fadb7686d81a1bfb3029f33fd08de4ce26402d93b3be30a1f661befac197b811

Analysis

max time kernel
147s
max time network
145s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
17-05-2024 03:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1ef0c4d0484f9c859cc0e61223d71579a817736bf741bc6001dab472a95c56b2.apk
Size

2.8MB
MD5

83ae44741a62282a0133cbbda73cb65f
SHA1

d2ed103e8aa54981b02eba1bd20039dcc4c3d945
SHA256

1ef0c4d0484f9c859cc0e61223d71579a817736bf741bc6001dab472a95c56b2
SHA512

f54afbfd1bbd5001dcbb0fc2ed7b52f1da61f31c7938181f5a892a5ff6dd6685bf337f9696381b6625d30fa01335d880477f5c2f1b15dfc21d424b6ddb4936fa
SSDEEP

49152:f/QOZrOHIERZDYQEhuErSdlHdEcHDiwy326P4vUpOspgDAT4cfO0teaHrpyId6J+:3/uDbEhuecHJeiWOspuEl5UasN4

Score

7^/10

collection credential_access discovery evasion impact persistence

Malware Config

Signatures

Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.mycarroll.app

description ioc process

File opened for read /proc/meminfo com.mycarroll.app
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

Clipboard Data
T1414

Transmitted Data Manipulation
T1641.001

Processes:

com.mycarroll.app

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.mycarroll.app
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

System Network Configuration Discovery
T1422

Processes:

com.mycarroll.app

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.mycarroll.app
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

com.mycarroll.app

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.mycarroll.app
Acquires the wake lock 1 IoCs

Processes:

com.mycarroll.app

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.mycarroll.app
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.mycarroll.app

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.mycarroll.app

description	ioc	process
File opened for read	/proc/meminfo	com.mycarroll.app

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.mycarroll.app

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.mycarroll.app

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.mycarroll.app

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.mycarroll.app

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.mycarroll.app

com.mycarroll.app
1⤵
- Checks memory information
- Obtains sensitive information copied to the device clipboard
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
PID:5112

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.mycarroll.app/cache/1

Filesize
7KB

MD5
a37fdc64d7874fb2eaf8be7575d04159

SHA1
0caea3dc8e6c2b001809c1cddfd901098415fa07

SHA256
81554eed2a00801aba3c4f9c13ab332205f488f93959c01bfb96fe4b17624864

SHA512
270fad7324d0930c8ade89273ce4429aee4ae3d93ed5ac7c894ef30c8f3b4c98edca4e88abad1603ac11712177e9acea7906962a693caf33c58e68c19cb0fa33

Download Submit
/data/data/com.mycarroll.app/cache/~test.test

Filesize
4B

MD5
098f6bcd4621d373cade4e832627b4f6

SHA1
a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

SHA256
9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08

SHA512
ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

Download Submit
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db

Filesize
16KB

MD5
154d1e2a6ed0236037621fdd5e866a04

SHA1
3e11666f37551e028f414bde87a87cb85118ce8c

SHA256
e2d808500e1ce0d2d6a0d8cdee972a315d41cf5deedd1c131dc1f6c3e8cc5846

SHA512
96e6894772debd7b6432c06e536c060fcf77727cdf9a14b74a40204fdef42a59c71c7c056775cbcd0a0ab56ca4141fea98a72ce535f83adb335e9bd662db5a90

Download Submit
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db

Filesize
16KB

MD5
93ca1951b6d92ef8553b439fd4fd7924

SHA1
60d20bc38c4d38e0a71f469fb1a5b272191ce995

SHA256
28be8a6006aeb97e19a3cbaa37db551aeafa0c5d8be8eb12af68f6ef5f6d383c

SHA512
f2457f81a9d72649c5364c8608d41230e0a50435a2ece535a54af837b0eb122860f808f51b83617593ea3c0bbff6f33b493e440bdcf5c517907ef03c5495930a

Download Submit
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db

Filesize
16KB

MD5
01b69aa91393672019427e4df34e7a32

SHA1
b05499e4bb71394dd16ed9c2e1fbd59aefa850e8

SHA256
273201efd6ef728479e235847d3cabdf740d69f2009779e4165048b94d690574

SHA512
2b407f90f3d7e2cb7dee46616ac7a717e15fdfb507354fccdb12726aba26d01626d57b296ee479eb06bb042b3ea80c45097140ea816655f77a8233e01d7e6bb9

Download Submit
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db

Filesize
16KB

MD5
9fb93cc5995a8e50c76783994bcaef46

SHA1
c767ea64506975a995fa3ca73c3c316b80413bb9

SHA256
a868c4f977a9abd1489a65eb6878cdd9a026e70f2dfa2fb0124e7ee24d4b1b1d

SHA512
fb18867701b24b60a6db8055879b00e3afac6a945b566daf3668803f0d5fb770a3296623dcf1831e2e5f8df1f7b085329a87b5a4f2c13f66f9a4b3234333521c

Download Submit
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db

Filesize
16KB

MD5
3ce5bd7864f78d68ae0043f499258c1b

SHA1
66657337f643c8f3339a5216b3a1860d28bfbd2e

SHA256
1c74d6c83d3a3555869a6586c14efd5af881e2ea09c9a78aee96a4ff97b97b73

SHA512
c68cc43838fc3f4d029946e91a1b8602a8fac291531d0ea67a3b5d951a0e083d671660a427b3bbf1f4c1fd43893343be9edb0b38d799a5c56e49ed547ee69d9f

Download Submit
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db

Filesize
16KB

MD5
eb52a90bb70b76e946b62f50b6f7fb85

SHA1
42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0

SHA256
48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4

SHA512
b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

Download Submit
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
6a8c3e0b6755aeb6db2e91501225af1b

SHA1
0a19a93210f7b16033be0a67745b4f7ba4a5a173

SHA256
a18e8593b20bc5c9d0215197eb4280b78729e5483cb9bf5b2d76af2b0b5de0cb

SHA512
2daee8242732fc32f7cac695e09190fb62e1b18cb830f37309b8b672248cf1c2d23cb869d9a79125b71d4e79e7a8d0b672d9071bc890ee6b3b048274b8ee7194

Download Submit
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
ef9e7ecfd0c069501183ebd0ab4ec07b

SHA1
b542676dd7e64518bcbb38988a19b438695c1ca2

SHA256
26cb33aa98e7fd713be1b42e6c0f635c7a090fc6cc0fd3cbb0dc03de11229423

SHA512
0b58bf3107034ea33ad59aef4920377741799e9b7b378bea258462b85153b3155898ac93c17ff993218d2c52d96174882ed413de291635ca03702a5c7d58d058

Download Submit
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
1f4253419bad64a97ab60f8a0dab9a92

SHA1
9089d59ee77c88717595bb8f181c56524d64c7a4

SHA256
8becf294119c5460802997de324fb5891f6be578dc42c3746187a3d1d567d960

SHA512
0cf74d1c71fee87ac8b08cb9cb74b44fb83560ddcbe2640732434bd7fbad1e7c1e2aa03e72aa5573f54f6dbd1bbc7bb86d9f0c573f952b4e6506f87bcc99e40c

Download Submit
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
203ef01d8b4c1bd19123b5a8596f06c4

SHA1
dfbc102759f95a86bccc321b7d0fa51c3a094b34

SHA256
69f519c20004e5e3b412b6aba599e73e3b9574543377d17f5c412153ece4a42a

SHA512
0a61e0aa4cb661e0fa3512888fdb134051dba570ab07ed147a3ef21afa7839fe7fbc89222b23a38de2c2c9603c1c9a230aa4930a01ff6d73fc6d999e305dc5f3

Download Submit
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
ef41a2aa053a54cb2115b965c51b8420

SHA1
98c60d4500617013ae761f404df66bccae28d264

SHA256
ad05c34162dc553c073b534fab279fb12322c3dcb6c6c5ba4e9a49553d3c9e09

SHA512
f83ce27bfa9b14b1e6960348089eece72d91223ff3235c4bddd712a5edd27e33ccf581008bb6c9c78cef31619daf38b6a927f33455aa099c0e6e2e3605f2b3d0

Download Submit
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
f37e61d327ec4d9602214808fec0d292

SHA1
6d6967d5d631578f7e5509bd8aa2b5181bb6b55a

SHA256
fd841b97409a88230695f90ef7603025c5d03570f762338613705ee76b0f1fc0

SHA512
30e9d02f3079bb9c7c0e72d4d1be9ca2ffe43672b3fcb597ee80235ddf3292d96eb1b07e6c7777ff60c76e7ce37200e6874b29f5b0b77d9e9a831fb9b788b1dc

Download Submit
/data/data/com.mycarroll.app/files/MessageId

Filesize
1B

MD5
c4ca4238a0b923820dcc509a6f75849b

SHA1
356a192b7913b04c54574d18c28d46e6395428ab

SHA256
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

SHA512
4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

Download Submit
/data/data/com.mycarroll.app/files/PersistedInstallation2983710844768116244tmp

Filesize
569B

MD5
40409aaae13a8d34cc11296c834fd36a

SHA1
28c5203277f7c3a8c3b202fbb87ce1f051a64184

SHA256
7047fc3df3b2cc6580af6358bc4b220411daddc31ca29061fc848f4ac4274158

SHA512
0bd5c096bbdade65685d77f8b44b70d3eaa1e32104b5d91ba178541e7f1c73cd2f6b96a5368e91d3958b64f3edc69e426c160d434e25f9e8870d02ceffdf38c9

Download Submit
/data/data/com.mycarroll.app/files/PersistedInstallation6696397476506738531tmp

Filesize
90B

MD5
4c1c15237667a37d7758a4492e3c1eaf

SHA1
0b4d607bf6bd7af4f00eb1e80587f9548789f104

SHA256
763e7ff2acfc74f3d5097a49f28c8d8b0ef7836aebd2eccdb3cea8b34a405bab

SHA512
c3bd1d884bd5f0fd37aa990fb9524112d49afe2329650ebde134bbc1b81bdfad9a081fa9a4589e5508bf82d6ee2c987b80720c6977ac15b8bbf27a7dc4e0ca66

Download Submit
/data/data/com.mycarroll.app/files/port.txt

Filesize
6B

MD5
b143bb9b14c916972f31e4ce92ce9fb3

SHA1
9d365fb5be0934e134cede71eaf6c29e5170f656

SHA256
bab3ce5611fdd6dcb48e24c4a8f7d34e2f0b2eaca95418ce0c26152e8f2a844c

SHA512
89993f29ebad7daee5fe55c460082c86eab646647666d2d6113dbf8c7739bd42425857f539b1c071dba7047c590b4ae11b95b0da2f4de3ab9a95639046453ed2

Download Submit
/data/data/com.mycarroll.app/files/user_code

Filesize
5B

MD5
a025431491496ccc81e48f18ec917059

SHA1
e2424e587298dd979810c0583a3bc91085c8d146

SHA256
0cd649d08e033623f1caca7a96f9d38b95a2ad4dec3f64abaf69714c9e045580

SHA512
12b6908a2bc7f969957d52e95b203429d3e084b491c65bf4f41515d5039f2eb429f1f14f1e35f8aeea33c8f931d20e1058f52b331481af36c5fb32a775bd608e

Download Submit