Analysis Overview
SHA256
654e2cd54529f03d48dd196c65051db18af984e59f88c48a5f2bd8c538581bcc
Threat Level: Known bad
The file صیانت.apk was found to be: Known bad.
Malicious Activity Summary
Irata family
Irata payload
Obtains sensitive information copied to the device clipboard
Queries the mobile country code (MCC)
Registers a broadcast receiver at runtime (usually for listening for system events)
Checks memory information
Checks if the internet connection is available
Requests dangerous framework permissions
Acquires the wake lock
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-05-16 12:00
Signatures
Irata family
Irata payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an app to post notifications. | android.permission.POST_NOTIFICATIONS | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
Analysis: behavioral3
Detonation Overview
Submitted
2024-05-16 12:00
Reported
2024-05-16 12:03
Platform
android-x64-arm64-20240514-en
Max time kernel
10s
Max time network
132s
Command Line
Signatures
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Checks if the internet connection is available
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Processes
com.mycarroll.app
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.180.14:443 | tcp | |
| GB | 142.250.180.14:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | google.com | udp |
| US | 1.1.1.1:53 | 206.187.250.142.in-addr.arpa | udp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 172.217.169.40:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | pishro_phishing | udp |
| GB | 216.58.201.100:443 | tcp | |
| GB | 216.58.201.100:443 | tcp |
Files
/data/user/0/com.mycarroll.app/files/PersistedInstallation7885890677646805878tmp
| MD5 | 418f6915066eae3a327dde3316caaa16 |
| SHA1 | 16d654715f2ff832e11ed14ab1684071db28cbc7 |
| SHA256 | 68388da80a7a347a7b8182e5a307bcb6f76e959558e60c9b5f353cc57f9c1faa |
| SHA512 | 06bc4fdf184209687a2210eab7f636fe2b12da309fc3cc2236d7f1f893bb257bc768c3c40bb744510515b3e47def81b2c33c0086caeb45df5d89556782805c2d |
/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db-journal
| MD5 | 73fd3a61e0fc25585aa9595a7adce8bf |
| SHA1 | 05b6b9a286fad8159e469ecc7fb96e3b1cbb95b2 |
| SHA256 | 491406ad424d4394779cbaef3dfa7796423ce0cddd2f005bcc5a05adfd38b991 |
| SHA512 | 94d901d6d60438db0f9e66d6e634e57549d82ec8ff55134817883b36af261c5708ae561a034442bb1e1f17457bdb3b51096d868082e35b1dcdfd22eb962abbd9 |
/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db
| MD5 | d9cf75fdd1c2292d986f6c3d5d60f2c8 |
| SHA1 | 07ecb1d3a26d952ae5fecf54f36699ab498510b1 |
| SHA256 | 2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a |
| SHA512 | 442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb |
/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db-journal
| MD5 | d4e5ab6368336f814526df7435f10d82 |
| SHA1 | daa1eaa60136057e75419f5d632343679924bd08 |
| SHA256 | 7da6b18c2eb0a2ea4e8203f23f2378e28026b4d54b183d9d24d9602e79999671 |
| SHA512 | ddc6f933bcab8dd4580c63cd1818372aa280d81db350098ea21bbcdfe32c015ee9cd94a2021c41afe826fac0fff1b70d20ea7441d6f57489a62fe7e38cddf16f |
/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db-journal
| MD5 | 1250e3e9e5617a88b38a7957e727733d |
| SHA1 | 6fcca64261a9422a88bfbc741a8482fa36dcdfa7 |
| SHA256 | be3be644cc0fff93206d33086aad8af687eaa84a028ba31c5df069b36d31a7f8 |
| SHA512 | 2879b527c4914f6ebcecedc1f1f8f3cae37016949d317a7a0dc5d0621c3a558e768e078be5836b91628660eb063416f2235a345b6c2b84cf2d67a693268a241a |
/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db-journal
| MD5 | 334d532a2c068662b39ec7c5a606c4dd |
| SHA1 | 76e030a63ee5a69bbcdc66f329d93247a546fc1d |
| SHA256 | 638086328b54ad10c184de1275cad183e9d19b565a3aa11c7ea2ca673302a252 |
| SHA512 | ae57fd59e1361a0187d5e8e3eb802b8c26c7797d681995527c98629e26b5e45459badee151f9e4b08f04211b7473cd3d6765820f28b4347b4c3b78e161eaf1c6 |
/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db-journal
| MD5 | 576a9b5f83e3c2b9ef4a60b1c131f086 |
| SHA1 | 07cff1cce881a5dab200f856947e96e517083038 |
| SHA256 | f0fc04463066f3de0cb46555e761967e5651395f460bc20c50ea079daa87c449 |
| SHA512 | b5f063fe4db2d433b8ac6424d7d444efa351c6d3b794a31a8034b919660b036ecc6dcde4ed5a2e46b4ebdb5a79fb19a66c07fadbd2fc5962339156e1849b04aa |
/data/user/0/com.mycarroll.app/files/port.txt
| MD5 | 4f030a02e1a1b7c16733403b65164e5b |
| SHA1 | d463a841c6ddd212bedfb1e68c7639426e354f0f |
| SHA256 | 46fde00bfa275b287932e1a651e072c36a0a43c50d41f922f5ed72e9b3734441 |
| SHA512 | 902d226fbdbad3178c7f9390c0762620cd31595e7f582b926a552edf5d3bdaf379ca4cc53f6263b5a8fc305a3dd2c805280ebb1d9ba79213d67b87d3c13e416b |
/data/user/0/com.mycarroll.app/cache/~test.test
| MD5 | 098f6bcd4621d373cade4e832627b4f6 |
| SHA1 | a94a8fe5ccb19ba61c4c0873d391e987982fbbd3 |
| SHA256 | 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08 |
| SHA512 | ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff |
/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db-journal
| MD5 | cb6cc55aed44817cafbee5a800ae4d71 |
| SHA1 | 6a7db752b9ac1859e0355d31d40b91fa462da228 |
| SHA256 | e6feafccd0b705fb0c2abef17315d88e34300246edbe15b00f5e15a04e7662f5 |
| SHA512 | 9654245a82aad5466c0afb92084db8d7576dbf9d5768bff7756e838ba3ed6e4c5966737c5fc0c5bf63983dab7ad844f3e486d9affa9b2ba7f654936b274d7ba6 |
/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db
| MD5 | bbee4ccdb764da53ab56cfc8066f31c1 |
| SHA1 | 5440758d1be1e080b108ba4dc94d2a4de5b99984 |
| SHA256 | b53418cc1f0c701c3b1dc5113e6c905a3afeb7c3795246647e4c2b6a279a39b0 |
| SHA512 | a483d792caef45a95c266b482ef1a0c8864d21733dab51629265e0eadec6548203eda2219cdf72b2b533526ddda6d3166a03aa822f00458b80579d0ae9ce961d |
/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db
| MD5 | f63d73ead4515747167753bd56c05182 |
| SHA1 | 128dccaba5c9bb76174a724c2c488385918f10ef |
| SHA256 | 98de6f956c1b35c10b0eba91283d4a610efe9ec35258e640b93cbfa5eb39d955 |
| SHA512 | ddaccaab06c30d7deb0875817fc9fa59c75590c0ccd62cdca8af0f4b728f4d198ebbac2990f169a1b71c7494067b3a79b0d835988d877604cf5d80a9b918ce48 |
/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db
| MD5 | 3f41370353c49937683a3b5193790ba2 |
| SHA1 | deaab7f17e47dac33604e188886db0afaad39736 |
| SHA256 | 41d57c0a89dd5beb4f145245644e8445e7dee69c364a0b7fbfc67e0d48f52e53 |
| SHA512 | 3daa5817ba377c8e67b8cb3417932729763cfb0939bf1fc29cfa720c5cf5496bc655baa490b3543a265b16a4eff3680f766f6c4cf47beb7037034d25595af98d |
/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db
| MD5 | d5a3299015922cefa5f988092e1bc659 |
| SHA1 | ec776fb503d3a80d7e7ee210df13948d1352697b |
| SHA256 | b1df1eb99bb1af9d665c0cd4b09d2c0261da8dedc6a0035f441ba50f64bc29fb |
| SHA512 | 63475ae0a13c0f3a50a0649c8482305145ad6eb9146f641f9a731e5b358ccb6cbe120f93b94fac36b93bdf694b931ab438bb7b79686a35c990fd3b689e4264b0 |
/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db
| MD5 | dde5e39395ac43130407263aef4a3770 |
| SHA1 | 758006cdd0c340ba1e63a3d0c49d515ea8119307 |
| SHA256 | 9569b5482befe8dd54ff175752078ed325455f6f99d20ad8960fba34bdbbabf6 |
| SHA512 | 7ed60e6e87961f67f637e07fae3b59e5136b5655b41c4767cec8fd092799a01f1a88ca4219db5163d9b7302545599969c72a9ff524c55187b7694d11290dd51d |
/data/user/0/com.mycarroll.app/files/PersistedInstallation292614924513956238tmp
| MD5 | 269ac57564f581e43820042d826db560 |
| SHA1 | d6ea2f16607c95d8c608bead1befd0a0e7f3facd |
| SHA256 | e1f9ff1d5d9896514442b20f946da48bd28208a32bec779d224a15ba861de92f |
| SHA512 | 4dcab36d2944c23a7c03962c2da4d7d34d552169f079f10a1b7ee88626e7c1a07523f94fec23f93d09212cf3e4f735ea115765984d0be26ceaa1995e1d521ca0 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-16 12:00
Reported
2024-05-16 12:03
Platform
android-x86-arm-20240514-en
Max time kernel
10s
Max time network
155s
Command Line
Signatures
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Checks if the internet connection is available
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Processes
com.mycarroll.app
ping -c 2 -W 10 -v google.com
ping -c 2 -W 10 -v google.com
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | google.com | udp |
| US | 1.1.1.1:53 | 46.169.217.172.in-addr.arpa | udp |
| GB | 142.250.180.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| US | 1.1.1.1:53 | pishro_phishing | udp |
Files
/data/data/com.mycarroll.app/files/port.txt
| MD5 | 4f030a02e1a1b7c16733403b65164e5b |
| SHA1 | d463a841c6ddd212bedfb1e68c7639426e354f0f |
| SHA256 | 46fde00bfa275b287932e1a651e072c36a0a43c50d41f922f5ed72e9b3734441 |
| SHA512 | 902d226fbdbad3178c7f9390c0762620cd31595e7f582b926a552edf5d3bdaf379ca4cc53f6263b5a8fc305a3dd2c805280ebb1d9ba79213d67b87d3c13e416b |
/data/data/com.mycarroll.app/cache/~test.test
| MD5 | 098f6bcd4621d373cade4e832627b4f6 |
| SHA1 | a94a8fe5ccb19ba61c4c0873d391e987982fbbd3 |
| SHA256 | 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08 |
| SHA512 | ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff |
/data/data/com.mycarroll.app/files/PersistedInstallation7085745479334042542tmp
| MD5 | 2ebfd9332776a08bee207d3ef506fa37 |
| SHA1 | 38778ba9e489727fbf7d53a17caedae08928ef69 |
| SHA256 | a0b4d3cc56cea85367bae5f202a69e10baa050cf3114f2ec45c06c308f2faf96 |
| SHA512 | 34e0e5d9a63843be27ca026da7eabc1f97976a1f4bcbb102044a1498d1bec9b44de37584e92cefb824ba20e3fff02d006252800e663d568491dd9b4f11363b4f |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-journal
| MD5 | bf0adf3d1b29020bb584e52d1fbf9990 |
| SHA1 | 109ca12342bb1d2d35d61a411baebc3a6bcdfd8e |
| SHA256 | 4fa63cf5d1e7f0bfb3910fb85198123bbffd13bb637cb548a150c923da910a41 |
| SHA512 | 320fdd277f9ad434b00bef7853bf98e48b314d11108b133348598418c9e18307bc54a964ab1d56038355a184da81811558a1dad065bbb72b0610eacee38abe24 |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db
| MD5 | 7237409e0640cfab7bdbd429bf821a3b |
| SHA1 | 4c3da934842f8d4835dfe2a9c275a300e5123309 |
| SHA256 | 5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa |
| SHA512 | c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-wal
| MD5 | 1bbda18e8b33659a62f7b6173f4fe775 |
| SHA1 | 2fa03847110168427fcf7ca5f3279fc86081d532 |
| SHA256 | 3d028cc137e20cf41a5632b4dadbecbd951c2d7c8333405430a68675c239ae15 |
| SHA512 | c273f6caa62a3eb1cf78d62232a32ee85d2590ddf976aad44aeba7eb98b701b8b3e5b3809f1ac86edfad12aecc22f4f98b5c51c769fb6d37d05ebd1c28859bb6 |
/data/data/com.mycarroll.app/files/PersistedInstallation3538522754602776632tmp
| MD5 | 21aa633108ac48b036c9e1a4bfdfd13a |
| SHA1 | ff4357b4e7c74ce605ca7f52d00c5b3a4f2b163e |
| SHA256 | 1972026e35d561a0e6223a3f8415dd28bacdea0265f155e69632756fb3c4e903 |
| SHA512 | 3ad9a4c36c6aa7566c6876e45b21929ce1c5ebbf8b32754c390522fd10c1d3020a6f9d778e6f9b2e1254a0e1cffbcef4dd78efa0d23a046ed9ef48b484c9481e |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-wal
| MD5 | e83fa030c9cf207cd25123c2c0158081 |
| SHA1 | 4a0be1051d17f77fc953730dfd757e9a8fbf27f4 |
| SHA256 | 742e7aab9e7816b331dc3aa6b25fc91bd88a9d73f738b41b8c5b62499dfefa46 |
| SHA512 | c669f6148c0f9d6bfe6e66e3fe04297a05d2db6822b253128a0182fa0ae8889810ba322213a0152d2776fcd6b77f0164ea017543a1b1549c9524bc721f131951 |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db
| MD5 | 4b83882c330c52c15dcb889a607caaf7 |
| SHA1 | e2081ca475e90bebec6a97b8671ba04888ce3f29 |
| SHA256 | 0ea13c61996e3655fb1608846857b55a9a1504c8dfd2c8b04bf25fa20b33b3c3 |
| SHA512 | 55a05d152cad001d9f78552d7b332dd5107b2d698d32b504876fd67db996fea8c7183d2027e1b6b34d2e006ab3276bb92e5066acdd33aec12273f6dfdf2b12fc |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-wal
| MD5 | 0b5448153236c0e37b86d27344ea2c7b |
| SHA1 | 4bbbf5d0bef4af72c00c162141668e6a93021592 |
| SHA256 | 6669b0320563229cfafc8d988f0ffde784f05b021a106f9f60eb10cf365177b2 |
| SHA512 | fa6d38e7f324d9322c2c9ce8efd02ff2c2adde53b7b7bfb124864f696564b777e18f0756495a54be7cc99f210c7808f19724976f6d17c5e68a31376b71b60525 |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db
| MD5 | 538e2b5faacdfc02ffeef10e59fc5e68 |
| SHA1 | 2eb17edc8ce908ede2fd32856fb09439a3924436 |
| SHA256 | 9d04dc67ee43874e50bd3472aabe09444cf997418c9593175ae147fa61de46b7 |
| SHA512 | 9eccfc9ebd52d9d0a7eed56cf58f7f30e428236c35f4467f0d09ace3b68d7e4aff061897a9af19008077c9865cb30640352f999d34bd5ceb2d92a96ff0da25cd |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-wal
| MD5 | 9a2db90ee37599be3c96b477e8c57be7 |
| SHA1 | e02f383ff772cebd9aadb38b35819214dc4bc7cd |
| SHA256 | a93d1c0337bb125010ba23f22956275644a6135b18d7b933aa1fd961ddbee8f4 |
| SHA512 | 44df3fb240f71cefb6353c484e210b530c427ae2e31d2cfcd9b6ae32c9b6f4f6680d4b21a05b741c72f738daa72d23ac0153a75c7808bf16f134dcf0e6e7f24e |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db
| MD5 | ba63df148c90ea3ab7e01ac6f6066d36 |
| SHA1 | 57433a5735d999a4ef0c9dd72f0ede1147186f98 |
| SHA256 | f2fbf5a86e6f7d3a231b37cfc8499ac616cf85826d78ceabfddba6d4bb36483f |
| SHA512 | 8250003f436ba580bf497d57c92fef9fd58426b07139c888ee5ce0e60598d147ea0cef9648e981bf9bd6631f523d338f33a72cbc879fd63093a861a57586007d |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-wal
| MD5 | ca385a1f7e0067e150d9c1318974496b |
| SHA1 | 989fae46dd6b421ca16d9a7125bc7674a1658de2 |
| SHA256 | 2a4f73c6a15479dee7441c281bf9583264cad1a07e57ef9a6fa6ac45e81c7e1c |
| SHA512 | b386aec042ac2c4761884427c82115d8fc4aa073e8aa5b3fa77459abba9592e3e2ecda949ff52a1ce1bd4080ebdc13c2ecb96b69347f2cba97cfa537084e0f64 |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db
| MD5 | 8886448a20953912a6a8f25de6ed72cb |
| SHA1 | 4ecd5c679bb8408ee45020acdbb4509ad768bc82 |
| SHA256 | 67c42e2f806935fc3b36d515cfe90f3b49a363dfc39465e140ed18b5abdd0b35 |
| SHA512 | 54d32b370692c6b2c719aafd0238b95263a5fc8206237b8bec697539f230fdc06e869fafb3b29ad2a1ddb31f9fe3e14f15ea9b682809f4bca6fa6dbe2f4fcc97 |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-wal
| MD5 | bf20fb47225faf01ce1886a6266d9bd0 |
| SHA1 | 709a69aaa983622bbf13a79bb1339430201803ea |
| SHA256 | 4563b4d4c0d86f307048789c44fb72df8b3e5c19eb9024d0098fb5ca5f390bdf |
| SHA512 | 8d5861402b7d8d097897f0908de485369455b9d659f7967a2eb35ed67e5d3824abed5778efcd479d52e4c032e82b14974b072652c4819b0a3707f61660c58c47 |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db
| MD5 | 6e51f0580a08c55cb6598dee996c9be5 |
| SHA1 | 225ee2d2dc97eb5e816e7c219c2212f7ac57a835 |
| SHA256 | 6de59d2460af67b546c95f2ac9d7f38945f3bbfc46645c7f291ecb1dcfe05ace |
| SHA512 | baacdfdef9d5d6abab374878f63d6749862f7f2bee7d27ec859ba2655d21fda76721bed71d1bde0799c332b0ebb6ce317d18c08706e36b04b0c0768fabe89f90 |
/data/data/com.mycarroll.app/files/MessageId
| MD5 | c4ca4238a0b923820dcc509a6f75849b |
| SHA1 | 356a192b7913b04c54574d18c28d46e6395428ab |
| SHA256 | 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b |
| SHA512 | 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a |
/data/data/com.mycarroll.app/files/user_code
| MD5 | 32da72d8fd02eb8b09a3286e74f557eb |
| SHA1 | 9ea1826121f0b16618b7aa32f80d4046d89b7ad3 |
| SHA256 | bd97ac261c89058d7ad4d2e53b3f1ed7e2ee053fbe23817a9b53726914f690bb |
| SHA512 | 0afba7a2a86c3e1e90bb05be6f5bd1424b865fc704cfd54a6ae589e93e510c258e078163eaf9d5dd460d51eec3f82099506a4e8e37473b56dfdc49e51bc03ad6 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-16 12:00
Reported
2024-05-16 12:03
Platform
android-x64-20240514-en
Max time kernel
124s
Max time network
149s
Command Line
Signatures
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Checks if the internet connection is available
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Processes
com.mycarroll.app
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.204.78:443 | android.apis.google.com | tcp |
| GB | 142.250.200.46:443 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.179.232:443 | ssl.google-analytics.com | tcp |
| GB | 216.58.201.100:443 | tcp | |
| GB | 216.58.201.100:443 | tcp | |
| GB | 172.217.169.14:443 | tcp | |
| GB | 172.217.16.226:443 | tcp |
Files
/data/data/com.mycarroll.app/files/PersistedInstallation7069563607827593762tmp
| MD5 | 6caacc3fd3ca87f6d0bd216c19a48479 |
| SHA1 | bf5e45de90602992059f96a9f216806fbcdb6c36 |
| SHA256 | f89a28e1d4ba8e2bc5824932a222b0392b3574265309dd5bc84010b4de9755b4 |
| SHA512 | 68667fff4022adbbe4af0a2ed60ba96d018b21d122e9a9dc432724a6b60ed28a3d71b7162bab0b50fcc89d37690000e429f15bc1cb7019d8b583e6c6aa5b14ac |
/data/data/com.mycarroll.app/files/port.txt
| MD5 | 4f030a02e1a1b7c16733403b65164e5b |
| SHA1 | d463a841c6ddd212bedfb1e68c7639426e354f0f |
| SHA256 | 46fde00bfa275b287932e1a651e072c36a0a43c50d41f922f5ed72e9b3734441 |
| SHA512 | 902d226fbdbad3178c7f9390c0762620cd31595e7f582b926a552edf5d3bdaf379ca4cc53f6263b5a8fc305a3dd2c805280ebb1d9ba79213d67b87d3c13e416b |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-journal
| MD5 | 97281ccd419896a5fd1ef50c4cd3fc74 |
| SHA1 | df80f6d107b2ffb572c0b4d0669f1ea5ba6d790a |
| SHA256 | f3fb3d70c592d692e74c8da985ebc96567b360d304ff889f943a5aeb02e19d74 |
| SHA512 | f7489fcb378ade686b14b62c333f8d32ebfa17576a1346a3fa515b1df6ce089ceef59c17ca8bc74aeda75d290fcc18c841ce7d674e18fb760b89bd165322210d |
/data/data/com.mycarroll.app/cache/~test.test
| MD5 | 098f6bcd4621d373cade4e832627b4f6 |
| SHA1 | a94a8fe5ccb19ba61c4c0873d391e987982fbbd3 |
| SHA256 | 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08 |
| SHA512 | ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db
| MD5 | eb52a90bb70b76e946b62f50b6f7fb85 |
| SHA1 | 42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0 |
| SHA256 | 48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4 |
| SHA512 | b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-journal
| MD5 | 087a6af746b063b527cbc476e0e81b7a |
| SHA1 | befbd25611fba4e3a119c9ebedd0b5ea205ed4f2 |
| SHA256 | 817376d1cd66ee4da70a0a01e387d7b8457eddf1faf7bc50e1c7227e81dda25b |
| SHA512 | c695124376f38d3ccf3a50ff2791cacd50a224fe3d43fba89a26ea50ebca5e6b7dc70d35d102bd2fa52d18c47d852580cd8fa3afa989861d239760ae4b4fe679 |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-journal
| MD5 | 35f0d17c425fdf7b87a38ac2890c5017 |
| SHA1 | 84ab8a8f536b9c1ce172b77a8fb769636bea96c7 |
| SHA256 | f2cad46ae3f1f6c14a34c4b3dfe01a0733acf7132e0d9cc886875d9d8fc2484b |
| SHA512 | a34fcd7760b9da78e301014854828c7dd1e8ae0605642699c1184aaefb93593c9e5716c87da9384613cb87a17a248b5b1dd81e849aad8a06849a514d15ab156d |
/data/data/com.mycarroll.app/files/PersistedInstallation4813326007647979822tmp
| MD5 | e1ffa0f4af904ccff3bac9d4af91affb |
| SHA1 | 7d6abe31bc74c2e874b0d5b88e12941c8bdb0532 |
| SHA256 | c26bb058f1f216e06bae4c0e37568d99866f372c01f119586a15ad7dcc7cdece |
| SHA512 | 3b9c75d0ab2d87b0454e99274c0aaae95bacfd6e12863633a60b78b839e317b8eef57bfb6273c03f6206e2b39ab98cd66969c48e97fac1079edc12b4a8f43e18 |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-journal
| MD5 | 30abda9c0e68087adbdbbab3ce107c31 |
| SHA1 | 9802bf54cf9e4920210eabbac85d10b1afb575cd |
| SHA256 | 2fa1924ffd04c22b8fee32cd5450f8ea78f042d7f952d248c930e106b55e84af |
| SHA512 | 05c12f2fc0025f7cef5ae62bde2f710bc029da273662c682f860c286c08eb73670de9a722bc0ad98b724c8fc8b31eba5d4994f987f628bae744094c0f5357a66 |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-journal
| MD5 | e329e368fa91015054845b0b02d4909a |
| SHA1 | d421c2d5a222c7fe9d328603f1fdea7ef6afd64a |
| SHA256 | 0fb940e28fb0ee45047c1216175db5d6c3f9bf13a486dede838151cdeea61620 |
| SHA512 | 00fcb93bd8b6aa572b067519e4784ed6be438a32ae7e1708a704ea1b4ab3271da309360efefd0889c159e4b8f5b561822d198fa2301f51942331cfb4af4b136b |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-journal
| MD5 | 23bfb217ed97c66124be72ad99e51d4a |
| SHA1 | a1c6a205422c44aace9402159c16315878db4ba8 |
| SHA256 | 386164cf857e8a49c2bdbef67d944e3ada78edb9557aab4b33f23cc99586655c |
| SHA512 | c531682d5273a532a81a806cfc0e9f02c721c372ca92ef795f6f90c453fbec688dd17b12cd9d7a29bd42f0373e2086ca6c548ffc167fd269826989c242cdb645 |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db
| MD5 | c978bb98fc1ed589c246b118964f6088 |
| SHA1 | f7962acdc0bf3f203abc2cb7c45f0493c6598f78 |
| SHA256 | 3098176db2371db3576350af2eff5fd2118d1bf2dbde0906dc32d0c8fe155657 |
| SHA512 | 24938282324e566dd3aa03cf8ef33c7abcf2b10ca45264ba537db234e0ce41640f8dfbec94ac279ae2f2d47688482648ac243a53219d0fb16ece20039f3f8fc8 |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db
| MD5 | 773aa857ba0c2e765c3dd2428ddb63a1 |
| SHA1 | 3f8340682ff6fd82ea355077b03613adc0d67f3b |
| SHA256 | 4a9ef5e7ed18777ddc066bc8e3edb7a64404121cbe9fcb09cc277d9682522abd |
| SHA512 | 5abbbb4b41c742c75dfad9eccdb9c921e302472f162f70906c2c17df495a90b4ba0e2b5bf0586d471d9926e51e4d22d9e376fb748b3f8a75884ac9a746d12e4f |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db
| MD5 | 569fc271a2be171cd7539038669d5b29 |
| SHA1 | c4970a1b5d1194f448b50cdbd3e305ea9de6e08a |
| SHA256 | 6959c289c41316d46fc5703d3978b599e7d402bfbaca212cbca44d494f7cf3cd |
| SHA512 | f0b809c59249e6e6e2479e50f62fb524a7b0394e74f96fc15fe49d01cc0c9eaf94ddcaf831436eee1092cd278da29dd32801156bb068f68d7f72014a99e86b34 |