654e2cd54529f03d48dd196c65051db18af984e59f88c48a5f2bd8c538581bcc

Analysis

max time kernel
11s
max time network
156s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
16-05-2024 11:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

صیانت.apk
Size

2.8MB
MD5

beccc97980716f98f9edd058018bc90f
SHA1

a0f0da9b1306f2a1ce64246161467b2694190ec6
SHA256

654e2cd54529f03d48dd196c65051db18af984e59f88c48a5f2bd8c538581bcc
SHA512

461e298e37e57c075dd2dd43c3dda5f223c6b62d5a910215ed7701318e2db9940c79f0a5234297b3abc712eaa7ce35e9a034663de92edd1ec7bd64197ce226c5
SSDEEP

49152:4/QsZrOCIQVl2KGQx472EXF0/BgrUIwGoKUOPNUzgwcLAB3nxNd3JFaWY:m26lZS72EXF0/8VwxKjPWzMLAhxP3Haf

Score

7^/10

collection credential_access discovery evasion impact persistence

Malware Config

Signatures

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

Processes:

com.mycarroll.app

description	ioc	Process
File opened for read	/proc/meminfo	com.mycarroll.app

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

Processes:

com.mycarroll.app

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.mycarroll.app

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

Processes:

com.mycarroll.app

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.mycarroll.app

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

Processes:

com.mycarroll.app

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.mycarroll.app

Acquires the wake lock 1 IoCs

Processes:

com.mycarroll.app

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.mycarroll.app

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

Processes:

com.mycarroll.app

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.mycarroll.app

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

com.mycarroll.app
1⤵
- Checks memory information
- Obtains sensitive information copied to the device clipboard
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
PID:5176

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.mycarroll.app/cache/~test.test

Filesize
4B

MD5
098f6bcd4621d373cade4e832627b4f6

SHA1
a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

SHA256
9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08

SHA512
ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

Download Submit
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db

Filesize
16KB

MD5
9b8d9036edb2759d54d18e0cef7bc063

SHA1
0f733436d6652e14d113d130e454d09f01c7fd2b

SHA256
a3956d956e01633665b2d5f5a1c0ae6cb291be58779b483c4cd6e26b56fd5703

SHA512
bf74903740524e58088637cf0b8afc65ede091da044f0062085a644648abd7ee5cd59deb7468d2e9682c191ac1bd77c8b42761c97704749ed62dd04331f5f308

Download Submit
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db

Filesize
16KB

MD5
3eed48efaf10f9d4a563b768cb59a845

SHA1
529747a2f4f83edea430e966c23c9b745c7ea664

SHA256
60716eca123bf05e5930cf7bdd9aae89bb9f3797dc6e598be51eed0eb4b2dc24

SHA512
9bcb0a76374141e75cd9413f5737c63047c74b01b06f475850589068340d6ab798f313ccd05fcff497f1b2cbdd5160de926cff945266d4a8aca051525cc071a2

Download Submit
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db

Filesize
16KB

MD5
3eac2e37f328110c6852f96470b61a9b

SHA1
681a3c0c9a72ce9589c3596a35c8a9324f69f921

SHA256
e442d4d4bfb949bf380d5ddc6cbbf2cb0f4e2388fe9ec07cf233bf8a64844668

SHA512
5e97b9111e8aa4549ac845809a7cf3d770a8c5280cd70eaf9c34f88ea0c926c0be647a35f31a0cf2d4473109373e6c3edd67cfe284bf94efbd687cbe5809395e

Download Submit
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db

Filesize
16KB

MD5
b133541d8917cd2554b1d75808c768d5

SHA1
2af5e808dcf34dbb242fd93623255e7fe4839d72

SHA256
6e5dee1da23e2cbadb02bc77b263425131711ab01654a1c189c0feb3d08e6a24

SHA512
9ad8cf6b1fb3d86ad5218e73059ef45bb91e9c0222a8edb52680444d484cf89bfa79ca25a7dcfe6ed65f36f9eb41b30a6305599521c1c8d0f4ac3d8b7f2650dd

Download Submit
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db

Filesize
16KB

MD5
3ce5bd7864f78d68ae0043f499258c1b

SHA1
66657337f643c8f3339a5216b3a1860d28bfbd2e

SHA256
1c74d6c83d3a3555869a6586c14efd5af881e2ea09c9a78aee96a4ff97b97b73

SHA512
c68cc43838fc3f4d029946e91a1b8602a8fac291531d0ea67a3b5d951a0e083d671660a427b3bbf1f4c1fd43893343be9edb0b38d799a5c56e49ed547ee69d9f

Download Submit
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db

Filesize
16KB

MD5
eb52a90bb70b76e946b62f50b6f7fb85

SHA1
42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0

SHA256
48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4

SHA512
b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

Download Submit
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
2c53eaf7a305eeaf1b93003cf4a59b56

SHA1
a40b65c67fcbf825a8cddcb1fd5c472acd87bfe5

SHA256
f20ec02e89f1cc938c4f2225743a8b41708f1e94fa35cc0cb655e9d2cceaaf67

SHA512
953774c67aca0be541c6a2f2ad576efaf0ee1a8bcdce595eab5917d8579791c659e9fb4bcb4afc80147c7b5f4ab59ce95824cf94825bd9c7259b2c516cfe4617

Download Submit
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
065ceda1d1bf1ae982163afa9990a161

SHA1
d888888830891209a9f490b278efff9fc90c0b4c

SHA256
40ce562bca974c9a1ebb9c49203ab1caf75ea67ce781ab5fa3ceed18e2d278b4

SHA512
3c2bc4a6272af08dde52abe0daa30ea6227bb9b2fa337e743020d3b2ecc71507e25285e8c5b68799d95fa55e3b4b39cc425e9a6b0f4f936742c3d42581f9e955

Download Submit
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
36c1fe38dde169d1eedf2f8e12b50b52

SHA1
25f4f36e03a4102e0e7fdc6b3d7f2dd527ec7cb2

SHA256
48db7e1c421266a69ce3aff24e70937da631f26952041f713bd7b0728c93ba7f

SHA512
54c6d8ded0561ac5e9f993082f6b582a6a64ac03ee098572b354cc84d021d1078f4adcbbf453a81c054925216c29b9948f9dafb2846ce6de1031215f4d96be35

Download Submit
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
8ffe7cf0ff43bfa11679692ecfe757f9

SHA1
dc1571b3d5b38dde37b6d6d5b73b3b398b9e1575

SHA256
99b83ceedc75b7a4c9992d9b6fdd34cd3c8fdd060e182b28ed2a7c8c13fc8846

SHA512
c6e281c5f5c796bfc3e3eb53597e4dac85642a8dd8a7a84e9606a3ff12c626c7bc90d1d589bb100f3fba6e1c14860b17a40fad93a6bc8ac51f7cbe966c6f5620

Download Submit
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
915c328b7b51b48bd32f36b23cf8a4be

SHA1
fd6213564128e192edcf213e6ff7aa6bc673ffef

SHA256
443ba27b2e03ae85819de52282fff2bd0fe8f846ffb38f2cf8e458392c48fc6c

SHA512
6a26b948ad5ff1bedd0cd6ddebdd32ef9369fc8ae1ae6a049d226c8432a6e4b89a398e609afa489ede6f32348047f7b470664223ed357e9c51784aabde8e2a04

Download Submit
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
20c5b8330e5fb3842408ffdfb89e4c52

SHA1
9a27097c069910b19110e25329fd2e89a0eba633

SHA256
d301e6acb8495b72fd6ab9d5dea7e6c4a4ae9427d7b472ddb179088ebda7e4d6

SHA512
270e28af5d94dd78e5f5ee55ab9bd94b98e4d2384197f4bf8a4e63f3c14f25c4de22c269f3961f77317eb47ffc69dda1b94975a920ceba59dba6d23cbaa67a6e

Download Submit
/data/data/com.mycarroll.app/files/MessageId

Filesize
1B

MD5
c4ca4238a0b923820dcc509a6f75849b

SHA1
356a192b7913b04c54574d18c28d46e6395428ab

SHA256
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

SHA512
4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

Download Submit
/data/data/com.mycarroll.app/files/PersistedInstallation4617073298940282228tmp

Filesize
570B

MD5
06216b978238820025b603222e605e36

SHA1
3044c772d280e06f421ef59ee92b0ef8a1be75e4

SHA256
abbb1bea7c1570bfe1523cede950aaebcf59ed64976a65dab9027ad3b4df4974

SHA512
16047684e50e66b3d25a22d58d91e80d413c37d5ad7b13e4e65da3ca3d476ef8e9f69956d6a25aa0019fc623c0acea59892ee35f952089329e946736ccf5ab08

Download Submit
/data/data/com.mycarroll.app/files/PersistedInstallation8261439489775464348tmp

Filesize
90B

MD5
6a1d8c4737beb97d9fc6fa6d782b13fe

SHA1
558a8ce918cf980a00a2cd315013b3ba0f8fc99f

SHA256
6c6ccdb4e661a4318e434adb567f1ee1b43adc9029f21a9dc11d73ce4e2acd2a

SHA512
7ccb145969d2b929bc1e28acce71406ee25b1b7bf740d14e0bdf1e11f95027471373490a59cfe393cfd9249120e21348cee69d86ff879bc31e54dcc696172d1a

Download Submit
/data/data/com.mycarroll.app/files/port.txt

Filesize
3B

MD5
4f030a02e1a1b7c16733403b65164e5b

SHA1
d463a841c6ddd212bedfb1e68c7639426e354f0f

SHA256
46fde00bfa275b287932e1a651e072c36a0a43c50d41f922f5ed72e9b3734441

SHA512
902d226fbdbad3178c7f9390c0762620cd31595e7f582b926a552edf5d3bdaf379ca4cc53f6263b5a8fc305a3dd2c805280ebb1d9ba79213d67b87d3c13e416b

Download Submit
/data/data/com.mycarroll.app/files/user_code

Filesize
6B

MD5
ea6055c6ead76455796a20df53627c57

SHA1
5edaa047b920e812f94f68f28286112aa9ad257b

SHA256
3d0cb1e59ed100e573ccad3bea9b267c121d7ccccb1b234b7f0f3da52c560bb1

SHA512
657c677ceeabe62f111117d09066edd16a0eeae2138d3e59982850a46bcc9796d51ef54775d9ef7a0d3f40a91d179b36d8c262ce91c32140218833fa3109fe11

Download Submit