Malware Analysis Report

2024-09-09 16:11

Sample ID 240516-n6asksbd9y
Target صیانت.apk
SHA256 654e2cd54529f03d48dd196c65051db18af984e59f88c48a5f2bd8c538581bcc
Tags
collection credential_access discovery evasion impact irata persistence
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

654e2cd54529f03d48dd196c65051db18af984e59f88c48a5f2bd8c538581bcc

Threat Level: Known bad

The file صیانت.apk was found to be: Known bad.

Malicious Activity Summary

collection credential_access discovery evasion impact irata persistence

Irata family

Irata payload

Obtains sensitive information copied to the device clipboard

Queries the mobile country code (MCC)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks memory information

Checks if the internet connection is available

Requests dangerous framework permissions

Acquires the wake lock

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-05-16 12:00

Signatures

Irata family

irata

Irata payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-16 12:00

Reported

2024-05-16 12:03

Platform

android-x64-arm64-20240514-en

Max time kernel

10s

Max time network

132s

Command Line

com.mycarroll.app

Signatures

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Processes

com.mycarroll.app

Network

Country Destination Domain Proto
GB 142.250.180.14:443 tcp
GB 142.250.180.14:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 google.com udp
US 1.1.1.1:53 206.187.250.142.in-addr.arpa udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.169.40:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 pishro_phishing udp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp

Files

/data/user/0/com.mycarroll.app/files/PersistedInstallation7885890677646805878tmp

MD5 418f6915066eae3a327dde3316caaa16
SHA1 16d654715f2ff832e11ed14ab1684071db28cbc7
SHA256 68388da80a7a347a7b8182e5a307bcb6f76e959558e60c9b5f353cc57f9c1faa
SHA512 06bc4fdf184209687a2210eab7f636fe2b12da309fc3cc2236d7f1f893bb257bc768c3c40bb744510515b3e47def81b2c33c0086caeb45df5d89556782805c2d

/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db-journal

MD5 73fd3a61e0fc25585aa9595a7adce8bf
SHA1 05b6b9a286fad8159e469ecc7fb96e3b1cbb95b2
SHA256 491406ad424d4394779cbaef3dfa7796423ce0cddd2f005bcc5a05adfd38b991
SHA512 94d901d6d60438db0f9e66d6e634e57549d82ec8ff55134817883b36af261c5708ae561a034442bb1e1f17457bdb3b51096d868082e35b1dcdfd22eb962abbd9

/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db

MD5 d9cf75fdd1c2292d986f6c3d5d60f2c8
SHA1 07ecb1d3a26d952ae5fecf54f36699ab498510b1
SHA256 2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a
SHA512 442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db-journal

MD5 d4e5ab6368336f814526df7435f10d82
SHA1 daa1eaa60136057e75419f5d632343679924bd08
SHA256 7da6b18c2eb0a2ea4e8203f23f2378e28026b4d54b183d9d24d9602e79999671
SHA512 ddc6f933bcab8dd4580c63cd1818372aa280d81db350098ea21bbcdfe32c015ee9cd94a2021c41afe826fac0fff1b70d20ea7441d6f57489a62fe7e38cddf16f

/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db-journal

MD5 1250e3e9e5617a88b38a7957e727733d
SHA1 6fcca64261a9422a88bfbc741a8482fa36dcdfa7
SHA256 be3be644cc0fff93206d33086aad8af687eaa84a028ba31c5df069b36d31a7f8
SHA512 2879b527c4914f6ebcecedc1f1f8f3cae37016949d317a7a0dc5d0621c3a558e768e078be5836b91628660eb063416f2235a345b6c2b84cf2d67a693268a241a

/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db-journal

MD5 334d532a2c068662b39ec7c5a606c4dd
SHA1 76e030a63ee5a69bbcdc66f329d93247a546fc1d
SHA256 638086328b54ad10c184de1275cad183e9d19b565a3aa11c7ea2ca673302a252
SHA512 ae57fd59e1361a0187d5e8e3eb802b8c26c7797d681995527c98629e26b5e45459badee151f9e4b08f04211b7473cd3d6765820f28b4347b4c3b78e161eaf1c6

/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db-journal

MD5 576a9b5f83e3c2b9ef4a60b1c131f086
SHA1 07cff1cce881a5dab200f856947e96e517083038
SHA256 f0fc04463066f3de0cb46555e761967e5651395f460bc20c50ea079daa87c449
SHA512 b5f063fe4db2d433b8ac6424d7d444efa351c6d3b794a31a8034b919660b036ecc6dcde4ed5a2e46b4ebdb5a79fb19a66c07fadbd2fc5962339156e1849b04aa

/data/user/0/com.mycarroll.app/files/port.txt

MD5 4f030a02e1a1b7c16733403b65164e5b
SHA1 d463a841c6ddd212bedfb1e68c7639426e354f0f
SHA256 46fde00bfa275b287932e1a651e072c36a0a43c50d41f922f5ed72e9b3734441
SHA512 902d226fbdbad3178c7f9390c0762620cd31595e7f582b926a552edf5d3bdaf379ca4cc53f6263b5a8fc305a3dd2c805280ebb1d9ba79213d67b87d3c13e416b

/data/user/0/com.mycarroll.app/cache/~test.test

MD5 098f6bcd4621d373cade4e832627b4f6
SHA1 a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA256 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512 ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db-journal

MD5 cb6cc55aed44817cafbee5a800ae4d71
SHA1 6a7db752b9ac1859e0355d31d40b91fa462da228
SHA256 e6feafccd0b705fb0c2abef17315d88e34300246edbe15b00f5e15a04e7662f5
SHA512 9654245a82aad5466c0afb92084db8d7576dbf9d5768bff7756e838ba3ed6e4c5966737c5fc0c5bf63983dab7ad844f3e486d9affa9b2ba7f654936b274d7ba6

/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db

MD5 bbee4ccdb764da53ab56cfc8066f31c1
SHA1 5440758d1be1e080b108ba4dc94d2a4de5b99984
SHA256 b53418cc1f0c701c3b1dc5113e6c905a3afeb7c3795246647e4c2b6a279a39b0
SHA512 a483d792caef45a95c266b482ef1a0c8864d21733dab51629265e0eadec6548203eda2219cdf72b2b533526ddda6d3166a03aa822f00458b80579d0ae9ce961d

/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db

MD5 f63d73ead4515747167753bd56c05182
SHA1 128dccaba5c9bb76174a724c2c488385918f10ef
SHA256 98de6f956c1b35c10b0eba91283d4a610efe9ec35258e640b93cbfa5eb39d955
SHA512 ddaccaab06c30d7deb0875817fc9fa59c75590c0ccd62cdca8af0f4b728f4d198ebbac2990f169a1b71c7494067b3a79b0d835988d877604cf5d80a9b918ce48

/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db

MD5 3f41370353c49937683a3b5193790ba2
SHA1 deaab7f17e47dac33604e188886db0afaad39736
SHA256 41d57c0a89dd5beb4f145245644e8445e7dee69c364a0b7fbfc67e0d48f52e53
SHA512 3daa5817ba377c8e67b8cb3417932729763cfb0939bf1fc29cfa720c5cf5496bc655baa490b3543a265b16a4eff3680f766f6c4cf47beb7037034d25595af98d

/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db

MD5 d5a3299015922cefa5f988092e1bc659
SHA1 ec776fb503d3a80d7e7ee210df13948d1352697b
SHA256 b1df1eb99bb1af9d665c0cd4b09d2c0261da8dedc6a0035f441ba50f64bc29fb
SHA512 63475ae0a13c0f3a50a0649c8482305145ad6eb9146f641f9a731e5b358ccb6cbe120f93b94fac36b93bdf694b931ab438bb7b79686a35c990fd3b689e4264b0

/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db

MD5 dde5e39395ac43130407263aef4a3770
SHA1 758006cdd0c340ba1e63a3d0c49d515ea8119307
SHA256 9569b5482befe8dd54ff175752078ed325455f6f99d20ad8960fba34bdbbabf6
SHA512 7ed60e6e87961f67f637e07fae3b59e5136b5655b41c4767cec8fd092799a01f1a88ca4219db5163d9b7302545599969c72a9ff524c55187b7694d11290dd51d

/data/user/0/com.mycarroll.app/files/PersistedInstallation292614924513956238tmp

MD5 269ac57564f581e43820042d826db560
SHA1 d6ea2f16607c95d8c608bead1befd0a0e7f3facd
SHA256 e1f9ff1d5d9896514442b20f946da48bd28208a32bec779d224a15ba861de92f
SHA512 4dcab36d2944c23a7c03962c2da4d7d34d552169f079f10a1b7ee88626e7c1a07523f94fec23f93d09212cf3e4f735ea115765984d0be26ceaa1995e1d521ca0

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-16 12:00

Reported

2024-05-16 12:03

Platform

android-x86-arm-20240514-en

Max time kernel

10s

Max time network

155s

Command Line

com.mycarroll.app

Signatures

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Processes

com.mycarroll.app

ping -c 2 -W 10 -v google.com

ping -c 2 -W 10 -v google.com

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 google.com udp
US 1.1.1.1:53 46.169.217.172.in-addr.arpa udp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 pishro_phishing udp

Files

/data/data/com.mycarroll.app/files/port.txt

MD5 4f030a02e1a1b7c16733403b65164e5b
SHA1 d463a841c6ddd212bedfb1e68c7639426e354f0f
SHA256 46fde00bfa275b287932e1a651e072c36a0a43c50d41f922f5ed72e9b3734441
SHA512 902d226fbdbad3178c7f9390c0762620cd31595e7f582b926a552edf5d3bdaf379ca4cc53f6263b5a8fc305a3dd2c805280ebb1d9ba79213d67b87d3c13e416b

/data/data/com.mycarroll.app/cache/~test.test

MD5 098f6bcd4621d373cade4e832627b4f6
SHA1 a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA256 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512 ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

/data/data/com.mycarroll.app/files/PersistedInstallation7085745479334042542tmp

MD5 2ebfd9332776a08bee207d3ef506fa37
SHA1 38778ba9e489727fbf7d53a17caedae08928ef69
SHA256 a0b4d3cc56cea85367bae5f202a69e10baa050cf3114f2ec45c06c308f2faf96
SHA512 34e0e5d9a63843be27ca026da7eabc1f97976a1f4bcbb102044a1498d1bec9b44de37584e92cefb824ba20e3fff02d006252800e663d568491dd9b4f11363b4f

/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-journal

MD5 bf0adf3d1b29020bb584e52d1fbf9990
SHA1 109ca12342bb1d2d35d61a411baebc3a6bcdfd8e
SHA256 4fa63cf5d1e7f0bfb3910fb85198123bbffd13bb637cb548a150c923da910a41
SHA512 320fdd277f9ad434b00bef7853bf98e48b314d11108b133348598418c9e18307bc54a964ab1d56038355a184da81811558a1dad065bbb72b0610eacee38abe24

/data/data/com.mycarroll.app/databases/google_app_measurement_local.db

MD5 7237409e0640cfab7bdbd429bf821a3b
SHA1 4c3da934842f8d4835dfe2a9c275a300e5123309
SHA256 5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa
SHA512 c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-wal

MD5 1bbda18e8b33659a62f7b6173f4fe775
SHA1 2fa03847110168427fcf7ca5f3279fc86081d532
SHA256 3d028cc137e20cf41a5632b4dadbecbd951c2d7c8333405430a68675c239ae15
SHA512 c273f6caa62a3eb1cf78d62232a32ee85d2590ddf976aad44aeba7eb98b701b8b3e5b3809f1ac86edfad12aecc22f4f98b5c51c769fb6d37d05ebd1c28859bb6

/data/data/com.mycarroll.app/files/PersistedInstallation3538522754602776632tmp

MD5 21aa633108ac48b036c9e1a4bfdfd13a
SHA1 ff4357b4e7c74ce605ca7f52d00c5b3a4f2b163e
SHA256 1972026e35d561a0e6223a3f8415dd28bacdea0265f155e69632756fb3c4e903
SHA512 3ad9a4c36c6aa7566c6876e45b21929ce1c5ebbf8b32754c390522fd10c1d3020a6f9d778e6f9b2e1254a0e1cffbcef4dd78efa0d23a046ed9ef48b484c9481e

/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-wal

MD5 e83fa030c9cf207cd25123c2c0158081
SHA1 4a0be1051d17f77fc953730dfd757e9a8fbf27f4
SHA256 742e7aab9e7816b331dc3aa6b25fc91bd88a9d73f738b41b8c5b62499dfefa46
SHA512 c669f6148c0f9d6bfe6e66e3fe04297a05d2db6822b253128a0182fa0ae8889810ba322213a0152d2776fcd6b77f0164ea017543a1b1549c9524bc721f131951

/data/data/com.mycarroll.app/databases/google_app_measurement_local.db

MD5 4b83882c330c52c15dcb889a607caaf7
SHA1 e2081ca475e90bebec6a97b8671ba04888ce3f29
SHA256 0ea13c61996e3655fb1608846857b55a9a1504c8dfd2c8b04bf25fa20b33b3c3
SHA512 55a05d152cad001d9f78552d7b332dd5107b2d698d32b504876fd67db996fea8c7183d2027e1b6b34d2e006ab3276bb92e5066acdd33aec12273f6dfdf2b12fc

/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-wal

MD5 0b5448153236c0e37b86d27344ea2c7b
SHA1 4bbbf5d0bef4af72c00c162141668e6a93021592
SHA256 6669b0320563229cfafc8d988f0ffde784f05b021a106f9f60eb10cf365177b2
SHA512 fa6d38e7f324d9322c2c9ce8efd02ff2c2adde53b7b7bfb124864f696564b777e18f0756495a54be7cc99f210c7808f19724976f6d17c5e68a31376b71b60525

/data/data/com.mycarroll.app/databases/google_app_measurement_local.db

MD5 538e2b5faacdfc02ffeef10e59fc5e68
SHA1 2eb17edc8ce908ede2fd32856fb09439a3924436
SHA256 9d04dc67ee43874e50bd3472aabe09444cf997418c9593175ae147fa61de46b7
SHA512 9eccfc9ebd52d9d0a7eed56cf58f7f30e428236c35f4467f0d09ace3b68d7e4aff061897a9af19008077c9865cb30640352f999d34bd5ceb2d92a96ff0da25cd

/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-wal

MD5 9a2db90ee37599be3c96b477e8c57be7
SHA1 e02f383ff772cebd9aadb38b35819214dc4bc7cd
SHA256 a93d1c0337bb125010ba23f22956275644a6135b18d7b933aa1fd961ddbee8f4
SHA512 44df3fb240f71cefb6353c484e210b530c427ae2e31d2cfcd9b6ae32c9b6f4f6680d4b21a05b741c72f738daa72d23ac0153a75c7808bf16f134dcf0e6e7f24e

/data/data/com.mycarroll.app/databases/google_app_measurement_local.db

MD5 ba63df148c90ea3ab7e01ac6f6066d36
SHA1 57433a5735d999a4ef0c9dd72f0ede1147186f98
SHA256 f2fbf5a86e6f7d3a231b37cfc8499ac616cf85826d78ceabfddba6d4bb36483f
SHA512 8250003f436ba580bf497d57c92fef9fd58426b07139c888ee5ce0e60598d147ea0cef9648e981bf9bd6631f523d338f33a72cbc879fd63093a861a57586007d

/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-wal

MD5 ca385a1f7e0067e150d9c1318974496b
SHA1 989fae46dd6b421ca16d9a7125bc7674a1658de2
SHA256 2a4f73c6a15479dee7441c281bf9583264cad1a07e57ef9a6fa6ac45e81c7e1c
SHA512 b386aec042ac2c4761884427c82115d8fc4aa073e8aa5b3fa77459abba9592e3e2ecda949ff52a1ce1bd4080ebdc13c2ecb96b69347f2cba97cfa537084e0f64

/data/data/com.mycarroll.app/databases/google_app_measurement_local.db

MD5 8886448a20953912a6a8f25de6ed72cb
SHA1 4ecd5c679bb8408ee45020acdbb4509ad768bc82
SHA256 67c42e2f806935fc3b36d515cfe90f3b49a363dfc39465e140ed18b5abdd0b35
SHA512 54d32b370692c6b2c719aafd0238b95263a5fc8206237b8bec697539f230fdc06e869fafb3b29ad2a1ddb31f9fe3e14f15ea9b682809f4bca6fa6dbe2f4fcc97

/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-wal

MD5 bf20fb47225faf01ce1886a6266d9bd0
SHA1 709a69aaa983622bbf13a79bb1339430201803ea
SHA256 4563b4d4c0d86f307048789c44fb72df8b3e5c19eb9024d0098fb5ca5f390bdf
SHA512 8d5861402b7d8d097897f0908de485369455b9d659f7967a2eb35ed67e5d3824abed5778efcd479d52e4c032e82b14974b072652c4819b0a3707f61660c58c47

/data/data/com.mycarroll.app/databases/google_app_measurement_local.db

MD5 6e51f0580a08c55cb6598dee996c9be5
SHA1 225ee2d2dc97eb5e816e7c219c2212f7ac57a835
SHA256 6de59d2460af67b546c95f2ac9d7f38945f3bbfc46645c7f291ecb1dcfe05ace
SHA512 baacdfdef9d5d6abab374878f63d6749862f7f2bee7d27ec859ba2655d21fda76721bed71d1bde0799c332b0ebb6ce317d18c08706e36b04b0c0768fabe89f90

/data/data/com.mycarroll.app/files/MessageId

MD5 c4ca4238a0b923820dcc509a6f75849b
SHA1 356a192b7913b04c54574d18c28d46e6395428ab
SHA256 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
SHA512 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

/data/data/com.mycarroll.app/files/user_code

MD5 32da72d8fd02eb8b09a3286e74f557eb
SHA1 9ea1826121f0b16618b7aa32f80d4046d89b7ad3
SHA256 bd97ac261c89058d7ad4d2e53b3f1ed7e2ee053fbe23817a9b53726914f690bb
SHA512 0afba7a2a86c3e1e90bb05be6f5bd1424b865fc704cfd54a6ae589e93e510c258e078163eaf9d5dd460d51eec3f82099506a4e8e37473b56dfdc49e51bc03ad6

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-16 12:00

Reported

2024-05-16 12:03

Platform

android-x64-20240514-en

Max time kernel

124s

Max time network

149s

Command Line

com.mycarroll.app

Signatures

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Processes

com.mycarroll.app

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.179.232:443 ssl.google-analytics.com tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp
GB 172.217.169.14:443 tcp
GB 172.217.16.226:443 tcp

Files

/data/data/com.mycarroll.app/files/PersistedInstallation7069563607827593762tmp

MD5 6caacc3fd3ca87f6d0bd216c19a48479
SHA1 bf5e45de90602992059f96a9f216806fbcdb6c36
SHA256 f89a28e1d4ba8e2bc5824932a222b0392b3574265309dd5bc84010b4de9755b4
SHA512 68667fff4022adbbe4af0a2ed60ba96d018b21d122e9a9dc432724a6b60ed28a3d71b7162bab0b50fcc89d37690000e429f15bc1cb7019d8b583e6c6aa5b14ac

/data/data/com.mycarroll.app/files/port.txt

MD5 4f030a02e1a1b7c16733403b65164e5b
SHA1 d463a841c6ddd212bedfb1e68c7639426e354f0f
SHA256 46fde00bfa275b287932e1a651e072c36a0a43c50d41f922f5ed72e9b3734441
SHA512 902d226fbdbad3178c7f9390c0762620cd31595e7f582b926a552edf5d3bdaf379ca4cc53f6263b5a8fc305a3dd2c805280ebb1d9ba79213d67b87d3c13e416b

/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-journal

MD5 97281ccd419896a5fd1ef50c4cd3fc74
SHA1 df80f6d107b2ffb572c0b4d0669f1ea5ba6d790a
SHA256 f3fb3d70c592d692e74c8da985ebc96567b360d304ff889f943a5aeb02e19d74
SHA512 f7489fcb378ade686b14b62c333f8d32ebfa17576a1346a3fa515b1df6ce089ceef59c17ca8bc74aeda75d290fcc18c841ce7d674e18fb760b89bd165322210d

/data/data/com.mycarroll.app/cache/~test.test

MD5 098f6bcd4621d373cade4e832627b4f6
SHA1 a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA256 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512 ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

/data/data/com.mycarroll.app/databases/google_app_measurement_local.db

MD5 eb52a90bb70b76e946b62f50b6f7fb85
SHA1 42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0
SHA256 48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4
SHA512 b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-journal

MD5 087a6af746b063b527cbc476e0e81b7a
SHA1 befbd25611fba4e3a119c9ebedd0b5ea205ed4f2
SHA256 817376d1cd66ee4da70a0a01e387d7b8457eddf1faf7bc50e1c7227e81dda25b
SHA512 c695124376f38d3ccf3a50ff2791cacd50a224fe3d43fba89a26ea50ebca5e6b7dc70d35d102bd2fa52d18c47d852580cd8fa3afa989861d239760ae4b4fe679

/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-journal

MD5 35f0d17c425fdf7b87a38ac2890c5017
SHA1 84ab8a8f536b9c1ce172b77a8fb769636bea96c7
SHA256 f2cad46ae3f1f6c14a34c4b3dfe01a0733acf7132e0d9cc886875d9d8fc2484b
SHA512 a34fcd7760b9da78e301014854828c7dd1e8ae0605642699c1184aaefb93593c9e5716c87da9384613cb87a17a248b5b1dd81e849aad8a06849a514d15ab156d

/data/data/com.mycarroll.app/files/PersistedInstallation4813326007647979822tmp

MD5 e1ffa0f4af904ccff3bac9d4af91affb
SHA1 7d6abe31bc74c2e874b0d5b88e12941c8bdb0532
SHA256 c26bb058f1f216e06bae4c0e37568d99866f372c01f119586a15ad7dcc7cdece
SHA512 3b9c75d0ab2d87b0454e99274c0aaae95bacfd6e12863633a60b78b839e317b8eef57bfb6273c03f6206e2b39ab98cd66969c48e97fac1079edc12b4a8f43e18

/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-journal

MD5 30abda9c0e68087adbdbbab3ce107c31
SHA1 9802bf54cf9e4920210eabbac85d10b1afb575cd
SHA256 2fa1924ffd04c22b8fee32cd5450f8ea78f042d7f952d248c930e106b55e84af
SHA512 05c12f2fc0025f7cef5ae62bde2f710bc029da273662c682f860c286c08eb73670de9a722bc0ad98b724c8fc8b31eba5d4994f987f628bae744094c0f5357a66

/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-journal

MD5 e329e368fa91015054845b0b02d4909a
SHA1 d421c2d5a222c7fe9d328603f1fdea7ef6afd64a
SHA256 0fb940e28fb0ee45047c1216175db5d6c3f9bf13a486dede838151cdeea61620
SHA512 00fcb93bd8b6aa572b067519e4784ed6be438a32ae7e1708a704ea1b4ab3271da309360efefd0889c159e4b8f5b561822d198fa2301f51942331cfb4af4b136b

/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-journal

MD5 23bfb217ed97c66124be72ad99e51d4a
SHA1 a1c6a205422c44aace9402159c16315878db4ba8
SHA256 386164cf857e8a49c2bdbef67d944e3ada78edb9557aab4b33f23cc99586655c
SHA512 c531682d5273a532a81a806cfc0e9f02c721c372ca92ef795f6f90c453fbec688dd17b12cd9d7a29bd42f0373e2086ca6c548ffc167fd269826989c242cdb645

/data/data/com.mycarroll.app/databases/google_app_measurement_local.db

MD5 c978bb98fc1ed589c246b118964f6088
SHA1 f7962acdc0bf3f203abc2cb7c45f0493c6598f78
SHA256 3098176db2371db3576350af2eff5fd2118d1bf2dbde0906dc32d0c8fe155657
SHA512 24938282324e566dd3aa03cf8ef33c7abcf2b10ca45264ba537db234e0ce41640f8dfbec94ac279ae2f2d47688482648ac243a53219d0fb16ece20039f3f8fc8

/data/data/com.mycarroll.app/databases/google_app_measurement_local.db

MD5 773aa857ba0c2e765c3dd2428ddb63a1
SHA1 3f8340682ff6fd82ea355077b03613adc0d67f3b
SHA256 4a9ef5e7ed18777ddc066bc8e3edb7a64404121cbe9fcb09cc277d9682522abd
SHA512 5abbbb4b41c742c75dfad9eccdb9c921e302472f162f70906c2c17df495a90b4ba0e2b5bf0586d471d9926e51e4d22d9e376fb748b3f8a75884ac9a746d12e4f

/data/data/com.mycarroll.app/databases/google_app_measurement_local.db

MD5 569fc271a2be171cd7539038669d5b29
SHA1 c4970a1b5d1194f448b50cdbd3e305ea9de6e08a
SHA256 6959c289c41316d46fc5703d3978b599e7d402bfbaca212cbca44d494f7cf3cd
SHA512 f0b809c59249e6e6e2479e50f62fb524a7b0394e74f96fc15fe49d01cc0c9eaf94ddcaf831436eee1092cd278da29dd32801156bb068f68d7f72014a99e86b34