654e2cd54529f03d48dd196c65051db18af984e59f88c48a5f2bd8c538581bcc

Analysis

max time kernel
126s
max time network
132s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
16-05-2024 11:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

صیانت.apk
Size

2.8MB
MD5

beccc97980716f98f9edd058018bc90f
SHA1

a0f0da9b1306f2a1ce64246161467b2694190ec6
SHA256

654e2cd54529f03d48dd196c65051db18af984e59f88c48a5f2bd8c538581bcc
SHA512

461e298e37e57c075dd2dd43c3dda5f223c6b62d5a910215ed7701318e2db9940c79f0a5234297b3abc712eaa7ce35e9a034663de92edd1ec7bd64197ce226c5
SSDEEP

49152:4/QsZrOCIQVl2KGQx472EXF0/BgrUIwGoKUOPNUzgwcLAB3nxNd3JFaWY:m26lZS72EXF0/8VwxKjPWzMLAhxP3Haf

Score

7^/10

collection credential_access discovery evasion impact

Malware Config

Signatures

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.mycarroll.app

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.mycarroll.app

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.mycarroll.app

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.mycarroll.app

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

com.mycarroll.app
1⤵
- Checks memory information
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Checks if the internet connection is available
PID:4497

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.mycarroll.app/cache/~test.test

Filesize
4B

MD5
098f6bcd4621d373cade4e832627b4f6

SHA1
a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

SHA256
9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08

SHA512
ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

Download Submit
/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db

Filesize
16KB

MD5
94cc2c9cd8fec1bb17217bb2c83ea59f

SHA1
d9ced5bc677e92ee9a8e577280d4b71d911debbd

SHA256
2454ac93708a2b10bffa2cf24320bbd5487bb87da04554eb971eebe23c11691a

SHA512
2aae0aac38535046643214ae070ab15820f80efeca9a0d500ddd40451e216243f3bf1c1c38d187e2ed0462fed807f5f6e481bacc96527dbc84d2724d21a0f594

Download Submit
/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db

Filesize
16KB

MD5
08adb1d2dbc157ba4dc2e62ab2161f9a

SHA1
54b7928711e6564efb13fc450bc1f188bff091a2

SHA256
52304a5bbfa89922260c3e50718cd6e51f4a42e78f6f88fe0b57f238ba7c79f8

SHA512
a49816ba9779626738c208dec799e482a41f0941ea071e1d4a2438c1398cc263d56ca72c7c5b8315dc5d9f0c95635ee871105f87785569512911f46f6aaec239

Download Submit
/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db

Filesize
16KB

MD5
8f96fe78440e05f15889d42db6996b0a

SHA1
dad16072983dddd084899250b8e9ecc271338bd6

SHA256
46620301d5640f1b49f66b39fe3b6cee6f76e5a5b05658afd04c98abcbab5e00

SHA512
3b0d75780b72266b77165d8bd63e583bf7ed2023d730cfc2a18799cef812def22dd077fdc0712321fdee964e35119528c2e03366c5695bd52294f063659096bb

Download Submit
/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db

Filesize
16KB

MD5
3f5b12f0c7e7111b7b6768b8e0cd9c30

SHA1
063be6b4a96faf517b4e4494c5fbd3a9b183492a

SHA256
ef827e40ac17e3e4d73c58aab67cb9420392fe08f71e9b6fe008d6611fede86a

SHA512
58518c436f209e65c618757baeee35e1411258b36898f3e7e460fae71d512bafa1d473af5fac71564696eda320a8b2625286543837c666da5c9f5fc8d24eb4a4

Download Submit
/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db

Filesize
16KB

MD5
dde5e39395ac43130407263aef4a3770

SHA1
758006cdd0c340ba1e63a3d0c49d515ea8119307

SHA256
9569b5482befe8dd54ff175752078ed325455f6f99d20ad8960fba34bdbbabf6

SHA512
7ed60e6e87961f67f637e07fae3b59e5136b5655b41c4767cec8fd092799a01f1a88ca4219db5163d9b7302545599969c72a9ff524c55187b7694d11290dd51d

Download Submit
/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d9cf75fdd1c2292d986f6c3d5d60f2c8

SHA1
07ecb1d3a26d952ae5fecf54f36699ab498510b1

SHA256
2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a

SHA512
442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

Download Submit
/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
8d17475521f6d7969c21ca2494762585

SHA1
ebdf1af0f575e5a0d360f92516d395b6bda1fac3

SHA256
627061977675d6d8eb57e27aa4849f9eefecd3ec80ca4c7ee93842b9b586e58c

SHA512
ad4e27fbbbd65f9beb5dc2165d96c5a51648434d09c81f922b8584f56f67d48dbd90ec3b1ae8e1e6f2bb8aa9f6e3301ca0cba5a56ae1b9463433ef0c07670706

Download Submit
/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
4406ac8b2838210a0a3dbbcaa7f5763d

SHA1
98faefce91ffec44560f7ff58cbb9787bcc73712

SHA256
5a9e643059c235dd5fbdb4b55053ebbf7f4063e8fb286fabb5360c5a61444454

SHA512
08880dbe6e923b70b878816fa9b5a160204ad01766ed0c5234fa86e6a5e4d35cb2f17b2b2582d2ad70d08885e46c0ba91acaee0706999d49b64a85b0faedde28

Download Submit
/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
6f5507e209252ed06e91412836747297

SHA1
0652c92477e7af332a9213a51fa2074ea69fb15f

SHA256
64c245a5a3500710c121c1eafda2662ed951b26055d19f44d7be9a665c5e7060

SHA512
ef1718b0b081d58abd8fe9cfd31d6eece8ce031258b17bde375aa450b75abd5e57e636a29736370f2a468042e7122c75f018c0bbe251c28438a42df54d6f1590

Download Submit
/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
1df8fb54a87ee0a0e252aeee6bc8757f

SHA1
efc2b388172cf475c0de5a99d486331a28fd0957

SHA256
0a958ebb2fea8af815f1bf38e991a4caa47f8ee1b2d7421301f644350188a009

SHA512
f0770920c37242a0a2f8e0c5c9ae681e0cb3c014b8170a4c6b7483b363cde47ed56fd23a04a8bdcb9e1d75dc78887e55587376b12a0c677bc43952f3183a5aad

Download Submit
/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
55e152bb4029942fcbab4e8ae53b046f

SHA1
e6903b3d8cd33cd213ab15c70edb583c2d4944af

SHA256
381b4b0869863c0379c9057c546c4ec9dcf290de758c2b9f81d174921b0de6fc

SHA512
4cef98be156c275ab1d808ce1a38777afa4d934848a72a94e4a4b594ba4bda8962729db469781120ac255dda82f94e13ce747e281f3e7704fe99710034edfcce

Download Submit
/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
208e4f59c7f03eb3b9503f7200be983f

SHA1
7e8de257cf1455bdfc0d174ddb58dc92f4b731f0

SHA256
75b737545b090c5459a73b870216465f31c4f28558f8c1820065c793f066e3c3

SHA512
3d6abcc20dd143c1e5de50b6d8dcfd389aa9c825d7ac2d7f4951d37c9756146acc9165513859c113f788a2804a09215bb02115bd4f7abdce7d88258e09f42e0a

Download Submit
/data/user/0/com.mycarroll.app/files/MessageId

Filesize
1B

MD5
c4ca4238a0b923820dcc509a6f75849b

SHA1
356a192b7913b04c54574d18c28d46e6395428ab

SHA256
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

SHA512
4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

Download Submit
/data/user/0/com.mycarroll.app/files/PersistedInstallation6335670404350314316tmp

Filesize
569B

MD5
3da0d392c632ea5c46d6e9eeb9095f48

SHA1
2a9330bbea7de076af41cc5607492d4676283fd4

SHA256
612d72ce7d823785016695753d5fb0c0849ec1f56828285fd5548adbdd78d8a7

SHA512
0f8087cac643cb0607c579f1427d7025b0b7b73c55f6bb54a59aef2ab2a08a9f01950bb0e37ea734f02016971d5e19dc03231993947a5261caf0dd067e181b52

Download Submit
/data/user/0/com.mycarroll.app/files/PersistedInstallation8883673769392380308tmp

Filesize
90B

MD5
06460ed4909c37ebef82f4b9c1df33ad

SHA1
f9be0491b55518f9993d1919e31095b317436bc7

SHA256
cd2abf896ea9e77ebd79ecd50c9348a394c52c1b321d4ee1a0fffa5515b8edaa

SHA512
d20626241c9da3c70d51e3338eb3f73e9ab645aec4fe900e4a1ac6ab50174b91f5174aa3f8a839134517205ebb088b623afa74bfd4cc38f521233da07cb6d52c

Download Submit
/data/user/0/com.mycarroll.app/files/port.txt

Filesize
3B

MD5
4f030a02e1a1b7c16733403b65164e5b

SHA1
d463a841c6ddd212bedfb1e68c7639426e354f0f

SHA256
46fde00bfa275b287932e1a651e072c36a0a43c50d41f922f5ed72e9b3734441

SHA512
902d226fbdbad3178c7f9390c0762620cd31595e7f582b926a552edf5d3bdaf379ca4cc53f6263b5a8fc305a3dd2c805280ebb1d9ba79213d67b87d3c13e416b

Download Submit
/data/user/0/com.mycarroll.app/files/user_code

Filesize
6B

MD5
f9925927ce684a09ed581cd3d8c986eb

SHA1
f38b8d9eedcba0765f55f1047c788fe53271d3a8

SHA256
ea8631a73fa63ab1a430be2da472e028e926093b61f3480b0518c341c545e26f

SHA512
52020af16dee469f885b98f7bd5d96dfe8928f13d49347ca862393b38bb941d3213ae4412b1e4318e17f2d3cfc75b9298e526146c3d0f04ca57281b8f97958ab

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads