fadb7686d81a1bfb3029f33fd08de4ce26402d93b3be30a1f661befac197b811

Analysis

max time kernel
128s
max time network
131s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
17-05-2024 05:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1ef0c4d0484f9c859cc0e61223d71579a817736bf741bc6001dab472a95c56b2.apk
Size

2.8MB
MD5

83ae44741a62282a0133cbbda73cb65f
SHA1

d2ed103e8aa54981b02eba1bd20039dcc4c3d945
SHA256

1ef0c4d0484f9c859cc0e61223d71579a817736bf741bc6001dab472a95c56b2
SHA512

f54afbfd1bbd5001dcbb0fc2ed7b52f1da61f31c7938181f5a892a5ff6dd6685bf337f9696381b6625d30fa01335d880477f5c2f1b15dfc21d424b6ddb4936fa
SSDEEP

49152:f/QOZrOHIERZDYQEhuErSdlHdEcHDiwy326P4vUpOspgDAT4cfO0teaHrpyId6J+:3/uDbEhuecHJeiWOspuEl5UasN4

Score

7^/10

collection credential_access discovery evasion impact persistence

Malware Config

Signatures

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

Processes:

com.mycarroll.app

description	ioc	Process
File opened for read	/proc/meminfo	com.mycarroll.app

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

Processes:

com.mycarroll.app

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.mycarroll.app

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

Processes:

com.mycarroll.app

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.mycarroll.app

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

Processes:

com.mycarroll.app

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.mycarroll.app

Acquires the wake lock 1 IoCs

Processes:

com.mycarroll.app

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.mycarroll.app

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

Processes:

com.mycarroll.app

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.mycarroll.app

com.mycarroll.app
1⤵
- Checks memory information
- Obtains sensitive information copied to the device clipboard
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
PID:5152

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.mycarroll.app/cache/1

Filesize
7KB

MD5
a37fdc64d7874fb2eaf8be7575d04159

SHA1
0caea3dc8e6c2b001809c1cddfd901098415fa07

SHA256
81554eed2a00801aba3c4f9c13ab332205f488f93959c01bfb96fe4b17624864

SHA512
270fad7324d0930c8ade89273ce4429aee4ae3d93ed5ac7c894ef30c8f3b4c98edca4e88abad1603ac11712177e9acea7906962a693caf33c58e68c19cb0fa33

Download Submit
/data/data/com.mycarroll.app/cache/~test.test

Filesize
4B

MD5
098f6bcd4621d373cade4e832627b4f6

SHA1
a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

SHA256
9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08

SHA512
ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

Download Submit
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db

Filesize
16KB

MD5
130ab9fcaa1d8c52e5e872b6f167d274

SHA1
64b83a354b738bb1e320cf53ad51c72fb858da51

SHA256
b2632f312574d7ee4c03c951733fd4a813ff9c6d0a51b2ad694ad21ccd98930f

SHA512
5f9b2fc9619b08ce9bfc72f9f0c104277a57daaddce09c7b6d8ea2394d81900ae6bc6d911781039253ece8c9ad1358c64c957f73e79bffc0af6820fe704125e3

Download Submit
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db

Filesize
16KB

MD5
f7d34094468a4bcd3ea81cf4242fe99b

SHA1
023a20c45927bae03b1d3cc885cecd19f55f26ec

SHA256
9514233a2665a2fefe04830df3c974806c0735a00ba4ad72a170f69ce99f7a85

SHA512
7b7474ef4b507dcf7d5fde0f44a5503712610d065ae5c969b0c97429b9a10994f63e6f2defcf7eb4cddaed37cf209ff59e2b0fdfd0ac5ef82e91fe60dd4fbf19

Download Submit
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db

Filesize
16KB

MD5
34f4e545fd77c9ce8e27f4ca4b93ccf6

SHA1
a9d450b00029720480924c6928748c083b57fef4

SHA256
bcc8a941f4d54ffb3d7e9a75a1f15983882c009358db938f27551653e4dd9ca3

SHA512
8897083557bc5be9e412c1c9e872809b2b6c0652391d1b0e42ee6ca2a73391ef33f9f7a456e353f0ae993b48047a2e3108b17e01714b16092c98c36d8a5be4e6

Download Submit
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db

Filesize
16KB

MD5
c58dbbe10d80b5cef6cf98699b6f3d3d

SHA1
ee1fd589ab5a60e7157ad112d9acb39cbfbe3ab7

SHA256
de947779607681c8299a4faa549bfd8300fbd9e07789b3b0693c392398c390f6

SHA512
1d2e58a2f9362380b47df1ab6f252525097c28d94100fc43a4aec5da8e727a71ce842c97115bfb79d148915edf706bcce6d46ecbe69575854d39fc737eee741e

Download Submit
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db

Filesize
16KB

MD5
3ce5bd7864f78d68ae0043f499258c1b

SHA1
66657337f643c8f3339a5216b3a1860d28bfbd2e

SHA256
1c74d6c83d3a3555869a6586c14efd5af881e2ea09c9a78aee96a4ff97b97b73

SHA512
c68cc43838fc3f4d029946e91a1b8602a8fac291531d0ea67a3b5d951a0e083d671660a427b3bbf1f4c1fd43893343be9edb0b38d799a5c56e49ed547ee69d9f

Download Submit
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db

Filesize
16KB

MD5
eb52a90bb70b76e946b62f50b6f7fb85

SHA1
42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0

SHA256
48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4

SHA512
b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

Download Submit
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
b7425dfd01686c23ff4f84f52a2e9475

SHA1
1fbd1cb095b16290b51f8383a01e097262827d21

SHA256
94b5c37ee618688943c37d52265b8d75dfda354542f707c306ef951de1124746

SHA512
58e8232f8b117f90fe288fcfdd8f3839b77ac9ff0979627aeb8e0e86c23acbe8a747812b5582f2367189246002f9a00f7824c1121b9cf065f81e8156df0c4cda

Download Submit
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
32755cd3f2cf5e1260c78998f0716237

SHA1
d0a8096787aafe1cf2a14f76510afafc57ffea04

SHA256
6d34b8e854e0359b8202fd6564c894622a3a1bf9a9a415ab3e289125570e00e7

SHA512
d1fcede359654fc64b8dc9c77e380d998d154f517ec5bac8ff822eb4ac1ef89599ba8c918f1b8dd8ee3a659f9574578b38c81d40de273f62325453bd79061143

Download Submit
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
6aa69e33271b29a9ced5eb55f672a23c

SHA1
b3ffde412f16cf13f482f3cc7f8bea25f8f2c791

SHA256
1618125381058a61ad6de54be8f824c305bc43d6e964425f35d2f9c12d08b909

SHA512
20c34d40877dc7f7b5a4c74d271ae90b6a1567f6f362754841428fbcec312769f36d1b908320d2e07dbdd382c5803868c04b964e9f826f47c21fa4e11f8eec89

Download Submit
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
8dea41d44717b6d09100dafcffe93f26

SHA1
4225959dfc9bc9fba3f8f19b66b27fe5a260a640

SHA256
3fd458edb211033fe893e1e9f5c12e481bdf9ec2af385b4c060411971432d0f9

SHA512
09f459ea80da6ceaa2855f4c57089e411c45ee485693b103f53bb8b0cd449308bf0a58bd5274ef27644026c08d512b160e0e2ddb2f6e0240bf6b4c736cce5534

Download Submit
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
8acbbad31e552e71c1a4bdca164b7b73

SHA1
99f66a8fe49c0a1488ce641629ebfc698d6d550a

SHA256
2676f6f47ceb620e11e79f6198ee0459ab97abc8db668530979751fe59883737

SHA512
81e20dfdbe449b35441916e40a53e76941a5069bc0e832c5bafd037b14daeaf76d8916633aef607b709240c2f56975a2af47944d406901fda4bf502f74e9c5ac

Download Submit
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
73683f395384711a95928f7317d78c34

SHA1
003092407895d033fee73cf1a676e7198cafac55

SHA256
d834487fa21e5a4e95af7c708080a127658150acaab4d2dfb1565030e571790c

SHA512
f55fe719c3f8f60ddd13f285e9812e8be3b2aecd20de66231726c9459db4174568a4870cc312d635943df261fac22ef83d99d06f7a76b83ee4106c15ebe61d6b

Download Submit
/data/data/com.mycarroll.app/files/MessageId

Filesize
1B

MD5
c4ca4238a0b923820dcc509a6f75849b

SHA1
356a192b7913b04c54574d18c28d46e6395428ab

SHA256
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

SHA512
4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

Download Submit
/data/data/com.mycarroll.app/files/PersistedInstallation5748827557307192241tmp

Filesize
569B

MD5
f8c7414f2cf7250d0b160cc6d710f00b

SHA1
fa106e236a8414f72bd11d8c0285bb3b51ecbe51

SHA256
e731020afee03dd15102984b9a7b22bf90c18f34cfbbf5e26fd65be5ad44f671

SHA512
fbe9cf6ba80db18462c806831177db4f92d49479cf56a2acd1e4d9e495668f08c47c12d0bc2de1e0dabadd351f854ac748a03a78985eb7a288b960918a79bf14

Download Submit
/data/data/com.mycarroll.app/files/PersistedInstallation6557999154056442612tmp

Filesize
90B

MD5
3493efea68825d6f1225352260b1a45e

SHA1
588183a13ab2225ee3d006c41431a98b0d6ea738

SHA256
e1f125882454b45e9f3ce14d03b35d5189391b0fccdf6ada56fe13e3f6b75ab8

SHA512
6a82244b8b7eae3eeb74a65794d28e829c9a0e3aeb9a5600cb8a62a1d29588ef20b261a256b2827864dc0d3b09e38faf18bd680e41bb0a51ddb01ee14e490f51

Download Submit
/data/data/com.mycarroll.app/files/port.txt

Filesize
6B

MD5
b143bb9b14c916972f31e4ce92ce9fb3

SHA1
9d365fb5be0934e134cede71eaf6c29e5170f656

SHA256
bab3ce5611fdd6dcb48e24c4a8f7d34e2f0b2eaca95418ce0c26152e8f2a844c

SHA512
89993f29ebad7daee5fe55c460082c86eab646647666d2d6113dbf8c7739bd42425857f539b1c071dba7047c590b4ae11b95b0da2f4de3ab9a95639046453ed2

Download Submit
/data/data/com.mycarroll.app/files/user_code

Filesize
6B

MD5
ce0ae8bf34fba6301d9cb867c1407955

SHA1
fc6fed8a2e16f3c001f78886807acdd2cd751357

SHA256
7ab04e55d060ea6a819e3e52d079f38dec7dfb7079cbf01cc408e00dd3a4cd3a

SHA512
af6f86cfcd6920e64c621cc41aa6600dc9d03ae0ae5951e7c2358219dd712b71404b118bd09ca572e6f507d2e8a74670db94b0cf045541e0714a8283e997590c

Download Submit