Analysis Overview
SHA256
fadb7686d81a1bfb3029f33fd08de4ce26402d93b3be30a1f661befac197b811
Threat Level: Known bad
The file fadb7686d81a1bfb3029f33fd08de4ce26402d93b3be30a1f661befac197b811 was found to be: Known bad.
Malicious Activity Summary
Irata family
Irata payload
Queries the mobile country code (MCC)
Registers a broadcast receiver at runtime (usually for listening for system events)
Checks memory information
Obtains sensitive information copied to the device clipboard
Acquires the wake lock
Checks if the internet connection is available
Requests dangerous framework permissions
Reads information about phone network operator.
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-05-17 05:55
Signatures
Irata family
Irata payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an app to post notifications. | android.permission.POST_NOTIFICATIONS | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
Analysis: behavioral3
Detonation Overview
Submitted
2024-05-17 05:55
Reported
2024-05-17 05:58
Platform
android-x64-arm64-20240514-en
Max time kernel
129s
Max time network
132s
Command Line
Signatures
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Checks if the internet connection is available
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Reads information about phone network operator.
Processes
com.mycarroll.app
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.180.14:443 | tcp | |
| GB | 142.250.180.14:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | google.com | udp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.200.40:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 1.1.1.1:53 | irnadl.com | udp |
| DE | 94.130.217.114:443 | irnadl.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.204.78:443 | android.apis.google.com | tcp |
| GB | 216.58.201.100:443 | tcp | |
| GB | 216.58.201.100:443 | tcp |
Files
/data/user/0/com.mycarroll.app/files/PersistedInstallation4735309367189932327tmp
| MD5 | e75a59f805a19d73ed411d27104c989a |
| SHA1 | f09d0db4e715fefce01df8bef25fea287e93fb5c |
| SHA256 | 97233b191ea2172ef7b27904048408a483feb3d5db8c252b825920756cecdc18 |
| SHA512 | a7a6eba0ff4cdd36286077604f0dcd272d90da1951c92897bdab9e260b82754b40440c049fd83df7f170f5c43f180583a0060703675f97db13a7f165a5d1fa5b |
/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db-journal
| MD5 | 74407b61939bd8393f2d04b5473845d8 |
| SHA1 | d7d1dcb09755dec69425ea8d18575454037afe71 |
| SHA256 | c4978173162039cde9ff6192a045cd031959e7a91b364077c8f60d4aa1d54248 |
| SHA512 | cc716aa464ecbf54236528ccec93ff98d1a93509754a022fa2ebc4b254df17d2ae797f37e89aca3589b2772b9897fd9a7e525dd39946aab0aab20f9e5f2539a1 |
/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db
| MD5 | d9cf75fdd1c2292d986f6c3d5d60f2c8 |
| SHA1 | 07ecb1d3a26d952ae5fecf54f36699ab498510b1 |
| SHA256 | 2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a |
| SHA512 | 442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb |
/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db-journal
| MD5 | ae441ebef08a90b79dfa91d503e61572 |
| SHA1 | ff6e9810a098b9f30a03182de0359fdb0603728c |
| SHA256 | 4054094bd6c349920a5e18ec4742f5fd5691fea11a76b8b94bee1b795f9b4baf |
| SHA512 | e7d74f9c17615b54be86716eaf82123e8419a2158c7642498aaebb8c8f6ab0bbb28f5fce8f37663a57a38b84b5c51fe52d2347c54ad2362bb76c9ae05c4122d4 |
/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db-journal
| MD5 | 55f2c78cf2b2b7e8826aac283f2e58eb |
| SHA1 | db069eb0544469cea48e3e918cf19f35e30830dc |
| SHA256 | a87fb7ce172c9fd0eb53ec30ee9ee01b1946f6ddcd4f4a1cee1562b9619f259f |
| SHA512 | 9236c6835a0c85e1ad8b90da9f6f45d39f3af6ad99e470efbbcf6cfda09347736d7ea1402ca79a65eb6e451c9c1235f640cf5f8ab49dccf3a4537b528842abc1 |
/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db-journal
| MD5 | 1ab724ddc47efa76a1977a3ddda696b1 |
| SHA1 | 34a27ad0dc87585514e17395a883db0612e8160d |
| SHA256 | 50b4b019659b82b6e571e517db536c7b08fa3fbac0aa6efd86e19259deac7005 |
| SHA512 | 4d75f8a75abfbd59e453b599242576114987894ad6eabea12423cc5529ff9b273147ddb709283813c72a19ed2f253cc6f791fa0c8c5f639fdd353c4a58e7ec1a |
/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db-journal
| MD5 | 2e565130e435ab36f2cbc86f1e538555 |
| SHA1 | 5118a90eb2ad2b18c16ffbf4edd1cbd6a18168e2 |
| SHA256 | f86d73827193d03ce79eee8f6ffde4386b9f9b697f48ad7ed030d95eb8996935 |
| SHA512 | 80912e1e2ecb9dd96d7e209039800509b1d2c2b58b223896ef94102dcb2bd47da9bdf5bd0b6a7840564366238c5f1e42b0d697483a195c46a4fe3aac0020c318 |
/data/user/0/com.mycarroll.app/files/PersistedInstallation5886608023417199491tmp
| MD5 | 9b305ddcc96de635ebe77732074ec145 |
| SHA1 | b385be0a54761cec10dae7a980272fe82871b382 |
| SHA256 | 01083ee0d8fa78191b49e49634a9208aeac1d4b98f8efcec7f11844691e1de13 |
| SHA512 | 9f59a8560561540a6833cc9efe07dc4b0c25bceca5f1dbe66e7810d6c5730ab38b13d8ae4e9e27b0ca705a65c50ae8b0bc8dee48e4393c0886d294460c20dd6f |
/data/user/0/com.mycarroll.app/files/port.txt
| MD5 | b143bb9b14c916972f31e4ce92ce9fb3 |
| SHA1 | 9d365fb5be0934e134cede71eaf6c29e5170f656 |
| SHA256 | bab3ce5611fdd6dcb48e24c4a8f7d34e2f0b2eaca95418ce0c26152e8f2a844c |
| SHA512 | 89993f29ebad7daee5fe55c460082c86eab646647666d2d6113dbf8c7739bd42425857f539b1c071dba7047c590b4ae11b95b0da2f4de3ab9a95639046453ed2 |
/data/user/0/com.mycarroll.app/cache/~test.test
| MD5 | 098f6bcd4621d373cade4e832627b4f6 |
| SHA1 | a94a8fe5ccb19ba61c4c0873d391e987982fbbd3 |
| SHA256 | 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08 |
| SHA512 | ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff |
/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db-journal
| MD5 | b98f45ad9710f36b1541a2d4d708d7bc |
| SHA1 | 7a40fe737ba1b24d2d68122d43b383a298b7f6ee |
| SHA256 | a27efcaa70604454f6f82df5315e723d9dfbc4886b4e34246a2bf83c94dd7c48 |
| SHA512 | 3ee77f8a65b0ed2c451013c29c24be57b694b5f43f096197d7ed736289360ac8e4e7b2abdc905a681a188bdc28aab09805bf24a4a6883b776b6fbd73eaa62614 |
/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db
| MD5 | cfd55334a38dcc2730a4c168148928d5 |
| SHA1 | de8c22ff77bcc63cbd5f9cd09faf97b85eaaad3d |
| SHA256 | 34f06daef138f8ae54007fefe9dd80beaaf0b1aef70de14f91bcd489ad50e580 |
| SHA512 | bf1c2465143cc62cb85658a60612008bb219d4cd6eb184b59a787f9ab5797d2ab759341352c47890b5401c404dda49cd68cf189b00a2ae897ecc3b21064026e8 |
/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db
| MD5 | 803b7bc63882af8df1a39f9cff55a3ad |
| SHA1 | 2e4bd8d196fa7ec792fb64719ddb2de3a1099a12 |
| SHA256 | 90c051337e23cf4ef5aa0cb5bd6a89040fa1e198fff152275ef58c5fef6688df |
| SHA512 | 0f863ee6837849e144ea6cabdef9c0e7dc5b1f8945e2348fc9f5c3e17893f2f431faa75b21434d79190b77d86753b945b2194d2b5416683e93af093b60e7d07e |
/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db
| MD5 | 6cf75574635faf148ebf4757d3b2e14f |
| SHA1 | abf6e1b0af307e0dc1355311651b49b993a76345 |
| SHA256 | a6b6b09093ae8234e4e1a03f251b348a9142f3275d650834d77b6250575e0283 |
| SHA512 | 065ee455072cccc73a9a869193fa20e759b02ef02b0f90171abc18dbed036c4b5c116ad577cfd70a3a740def435c8bb2063a23ace674da5cdcf2d517740b66ea |
/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db
| MD5 | f0e72664eccc44e34ba710383968590b |
| SHA1 | 0103b297e8dccb3d8f305c324af4c4e93c53ada9 |
| SHA256 | 0c0b2a2c857b5dbc69a80fea3bd5e47102beec3a09f3c502312e45424a5013a1 |
| SHA512 | 365c9cb709ddaf90345683087ca25d0c0b5bbf73c5d5649d5e5ea9a5c538493138f62ef69feac2a65f1f8d697375e014eb5c4d13058d6beaccae100a13bb16c1 |
/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db
| MD5 | dde5e39395ac43130407263aef4a3770 |
| SHA1 | 758006cdd0c340ba1e63a3d0c49d515ea8119307 |
| SHA256 | 9569b5482befe8dd54ff175752078ed325455f6f99d20ad8960fba34bdbbabf6 |
| SHA512 | 7ed60e6e87961f67f637e07fae3b59e5136b5655b41c4767cec8fd092799a01f1a88ca4219db5163d9b7302545599969c72a9ff524c55187b7694d11290dd51d |
/data/user/0/com.mycarroll.app/files/MessageId
| MD5 | c4ca4238a0b923820dcc509a6f75849b |
| SHA1 | 356a192b7913b04c54574d18c28d46e6395428ab |
| SHA256 | 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b |
| SHA512 | 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a |
/data/user/0/com.mycarroll.app/files/user_code
| MD5 | 37263627a590918e3a0fcc250e5c87ba |
| SHA1 | c849f1d96ec579cecd07d6f909344ceb404f65b2 |
| SHA256 | e27c53c0f1816964d360b2d7caae7764e80751a15ddb43d18169a139d4443dd8 |
| SHA512 | b8bd9ec7747105fac8caad7c2076c794f91da614c05f2a22363fb69207cc0c62c21859ab9c3d93c026bbbfb72d9a62e5f0c39c2fe5b87616a6c44c0e9a4831a3 |
/data/user/0/com.mycarroll.app/cache/1
| MD5 | a37fdc64d7874fb2eaf8be7575d04159 |
| SHA1 | 0caea3dc8e6c2b001809c1cddfd901098415fa07 |
| SHA256 | 81554eed2a00801aba3c4f9c13ab332205f488f93959c01bfb96fe4b17624864 |
| SHA512 | 270fad7324d0930c8ade89273ce4429aee4ae3d93ed5ac7c894ef30c8f3b4c98edca4e88abad1603ac11712177e9acea7906962a693caf33c58e68c19cb0fa33 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-17 05:55
Reported
2024-05-17 05:58
Platform
android-x86-arm-20240514-en
Max time kernel
128s
Max time network
130s
Command Line
Signatures
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Checks if the internet connection is available
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Processes
com.mycarroll.app
ping -c 2 -W 10 -v google.com
ping -c 2 -W 10 -v google.com
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | google.com | udp |
| US | 1.1.1.1:53 | 206.187.250.142.in-addr.arpa | udp |
| GB | 216.58.204.67:443 | tcp | |
| GB | 142.250.180.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | irnadl.com | udp |
| DE | 94.130.217.114:443 | irnadl.com | tcp |
Files
/data/data/com.mycarroll.app/files/PersistedInstallation5211224744048358707tmp
| MD5 | 7e1db90fe3fd1ade9153f45a85ddcf85 |
| SHA1 | 1d7c013a5648c55e86c410a7f6278a992391a132 |
| SHA256 | 9b631e52e20c6ee7ced69f36cbbf2613e45598e90f0b23791514aeab7b7f013e |
| SHA512 | 04017b2237c528de4a114556e95fcc9c1afc966f83c6cece63e56ea0c83fa6056795f1480ad5f8fa9674864d7df2ef372704c70be673c6cbabfd681c13bc7f7a |
/data/data/com.mycarroll.app/files/port.txt
| MD5 | b143bb9b14c916972f31e4ce92ce9fb3 |
| SHA1 | 9d365fb5be0934e134cede71eaf6c29e5170f656 |
| SHA256 | bab3ce5611fdd6dcb48e24c4a8f7d34e2f0b2eaca95418ce0c26152e8f2a844c |
| SHA512 | 89993f29ebad7daee5fe55c460082c86eab646647666d2d6113dbf8c7739bd42425857f539b1c071dba7047c590b4ae11b95b0da2f4de3ab9a95639046453ed2 |
/data/data/com.mycarroll.app/cache/~test.test
| MD5 | 098f6bcd4621d373cade4e832627b4f6 |
| SHA1 | a94a8fe5ccb19ba61c4c0873d391e987982fbbd3 |
| SHA256 | 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08 |
| SHA512 | ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-journal
| MD5 | 23c21be7032b4d758b3f9f7cf4bfb2fe |
| SHA1 | cf34b13ca447dee8c51b657e82998cf6992c1584 |
| SHA256 | ead3930102a477be02de1d18df06bce5dc0e4df8aff6e1ecb002ad747b147002 |
| SHA512 | 5c14b8f0651507c4dacccdf024924cdeeefafaf7acebacde69cb31797e91a26ba6044eff19dea6b6eec40b6ae313803c04fa60f9cb90d7cd1936b92ede1bb2c9 |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db
| MD5 | 7237409e0640cfab7bdbd429bf821a3b |
| SHA1 | 4c3da934842f8d4835dfe2a9c275a300e5123309 |
| SHA256 | 5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa |
| SHA512 | c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-wal
| MD5 | 58a9fde2b7cce5b42abba09a497a20af |
| SHA1 | ce0a963cc745411e3a44b665615e95dfd7df106d |
| SHA256 | 5878f726bd9589ef938477df6c38a89cf633052c18b083326be9b3506c15c94e |
| SHA512 | 6d3277a37cc396b27d3bb2c44407906e53c2b6c225b0a1edd2e02174e36ded3e104e8e69a9940f1a24da072b30e0bdf5a417370a380409ad6543f7e048f686b1 |
/data/data/com.mycarroll.app/files/PersistedInstallation9044946503887826286tmp
| MD5 | 57db9ba8dc1aa4177b04d314df68b543 |
| SHA1 | 082eb7544f914b1202cbc871fb5f3ebc2878ce07 |
| SHA256 | bf4c65a3b12be97ffcb9748ca244475d77c218ee905accce2a74dae21588f801 |
| SHA512 | 370ab06fb3221bac5a6e967d7b012537e7b2fdb31d66491f9d0ff60f86f17df4863c4e6970326a9a412903b2ee0b3b77807cc1b0ffce3afac7627506200c32ef |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-wal
| MD5 | 4a2dab2fb0fab41d74d13c02d06ad6ab |
| SHA1 | 7c3a4a43eecc6897c38dd7b597696c6abeedd94f |
| SHA256 | cd690a33e62fca1d1c3b764d1e8ea4a6e451833ffcf630a0d10d0d274f44c568 |
| SHA512 | cc5a2c6f41db09cf81427fe244806d0650c2fafd89de918aa434c9e003f6cfdb62e2ddd61d10742d703f305a86e0fdbdeab31e8d9bc13b7660cb6d74a1bb765a |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db
| MD5 | c760c04c252d3b3a9dca6249d7d23e07 |
| SHA1 | e6c968522f8a85746033cbab365318fc5a68c7a9 |
| SHA256 | bd7b013017516dd46983d04b61d225c4d6525cb1cf97a145c3feb5f77ccabb61 |
| SHA512 | 6f97bede00494e88f12f4d60bdf596f22022fde5f7bdd84fa4a3e8358ceaf463db7d49b5b2879522c269f231f09bd6a8e6bb2d296069c804f5478938e19b518c |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-wal
| MD5 | 1340cde73c0b2086664e880e93ef9fe2 |
| SHA1 | 3fce66b801b431cdcf0b2af2eb73c7192cbddfd8 |
| SHA256 | 0f04df37ab86f88befa084cfc9ac62ab41f6594093f7922cd3e8ca3ae8bda784 |
| SHA512 | 284b4fa7c50576cd85586da85bba350ff08b6db77b1b28b30f427dd434a53986c9f2d153c52964ace660a88496de3e8650d034e92d0c0456f022b58ebae12ec2 |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db
| MD5 | f37c109b91cd064422075a69d7466fe9 |
| SHA1 | 75a66e9e84bb5be61254c17b421bbbe64ebe3557 |
| SHA256 | c9b2037280cdc716ee53bc79349faebdb997637c7c59a98191ff928cc577d9f1 |
| SHA512 | af1ba1ce160819dbfa05b637db2092a4e68709fa693fce47b6f99c1659b1c5a350b475df9ac1dc3533c0be17713ef745f3ede191b474710ec0b9b01f861b5b76 |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-wal
| MD5 | be99c7a56082a1c6cd5800b8a73ffec8 |
| SHA1 | 0a9304c4a999734688b0e0540d3b5079284b5c69 |
| SHA256 | 0b10a1ac68a334263c6a632c61e4d64fdc5c50f8ae78f1e58d053889c6f488ac |
| SHA512 | 271337e3354095b28ad15d530971fe5298ade7088098b3c2dbbd87196745f7c554af20ab1b4858505170069275a9bfa89054a4eae628c3dcdaa4c938bbd64895 |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db
| MD5 | 1b207a7e2c6e0e3ec206b302f6f99f4e |
| SHA1 | 373f9519706170d78b98f7beca6e98edf107b73a |
| SHA256 | ea6f1d4a2b031765af6404d8e29ebb1120ff70d0934256d644c5d1a94730af12 |
| SHA512 | c057023ef25fbe05d5e17c96e49977a0d5e0fc7c8a7e25bcbb1e1a6b2ac84fdabc95d9dd864af62f082417fae4fdb5c1891e31eef63d7ed5a0b2a5eca4c475a7 |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-wal
| MD5 | 118a4154b8453a1868d7ee63b5345712 |
| SHA1 | bb7ab8df15dd27637c0e3b9f536d266a79e84136 |
| SHA256 | 4c830ba8371eb0c27c9887b0e76aeacca656c68511928b36d3bf92cb4f19c9f0 |
| SHA512 | f0f7965a046beca22985c6050647174a1668a45d3158bb674fde259747538062befb610522806ab4711d81db076e967e4111ac3230b2bd10962e07081d1725f6 |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db
| MD5 | 1b5caa806d132334181c30ace736ee34 |
| SHA1 | 344bdd2fa665ea136dc6759aa7450b72c41a6902 |
| SHA256 | 35ac0f7851f6eb9ef11c187ffd617baa38fab0079d9ef7c94b97a3c4614122f3 |
| SHA512 | 6b0bed35f7a2f0e81ef294017c5e4336f260a955a19c187c93437c02c4603fe415f73260f3d92e7c59cce1cdfc4c11b77a854d588e661d6fc7a14870e431b235 |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-wal
| MD5 | bad7a7c8d779ff73df0d64257d0fee24 |
| SHA1 | 1a2d4a4604cfc527371835c438acfb4b64192cd1 |
| SHA256 | 0be0fdd17732581df03a84cce861b0db1a0977419a199966c5b9fa3ce5e819cd |
| SHA512 | 753427d77047b2ae9b3f15e1a318056273fab4935676e8b203eed9d94b1ca3dff536e536a4ad1605d27b9750ce5e2be6d2f5e0dc1a284ec2dbb048121496c640 |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db
| MD5 | 6e51f0580a08c55cb6598dee996c9be5 |
| SHA1 | 225ee2d2dc97eb5e816e7c219c2212f7ac57a835 |
| SHA256 | 6de59d2460af67b546c95f2ac9d7f38945f3bbfc46645c7f291ecb1dcfe05ace |
| SHA512 | baacdfdef9d5d6abab374878f63d6749862f7f2bee7d27ec859ba2655d21fda76721bed71d1bde0799c332b0ebb6ce317d18c08706e36b04b0c0768fabe89f90 |
/data/data/com.mycarroll.app/files/MessageId
| MD5 | c4ca4238a0b923820dcc509a6f75849b |
| SHA1 | 356a192b7913b04c54574d18c28d46e6395428ab |
| SHA256 | 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b |
| SHA512 | 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a |
/data/data/com.mycarroll.app/files/user_code
| MD5 | 4050a5a977afc462e76af3abeaae7d6b |
| SHA1 | 374b00a1e554749fd75fdb62f0f81e1a635a9ebd |
| SHA256 | a823885035d3905bee82bf24325ca37faf33e949e670f81963b5b35650042f26 |
| SHA512 | 653ab599cebc66928ad59b26c8902553d90517386ed54dfa653f0b5b28fae563faf9005583dac9882d46d64a2c93e2ad644909df7ebc117ca8028b472fab4104 |
/data/data/com.mycarroll.app/cache/2
| MD5 | a37fdc64d7874fb2eaf8be7575d04159 |
| SHA1 | 0caea3dc8e6c2b001809c1cddfd901098415fa07 |
| SHA256 | 81554eed2a00801aba3c4f9c13ab332205f488f93959c01bfb96fe4b17624864 |
| SHA512 | 270fad7324d0930c8ade89273ce4429aee4ae3d93ed5ac7c894ef30c8f3b4c98edca4e88abad1603ac11712177e9acea7906962a693caf33c58e68c19cb0fa33 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-17 05:55
Reported
2024-05-17 05:58
Platform
android-x64-20240514-en
Max time kernel
128s
Max time network
131s
Command Line
Signatures
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Checks if the internet connection is available
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Processes
com.mycarroll.app
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.46:443 | android.apis.google.com | tcp |
| GB | 172.217.169.14:443 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 216.58.213.8:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | google.com | udp |
| US | 1.1.1.1:53 | 78.204.58.216.in-addr.arpa | udp |
| US | 1.1.1.1:53 | irnadl.com | udp |
| DE | 94.130.217.114:443 | irnadl.com | tcp |
| GB | 142.250.187.238:443 | tcp | |
| GB | 142.250.200.2:443 | tcp | |
| GB | 172.217.169.10:443 | tcp | |
| GB | 172.217.16.228:443 | tcp | |
| GB | 172.217.16.228:443 | tcp |
Files
/data/data/com.mycarroll.app/files/PersistedInstallation6557999154056442612tmp
| MD5 | 3493efea68825d6f1225352260b1a45e |
| SHA1 | 588183a13ab2225ee3d006c41431a98b0d6ea738 |
| SHA256 | e1f125882454b45e9f3ce14d03b35d5189391b0fccdf6ada56fe13e3f6b75ab8 |
| SHA512 | 6a82244b8b7eae3eeb74a65794d28e829c9a0e3aeb9a5600cb8a62a1d29588ef20b261a256b2827864dc0d3b09e38faf18bd680e41bb0a51ddb01ee14e490f51 |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-journal
| MD5 | 8dea41d44717b6d09100dafcffe93f26 |
| SHA1 | 4225959dfc9bc9fba3f8f19b66b27fe5a260a640 |
| SHA256 | 3fd458edb211033fe893e1e9f5c12e481bdf9ec2af385b4c060411971432d0f9 |
| SHA512 | 09f459ea80da6ceaa2855f4c57089e411c45ee485693b103f53bb8b0cd449308bf0a58bd5274ef27644026c08d512b160e0e2ddb2f6e0240bf6b4c736cce5534 |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db
| MD5 | eb52a90bb70b76e946b62f50b6f7fb85 |
| SHA1 | 42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0 |
| SHA256 | 48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4 |
| SHA512 | b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-journal
| MD5 | 8acbbad31e552e71c1a4bdca164b7b73 |
| SHA1 | 99f66a8fe49c0a1488ce641629ebfc698d6d550a |
| SHA256 | 2676f6f47ceb620e11e79f6198ee0459ab97abc8db668530979751fe59883737 |
| SHA512 | 81e20dfdbe449b35441916e40a53e76941a5069bc0e832c5bafd037b14daeaf76d8916633aef607b709240c2f56975a2af47944d406901fda4bf502f74e9c5ac |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-journal
| MD5 | 73683f395384711a95928f7317d78c34 |
| SHA1 | 003092407895d033fee73cf1a676e7198cafac55 |
| SHA256 | d834487fa21e5a4e95af7c708080a127658150acaab4d2dfb1565030e571790c |
| SHA512 | f55fe719c3f8f60ddd13f285e9812e8be3b2aecd20de66231726c9459db4174568a4870cc312d635943df261fac22ef83d99d06f7a76b83ee4106c15ebe61d6b |
/data/data/com.mycarroll.app/files/port.txt
| MD5 | b143bb9b14c916972f31e4ce92ce9fb3 |
| SHA1 | 9d365fb5be0934e134cede71eaf6c29e5170f656 |
| SHA256 | bab3ce5611fdd6dcb48e24c4a8f7d34e2f0b2eaca95418ce0c26152e8f2a844c |
| SHA512 | 89993f29ebad7daee5fe55c460082c86eab646647666d2d6113dbf8c7739bd42425857f539b1c071dba7047c590b4ae11b95b0da2f4de3ab9a95639046453ed2 |
/data/data/com.mycarroll.app/cache/~test.test
| MD5 | 098f6bcd4621d373cade4e832627b4f6 |
| SHA1 | a94a8fe5ccb19ba61c4c0873d391e987982fbbd3 |
| SHA256 | 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08 |
| SHA512 | ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff |
/data/data/com.mycarroll.app/files/PersistedInstallation5748827557307192241tmp
| MD5 | f8c7414f2cf7250d0b160cc6d710f00b |
| SHA1 | fa106e236a8414f72bd11d8c0285bb3b51ecbe51 |
| SHA256 | e731020afee03dd15102984b9a7b22bf90c18f34cfbbf5e26fd65be5ad44f671 |
| SHA512 | fbe9cf6ba80db18462c806831177db4f92d49479cf56a2acd1e4d9e495668f08c47c12d0bc2de1e0dabadd351f854ac748a03a78985eb7a288b960918a79bf14 |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-journal
| MD5 | b7425dfd01686c23ff4f84f52a2e9475 |
| SHA1 | 1fbd1cb095b16290b51f8383a01e097262827d21 |
| SHA256 | 94b5c37ee618688943c37d52265b8d75dfda354542f707c306ef951de1124746 |
| SHA512 | 58e8232f8b117f90fe288fcfdd8f3839b77ac9ff0979627aeb8e0e86c23acbe8a747812b5582f2367189246002f9a00f7824c1121b9cf065f81e8156df0c4cda |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-journal
| MD5 | 32755cd3f2cf5e1260c78998f0716237 |
| SHA1 | d0a8096787aafe1cf2a14f76510afafc57ffea04 |
| SHA256 | 6d34b8e854e0359b8202fd6564c894622a3a1bf9a9a415ab3e289125570e00e7 |
| SHA512 | d1fcede359654fc64b8dc9c77e380d998d154f517ec5bac8ff822eb4ac1ef89599ba8c918f1b8dd8ee3a659f9574578b38c81d40de273f62325453bd79061143 |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-journal
| MD5 | 6aa69e33271b29a9ced5eb55f672a23c |
| SHA1 | b3ffde412f16cf13f482f3cc7f8bea25f8f2c791 |
| SHA256 | 1618125381058a61ad6de54be8f824c305bc43d6e964425f35d2f9c12d08b909 |
| SHA512 | 20c34d40877dc7f7b5a4c74d271ae90b6a1567f6f362754841428fbcec312769f36d1b908320d2e07dbdd382c5803868c04b964e9f826f47c21fa4e11f8eec89 |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db
| MD5 | 130ab9fcaa1d8c52e5e872b6f167d274 |
| SHA1 | 64b83a354b738bb1e320cf53ad51c72fb858da51 |
| SHA256 | b2632f312574d7ee4c03c951733fd4a813ff9c6d0a51b2ad694ad21ccd98930f |
| SHA512 | 5f9b2fc9619b08ce9bfc72f9f0c104277a57daaddce09c7b6d8ea2394d81900ae6bc6d911781039253ece8c9ad1358c64c957f73e79bffc0af6820fe704125e3 |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db
| MD5 | f7d34094468a4bcd3ea81cf4242fe99b |
| SHA1 | 023a20c45927bae03b1d3cc885cecd19f55f26ec |
| SHA256 | 9514233a2665a2fefe04830df3c974806c0735a00ba4ad72a170f69ce99f7a85 |
| SHA512 | 7b7474ef4b507dcf7d5fde0f44a5503712610d065ae5c969b0c97429b9a10994f63e6f2defcf7eb4cddaed37cf209ff59e2b0fdfd0ac5ef82e91fe60dd4fbf19 |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db
| MD5 | 34f4e545fd77c9ce8e27f4ca4b93ccf6 |
| SHA1 | a9d450b00029720480924c6928748c083b57fef4 |
| SHA256 | bcc8a941f4d54ffb3d7e9a75a1f15983882c009358db938f27551653e4dd9ca3 |
| SHA512 | 8897083557bc5be9e412c1c9e872809b2b6c0652391d1b0e42ee6ca2a73391ef33f9f7a456e353f0ae993b48047a2e3108b17e01714b16092c98c36d8a5be4e6 |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db
| MD5 | c58dbbe10d80b5cef6cf98699b6f3d3d |
| SHA1 | ee1fd589ab5a60e7157ad112d9acb39cbfbe3ab7 |
| SHA256 | de947779607681c8299a4faa549bfd8300fbd9e07789b3b0693c392398c390f6 |
| SHA512 | 1d2e58a2f9362380b47df1ab6f252525097c28d94100fc43a4aec5da8e727a71ce842c97115bfb79d148915edf706bcce6d46ecbe69575854d39fc737eee741e |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db
| MD5 | 3ce5bd7864f78d68ae0043f499258c1b |
| SHA1 | 66657337f643c8f3339a5216b3a1860d28bfbd2e |
| SHA256 | 1c74d6c83d3a3555869a6586c14efd5af881e2ea09c9a78aee96a4ff97b97b73 |
| SHA512 | c68cc43838fc3f4d029946e91a1b8602a8fac291531d0ea67a3b5d951a0e083d671660a427b3bbf1f4c1fd43893343be9edb0b38d799a5c56e49ed547ee69d9f |
/data/data/com.mycarroll.app/files/MessageId
| MD5 | c4ca4238a0b923820dcc509a6f75849b |
| SHA1 | 356a192b7913b04c54574d18c28d46e6395428ab |
| SHA256 | 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b |
| SHA512 | 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a |
/data/data/com.mycarroll.app/files/user_code
| MD5 | ce0ae8bf34fba6301d9cb867c1407955 |
| SHA1 | fc6fed8a2e16f3c001f78886807acdd2cd751357 |
| SHA256 | 7ab04e55d060ea6a819e3e52d079f38dec7dfb7079cbf01cc408e00dd3a4cd3a |
| SHA512 | af6f86cfcd6920e64c621cc41aa6600dc9d03ae0ae5951e7c2358219dd712b71404b118bd09ca572e6f507d2e8a74670db94b0cf045541e0714a8283e997590c |
/data/data/com.mycarroll.app/cache/1
| MD5 | a37fdc64d7874fb2eaf8be7575d04159 |
| SHA1 | 0caea3dc8e6c2b001809c1cddfd901098415fa07 |
| SHA256 | 81554eed2a00801aba3c4f9c13ab332205f488f93959c01bfb96fe4b17624864 |
| SHA512 | 270fad7324d0930c8ade89273ce4429aee4ae3d93ed5ac7c894ef30c8f3b4c98edca4e88abad1603ac11712177e9acea7906962a693caf33c58e68c19cb0fa33 |