Malware Analysis Report

2024-09-09 16:15

Sample ID 240517-gms2gscd4s
Target fadb7686d81a1bfb3029f33fd08de4ce26402d93b3be30a1f661befac197b811
SHA256 fadb7686d81a1bfb3029f33fd08de4ce26402d93b3be30a1f661befac197b811
Tags
collection credential_access discovery evasion impact irata persistence
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

fadb7686d81a1bfb3029f33fd08de4ce26402d93b3be30a1f661befac197b811

Threat Level: Known bad

The file fadb7686d81a1bfb3029f33fd08de4ce26402d93b3be30a1f661befac197b811 was found to be: Known bad.

Malicious Activity Summary

collection credential_access discovery evasion impact irata persistence

Irata family

Irata payload

Queries the mobile country code (MCC)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks memory information

Obtains sensitive information copied to the device clipboard

Acquires the wake lock

Checks if the internet connection is available

Requests dangerous framework permissions

Reads information about phone network operator.

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-05-17 05:55

Signatures

Irata family

irata

Irata payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-17 05:55

Reported

2024-05-17 05:58

Platform

android-x64-arm64-20240514-en

Max time kernel

129s

Max time network

132s

Command Line

com.mycarroll.app

Signatures

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Processes

com.mycarroll.app

Network

Country Destination Domain Proto
GB 142.250.180.14:443 tcp
GB 142.250.180.14:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 google.com udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.40:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 14.200.250.142.in-addr.arpa udp
US 1.1.1.1:53 irnadl.com udp
DE 94.130.217.114:443 irnadl.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp

Files

/data/user/0/com.mycarroll.app/files/PersistedInstallation4735309367189932327tmp

MD5 e75a59f805a19d73ed411d27104c989a
SHA1 f09d0db4e715fefce01df8bef25fea287e93fb5c
SHA256 97233b191ea2172ef7b27904048408a483feb3d5db8c252b825920756cecdc18
SHA512 a7a6eba0ff4cdd36286077604f0dcd272d90da1951c92897bdab9e260b82754b40440c049fd83df7f170f5c43f180583a0060703675f97db13a7f165a5d1fa5b

/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db-journal

MD5 74407b61939bd8393f2d04b5473845d8
SHA1 d7d1dcb09755dec69425ea8d18575454037afe71
SHA256 c4978173162039cde9ff6192a045cd031959e7a91b364077c8f60d4aa1d54248
SHA512 cc716aa464ecbf54236528ccec93ff98d1a93509754a022fa2ebc4b254df17d2ae797f37e89aca3589b2772b9897fd9a7e525dd39946aab0aab20f9e5f2539a1

/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db

MD5 d9cf75fdd1c2292d986f6c3d5d60f2c8
SHA1 07ecb1d3a26d952ae5fecf54f36699ab498510b1
SHA256 2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a
SHA512 442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db-journal

MD5 ae441ebef08a90b79dfa91d503e61572
SHA1 ff6e9810a098b9f30a03182de0359fdb0603728c
SHA256 4054094bd6c349920a5e18ec4742f5fd5691fea11a76b8b94bee1b795f9b4baf
SHA512 e7d74f9c17615b54be86716eaf82123e8419a2158c7642498aaebb8c8f6ab0bbb28f5fce8f37663a57a38b84b5c51fe52d2347c54ad2362bb76c9ae05c4122d4

/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db-journal

MD5 55f2c78cf2b2b7e8826aac283f2e58eb
SHA1 db069eb0544469cea48e3e918cf19f35e30830dc
SHA256 a87fb7ce172c9fd0eb53ec30ee9ee01b1946f6ddcd4f4a1cee1562b9619f259f
SHA512 9236c6835a0c85e1ad8b90da9f6f45d39f3af6ad99e470efbbcf6cfda09347736d7ea1402ca79a65eb6e451c9c1235f640cf5f8ab49dccf3a4537b528842abc1

/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db-journal

MD5 1ab724ddc47efa76a1977a3ddda696b1
SHA1 34a27ad0dc87585514e17395a883db0612e8160d
SHA256 50b4b019659b82b6e571e517db536c7b08fa3fbac0aa6efd86e19259deac7005
SHA512 4d75f8a75abfbd59e453b599242576114987894ad6eabea12423cc5529ff9b273147ddb709283813c72a19ed2f253cc6f791fa0c8c5f639fdd353c4a58e7ec1a

/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db-journal

MD5 2e565130e435ab36f2cbc86f1e538555
SHA1 5118a90eb2ad2b18c16ffbf4edd1cbd6a18168e2
SHA256 f86d73827193d03ce79eee8f6ffde4386b9f9b697f48ad7ed030d95eb8996935
SHA512 80912e1e2ecb9dd96d7e209039800509b1d2c2b58b223896ef94102dcb2bd47da9bdf5bd0b6a7840564366238c5f1e42b0d697483a195c46a4fe3aac0020c318

/data/user/0/com.mycarroll.app/files/PersistedInstallation5886608023417199491tmp

MD5 9b305ddcc96de635ebe77732074ec145
SHA1 b385be0a54761cec10dae7a980272fe82871b382
SHA256 01083ee0d8fa78191b49e49634a9208aeac1d4b98f8efcec7f11844691e1de13
SHA512 9f59a8560561540a6833cc9efe07dc4b0c25bceca5f1dbe66e7810d6c5730ab38b13d8ae4e9e27b0ca705a65c50ae8b0bc8dee48e4393c0886d294460c20dd6f

/data/user/0/com.mycarroll.app/files/port.txt

MD5 b143bb9b14c916972f31e4ce92ce9fb3
SHA1 9d365fb5be0934e134cede71eaf6c29e5170f656
SHA256 bab3ce5611fdd6dcb48e24c4a8f7d34e2f0b2eaca95418ce0c26152e8f2a844c
SHA512 89993f29ebad7daee5fe55c460082c86eab646647666d2d6113dbf8c7739bd42425857f539b1c071dba7047c590b4ae11b95b0da2f4de3ab9a95639046453ed2

/data/user/0/com.mycarroll.app/cache/~test.test

MD5 098f6bcd4621d373cade4e832627b4f6
SHA1 a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA256 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512 ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db-journal

MD5 b98f45ad9710f36b1541a2d4d708d7bc
SHA1 7a40fe737ba1b24d2d68122d43b383a298b7f6ee
SHA256 a27efcaa70604454f6f82df5315e723d9dfbc4886b4e34246a2bf83c94dd7c48
SHA512 3ee77f8a65b0ed2c451013c29c24be57b694b5f43f096197d7ed736289360ac8e4e7b2abdc905a681a188bdc28aab09805bf24a4a6883b776b6fbd73eaa62614

/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db

MD5 cfd55334a38dcc2730a4c168148928d5
SHA1 de8c22ff77bcc63cbd5f9cd09faf97b85eaaad3d
SHA256 34f06daef138f8ae54007fefe9dd80beaaf0b1aef70de14f91bcd489ad50e580
SHA512 bf1c2465143cc62cb85658a60612008bb219d4cd6eb184b59a787f9ab5797d2ab759341352c47890b5401c404dda49cd68cf189b00a2ae897ecc3b21064026e8

/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db

MD5 803b7bc63882af8df1a39f9cff55a3ad
SHA1 2e4bd8d196fa7ec792fb64719ddb2de3a1099a12
SHA256 90c051337e23cf4ef5aa0cb5bd6a89040fa1e198fff152275ef58c5fef6688df
SHA512 0f863ee6837849e144ea6cabdef9c0e7dc5b1f8945e2348fc9f5c3e17893f2f431faa75b21434d79190b77d86753b945b2194d2b5416683e93af093b60e7d07e

/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db

MD5 6cf75574635faf148ebf4757d3b2e14f
SHA1 abf6e1b0af307e0dc1355311651b49b993a76345
SHA256 a6b6b09093ae8234e4e1a03f251b348a9142f3275d650834d77b6250575e0283
SHA512 065ee455072cccc73a9a869193fa20e759b02ef02b0f90171abc18dbed036c4b5c116ad577cfd70a3a740def435c8bb2063a23ace674da5cdcf2d517740b66ea

/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db

MD5 f0e72664eccc44e34ba710383968590b
SHA1 0103b297e8dccb3d8f305c324af4c4e93c53ada9
SHA256 0c0b2a2c857b5dbc69a80fea3bd5e47102beec3a09f3c502312e45424a5013a1
SHA512 365c9cb709ddaf90345683087ca25d0c0b5bbf73c5d5649d5e5ea9a5c538493138f62ef69feac2a65f1f8d697375e014eb5c4d13058d6beaccae100a13bb16c1

/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db

MD5 dde5e39395ac43130407263aef4a3770
SHA1 758006cdd0c340ba1e63a3d0c49d515ea8119307
SHA256 9569b5482befe8dd54ff175752078ed325455f6f99d20ad8960fba34bdbbabf6
SHA512 7ed60e6e87961f67f637e07fae3b59e5136b5655b41c4767cec8fd092799a01f1a88ca4219db5163d9b7302545599969c72a9ff524c55187b7694d11290dd51d

/data/user/0/com.mycarroll.app/files/MessageId

MD5 c4ca4238a0b923820dcc509a6f75849b
SHA1 356a192b7913b04c54574d18c28d46e6395428ab
SHA256 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
SHA512 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

/data/user/0/com.mycarroll.app/files/user_code

MD5 37263627a590918e3a0fcc250e5c87ba
SHA1 c849f1d96ec579cecd07d6f909344ceb404f65b2
SHA256 e27c53c0f1816964d360b2d7caae7764e80751a15ddb43d18169a139d4443dd8
SHA512 b8bd9ec7747105fac8caad7c2076c794f91da614c05f2a22363fb69207cc0c62c21859ab9c3d93c026bbbfb72d9a62e5f0c39c2fe5b87616a6c44c0e9a4831a3

/data/user/0/com.mycarroll.app/cache/1

MD5 a37fdc64d7874fb2eaf8be7575d04159
SHA1 0caea3dc8e6c2b001809c1cddfd901098415fa07
SHA256 81554eed2a00801aba3c4f9c13ab332205f488f93959c01bfb96fe4b17624864
SHA512 270fad7324d0930c8ade89273ce4429aee4ae3d93ed5ac7c894ef30c8f3b4c98edca4e88abad1603ac11712177e9acea7906962a693caf33c58e68c19cb0fa33

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-17 05:55

Reported

2024-05-17 05:58

Platform

android-x86-arm-20240514-en

Max time kernel

128s

Max time network

130s

Command Line

com.mycarroll.app

Signatures

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Processes

com.mycarroll.app

ping -c 2 -W 10 -v google.com

ping -c 2 -W 10 -v google.com

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 google.com udp
US 1.1.1.1:53 206.187.250.142.in-addr.arpa udp
GB 216.58.204.67:443 tcp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
US 1.1.1.1:53 irnadl.com udp
DE 94.130.217.114:443 irnadl.com tcp

Files

/data/data/com.mycarroll.app/files/PersistedInstallation5211224744048358707tmp

MD5 7e1db90fe3fd1ade9153f45a85ddcf85
SHA1 1d7c013a5648c55e86c410a7f6278a992391a132
SHA256 9b631e52e20c6ee7ced69f36cbbf2613e45598e90f0b23791514aeab7b7f013e
SHA512 04017b2237c528de4a114556e95fcc9c1afc966f83c6cece63e56ea0c83fa6056795f1480ad5f8fa9674864d7df2ef372704c70be673c6cbabfd681c13bc7f7a

/data/data/com.mycarroll.app/files/port.txt

MD5 b143bb9b14c916972f31e4ce92ce9fb3
SHA1 9d365fb5be0934e134cede71eaf6c29e5170f656
SHA256 bab3ce5611fdd6dcb48e24c4a8f7d34e2f0b2eaca95418ce0c26152e8f2a844c
SHA512 89993f29ebad7daee5fe55c460082c86eab646647666d2d6113dbf8c7739bd42425857f539b1c071dba7047c590b4ae11b95b0da2f4de3ab9a95639046453ed2

/data/data/com.mycarroll.app/cache/~test.test

MD5 098f6bcd4621d373cade4e832627b4f6
SHA1 a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA256 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512 ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-journal

MD5 23c21be7032b4d758b3f9f7cf4bfb2fe
SHA1 cf34b13ca447dee8c51b657e82998cf6992c1584
SHA256 ead3930102a477be02de1d18df06bce5dc0e4df8aff6e1ecb002ad747b147002
SHA512 5c14b8f0651507c4dacccdf024924cdeeefafaf7acebacde69cb31797e91a26ba6044eff19dea6b6eec40b6ae313803c04fa60f9cb90d7cd1936b92ede1bb2c9

/data/data/com.mycarroll.app/databases/google_app_measurement_local.db

MD5 7237409e0640cfab7bdbd429bf821a3b
SHA1 4c3da934842f8d4835dfe2a9c275a300e5123309
SHA256 5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa
SHA512 c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-wal

MD5 58a9fde2b7cce5b42abba09a497a20af
SHA1 ce0a963cc745411e3a44b665615e95dfd7df106d
SHA256 5878f726bd9589ef938477df6c38a89cf633052c18b083326be9b3506c15c94e
SHA512 6d3277a37cc396b27d3bb2c44407906e53c2b6c225b0a1edd2e02174e36ded3e104e8e69a9940f1a24da072b30e0bdf5a417370a380409ad6543f7e048f686b1

/data/data/com.mycarroll.app/files/PersistedInstallation9044946503887826286tmp

MD5 57db9ba8dc1aa4177b04d314df68b543
SHA1 082eb7544f914b1202cbc871fb5f3ebc2878ce07
SHA256 bf4c65a3b12be97ffcb9748ca244475d77c218ee905accce2a74dae21588f801
SHA512 370ab06fb3221bac5a6e967d7b012537e7b2fdb31d66491f9d0ff60f86f17df4863c4e6970326a9a412903b2ee0b3b77807cc1b0ffce3afac7627506200c32ef

/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-wal

MD5 4a2dab2fb0fab41d74d13c02d06ad6ab
SHA1 7c3a4a43eecc6897c38dd7b597696c6abeedd94f
SHA256 cd690a33e62fca1d1c3b764d1e8ea4a6e451833ffcf630a0d10d0d274f44c568
SHA512 cc5a2c6f41db09cf81427fe244806d0650c2fafd89de918aa434c9e003f6cfdb62e2ddd61d10742d703f305a86e0fdbdeab31e8d9bc13b7660cb6d74a1bb765a

/data/data/com.mycarroll.app/databases/google_app_measurement_local.db

MD5 c760c04c252d3b3a9dca6249d7d23e07
SHA1 e6c968522f8a85746033cbab365318fc5a68c7a9
SHA256 bd7b013017516dd46983d04b61d225c4d6525cb1cf97a145c3feb5f77ccabb61
SHA512 6f97bede00494e88f12f4d60bdf596f22022fde5f7bdd84fa4a3e8358ceaf463db7d49b5b2879522c269f231f09bd6a8e6bb2d296069c804f5478938e19b518c

/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-wal

MD5 1340cde73c0b2086664e880e93ef9fe2
SHA1 3fce66b801b431cdcf0b2af2eb73c7192cbddfd8
SHA256 0f04df37ab86f88befa084cfc9ac62ab41f6594093f7922cd3e8ca3ae8bda784
SHA512 284b4fa7c50576cd85586da85bba350ff08b6db77b1b28b30f427dd434a53986c9f2d153c52964ace660a88496de3e8650d034e92d0c0456f022b58ebae12ec2

/data/data/com.mycarroll.app/databases/google_app_measurement_local.db

MD5 f37c109b91cd064422075a69d7466fe9
SHA1 75a66e9e84bb5be61254c17b421bbbe64ebe3557
SHA256 c9b2037280cdc716ee53bc79349faebdb997637c7c59a98191ff928cc577d9f1
SHA512 af1ba1ce160819dbfa05b637db2092a4e68709fa693fce47b6f99c1659b1c5a350b475df9ac1dc3533c0be17713ef745f3ede191b474710ec0b9b01f861b5b76

/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-wal

MD5 be99c7a56082a1c6cd5800b8a73ffec8
SHA1 0a9304c4a999734688b0e0540d3b5079284b5c69
SHA256 0b10a1ac68a334263c6a632c61e4d64fdc5c50f8ae78f1e58d053889c6f488ac
SHA512 271337e3354095b28ad15d530971fe5298ade7088098b3c2dbbd87196745f7c554af20ab1b4858505170069275a9bfa89054a4eae628c3dcdaa4c938bbd64895

/data/data/com.mycarroll.app/databases/google_app_measurement_local.db

MD5 1b207a7e2c6e0e3ec206b302f6f99f4e
SHA1 373f9519706170d78b98f7beca6e98edf107b73a
SHA256 ea6f1d4a2b031765af6404d8e29ebb1120ff70d0934256d644c5d1a94730af12
SHA512 c057023ef25fbe05d5e17c96e49977a0d5e0fc7c8a7e25bcbb1e1a6b2ac84fdabc95d9dd864af62f082417fae4fdb5c1891e31eef63d7ed5a0b2a5eca4c475a7

/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-wal

MD5 118a4154b8453a1868d7ee63b5345712
SHA1 bb7ab8df15dd27637c0e3b9f536d266a79e84136
SHA256 4c830ba8371eb0c27c9887b0e76aeacca656c68511928b36d3bf92cb4f19c9f0
SHA512 f0f7965a046beca22985c6050647174a1668a45d3158bb674fde259747538062befb610522806ab4711d81db076e967e4111ac3230b2bd10962e07081d1725f6

/data/data/com.mycarroll.app/databases/google_app_measurement_local.db

MD5 1b5caa806d132334181c30ace736ee34
SHA1 344bdd2fa665ea136dc6759aa7450b72c41a6902
SHA256 35ac0f7851f6eb9ef11c187ffd617baa38fab0079d9ef7c94b97a3c4614122f3
SHA512 6b0bed35f7a2f0e81ef294017c5e4336f260a955a19c187c93437c02c4603fe415f73260f3d92e7c59cce1cdfc4c11b77a854d588e661d6fc7a14870e431b235

/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-wal

MD5 bad7a7c8d779ff73df0d64257d0fee24
SHA1 1a2d4a4604cfc527371835c438acfb4b64192cd1
SHA256 0be0fdd17732581df03a84cce861b0db1a0977419a199966c5b9fa3ce5e819cd
SHA512 753427d77047b2ae9b3f15e1a318056273fab4935676e8b203eed9d94b1ca3dff536e536a4ad1605d27b9750ce5e2be6d2f5e0dc1a284ec2dbb048121496c640

/data/data/com.mycarroll.app/databases/google_app_measurement_local.db

MD5 6e51f0580a08c55cb6598dee996c9be5
SHA1 225ee2d2dc97eb5e816e7c219c2212f7ac57a835
SHA256 6de59d2460af67b546c95f2ac9d7f38945f3bbfc46645c7f291ecb1dcfe05ace
SHA512 baacdfdef9d5d6abab374878f63d6749862f7f2bee7d27ec859ba2655d21fda76721bed71d1bde0799c332b0ebb6ce317d18c08706e36b04b0c0768fabe89f90

/data/data/com.mycarroll.app/files/MessageId

MD5 c4ca4238a0b923820dcc509a6f75849b
SHA1 356a192b7913b04c54574d18c28d46e6395428ab
SHA256 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
SHA512 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

/data/data/com.mycarroll.app/files/user_code

MD5 4050a5a977afc462e76af3abeaae7d6b
SHA1 374b00a1e554749fd75fdb62f0f81e1a635a9ebd
SHA256 a823885035d3905bee82bf24325ca37faf33e949e670f81963b5b35650042f26
SHA512 653ab599cebc66928ad59b26c8902553d90517386ed54dfa653f0b5b28fae563faf9005583dac9882d46d64a2c93e2ad644909df7ebc117ca8028b472fab4104

/data/data/com.mycarroll.app/cache/2

MD5 a37fdc64d7874fb2eaf8be7575d04159
SHA1 0caea3dc8e6c2b001809c1cddfd901098415fa07
SHA256 81554eed2a00801aba3c4f9c13ab332205f488f93959c01bfb96fe4b17624864
SHA512 270fad7324d0930c8ade89273ce4429aee4ae3d93ed5ac7c894ef30c8f3b4c98edca4e88abad1603ac11712177e9acea7906962a693caf33c58e68c19cb0fa33

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-17 05:55

Reported

2024-05-17 05:58

Platform

android-x64-20240514-en

Max time kernel

128s

Max time network

131s

Command Line

com.mycarroll.app

Signatures

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Processes

com.mycarroll.app

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
GB 172.217.169.14:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.213.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 google.com udp
US 1.1.1.1:53 78.204.58.216.in-addr.arpa udp
US 1.1.1.1:53 irnadl.com udp
DE 94.130.217.114:443 irnadl.com tcp
GB 142.250.187.238:443 tcp
GB 142.250.200.2:443 tcp
GB 172.217.169.10:443 tcp
GB 172.217.16.228:443 tcp
GB 172.217.16.228:443 tcp

Files

/data/data/com.mycarroll.app/files/PersistedInstallation6557999154056442612tmp

MD5 3493efea68825d6f1225352260b1a45e
SHA1 588183a13ab2225ee3d006c41431a98b0d6ea738
SHA256 e1f125882454b45e9f3ce14d03b35d5189391b0fccdf6ada56fe13e3f6b75ab8
SHA512 6a82244b8b7eae3eeb74a65794d28e829c9a0e3aeb9a5600cb8a62a1d29588ef20b261a256b2827864dc0d3b09e38faf18bd680e41bb0a51ddb01ee14e490f51

/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-journal

MD5 8dea41d44717b6d09100dafcffe93f26
SHA1 4225959dfc9bc9fba3f8f19b66b27fe5a260a640
SHA256 3fd458edb211033fe893e1e9f5c12e481bdf9ec2af385b4c060411971432d0f9
SHA512 09f459ea80da6ceaa2855f4c57089e411c45ee485693b103f53bb8b0cd449308bf0a58bd5274ef27644026c08d512b160e0e2ddb2f6e0240bf6b4c736cce5534

/data/data/com.mycarroll.app/databases/google_app_measurement_local.db

MD5 eb52a90bb70b76e946b62f50b6f7fb85
SHA1 42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0
SHA256 48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4
SHA512 b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-journal

MD5 8acbbad31e552e71c1a4bdca164b7b73
SHA1 99f66a8fe49c0a1488ce641629ebfc698d6d550a
SHA256 2676f6f47ceb620e11e79f6198ee0459ab97abc8db668530979751fe59883737
SHA512 81e20dfdbe449b35441916e40a53e76941a5069bc0e832c5bafd037b14daeaf76d8916633aef607b709240c2f56975a2af47944d406901fda4bf502f74e9c5ac

/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-journal

MD5 73683f395384711a95928f7317d78c34
SHA1 003092407895d033fee73cf1a676e7198cafac55
SHA256 d834487fa21e5a4e95af7c708080a127658150acaab4d2dfb1565030e571790c
SHA512 f55fe719c3f8f60ddd13f285e9812e8be3b2aecd20de66231726c9459db4174568a4870cc312d635943df261fac22ef83d99d06f7a76b83ee4106c15ebe61d6b

/data/data/com.mycarroll.app/files/port.txt

MD5 b143bb9b14c916972f31e4ce92ce9fb3
SHA1 9d365fb5be0934e134cede71eaf6c29e5170f656
SHA256 bab3ce5611fdd6dcb48e24c4a8f7d34e2f0b2eaca95418ce0c26152e8f2a844c
SHA512 89993f29ebad7daee5fe55c460082c86eab646647666d2d6113dbf8c7739bd42425857f539b1c071dba7047c590b4ae11b95b0da2f4de3ab9a95639046453ed2

/data/data/com.mycarroll.app/cache/~test.test

MD5 098f6bcd4621d373cade4e832627b4f6
SHA1 a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA256 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512 ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

/data/data/com.mycarroll.app/files/PersistedInstallation5748827557307192241tmp

MD5 f8c7414f2cf7250d0b160cc6d710f00b
SHA1 fa106e236a8414f72bd11d8c0285bb3b51ecbe51
SHA256 e731020afee03dd15102984b9a7b22bf90c18f34cfbbf5e26fd65be5ad44f671
SHA512 fbe9cf6ba80db18462c806831177db4f92d49479cf56a2acd1e4d9e495668f08c47c12d0bc2de1e0dabadd351f854ac748a03a78985eb7a288b960918a79bf14

/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-journal

MD5 b7425dfd01686c23ff4f84f52a2e9475
SHA1 1fbd1cb095b16290b51f8383a01e097262827d21
SHA256 94b5c37ee618688943c37d52265b8d75dfda354542f707c306ef951de1124746
SHA512 58e8232f8b117f90fe288fcfdd8f3839b77ac9ff0979627aeb8e0e86c23acbe8a747812b5582f2367189246002f9a00f7824c1121b9cf065f81e8156df0c4cda

/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-journal

MD5 32755cd3f2cf5e1260c78998f0716237
SHA1 d0a8096787aafe1cf2a14f76510afafc57ffea04
SHA256 6d34b8e854e0359b8202fd6564c894622a3a1bf9a9a415ab3e289125570e00e7
SHA512 d1fcede359654fc64b8dc9c77e380d998d154f517ec5bac8ff822eb4ac1ef89599ba8c918f1b8dd8ee3a659f9574578b38c81d40de273f62325453bd79061143

/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-journal

MD5 6aa69e33271b29a9ced5eb55f672a23c
SHA1 b3ffde412f16cf13f482f3cc7f8bea25f8f2c791
SHA256 1618125381058a61ad6de54be8f824c305bc43d6e964425f35d2f9c12d08b909
SHA512 20c34d40877dc7f7b5a4c74d271ae90b6a1567f6f362754841428fbcec312769f36d1b908320d2e07dbdd382c5803868c04b964e9f826f47c21fa4e11f8eec89

/data/data/com.mycarroll.app/databases/google_app_measurement_local.db

MD5 130ab9fcaa1d8c52e5e872b6f167d274
SHA1 64b83a354b738bb1e320cf53ad51c72fb858da51
SHA256 b2632f312574d7ee4c03c951733fd4a813ff9c6d0a51b2ad694ad21ccd98930f
SHA512 5f9b2fc9619b08ce9bfc72f9f0c104277a57daaddce09c7b6d8ea2394d81900ae6bc6d911781039253ece8c9ad1358c64c957f73e79bffc0af6820fe704125e3

/data/data/com.mycarroll.app/databases/google_app_measurement_local.db

MD5 f7d34094468a4bcd3ea81cf4242fe99b
SHA1 023a20c45927bae03b1d3cc885cecd19f55f26ec
SHA256 9514233a2665a2fefe04830df3c974806c0735a00ba4ad72a170f69ce99f7a85
SHA512 7b7474ef4b507dcf7d5fde0f44a5503712610d065ae5c969b0c97429b9a10994f63e6f2defcf7eb4cddaed37cf209ff59e2b0fdfd0ac5ef82e91fe60dd4fbf19

/data/data/com.mycarroll.app/databases/google_app_measurement_local.db

MD5 34f4e545fd77c9ce8e27f4ca4b93ccf6
SHA1 a9d450b00029720480924c6928748c083b57fef4
SHA256 bcc8a941f4d54ffb3d7e9a75a1f15983882c009358db938f27551653e4dd9ca3
SHA512 8897083557bc5be9e412c1c9e872809b2b6c0652391d1b0e42ee6ca2a73391ef33f9f7a456e353f0ae993b48047a2e3108b17e01714b16092c98c36d8a5be4e6

/data/data/com.mycarroll.app/databases/google_app_measurement_local.db

MD5 c58dbbe10d80b5cef6cf98699b6f3d3d
SHA1 ee1fd589ab5a60e7157ad112d9acb39cbfbe3ab7
SHA256 de947779607681c8299a4faa549bfd8300fbd9e07789b3b0693c392398c390f6
SHA512 1d2e58a2f9362380b47df1ab6f252525097c28d94100fc43a4aec5da8e727a71ce842c97115bfb79d148915edf706bcce6d46ecbe69575854d39fc737eee741e

/data/data/com.mycarroll.app/databases/google_app_measurement_local.db

MD5 3ce5bd7864f78d68ae0043f499258c1b
SHA1 66657337f643c8f3339a5216b3a1860d28bfbd2e
SHA256 1c74d6c83d3a3555869a6586c14efd5af881e2ea09c9a78aee96a4ff97b97b73
SHA512 c68cc43838fc3f4d029946e91a1b8602a8fac291531d0ea67a3b5d951a0e083d671660a427b3bbf1f4c1fd43893343be9edb0b38d799a5c56e49ed547ee69d9f

/data/data/com.mycarroll.app/files/MessageId

MD5 c4ca4238a0b923820dcc509a6f75849b
SHA1 356a192b7913b04c54574d18c28d46e6395428ab
SHA256 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
SHA512 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

/data/data/com.mycarroll.app/files/user_code

MD5 ce0ae8bf34fba6301d9cb867c1407955
SHA1 fc6fed8a2e16f3c001f78886807acdd2cd751357
SHA256 7ab04e55d060ea6a819e3e52d079f38dec7dfb7079cbf01cc408e00dd3a4cd3a
SHA512 af6f86cfcd6920e64c621cc41aa6600dc9d03ae0ae5951e7c2358219dd712b71404b118bd09ca572e6f507d2e8a74670db94b0cf045541e0714a8283e997590c

/data/data/com.mycarroll.app/cache/1

MD5 a37fdc64d7874fb2eaf8be7575d04159
SHA1 0caea3dc8e6c2b001809c1cddfd901098415fa07
SHA256 81554eed2a00801aba3c4f9c13ab332205f488f93959c01bfb96fe4b17624864
SHA512 270fad7324d0930c8ade89273ce4429aee4ae3d93ed5ac7c894ef30c8f3b4c98edca4e88abad1603ac11712177e9acea7906962a693caf33c58e68c19cb0fa33