733403b65164e5b

SHA1
d463a841c6ddd212bedfb1e68c7639426e354f0f

SHA256
46fde00bfa275b287932e1a651e072c36a0a43c50d41f922f5ed72e9b3734441

SHA512
902d226fbdbad3178c7f9390c0762620cd31595e7f582b926a552edf5d3bdaf379ca4cc53f6263b5a8fc305a3dd2c805280ebb1d9ba79213d67b87d3c13e416b

Download Submit
/data/data/com.mycarroll.app/files/user_code

Filesize
6B

MD5
32da72d8fd02eb8b09a3286e74f557eb

SHA1
9ea1826121f0b16618b7aa32f80d4046d89b7ad3

SHA256
bd97ac261c89058d7ad4d2e53b3f1ed7e2ee053fbe23817a9b53726914f690bb

SHA512
0afba7a2a86c3e1e90bb05be6f5bd1424b865fc704cfd54a6ae589e93e510c258e078163eaf9d5dd460d51eec3f82099506a4e8e37473b56dfdc49e51bc03ad6

Download Submit