fadb7686d81a1bfb3029f33fd08de4ce26402d93b3be30a1f661befac197b811

Analysis

max time kernel
128s
max time network
130s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
17-05-2024 05:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1ef0c4d0484f9c859cc0e61223d71579a817736bf741bc6001dab472a95c56b2.apk
Size

2.8MB
MD5

83ae44741a62282a0133cbbda73cb65f
SHA1

d2ed103e8aa54981b02eba1bd20039dcc4c3d945
SHA256

1ef0c4d0484f9c859cc0e61223d71579a817736bf741bc6001dab472a95c56b2
SHA512

f54afbfd1bbd5001dcbb0fc2ed7b52f1da61f31c7938181f5a892a5ff6dd6685bf337f9696381b6625d30fa01335d880477f5c2f1b15dfc21d424b6ddb4936fa
SSDEEP

49152:f/QOZrOHIERZDYQEhuErSdlHdEcHDiwy326P4vUpOspgDAT4cfO0teaHrpyId6J+:3/uDbEhuecHJeiWOspuEl5UasN4

Score

7^/10

discovery evasion persistence

Malware Config

Signatures

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

Processes:

com.mycarroll.app

description	ioc	Process
File opened for read	/proc/meminfo	com.mycarroll.app

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

Processes:

com.mycarroll.app

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.mycarroll.app

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

Processes:

com.mycarroll.app

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.mycarroll.app

Acquires the wake lock 1 IoCs

Processes:

com.mycarroll.app

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.mycarroll.app

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

Processes:

com.mycarroll.app

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.mycarroll.app

com.mycarroll.app
1⤵
- Checks memory information
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
PID:4289
- ping -c 2 -W 10 -v google.com
  2⤵
  PID:4339
- ping -c 2 -W 10 -v google.com
  2⤵
  PID:4439

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.mycarroll.app/cache/2

Filesize
7KB

MD5
a37fdc64d7874fb2eaf8be7575d04159

SHA1
0caea3dc8e6c2b001809c1cddfd901098415fa07

SHA256
81554eed2a00801aba3c4f9c13ab332205f488f93959c01bfb96fe4b17624864

SHA512
270fad7324d0930c8ade89273ce4429aee4ae3d93ed5ac7c894ef30c8f3b4c98edca4e88abad1603ac11712177e9acea7906962a693caf33c58e68c19cb0fa33

Download Submit
/data/data/com.mycarroll.app/cache/~test.test

Filesize
4B

MD5
098f6bcd4621d373cade4e832627b4f6

SHA1
a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

SHA256
9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08

SHA512
ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

Download Submit
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db

Filesize
16KB

MD5
c760c04c252d3b3a9dca6249d7d23e07

SHA1
e6c968522f8a85746033cbab365318fc5a68c7a9

SHA256
bd7b013017516dd46983d04b61d225c4d6525cb1cf97a145c3feb5f77ccabb61

SHA512
6f97bede00494e88f12f4d60bdf596f22022fde5f7bdd84fa4a3e8358ceaf463db7d49b5b2879522c269f231f09bd6a8e6bb2d296069c804f5478938e19b518c

Download Submit
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db

Filesize
16KB

MD5
f37c109b91cd064422075a69d7466fe9

SHA1
75a66e9e84bb5be61254c17b421bbbe64ebe3557

SHA256
c9b2037280cdc716ee53bc79349faebdb997637c7c59a98191ff928cc577d9f1

SHA512
af1ba1ce160819dbfa05b637db2092a4e68709fa693fce47b6f99c1659b1c5a350b475df9ac1dc3533c0be17713ef745f3ede191b474710ec0b9b01f861b5b76

Download Submit
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db

Filesize
16KB

MD5
1b207a7e2c6e0e3ec206b302f6f99f4e

SHA1
373f9519706170d78b98f7beca6e98edf107b73a

SHA256
ea6f1d4a2b031765af6404d8e29ebb1120ff70d0934256d644c5d1a94730af12

SHA512
c057023ef25fbe05d5e17c96e49977a0d5e0fc7c8a7e25bcbb1e1a6b2ac84fdabc95d9dd864af62f082417fae4fdb5c1891e31eef63d7ed5a0b2a5eca4c475a7

Download Submit
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db

Filesize
16KB

MD5
1b5caa806d132334181c30ace736ee34

SHA1
344bdd2fa665ea136dc6759aa7450b72c41a6902

SHA256
35ac0f7851f6eb9ef11c187ffd617baa38fab0079d9ef7c94b97a3c4614122f3

SHA512
6b0bed35f7a2f0e81ef294017c5e4336f260a955a19c187c93437c02c4603fe415f73260f3d92e7c59cce1cdfc4c11b77a854d588e661d6fc7a14870e431b235

Download Submit
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db

Filesize
16KB

MD5
6e51f0580a08c55cb6598dee996c9be5

SHA1
225ee2d2dc97eb5e816e7c219c2212f7ac57a835

SHA256
6de59d2460af67b546c95f2ac9d7f38945f3bbfc46645c7f291ecb1dcfe05ace

SHA512
baacdfdef9d5d6abab374878f63d6749862f7f2bee7d27ec859ba2655d21fda76721bed71d1bde0799c332b0ebb6ce317d18c08706e36b04b0c0768fabe89f90

Download Submit
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7237409e0640cfab7bdbd429bf821a3b

SHA1
4c3da934842f8d4835dfe2a9c275a300e5123309

SHA256
5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

SHA512
c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

Download Submit
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
23c21be7032b4d758b3f9f7cf4bfb2fe

SHA1
cf34b13ca447dee8c51b657e82998cf6992c1584

SHA256
ead3930102a477be02de1d18df06bce5dc0e4df8aff6e1ecb002ad747b147002

SHA512
5c14b8f0651507c4dacccdf024924cdeeefafaf7acebacde69cb31797e91a26ba6044eff19dea6b6eec40b6ae313803c04fa60f9cb90d7cd1936b92ede1bb2c9

Download Submit
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
4a2dab2fb0fab41d74d13c02d06ad6ab

SHA1
7c3a4a43eecc6897c38dd7b597696c6abeedd94f

SHA256
cd690a33e62fca1d1c3b764d1e8ea4a6e451833ffcf630a0d10d0d274f44c568

SHA512
cc5a2c6f41db09cf81427fe244806d0650c2fafd89de918aa434c9e003f6cfdb62e2ddd61d10742d703f305a86e0fdbdeab31e8d9bc13b7660cb6d74a1bb765a

Download Submit
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
1340cde73c0b2086664e880e93ef9fe2

SHA1
3fce66b801b431cdcf0b2af2eb73c7192cbddfd8

SHA256
0f04df37ab86f88befa084cfc9ac62ab41f6594093f7922cd3e8ca3ae8bda784

SHA512
284b4fa7c50576cd85586da85bba350ff08b6db77b1b28b30f427dd434a53986c9f2d153c52964ace660a88496de3e8650d034e92d0c0456f022b58ebae12ec2

Download Submit
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
be99c7a56082a1c6cd5800b8a73ffec8

SHA1
0a9304c4a999734688b0e0540d3b5079284b5c69

SHA256
0b10a1ac68a334263c6a632c61e4d64fdc5c50f8ae78f1e58d053889c6f488ac

SHA512
271337e3354095b28ad15d530971fe5298ade7088098b3c2dbbd87196745f7c554af20ab1b4858505170069275a9bfa89054a4eae628c3dcdaa4c938bbd64895

Download Submit
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
118a4154b8453a1868d7ee63b5345712

SHA1
bb7ab8df15dd27637c0e3b9f536d266a79e84136

SHA256
4c830ba8371eb0c27c9887b0e76aeacca656c68511928b36d3bf92cb4f19c9f0

SHA512
f0f7965a046beca22985c6050647174a1668a45d3158bb674fde259747538062befb610522806ab4711d81db076e967e4111ac3230b2bd10962e07081d1725f6

Download Submit
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
bad7a7c8d779ff73df0d64257d0fee24

SHA1
1a2d4a4604cfc527371835c438acfb4b64192cd1

SHA256
0be0fdd17732581df03a84cce861b0db1a0977419a199966c5b9fa3ce5e819cd

SHA512
753427d77047b2ae9b3f15e1a318056273fab4935676e8b203eed9d94b1ca3dff536e536a4ad1605d27b9750ce5e2be6d2f5e0dc1a284ec2dbb048121496c640

Download Submit
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
58a9fde2b7cce5b42abba09a497a20af

SHA1
ce0a963cc745411e3a44b665615e95dfd7df106d

SHA256
5878f726bd9589ef938477df6c38a89cf633052c18b083326be9b3506c15c94e

SHA512
6d3277a37cc396b27d3bb2c44407906e53c2b6c225b0a1edd2e02174e36ded3e104e8e69a9940f1a24da072b30e0bdf5a417370a380409ad6543f7e048f686b1

Download Submit
/data/data/com.mycarroll.app/files/MessageId

Filesize
1B

MD5
c4ca4238a0b923820dcc509a6f75849b

SHA1
356a192b7913b04c54574d18c28d46e6395428ab

SHA256
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

SHA512
4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

Download Submit
/data/data/com.mycarroll.app/files/PersistedInstallation5211224744048358707tmp

Filesize
90B

MD5
7e1db90fe3fd1ade9153f45a85ddcf85

SHA1
1d7c013a5648c55e86c410a7f6278a992391a132

SHA256
9b631e52e20c6ee7ced69f36cbbf2613e45598e90f0b23791514aeab7b7f013e

SHA512
04017b2237c528de4a114556e95fcc9c1afc966f83c6cece63e56ea0c83fa6056795f1480ad5f8fa9674864d7df2ef372704c70be673c6cbabfd681c13bc7f7a

Download Submit
/data/data/com.mycarroll.app/files/PersistedInstallation9044946503887826286tmp

Filesize
569B

MD5
57db9ba8dc1aa4177b04d314df68b543

SHA1
082eb7544f914b1202cbc871fb5f3ebc2878ce07

SHA256
bf4c65a3b12be97ffcb9748ca244475d77c218ee905accce2a74dae21588f801

SHA512
370ab06fb3221bac5a6e967d7b012537e7b2fdb31d66491f9d0ff60f86f17df4863c4e6970326a9a412903b2ee0b3b77807cc1b0ffce3afac7627506200c32ef

Download Submit
/data/data/com.mycarroll.app/files/port.txt

Filesize
6B

MD5
b143bb9b14c916972f31e4ce92ce9fb3

SHA1
9d365fb5be0934e134cede71eaf6c29e5170f656

SHA256
bab3ce5611fdd6dcb48e24c4a8f7d34e2f0b2eaca95418ce0c26152e8f2a844c

SHA512
89993f29ebad7daee5fe55c460082c86eab646647666d2d6113dbf8c7739bd42425857f539b1c071dba7047c590b4ae11b95b0da2f4de3ab9a95639046453ed2

Download Submit
/data/data/com.mycarroll.app/files/user_code

Filesize
6B

MD5
4050a5a977afc462e76af3abeaae7d6b

SHA1
374b00a1e554749fd75fdb62f0f81e1a635a9ebd

SHA256
a823885035d3905bee82bf24325ca37faf33e949e670f81963b5b35650042f26

SHA512
653ab599cebc66928ad59b26c8902553d90517386ed54dfa653f0b5b28fae563faf9005583dac9882d46d64a2c93e2ad644909df7ebc117ca8028b472fab4104

Download Submit