Analysis Overview
SHA256
654e2cd54529f03d48dd196c65051db18af984e59f88c48a5f2bd8c538581bcc
Threat Level: Known bad
The file صیانت.apk was found to be: Known bad.
Malicious Activity Summary
Irata family
Irata payload
Checks memory information
Queries the mobile country code (MCC)
Registers a broadcast receiver at runtime (usually for listening for system events)
Obtains sensitive information copied to the device clipboard
Acquires the wake lock
Requests dangerous framework permissions
Checks if the internet connection is available
Reads information about phone network operator.
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-05-16 11:42
Signatures
Irata family
Irata payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an app to post notifications. | android.permission.POST_NOTIFICATIONS | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-16 11:42
Reported
2024-05-16 11:46
Platform
android-x86-arm-20240514-en
Max time kernel
9s
Max time network
130s
Command Line
Signatures
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Checks if the internet connection is available
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Processes
com.mycarroll.app
ping -c 2 -W 10 -v google.com
ping -c 2 -W 10 -v google.com
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | google.com | udp |
| US | 1.1.1.1:53 | 110.201.58.216.in-addr.arpa | udp |
| GB | 216.58.204.78:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| GB | 142.250.178.3:443 | tcp | |
| US | 1.1.1.1:53 | pishro_phishing | udp |
Files
/data/data/com.mycarroll.app/files/PersistedInstallation7022450315631262294tmp
| MD5 | 3948a238c336e43bbacc3dd3ff16c2f5 |
| SHA1 | d3dcb750c11723acd5a6231308c0acd91fc03842 |
| SHA256 | 9ebe96eeffca3e02b27fcb936025f33ff0f4c43da90ddd7587d25b6c8c78003e |
| SHA512 | 6e256144b719de6981e60677e40eeda045a285b4186820cd4ae1c42e3bf5180b8a39c4aac5b8ee60deb4fe780cdd0c0d63ee7e812466df6486436a87df483944 |
/data/data/com.mycarroll.app/files/port.txt
| MD5 | 4f030a02e1a1b7c16733403b65164e5b |
| SHA1 | d463a841c6ddd212bedfb1e68c7639426e354f0f |
| SHA256 | 46fde00bfa275b287932e1a651e072c36a0a43c50d41f922f5ed72e9b3734441 |
| SHA512 | 902d226fbdbad3178c7f9390c0762620cd31595e7f582b926a552edf5d3bdaf379ca4cc53f6263b5a8fc305a3dd2c805280ebb1d9ba79213d67b87d3c13e416b |
/data/data/com.mycarroll.app/cache/~test.test
| MD5 | 098f6bcd4621d373cade4e832627b4f6 |
| SHA1 | a94a8fe5ccb19ba61c4c0873d391e987982fbbd3 |
| SHA256 | 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08 |
| SHA512 | ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-journal
| MD5 | 737a78e9143d57e70aab91fce8d7f4ff |
| SHA1 | ee0eda62ca6ba05ff0533c992718e965229f8241 |
| SHA256 | 5ca7830a95b99c18798e11aaa33beb20b3c553ff767cfa9877f9521bd1fb5f52 |
| SHA512 | 6a263e4686a544ebb8dc357d973582c3566d30afeeae5b87571b20c5424eb79deac15052a64f7ba48406f65b601cfde18173e627c11a8dcab645a13663b2308a |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db
| MD5 | 7237409e0640cfab7bdbd429bf821a3b |
| SHA1 | 4c3da934842f8d4835dfe2a9c275a300e5123309 |
| SHA256 | 5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa |
| SHA512 | c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-wal
| MD5 | 9a51d25fee8c4b283c22daeda704e905 |
| SHA1 | d388eb9540b57c15cb85440c8e8bd06d68ad25b2 |
| SHA256 | 41742f6fa551c64d1519c0d67302bd414bdd5c3bcdfafef20828ebeba3015b61 |
| SHA512 | 2ae491cb2f35d10f2d818ebd8281cbe4e65018751bef1d0ebd219dbce67d5ae38ffb503d69392c93ad507e7b87c0ac8ff347d152dbabe8170bcf5e8c4f7f8b61 |
/data/data/com.mycarroll.app/files/PersistedInstallation4753401837221066957tmp
| MD5 | 1dc5485fd6753a7cbc4be3b88aecf42d |
| SHA1 | aa8450531f3b76a4be604dc87ae8c7c57f325d24 |
| SHA256 | aaa1aa5949b9074ba346b6aea00da25c662fc4bc810bae58d3f33ff2c5c8fc61 |
| SHA512 | 943570a9e8469614455d2604e079e5caa4981f4086103b325fe98946154bc0c6f30908de10d8288597234f4c76f7a59eed557d95fb65bb83cbaa0032967990a8 |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-wal
| MD5 | ed7093f3c21d0614cdd360cfffedcdbd |
| SHA1 | eba0c88b740dfba1d3aab5ba66b106fd80515821 |
| SHA256 | 3a171ee13f6e8c930e5871c510f3e1d2e79e10c760ad59c1644a6c3cca9f1d54 |
| SHA512 | 75561a6389f052a4f3de1f776f8cac987f24d1fb23c99bed0db91820b58c0e93352e20f7fd2890f423a1fc5a6d24844e662a98f65fe21e08d00b1243424f3064 |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db
| MD5 | c7a6071431c4be51cad0dc556a633ed3 |
| SHA1 | fb9fdb25ed060d30df7d99083c50c1450c5d7b8c |
| SHA256 | 7fdb54d6cc8042d9f1a4b3553cfb10adbfae8e60e5e91a736593356480472937 |
| SHA512 | 4fe9a0bef4a849e34263cb56d19275a038db3909ec8b536b9d856b6210b652e77c2642e337e067e344ddc089a4308c7475545ac034104b270c670f12f25afe4c |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-wal
| MD5 | 0a30d77401c63d5dfd1fab068357e0a9 |
| SHA1 | 0158b6e6d8e81ae53d3ea7cede7144e2720d3e3f |
| SHA256 | 48744ad6777a6ca88a2870980885154f9589740b04b4b934e8e1d77d2c0a427d |
| SHA512 | 2537fd1b3999ad1767f7e79bb251cfb46a139c1ae5208566da73461f7c49e6cbd911e004732fcdab723d847441522a2722bf61eea1d7b4685e9c3ef3d5bad2a4 |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db
| MD5 | 6207d41793e9125bdfda6ebefcf5231c |
| SHA1 | a18b8e7b3d7de31bf91adbc89dec2a4855bceee1 |
| SHA256 | f06ca215345e7cd5519dcdf6d8e526895fd65b6c032da09e001073330aef658c |
| SHA512 | c84097ed8d4e72ae39cde397f1386e1c4083c7742b8cfabca54f431032e386869a88baa1bdc524f5e4993d59ce8266ba0d2017ae29c264fb2bfb3ebf70b48ada |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-wal
| MD5 | 14bd20bfa2c59a9e25fae24c528ae11b |
| SHA1 | 94bc248c52bc962aabf267d7d630b5d87e89e62a |
| SHA256 | 06b547bc38152d730b07021d5952fcc2d117d54fd162776d6841cdd4fbedebd8 |
| SHA512 | 20a715a95459b6dcc7545f19f65f69a0b1263152ce21b8edea0f13289de7a5b1bfb2db7f6ddabcac9a8059b7f41bc886746bfc97c9d78fb2ceca5d725ddc4833 |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db
| MD5 | 8ce826a5950ad97c90829ba63d50d2ef |
| SHA1 | ce6ef318fc083fc46c66da7d0f0c1aa74239b956 |
| SHA256 | 505680559bdaff64f29cd8ea67922d41c1a5c4a3b2f80a28d8f07793580c9485 |
| SHA512 | c05840fba1674e8ae3d790db0e7cfce34ca706bd4d3fc602394760f0e267c031cd20d0f2e6d6cd32d624dcf3e36f4203f7b6fb2ba79921f8e806c43fe63a6d18 |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-wal
| MD5 | 959a90b17fca03a901c892aff8172da7 |
| SHA1 | 1f609aa5977c69d7c3294fa95ec554a7f196fecd |
| SHA256 | d53279ed31c0d3e54457146e72dda6d953723480bb8c48b24bf82ce961a1e9d5 |
| SHA512 | 2ff54a68f78f84e7dc1cb657182f7338c045677157c4fb2749bfc72a66aecd89ff1533cf7a693e16c4c05818d79ff077cfcfa36fd14966631d7edc9c6f189f09 |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db
| MD5 | 1337ab667aa8986497e7651268c81fbf |
| SHA1 | 02f09cc3641fc45f07d0e8cec3f84c674b74337b |
| SHA256 | ac802fb5d9470373ee86dd3140ad5dce398f4657759394d55b4074b5c55ef04a |
| SHA512 | 97c2eef40d6842138af2693d76e11568eaa35ff844b4fdc64b529d2b8eb299f9eb0ee71f58f9340581ff122d7ad76c7a8e5e0fbf9e7d7fae889bce2cd0527566 |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-wal
| MD5 | b9d9dd3b13c73f3334e9c67f3440e8cf |
| SHA1 | e4a5ec57f8213a6097063bc8c122e50beeb51ad9 |
| SHA256 | 84282e253ec08fb953bae7f17b9f64f472de56920b20b8de97268a3cc371ed98 |
| SHA512 | 1b190d65f1df609d29a2df1b40665ee7cd619fac89eea2ec56f62034d6742c34649a54d87d43186a40c0d523e11a4d91afceda397c0dcdb814a1cb07b57e6d10 |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db
| MD5 | 6e51f0580a08c55cb6598dee996c9be5 |
| SHA1 | 225ee2d2dc97eb5e816e7c219c2212f7ac57a835 |
| SHA256 | 6de59d2460af67b546c95f2ac9d7f38945f3bbfc46645c7f291ecb1dcfe05ace |
| SHA512 | baacdfdef9d5d6abab374878f63d6749862f7f2bee7d27ec859ba2655d21fda76721bed71d1bde0799c332b0ebb6ce317d18c08706e36b04b0c0768fabe89f90 |
/data/data/com.mycarroll.app/files/MessageId
| MD5 | c4ca4238a0b923820dcc509a6f75849b |
| SHA1 | 356a192b7913b04c54574d18c28d46e6395428ab |
| SHA256 | 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b |
| SHA512 | 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a |
/data/data/com.mycarroll.app/files/user_code
| MD5 | 3f22feff5f36ff0d51abbe995ef17be1 |
| SHA1 | 0de9dd0c671feb4d04dd96b9b0561e4d2a80c417 |
| SHA256 | bb4359fc6bf89058b558a539ce3df1fd2283d335666a27d4b7a190aad7c036fe |
| SHA512 | 630709acca2c317e570e9dc9edf369b27e76fcb692f1d6b17cb505777b5d6d128ad80b9d9ba049d9f4a357d8b9a08651a6f906af13e0d163289b4af47b6e3c9f |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-16 11:42
Reported
2024-05-16 11:46
Platform
android-x64-20240514-en
Max time kernel
11s
Max time network
156s
Command Line
Signatures
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Checks if the internet connection is available
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Reads information about phone network operator.
Processes
com.mycarroll.app
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.178.10:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.204.78:443 | android.apis.google.com | tcp |
| GB | 172.217.169.14:443 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 172.217.169.8:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | google.com | udp |
| US | 1.1.1.1:53 | 206.212.58.216.in-addr.arpa | udp |
| US | 1.1.1.1:53 | pishro_phishing | udp |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| GB | 172.217.16.234:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 142.250.200.46:443 | tcp | |
| GB | 142.250.187.194:443 | tcp | |
| GB | 142.250.187.202:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 172.217.16.228:443 | tcp | |
| GB | 172.217.16.228:443 | tcp |
Files
/data/data/com.mycarroll.app/files/PersistedInstallation8261439489775464348tmp
| MD5 | 6a1d8c4737beb97d9fc6fa6d782b13fe |
| SHA1 | 558a8ce918cf980a00a2cd315013b3ba0f8fc99f |
| SHA256 | 6c6ccdb4e661a4318e434adb567f1ee1b43adc9029f21a9dc11d73ce4e2acd2a |
| SHA512 | 7ccb145969d2b929bc1e28acce71406ee25b1b7bf740d14e0bdf1e11f95027471373490a59cfe393cfd9249120e21348cee69d86ff879bc31e54dcc696172d1a |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-journal
| MD5 | 36c1fe38dde169d1eedf2f8e12b50b52 |
| SHA1 | 25f4f36e03a4102e0e7fdc6b3d7f2dd527ec7cb2 |
| SHA256 | 48db7e1c421266a69ce3aff24e70937da631f26952041f713bd7b0728c93ba7f |
| SHA512 | 54c6d8ded0561ac5e9f993082f6b582a6a64ac03ee098572b354cc84d021d1078f4adcbbf453a81c054925216c29b9948f9dafb2846ce6de1031215f4d96be35 |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db
| MD5 | eb52a90bb70b76e946b62f50b6f7fb85 |
| SHA1 | 42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0 |
| SHA256 | 48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4 |
| SHA512 | b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-journal
| MD5 | 8ffe7cf0ff43bfa11679692ecfe757f9 |
| SHA1 | dc1571b3d5b38dde37b6d6d5b73b3b398b9e1575 |
| SHA256 | 99b83ceedc75b7a4c9992d9b6fdd34cd3c8fdd060e182b28ed2a7c8c13fc8846 |
| SHA512 | c6e281c5f5c796bfc3e3eb53597e4dac85642a8dd8a7a84e9606a3ff12c626c7bc90d1d589bb100f3fba6e1c14860b17a40fad93a6bc8ac51f7cbe966c6f5620 |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-journal
| MD5 | 915c328b7b51b48bd32f36b23cf8a4be |
| SHA1 | fd6213564128e192edcf213e6ff7aa6bc673ffef |
| SHA256 | 443ba27b2e03ae85819de52282fff2bd0fe8f846ffb38f2cf8e458392c48fc6c |
| SHA512 | 6a26b948ad5ff1bedd0cd6ddebdd32ef9369fc8ae1ae6a049d226c8432a6e4b89a398e609afa489ede6f32348047f7b470664223ed357e9c51784aabde8e2a04 |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-journal
| MD5 | 20c5b8330e5fb3842408ffdfb89e4c52 |
| SHA1 | 9a27097c069910b19110e25329fd2e89a0eba633 |
| SHA256 | d301e6acb8495b72fd6ab9d5dea7e6c4a4ae9427d7b472ddb179088ebda7e4d6 |
| SHA512 | 270e28af5d94dd78e5f5ee55ab9bd94b98e4d2384197f4bf8a4e63f3c14f25c4de22c269f3961f77317eb47ffc69dda1b94975a920ceba59dba6d23cbaa67a6e |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-journal
| MD5 | 2c53eaf7a305eeaf1b93003cf4a59b56 |
| SHA1 | a40b65c67fcbf825a8cddcb1fd5c472acd87bfe5 |
| SHA256 | f20ec02e89f1cc938c4f2225743a8b41708f1e94fa35cc0cb655e9d2cceaaf67 |
| SHA512 | 953774c67aca0be541c6a2f2ad576efaf0ee1a8bcdce595eab5917d8579791c659e9fb4bcb4afc80147c7b5f4ab59ce95824cf94825bd9c7259b2c516cfe4617 |
/data/data/com.mycarroll.app/files/port.txt
| MD5 | 4f030a02e1a1b7c16733403b65164e5b |
| SHA1 | d463a841c6ddd212bedfb1e68c7639426e354f0f |
| SHA256 | 46fde00bfa275b287932e1a651e072c36a0a43c50d41f922f5ed72e9b3734441 |
| SHA512 | 902d226fbdbad3178c7f9390c0762620cd31595e7f582b926a552edf5d3bdaf379ca4cc53f6263b5a8fc305a3dd2c805280ebb1d9ba79213d67b87d3c13e416b |
/data/data/com.mycarroll.app/cache/~test.test
| MD5 | 098f6bcd4621d373cade4e832627b4f6 |
| SHA1 | a94a8fe5ccb19ba61c4c0873d391e987982fbbd3 |
| SHA256 | 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08 |
| SHA512 | ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff |
/data/data/com.mycarroll.app/files/PersistedInstallation4617073298940282228tmp
| MD5 | 06216b978238820025b603222e605e36 |
| SHA1 | 3044c772d280e06f421ef59ee92b0ef8a1be75e4 |
| SHA256 | abbb1bea7c1570bfe1523cede950aaebcf59ed64976a65dab9027ad3b4df4974 |
| SHA512 | 16047684e50e66b3d25a22d58d91e80d413c37d5ad7b13e4e65da3ca3d476ef8e9f69956d6a25aa0019fc623c0acea59892ee35f952089329e946736ccf5ab08 |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-journal
| MD5 | 065ceda1d1bf1ae982163afa9990a161 |
| SHA1 | d888888830891209a9f490b278efff9fc90c0b4c |
| SHA256 | 40ce562bca974c9a1ebb9c49203ab1caf75ea67ce781ab5fa3ceed18e2d278b4 |
| SHA512 | 3c2bc4a6272af08dde52abe0daa30ea6227bb9b2fa337e743020d3b2ecc71507e25285e8c5b68799d95fa55e3b4b39cc425e9a6b0f4f936742c3d42581f9e955 |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db
| MD5 | 9b8d9036edb2759d54d18e0cef7bc063 |
| SHA1 | 0f733436d6652e14d113d130e454d09f01c7fd2b |
| SHA256 | a3956d956e01633665b2d5f5a1c0ae6cb291be58779b483c4cd6e26b56fd5703 |
| SHA512 | bf74903740524e58088637cf0b8afc65ede091da044f0062085a644648abd7ee5cd59deb7468d2e9682c191ac1bd77c8b42761c97704749ed62dd04331f5f308 |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db
| MD5 | 3eed48efaf10f9d4a563b768cb59a845 |
| SHA1 | 529747a2f4f83edea430e966c23c9b745c7ea664 |
| SHA256 | 60716eca123bf05e5930cf7bdd9aae89bb9f3797dc6e598be51eed0eb4b2dc24 |
| SHA512 | 9bcb0a76374141e75cd9413f5737c63047c74b01b06f475850589068340d6ab798f313ccd05fcff497f1b2cbdd5160de926cff945266d4a8aca051525cc071a2 |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db
| MD5 | 3eac2e37f328110c6852f96470b61a9b |
| SHA1 | 681a3c0c9a72ce9589c3596a35c8a9324f69f921 |
| SHA256 | e442d4d4bfb949bf380d5ddc6cbbf2cb0f4e2388fe9ec07cf233bf8a64844668 |
| SHA512 | 5e97b9111e8aa4549ac845809a7cf3d770a8c5280cd70eaf9c34f88ea0c926c0be647a35f31a0cf2d4473109373e6c3edd67cfe284bf94efbd687cbe5809395e |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db
| MD5 | b133541d8917cd2554b1d75808c768d5 |
| SHA1 | 2af5e808dcf34dbb242fd93623255e7fe4839d72 |
| SHA256 | 6e5dee1da23e2cbadb02bc77b263425131711ab01654a1c189c0feb3d08e6a24 |
| SHA512 | 9ad8cf6b1fb3d86ad5218e73059ef45bb91e9c0222a8edb52680444d484cf89bfa79ca25a7dcfe6ed65f36f9eb41b30a6305599521c1c8d0f4ac3d8b7f2650dd |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db
| MD5 | 3ce5bd7864f78d68ae0043f499258c1b |
| SHA1 | 66657337f643c8f3339a5216b3a1860d28bfbd2e |
| SHA256 | 1c74d6c83d3a3555869a6586c14efd5af881e2ea09c9a78aee96a4ff97b97b73 |
| SHA512 | c68cc43838fc3f4d029946e91a1b8602a8fac291531d0ea67a3b5d951a0e083d671660a427b3bbf1f4c1fd43893343be9edb0b38d799a5c56e49ed547ee69d9f |
/data/data/com.mycarroll.app/files/MessageId
| MD5 | c4ca4238a0b923820dcc509a6f75849b |
| SHA1 | 356a192b7913b04c54574d18c28d46e6395428ab |
| SHA256 | 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b |
| SHA512 | 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a |
/data/data/com.mycarroll.app/files/user_code
| MD5 | ea6055c6ead76455796a20df53627c57 |
| SHA1 | 5edaa047b920e812f94f68f28286112aa9ad257b |
| SHA256 | 3d0cb1e59ed100e573ccad3bea9b267c121d7ccccb1b234b7f0f3da52c560bb1 |
| SHA512 | 657c677ceeabe62f111117d09066edd16a0eeae2138d3e59982850a46bcc9796d51ef54775d9ef7a0d3f40a91d179b36d8c262ce91c32140218833fa3109fe11 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-05-16 11:42
Reported
2024-05-16 11:45
Platform
android-x64-arm64-20240514-en
Max time kernel
126s
Max time network
132s
Command Line
Signatures
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Checks if the internet connection is available
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Reads information about phone network operator.
Processes
com.mycarroll.app
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | google.com | udp |
| US | 1.1.1.1:53 | 46.169.217.172.in-addr.arpa | udp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.179.232:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.212.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | pishro_phishing | udp |
| GB | 142.250.187.196:443 | tcp | |
| GB | 142.250.187.196:443 | tcp |
Files
/data/user/0/com.mycarroll.app/files/PersistedInstallation8883673769392380308tmp
| MD5 | 06460ed4909c37ebef82f4b9c1df33ad |
| SHA1 | f9be0491b55518f9993d1919e31095b317436bc7 |
| SHA256 | cd2abf896ea9e77ebd79ecd50c9348a394c52c1b321d4ee1a0fffa5515b8edaa |
| SHA512 | d20626241c9da3c70d51e3338eb3f73e9ab645aec4fe900e4a1ac6ab50174b91f5174aa3f8a839134517205ebb088b623afa74bfd4cc38f521233da07cb6d52c |
/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db-journal
| MD5 | 6f5507e209252ed06e91412836747297 |
| SHA1 | 0652c92477e7af332a9213a51fa2074ea69fb15f |
| SHA256 | 64c245a5a3500710c121c1eafda2662ed951b26055d19f44d7be9a665c5e7060 |
| SHA512 | ef1718b0b081d58abd8fe9cfd31d6eece8ce031258b17bde375aa450b75abd5e57e636a29736370f2a468042e7122c75f018c0bbe251c28438a42df54d6f1590 |
/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db
| MD5 | d9cf75fdd1c2292d986f6c3d5d60f2c8 |
| SHA1 | 07ecb1d3a26d952ae5fecf54f36699ab498510b1 |
| SHA256 | 2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a |
| SHA512 | 442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb |
/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db-journal
| MD5 | 1df8fb54a87ee0a0e252aeee6bc8757f |
| SHA1 | efc2b388172cf475c0de5a99d486331a28fd0957 |
| SHA256 | 0a958ebb2fea8af815f1bf38e991a4caa47f8ee1b2d7421301f644350188a009 |
| SHA512 | f0770920c37242a0a2f8e0c5c9ae681e0cb3c014b8170a4c6b7483b363cde47ed56fd23a04a8bdcb9e1d75dc78887e55587376b12a0c677bc43952f3183a5aad |
/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db-journal
| MD5 | 55e152bb4029942fcbab4e8ae53b046f |
| SHA1 | e6903b3d8cd33cd213ab15c70edb583c2d4944af |
| SHA256 | 381b4b0869863c0379c9057c546c4ec9dcf290de758c2b9f81d174921b0de6fc |
| SHA512 | 4cef98be156c275ab1d808ce1a38777afa4d934848a72a94e4a4b594ba4bda8962729db469781120ac255dda82f94e13ce747e281f3e7704fe99710034edfcce |
/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db-journal
| MD5 | 208e4f59c7f03eb3b9503f7200be983f |
| SHA1 | 7e8de257cf1455bdfc0d174ddb58dc92f4b731f0 |
| SHA256 | 75b737545b090c5459a73b870216465f31c4f28558f8c1820065c793f066e3c3 |
| SHA512 | 3d6abcc20dd143c1e5de50b6d8dcfd389aa9c825d7ac2d7f4951d37c9756146acc9165513859c113f788a2804a09215bb02115bd4f7abdce7d88258e09f42e0a |
/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db-journal
| MD5 | 8d17475521f6d7969c21ca2494762585 |
| SHA1 | ebdf1af0f575e5a0d360f92516d395b6bda1fac3 |
| SHA256 | 627061977675d6d8eb57e27aa4849f9eefecd3ec80ca4c7ee93842b9b586e58c |
| SHA512 | ad4e27fbbbd65f9beb5dc2165d96c5a51648434d09c81f922b8584f56f67d48dbd90ec3b1ae8e1e6f2bb8aa9f6e3301ca0cba5a56ae1b9463433ef0c07670706 |
/data/user/0/com.mycarroll.app/files/PersistedInstallation6335670404350314316tmp
| MD5 | 3da0d392c632ea5c46d6e9eeb9095f48 |
| SHA1 | 2a9330bbea7de076af41cc5607492d4676283fd4 |
| SHA256 | 612d72ce7d823785016695753d5fb0c0849ec1f56828285fd5548adbdd78d8a7 |
| SHA512 | 0f8087cac643cb0607c579f1427d7025b0b7b73c55f6bb54a59aef2ab2a08a9f01950bb0e37ea734f02016971d5e19dc03231993947a5261caf0dd067e181b52 |
/data/user/0/com.mycarroll.app/files/port.txt
| MD5 | 4f030a02e1a1b7c16733403b65164e5b |
| SHA1 | d463a841c6ddd212bedfb1e68c7639426e354f0f |
| SHA256 | 46fde00bfa275b287932e1a651e072c36a0a43c50d41f922f5ed72e9b3734441 |
| SHA512 | 902d226fbdbad3178c7f9390c0762620cd31595e7f582b926a552edf5d3bdaf379ca4cc53f6263b5a8fc305a3dd2c805280ebb1d9ba79213d67b87d3c13e416b |
/data/user/0/com.mycarroll.app/cache/~test.test
| MD5 | 098f6bcd4621d373cade4e832627b4f6 |
| SHA1 | a94a8fe5ccb19ba61c4c0873d391e987982fbbd3 |
| SHA256 | 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08 |
| SHA512 | ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff |
/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db-journal
| MD5 | 4406ac8b2838210a0a3dbbcaa7f5763d |
| SHA1 | 98faefce91ffec44560f7ff58cbb9787bcc73712 |
| SHA256 | 5a9e643059c235dd5fbdb4b55053ebbf7f4063e8fb286fabb5360c5a61444454 |
| SHA512 | 08880dbe6e923b70b878816fa9b5a160204ad01766ed0c5234fa86e6a5e4d35cb2f17b2b2582d2ad70d08885e46c0ba91acaee0706999d49b64a85b0faedde28 |
/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db
| MD5 | 94cc2c9cd8fec1bb17217bb2c83ea59f |
| SHA1 | d9ced5bc677e92ee9a8e577280d4b71d911debbd |
| SHA256 | 2454ac93708a2b10bffa2cf24320bbd5487bb87da04554eb971eebe23c11691a |
| SHA512 | 2aae0aac38535046643214ae070ab15820f80efeca9a0d500ddd40451e216243f3bf1c1c38d187e2ed0462fed807f5f6e481bacc96527dbc84d2724d21a0f594 |
/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db
| MD5 | 08adb1d2dbc157ba4dc2e62ab2161f9a |
| SHA1 | 54b7928711e6564efb13fc450bc1f188bff091a2 |
| SHA256 | 52304a5bbfa89922260c3e50718cd6e51f4a42e78f6f88fe0b57f238ba7c79f8 |
| SHA512 | a49816ba9779626738c208dec799e482a41f0941ea071e1d4a2438c1398cc263d56ca72c7c5b8315dc5d9f0c95635ee871105f87785569512911f46f6aaec239 |
/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db
| MD5 | 8f96fe78440e05f15889d42db6996b0a |
| SHA1 | dad16072983dddd084899250b8e9ecc271338bd6 |
| SHA256 | 46620301d5640f1b49f66b39fe3b6cee6f76e5a5b05658afd04c98abcbab5e00 |
| SHA512 | 3b0d75780b72266b77165d8bd63e583bf7ed2023d730cfc2a18799cef812def22dd077fdc0712321fdee964e35119528c2e03366c5695bd52294f063659096bb |
/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db
| MD5 | 3f5b12f0c7e7111b7b6768b8e0cd9c30 |
| SHA1 | 063be6b4a96faf517b4e4494c5fbd3a9b183492a |
| SHA256 | ef827e40ac17e3e4d73c58aab67cb9420392fe08f71e9b6fe008d6611fede86a |
| SHA512 | 58518c436f209e65c618757baeee35e1411258b36898f3e7e460fae71d512bafa1d473af5fac71564696eda320a8b2625286543837c666da5c9f5fc8d24eb4a4 |
/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db
| MD5 | dde5e39395ac43130407263aef4a3770 |
| SHA1 | 758006cdd0c340ba1e63a3d0c49d515ea8119307 |
| SHA256 | 9569b5482befe8dd54ff175752078ed325455f6f99d20ad8960fba34bdbbabf6 |
| SHA512 | 7ed60e6e87961f67f637e07fae3b59e5136b5655b41c4767cec8fd092799a01f1a88ca4219db5163d9b7302545599969c72a9ff524c55187b7694d11290dd51d |
/data/user/0/com.mycarroll.app/files/MessageId
| MD5 | c4ca4238a0b923820dcc509a6f75849b |
| SHA1 | 356a192b7913b04c54574d18c28d46e6395428ab |
| SHA256 | 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b |
| SHA512 | 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a |
/data/user/0/com.mycarroll.app/files/user_code
| MD5 | f9925927ce684a09ed581cd3d8c986eb |
| SHA1 | f38b8d9eedcba0765f55f1047c788fe53271d3a8 |
| SHA256 | ea8631a73fa63ab1a430be2da472e028e926093b61f3480b0518c341c545e26f |
| SHA512 | 52020af16dee469f885b98f7bd5d96dfe8928f13d49347ca862393b38bb941d3213ae4412b1e4318e17f2d3cfc75b9298e526146c3d0f04ca57281b8f97958ab |