Malware Analysis Report

2024-09-09 16:14

Sample ID 240516-nvb69sag3t
Target صیانت.apk
SHA256 654e2cd54529f03d48dd196c65051db18af984e59f88c48a5f2bd8c538581bcc
Tags
irata discovery evasion persistence collection credential_access impact
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

654e2cd54529f03d48dd196c65051db18af984e59f88c48a5f2bd8c538581bcc

Threat Level: Known bad

The file صیانت.apk was found to be: Known bad.

Malicious Activity Summary

irata discovery evasion persistence collection credential_access impact

Irata family

Irata payload

Checks memory information

Queries the mobile country code (MCC)

Registers a broadcast receiver at runtime (usually for listening for system events)

Obtains sensitive information copied to the device clipboard

Acquires the wake lock

Requests dangerous framework permissions

Checks if the internet connection is available

Reads information about phone network operator.

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-05-16 11:42

Signatures

Irata family

irata

Irata payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-16 11:42

Reported

2024-05-16 11:46

Platform

android-x86-arm-20240514-en

Max time kernel

9s

Max time network

130s

Command Line

com.mycarroll.app

Signatures

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Processes

com.mycarroll.app

ping -c 2 -W 10 -v google.com

ping -c 2 -W 10 -v google.com

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 google.com udp
US 1.1.1.1:53 110.201.58.216.in-addr.arpa udp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
GB 142.250.178.3:443 tcp
US 1.1.1.1:53 pishro_phishing udp

Files

/data/data/com.mycarroll.app/files/PersistedInstallation7022450315631262294tmp

MD5 3948a238c336e43bbacc3dd3ff16c2f5
SHA1 d3dcb750c11723acd5a6231308c0acd91fc03842
SHA256 9ebe96eeffca3e02b27fcb936025f33ff0f4c43da90ddd7587d25b6c8c78003e
SHA512 6e256144b719de6981e60677e40eeda045a285b4186820cd4ae1c42e3bf5180b8a39c4aac5b8ee60deb4fe780cdd0c0d63ee7e812466df6486436a87df483944

/data/data/com.mycarroll.app/files/port.txt

MD5 4f030a02e1a1b7c16733403b65164e5b
SHA1 d463a841c6ddd212bedfb1e68c7639426e354f0f
SHA256 46fde00bfa275b287932e1a651e072c36a0a43c50d41f922f5ed72e9b3734441
SHA512 902d226fbdbad3178c7f9390c0762620cd31595e7f582b926a552edf5d3bdaf379ca4cc53f6263b5a8fc305a3dd2c805280ebb1d9ba79213d67b87d3c13e416b

/data/data/com.mycarroll.app/cache/~test.test

MD5 098f6bcd4621d373cade4e832627b4f6
SHA1 a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA256 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512 ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-journal

MD5 737a78e9143d57e70aab91fce8d7f4ff
SHA1 ee0eda62ca6ba05ff0533c992718e965229f8241
SHA256 5ca7830a95b99c18798e11aaa33beb20b3c553ff767cfa9877f9521bd1fb5f52
SHA512 6a263e4686a544ebb8dc357d973582c3566d30afeeae5b87571b20c5424eb79deac15052a64f7ba48406f65b601cfde18173e627c11a8dcab645a13663b2308a

/data/data/com.mycarroll.app/databases/google_app_measurement_local.db

MD5 7237409e0640cfab7bdbd429bf821a3b
SHA1 4c3da934842f8d4835dfe2a9c275a300e5123309
SHA256 5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa
SHA512 c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-wal

MD5 9a51d25fee8c4b283c22daeda704e905
SHA1 d388eb9540b57c15cb85440c8e8bd06d68ad25b2
SHA256 41742f6fa551c64d1519c0d67302bd414bdd5c3bcdfafef20828ebeba3015b61
SHA512 2ae491cb2f35d10f2d818ebd8281cbe4e65018751bef1d0ebd219dbce67d5ae38ffb503d69392c93ad507e7b87c0ac8ff347d152dbabe8170bcf5e8c4f7f8b61

/data/data/com.mycarroll.app/files/PersistedInstallation4753401837221066957tmp

MD5 1dc5485fd6753a7cbc4be3b88aecf42d
SHA1 aa8450531f3b76a4be604dc87ae8c7c57f325d24
SHA256 aaa1aa5949b9074ba346b6aea00da25c662fc4bc810bae58d3f33ff2c5c8fc61
SHA512 943570a9e8469614455d2604e079e5caa4981f4086103b325fe98946154bc0c6f30908de10d8288597234f4c76f7a59eed557d95fb65bb83cbaa0032967990a8

/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-wal

MD5 ed7093f3c21d0614cdd360cfffedcdbd
SHA1 eba0c88b740dfba1d3aab5ba66b106fd80515821
SHA256 3a171ee13f6e8c930e5871c510f3e1d2e79e10c760ad59c1644a6c3cca9f1d54
SHA512 75561a6389f052a4f3de1f776f8cac987f24d1fb23c99bed0db91820b58c0e93352e20f7fd2890f423a1fc5a6d24844e662a98f65fe21e08d00b1243424f3064

/data/data/com.mycarroll.app/databases/google_app_measurement_local.db

MD5 c7a6071431c4be51cad0dc556a633ed3
SHA1 fb9fdb25ed060d30df7d99083c50c1450c5d7b8c
SHA256 7fdb54d6cc8042d9f1a4b3553cfb10adbfae8e60e5e91a736593356480472937
SHA512 4fe9a0bef4a849e34263cb56d19275a038db3909ec8b536b9d856b6210b652e77c2642e337e067e344ddc089a4308c7475545ac034104b270c670f12f25afe4c

/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-wal

MD5 0a30d77401c63d5dfd1fab068357e0a9
SHA1 0158b6e6d8e81ae53d3ea7cede7144e2720d3e3f
SHA256 48744ad6777a6ca88a2870980885154f9589740b04b4b934e8e1d77d2c0a427d
SHA512 2537fd1b3999ad1767f7e79bb251cfb46a139c1ae5208566da73461f7c49e6cbd911e004732fcdab723d847441522a2722bf61eea1d7b4685e9c3ef3d5bad2a4

/data/data/com.mycarroll.app/databases/google_app_measurement_local.db

MD5 6207d41793e9125bdfda6ebefcf5231c
SHA1 a18b8e7b3d7de31bf91adbc89dec2a4855bceee1
SHA256 f06ca215345e7cd5519dcdf6d8e526895fd65b6c032da09e001073330aef658c
SHA512 c84097ed8d4e72ae39cde397f1386e1c4083c7742b8cfabca54f431032e386869a88baa1bdc524f5e4993d59ce8266ba0d2017ae29c264fb2bfb3ebf70b48ada

/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-wal

MD5 14bd20bfa2c59a9e25fae24c528ae11b
SHA1 94bc248c52bc962aabf267d7d630b5d87e89e62a
SHA256 06b547bc38152d730b07021d5952fcc2d117d54fd162776d6841cdd4fbedebd8
SHA512 20a715a95459b6dcc7545f19f65f69a0b1263152ce21b8edea0f13289de7a5b1bfb2db7f6ddabcac9a8059b7f41bc886746bfc97c9d78fb2ceca5d725ddc4833

/data/data/com.mycarroll.app/databases/google_app_measurement_local.db

MD5 8ce826a5950ad97c90829ba63d50d2ef
SHA1 ce6ef318fc083fc46c66da7d0f0c1aa74239b956
SHA256 505680559bdaff64f29cd8ea67922d41c1a5c4a3b2f80a28d8f07793580c9485
SHA512 c05840fba1674e8ae3d790db0e7cfce34ca706bd4d3fc602394760f0e267c031cd20d0f2e6d6cd32d624dcf3e36f4203f7b6fb2ba79921f8e806c43fe63a6d18

/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-wal

MD5 959a90b17fca03a901c892aff8172da7
SHA1 1f609aa5977c69d7c3294fa95ec554a7f196fecd
SHA256 d53279ed31c0d3e54457146e72dda6d953723480bb8c48b24bf82ce961a1e9d5
SHA512 2ff54a68f78f84e7dc1cb657182f7338c045677157c4fb2749bfc72a66aecd89ff1533cf7a693e16c4c05818d79ff077cfcfa36fd14966631d7edc9c6f189f09

/data/data/com.mycarroll.app/databases/google_app_measurement_local.db

MD5 1337ab667aa8986497e7651268c81fbf
SHA1 02f09cc3641fc45f07d0e8cec3f84c674b74337b
SHA256 ac802fb5d9470373ee86dd3140ad5dce398f4657759394d55b4074b5c55ef04a
SHA512 97c2eef40d6842138af2693d76e11568eaa35ff844b4fdc64b529d2b8eb299f9eb0ee71f58f9340581ff122d7ad76c7a8e5e0fbf9e7d7fae889bce2cd0527566

/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-wal

MD5 b9d9dd3b13c73f3334e9c67f3440e8cf
SHA1 e4a5ec57f8213a6097063bc8c122e50beeb51ad9
SHA256 84282e253ec08fb953bae7f17b9f64f472de56920b20b8de97268a3cc371ed98
SHA512 1b190d65f1df609d29a2df1b40665ee7cd619fac89eea2ec56f62034d6742c34649a54d87d43186a40c0d523e11a4d91afceda397c0dcdb814a1cb07b57e6d10

/data/data/com.mycarroll.app/databases/google_app_measurement_local.db

MD5 6e51f0580a08c55cb6598dee996c9be5
SHA1 225ee2d2dc97eb5e816e7c219c2212f7ac57a835
SHA256 6de59d2460af67b546c95f2ac9d7f38945f3bbfc46645c7f291ecb1dcfe05ace
SHA512 baacdfdef9d5d6abab374878f63d6749862f7f2bee7d27ec859ba2655d21fda76721bed71d1bde0799c332b0ebb6ce317d18c08706e36b04b0c0768fabe89f90

/data/data/com.mycarroll.app/files/MessageId

MD5 c4ca4238a0b923820dcc509a6f75849b
SHA1 356a192b7913b04c54574d18c28d46e6395428ab
SHA256 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
SHA512 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

/data/data/com.mycarroll.app/files/user_code

MD5 3f22feff5f36ff0d51abbe995ef17be1
SHA1 0de9dd0c671feb4d04dd96b9b0561e4d2a80c417
SHA256 bb4359fc6bf89058b558a539ce3df1fd2283d335666a27d4b7a190aad7c036fe
SHA512 630709acca2c317e570e9dc9edf369b27e76fcb692f1d6b17cb505777b5d6d128ad80b9d9ba049d9f4a357d8b9a08651a6f906af13e0d163289b4af47b6e3c9f

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-16 11:42

Reported

2024-05-16 11:46

Platform

android-x64-20240514-en

Max time kernel

11s

Max time network

156s

Command Line

com.mycarroll.app

Signatures

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Processes

com.mycarroll.app

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.178.10:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp
GB 172.217.169.14:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.169.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 google.com udp
US 1.1.1.1:53 206.212.58.216.in-addr.arpa udp
US 1.1.1.1:53 pishro_phishing udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 172.217.16.234:443 semanticlocation-pa.googleapis.com tcp
GB 142.250.200.46:443 tcp
GB 142.250.187.194:443 tcp
GB 142.250.187.202:443 semanticlocation-pa.googleapis.com tcp
GB 172.217.16.228:443 tcp
GB 172.217.16.228:443 tcp

Files

/data/data/com.mycarroll.app/files/PersistedInstallation8261439489775464348tmp

MD5 6a1d8c4737beb97d9fc6fa6d782b13fe
SHA1 558a8ce918cf980a00a2cd315013b3ba0f8fc99f
SHA256 6c6ccdb4e661a4318e434adb567f1ee1b43adc9029f21a9dc11d73ce4e2acd2a
SHA512 7ccb145969d2b929bc1e28acce71406ee25b1b7bf740d14e0bdf1e11f95027471373490a59cfe393cfd9249120e21348cee69d86ff879bc31e54dcc696172d1a

/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-journal

MD5 36c1fe38dde169d1eedf2f8e12b50b52
SHA1 25f4f36e03a4102e0e7fdc6b3d7f2dd527ec7cb2
SHA256 48db7e1c421266a69ce3aff24e70937da631f26952041f713bd7b0728c93ba7f
SHA512 54c6d8ded0561ac5e9f993082f6b582a6a64ac03ee098572b354cc84d021d1078f4adcbbf453a81c054925216c29b9948f9dafb2846ce6de1031215f4d96be35

/data/data/com.mycarroll.app/databases/google_app_measurement_local.db

MD5 eb52a90bb70b76e946b62f50b6f7fb85
SHA1 42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0
SHA256 48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4
SHA512 b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-journal

MD5 8ffe7cf0ff43bfa11679692ecfe757f9
SHA1 dc1571b3d5b38dde37b6d6d5b73b3b398b9e1575
SHA256 99b83ceedc75b7a4c9992d9b6fdd34cd3c8fdd060e182b28ed2a7c8c13fc8846
SHA512 c6e281c5f5c796bfc3e3eb53597e4dac85642a8dd8a7a84e9606a3ff12c626c7bc90d1d589bb100f3fba6e1c14860b17a40fad93a6bc8ac51f7cbe966c6f5620

/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-journal

MD5 915c328b7b51b48bd32f36b23cf8a4be
SHA1 fd6213564128e192edcf213e6ff7aa6bc673ffef
SHA256 443ba27b2e03ae85819de52282fff2bd0fe8f846ffb38f2cf8e458392c48fc6c
SHA512 6a26b948ad5ff1bedd0cd6ddebdd32ef9369fc8ae1ae6a049d226c8432a6e4b89a398e609afa489ede6f32348047f7b470664223ed357e9c51784aabde8e2a04

/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-journal

MD5 20c5b8330e5fb3842408ffdfb89e4c52
SHA1 9a27097c069910b19110e25329fd2e89a0eba633
SHA256 d301e6acb8495b72fd6ab9d5dea7e6c4a4ae9427d7b472ddb179088ebda7e4d6
SHA512 270e28af5d94dd78e5f5ee55ab9bd94b98e4d2384197f4bf8a4e63f3c14f25c4de22c269f3961f77317eb47ffc69dda1b94975a920ceba59dba6d23cbaa67a6e

/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-journal

MD5 2c53eaf7a305eeaf1b93003cf4a59b56
SHA1 a40b65c67fcbf825a8cddcb1fd5c472acd87bfe5
SHA256 f20ec02e89f1cc938c4f2225743a8b41708f1e94fa35cc0cb655e9d2cceaaf67
SHA512 953774c67aca0be541c6a2f2ad576efaf0ee1a8bcdce595eab5917d8579791c659e9fb4bcb4afc80147c7b5f4ab59ce95824cf94825bd9c7259b2c516cfe4617

/data/data/com.mycarroll.app/files/port.txt

MD5 4f030a02e1a1b7c16733403b65164e5b
SHA1 d463a841c6ddd212bedfb1e68c7639426e354f0f
SHA256 46fde00bfa275b287932e1a651e072c36a0a43c50d41f922f5ed72e9b3734441
SHA512 902d226fbdbad3178c7f9390c0762620cd31595e7f582b926a552edf5d3bdaf379ca4cc53f6263b5a8fc305a3dd2c805280ebb1d9ba79213d67b87d3c13e416b

/data/data/com.mycarroll.app/cache/~test.test

MD5 098f6bcd4621d373cade4e832627b4f6
SHA1 a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA256 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512 ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

/data/data/com.mycarroll.app/files/PersistedInstallation4617073298940282228tmp

MD5 06216b978238820025b603222e605e36
SHA1 3044c772d280e06f421ef59ee92b0ef8a1be75e4
SHA256 abbb1bea7c1570bfe1523cede950aaebcf59ed64976a65dab9027ad3b4df4974
SHA512 16047684e50e66b3d25a22d58d91e80d413c37d5ad7b13e4e65da3ca3d476ef8e9f69956d6a25aa0019fc623c0acea59892ee35f952089329e946736ccf5ab08

/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-journal

MD5 065ceda1d1bf1ae982163afa9990a161
SHA1 d888888830891209a9f490b278efff9fc90c0b4c
SHA256 40ce562bca974c9a1ebb9c49203ab1caf75ea67ce781ab5fa3ceed18e2d278b4
SHA512 3c2bc4a6272af08dde52abe0daa30ea6227bb9b2fa337e743020d3b2ecc71507e25285e8c5b68799d95fa55e3b4b39cc425e9a6b0f4f936742c3d42581f9e955

/data/data/com.mycarroll.app/databases/google_app_measurement_local.db

MD5 9b8d9036edb2759d54d18e0cef7bc063
SHA1 0f733436d6652e14d113d130e454d09f01c7fd2b
SHA256 a3956d956e01633665b2d5f5a1c0ae6cb291be58779b483c4cd6e26b56fd5703
SHA512 bf74903740524e58088637cf0b8afc65ede091da044f0062085a644648abd7ee5cd59deb7468d2e9682c191ac1bd77c8b42761c97704749ed62dd04331f5f308

/data/data/com.mycarroll.app/databases/google_app_measurement_local.db

MD5 3eed48efaf10f9d4a563b768cb59a845
SHA1 529747a2f4f83edea430e966c23c9b745c7ea664
SHA256 60716eca123bf05e5930cf7bdd9aae89bb9f3797dc6e598be51eed0eb4b2dc24
SHA512 9bcb0a76374141e75cd9413f5737c63047c74b01b06f475850589068340d6ab798f313ccd05fcff497f1b2cbdd5160de926cff945266d4a8aca051525cc071a2

/data/data/com.mycarroll.app/databases/google_app_measurement_local.db

MD5 3eac2e37f328110c6852f96470b61a9b
SHA1 681a3c0c9a72ce9589c3596a35c8a9324f69f921
SHA256 e442d4d4bfb949bf380d5ddc6cbbf2cb0f4e2388fe9ec07cf233bf8a64844668
SHA512 5e97b9111e8aa4549ac845809a7cf3d770a8c5280cd70eaf9c34f88ea0c926c0be647a35f31a0cf2d4473109373e6c3edd67cfe284bf94efbd687cbe5809395e

/data/data/com.mycarroll.app/databases/google_app_measurement_local.db

MD5 b133541d8917cd2554b1d75808c768d5
SHA1 2af5e808dcf34dbb242fd93623255e7fe4839d72
SHA256 6e5dee1da23e2cbadb02bc77b263425131711ab01654a1c189c0feb3d08e6a24
SHA512 9ad8cf6b1fb3d86ad5218e73059ef45bb91e9c0222a8edb52680444d484cf89bfa79ca25a7dcfe6ed65f36f9eb41b30a6305599521c1c8d0f4ac3d8b7f2650dd

/data/data/com.mycarroll.app/databases/google_app_measurement_local.db

MD5 3ce5bd7864f78d68ae0043f499258c1b
SHA1 66657337f643c8f3339a5216b3a1860d28bfbd2e
SHA256 1c74d6c83d3a3555869a6586c14efd5af881e2ea09c9a78aee96a4ff97b97b73
SHA512 c68cc43838fc3f4d029946e91a1b8602a8fac291531d0ea67a3b5d951a0e083d671660a427b3bbf1f4c1fd43893343be9edb0b38d799a5c56e49ed547ee69d9f

/data/data/com.mycarroll.app/files/MessageId

MD5 c4ca4238a0b923820dcc509a6f75849b
SHA1 356a192b7913b04c54574d18c28d46e6395428ab
SHA256 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
SHA512 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

/data/data/com.mycarroll.app/files/user_code

MD5 ea6055c6ead76455796a20df53627c57
SHA1 5edaa047b920e812f94f68f28286112aa9ad257b
SHA256 3d0cb1e59ed100e573ccad3bea9b267c121d7ccccb1b234b7f0f3da52c560bb1
SHA512 657c677ceeabe62f111117d09066edd16a0eeae2138d3e59982850a46bcc9796d51ef54775d9ef7a0d3f40a91d179b36d8c262ce91c32140218833fa3109fe11

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-16 11:42

Reported

2024-05-16 11:45

Platform

android-x64-arm64-20240514-en

Max time kernel

126s

Max time network

132s

Command Line

com.mycarroll.app

Signatures

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Processes

com.mycarroll.app

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 google.com udp
US 1.1.1.1:53 46.169.217.172.in-addr.arpa udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.179.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.238:443 android.apis.google.com tcp
US 1.1.1.1:53 pishro_phishing udp
GB 142.250.187.196:443 tcp
GB 142.250.187.196:443 tcp

Files

/data/user/0/com.mycarroll.app/files/PersistedInstallation8883673769392380308tmp

MD5 06460ed4909c37ebef82f4b9c1df33ad
SHA1 f9be0491b55518f9993d1919e31095b317436bc7
SHA256 cd2abf896ea9e77ebd79ecd50c9348a394c52c1b321d4ee1a0fffa5515b8edaa
SHA512 d20626241c9da3c70d51e3338eb3f73e9ab645aec4fe900e4a1ac6ab50174b91f5174aa3f8a839134517205ebb088b623afa74bfd4cc38f521233da07cb6d52c

/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db-journal

MD5 6f5507e209252ed06e91412836747297
SHA1 0652c92477e7af332a9213a51fa2074ea69fb15f
SHA256 64c245a5a3500710c121c1eafda2662ed951b26055d19f44d7be9a665c5e7060
SHA512 ef1718b0b081d58abd8fe9cfd31d6eece8ce031258b17bde375aa450b75abd5e57e636a29736370f2a468042e7122c75f018c0bbe251c28438a42df54d6f1590

/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db

MD5 d9cf75fdd1c2292d986f6c3d5d60f2c8
SHA1 07ecb1d3a26d952ae5fecf54f36699ab498510b1
SHA256 2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a
SHA512 442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db-journal

MD5 1df8fb54a87ee0a0e252aeee6bc8757f
SHA1 efc2b388172cf475c0de5a99d486331a28fd0957
SHA256 0a958ebb2fea8af815f1bf38e991a4caa47f8ee1b2d7421301f644350188a009
SHA512 f0770920c37242a0a2f8e0c5c9ae681e0cb3c014b8170a4c6b7483b363cde47ed56fd23a04a8bdcb9e1d75dc78887e55587376b12a0c677bc43952f3183a5aad

/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db-journal

MD5 55e152bb4029942fcbab4e8ae53b046f
SHA1 e6903b3d8cd33cd213ab15c70edb583c2d4944af
SHA256 381b4b0869863c0379c9057c546c4ec9dcf290de758c2b9f81d174921b0de6fc
SHA512 4cef98be156c275ab1d808ce1a38777afa4d934848a72a94e4a4b594ba4bda8962729db469781120ac255dda82f94e13ce747e281f3e7704fe99710034edfcce

/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db-journal

MD5 208e4f59c7f03eb3b9503f7200be983f
SHA1 7e8de257cf1455bdfc0d174ddb58dc92f4b731f0
SHA256 75b737545b090c5459a73b870216465f31c4f28558f8c1820065c793f066e3c3
SHA512 3d6abcc20dd143c1e5de50b6d8dcfd389aa9c825d7ac2d7f4951d37c9756146acc9165513859c113f788a2804a09215bb02115bd4f7abdce7d88258e09f42e0a

/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db-journal

MD5 8d17475521f6d7969c21ca2494762585
SHA1 ebdf1af0f575e5a0d360f92516d395b6bda1fac3
SHA256 627061977675d6d8eb57e27aa4849f9eefecd3ec80ca4c7ee93842b9b586e58c
SHA512 ad4e27fbbbd65f9beb5dc2165d96c5a51648434d09c81f922b8584f56f67d48dbd90ec3b1ae8e1e6f2bb8aa9f6e3301ca0cba5a56ae1b9463433ef0c07670706

/data/user/0/com.mycarroll.app/files/PersistedInstallation6335670404350314316tmp

MD5 3da0d392c632ea5c46d6e9eeb9095f48
SHA1 2a9330bbea7de076af41cc5607492d4676283fd4
SHA256 612d72ce7d823785016695753d5fb0c0849ec1f56828285fd5548adbdd78d8a7
SHA512 0f8087cac643cb0607c579f1427d7025b0b7b73c55f6bb54a59aef2ab2a08a9f01950bb0e37ea734f02016971d5e19dc03231993947a5261caf0dd067e181b52

/data/user/0/com.mycarroll.app/files/port.txt

MD5 4f030a02e1a1b7c16733403b65164e5b
SHA1 d463a841c6ddd212bedfb1e68c7639426e354f0f
SHA256 46fde00bfa275b287932e1a651e072c36a0a43c50d41f922f5ed72e9b3734441
SHA512 902d226fbdbad3178c7f9390c0762620cd31595e7f582b926a552edf5d3bdaf379ca4cc53f6263b5a8fc305a3dd2c805280ebb1d9ba79213d67b87d3c13e416b

/data/user/0/com.mycarroll.app/cache/~test.test

MD5 098f6bcd4621d373cade4e832627b4f6
SHA1 a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA256 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512 ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db-journal

MD5 4406ac8b2838210a0a3dbbcaa7f5763d
SHA1 98faefce91ffec44560f7ff58cbb9787bcc73712
SHA256 5a9e643059c235dd5fbdb4b55053ebbf7f4063e8fb286fabb5360c5a61444454
SHA512 08880dbe6e923b70b878816fa9b5a160204ad01766ed0c5234fa86e6a5e4d35cb2f17b2b2582d2ad70d08885e46c0ba91acaee0706999d49b64a85b0faedde28

/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db

MD5 94cc2c9cd8fec1bb17217bb2c83ea59f
SHA1 d9ced5bc677e92ee9a8e577280d4b71d911debbd
SHA256 2454ac93708a2b10bffa2cf24320bbd5487bb87da04554eb971eebe23c11691a
SHA512 2aae0aac38535046643214ae070ab15820f80efeca9a0d500ddd40451e216243f3bf1c1c38d187e2ed0462fed807f5f6e481bacc96527dbc84d2724d21a0f594

/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db

MD5 08adb1d2dbc157ba4dc2e62ab2161f9a
SHA1 54b7928711e6564efb13fc450bc1f188bff091a2
SHA256 52304a5bbfa89922260c3e50718cd6e51f4a42e78f6f88fe0b57f238ba7c79f8
SHA512 a49816ba9779626738c208dec799e482a41f0941ea071e1d4a2438c1398cc263d56ca72c7c5b8315dc5d9f0c95635ee871105f87785569512911f46f6aaec239

/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db

MD5 8f96fe78440e05f15889d42db6996b0a
SHA1 dad16072983dddd084899250b8e9ecc271338bd6
SHA256 46620301d5640f1b49f66b39fe3b6cee6f76e5a5b05658afd04c98abcbab5e00
SHA512 3b0d75780b72266b77165d8bd63e583bf7ed2023d730cfc2a18799cef812def22dd077fdc0712321fdee964e35119528c2e03366c5695bd52294f063659096bb

/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db

MD5 3f5b12f0c7e7111b7b6768b8e0cd9c30
SHA1 063be6b4a96faf517b4e4494c5fbd3a9b183492a
SHA256 ef827e40ac17e3e4d73c58aab67cb9420392fe08f71e9b6fe008d6611fede86a
SHA512 58518c436f209e65c618757baeee35e1411258b36898f3e7e460fae71d512bafa1d473af5fac71564696eda320a8b2625286543837c666da5c9f5fc8d24eb4a4

/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db

MD5 dde5e39395ac43130407263aef4a3770
SHA1 758006cdd0c340ba1e63a3d0c49d515ea8119307
SHA256 9569b5482befe8dd54ff175752078ed325455f6f99d20ad8960fba34bdbbabf6
SHA512 7ed60e6e87961f67f637e07fae3b59e5136b5655b41c4767cec8fd092799a01f1a88ca4219db5163d9b7302545599969c72a9ff524c55187b7694d11290dd51d

/data/user/0/com.mycarroll.app/files/MessageId

MD5 c4ca4238a0b923820dcc509a6f75849b
SHA1 356a192b7913b04c54574d18c28d46e6395428ab
SHA256 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
SHA512 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

/data/user/0/com.mycarroll.app/files/user_code

MD5 f9925927ce684a09ed581cd3d8c986eb
SHA1 f38b8d9eedcba0765f55f1047c788fe53271d3a8
SHA256 ea8631a73fa63ab1a430be2da472e028e926093b61f3480b0518c341c545e26f
SHA512 52020af16dee469f885b98f7bd5d96dfe8928f13d49347ca862393b38bb941d3213ae4412b1e4318e17f2d3cfc75b9298e526146c3d0f04ca57281b8f97958ab