654e2cd54529f03d48dd196c65051db18af984e59f88c48a5f2bd8c538581bcc

Analysis

max time kernel
123s
max time network
131s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
17-05-2024 10:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

654e2cd54529f03d48dd196c65051db18af984e59f88c48a5f2bd8c538581bcc.apk
Size

2.8MB
MD5

beccc97980716f98f9edd058018bc90f
SHA1

a0f0da9b1306f2a1ce64246161467b2694190ec6
SHA256

654e2cd54529f03d48dd196c65051db18af984e59f88c48a5f2bd8c538581bcc
SHA512

461e298e37e57c075dd2dd43c3dda5f223c6b62d5a910215ed7701318e2db9940c79f0a5234297b3abc712eaa7ce35e9a034663de92edd1ec7bd64197ce226c5
SSDEEP

49152:4/QsZrOCIQVl2KGQx472EXF0/BgrUIwGoKUOPNUzgwcLAB3nxNd3JFaWY:m26lZS72EXF0/8VwxKjPWzMLAhxP3Haf

Score

7^/10

collection credential_access discovery evasion impact persistence

Malware Config

Signatures

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

Processes:

com.mycarroll.app

description	ioc	Process
File opened for read	/proc/meminfo	com.mycarroll.app

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

Processes:

com.mycarroll.app

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.mycarroll.app

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

Processes:

com.mycarroll.app

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.mycarroll.app

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

Processes:

com.mycarroll.app

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.mycarroll.app

Acquires the wake lock 1 IoCs

Processes:

com.mycarroll.app

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.mycarroll.app

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

Processes:

com.mycarroll.app

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.mycarroll.app

com.mycarroll.app
1⤵
- Checks memory information
- Obtains sensitive information copied to the device clipboard
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
PID:5154

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.mycarroll.app/cache/~test.test

Filesize
4B

MD5
098f6bcd4621d373cade4e832627b4f6

SHA1
a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

SHA256
9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08

SHA512
ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

Download Submit
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db

Filesize
16KB

MD5
08aa9ce17574f1b5dec74d2cd33d0c53

SHA1
bdf8cfa7ec07f4c69d83f623e319adaea1cfc21a

SHA256
dd6be589df17b321d3ca16d6560219a441d725ba2ec754a6c2fa1c81e022026f

SHA512
2647afd545d324a650a3893a4b5baa72079d56897464162548cfc363e1ec75df1980ef74a9eedd9955cc0a3e7710813749ae39af57b3dd2331fcdbcbd3c66515

Download Submit
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d4419d688f144fde2e8be967f70b7931

SHA1
d19a7accd69c8b88bc211b620ce66e73b5f9f2e2

SHA256
3b3eca25d1046e24ae280daaeeab60089829a94198853f2c6aaadb088ad30a5b

SHA512
75541fe39f02602a2a7e7f45c23d92f6072219ebffa737313b55fb58d43f3559a328cf2068f1d18a948ff45a6c0047804c0c0e885839717a49d81276ecd42394

Download Submit
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db

Filesize
16KB

MD5
fd2b64e45c3de386b2e28b7eaf3b97f4

SHA1
c21089bf8bb138a087f79103cf2ae754e57ca9a1

SHA256
8e99087668dd85f2a2d432db8d9c81541b6237d14990235b6ffa241a8692bee2

SHA512
4484985d82fdf6fcebc426c5e619cb646ae87320cd45e792cc4fcaf969a69bd17154ac6f3273f4a7f37123972b0652a412a95245fc24e75bcf968dd4511875a6

Download Submit
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db

Filesize
16KB

MD5
a3be0b60429d7e6f2eca24ce30b76e89

SHA1
ab08c624961c80d94e9600e4b1aeda50947c2668

SHA256
f7a45c3793497dc4f4191c9d92f980e002526260635adae1ea04a2678627f7c2

SHA512
3b4813d26569442002d7a6514d7d9fd8705da9e317a1912b31ede25fa1dbf84e9a957accfcb25370dabec89c5e2d579efccf699855e0ca18201b79e429a2246e

Download Submit
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db

Filesize
16KB

MD5
3ce5bd7864f78d68ae0043f499258c1b

SHA1
66657337f643c8f3339a5216b3a1860d28bfbd2e

SHA256
1c74d6c83d3a3555869a6586c14efd5af881e2ea09c9a78aee96a4ff97b97b73

SHA512
c68cc43838fc3f4d029946e91a1b8602a8fac291531d0ea67a3b5d951a0e083d671660a427b3bbf1f4c1fd43893343be9edb0b38d799a5c56e49ed547ee69d9f

Download Submit
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db

Filesize
16KB

MD5
eb52a90bb70b76e946b62f50b6f7fb85

SHA1
42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0

SHA256
48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4

SHA512
b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

Download Submit
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
cc6ed609c061cdc8ea5d35e86325e549

SHA1
613301fc09b47ef5dc4584549ef5407676449cf7

SHA256
fbec90850844cf6bb51e37a8879c4c02673cd64046890c805e408613dfea0059

SHA512
b0beb0b32abb0badd1006053eae76d1c957927989cae2504cf43ef854a89f254061d6ab851cf19493ba355b9d9d94703038fa3e8436b49144f866b56056491a5

Download Submit
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
e9bb7ed8ec734ba454466c974f3ecabe

SHA1
cd4200cca2df0fa44eff1f78aa038888d4cc040c

SHA256
6cbe7f3299c104298f6103935916678adf06a5506abd44293f4aa425841e2bc3

SHA512
c01ed7fe821a1e6007b2f0e9ea5bc657efe8354733aa226cba8a6c82e7a2e25204966d35b6287aff13041131a9ee3a673759303de5b154c7cf9213d20f4bda00

Download Submit
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
ff63c591d59481c70653d5755add0c28

SHA1
610904332bccf339ce5d822bb97b67df64edac67

SHA256
1597170bfd3bb02a923fb2a7a2e7cac3bbd3891be2f9257b9740a86e592fe288

SHA512
ea2c828cba4340f18e22fa72d750dfdacedf8d3ab5ec290879f194e2a11a13f3f80ac2916204d311ac62b1530a9c7d9bcc24b7fbce6d9aac6a87137454041ae2

Download Submit
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
77869855681de4625fad2fca8c1f4b60

SHA1
a97c39310e007e3c46517596113f5d0506b978c7

SHA256
f3fa95c9cd905dc712a0bc4dd4dde0a29f5c5fff2426bcc41cfa3742f29ad71d

SHA512
597ece147ea5dce72d0dada91a0f4ef8f146d6adaf39d86b0807f6d73f9532092888d4ec346219939bb82353ea8176ed6602bf502b2692e899c539acabcdcf34

Download Submit
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
8a311e4fbaec8d133d3b1881fd41c5af

SHA1
4afa4adce7fcca0c442e7126d3cb5e5208f7b68e

SHA256
2b522c11cfb2a0da3f2ee5e70740c57db9e366bb0861d2abcfc555acef4b79a1

SHA512
6def3ef6e469d35e305f6473431ee316f58a53e22fa299ccce6b54ac91f8dd07a6b7a8684ad6e4e5c6842e59c0532750bb4d80fea4e21209ea131b46b37678b0

Download Submit
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
179d3fdbabbee0af794c711c80b93589

SHA1
164d810af8bad51f701bd38e1f1c829e13a1095d

SHA256
aabb4c48f4a54dac4882d061e92754002fbf7bedabadd370923da891c00d08e0

SHA512
7cc28277c6b6f0df891fd106bd511d82a7cf574ddcc7add17778d16a408f4c4cc50d9a2fcfa71be4f8c7d29450ad946a885c2a6082cfce25448b29459fc66bd8

Download Submit
/data/data/com.mycarroll.app/files/MessageId

Filesize
1B

MD5
c4ca4238a0b923820dcc509a6f75849b

SHA1
356a192b7913b04c54574d18c28d46e6395428ab

SHA256
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

SHA512
4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

Download Submit
/data/data/com.mycarroll.app/files/PersistedInstallation2823082013494129738tmp

Filesize
90B

MD5
b2aff20443ded9e0206c3dcfac3cc4e3

SHA1
5ca3532b077c7837cbb964cca61685060500aab0

SHA256
a397297ae5e971b6edcda3f49273b05cf0b4efdc9c5c820b57001d749e36ca18

SHA512
f6bca8db6b2c85c845984e1fa70a7c5a61627717c34ae2cd1f356229caad91c4ebedea74c35c7f2bd358fa398d50be06edb9eba5ea19217bcadad68658613f17

Download Submit
/data/data/com.mycarroll.app/files/PersistedInstallation3907765243389779098tmp

Filesize
567B

MD5
5fc14d3dddc458990639ffd4f276ddb9

SHA1
608c1fff29aa18edb8340a59b5c810bb147e0e21

SHA256
e2f0b7567cd3318dd297a90fa5754fa8d01e99bd966e4b3d59bc712689ae0af7

SHA512
e3dab718c41bcbd8631a550075bbb0217ca6754b7fbc02dd6b82a639b88333530609eafd29f49ca43bf8ccd192915fde90769c7044aa3e44065bab07e63f58e2

Download Submit
/data/data/com.mycarroll.app/files/port.txt

Filesize
3B

MD5
4f030a02e1a1b7c16733403b65164e5b

SHA1
d463a841c6ddd212bedfb1e68c7639426e354f0f

SHA256
46fde00bfa275b287932e1a651e072c36a0a43c50d41f922f5ed72e9b3734441

SHA512
902d226fbdbad3178c7f9390c0762620cd31595e7f582b926a552edf5d3bdaf379ca4cc53f6263b5a8fc305a3dd2c805280ebb1d9ba79213d67b87d3c13e416b

Download Submit
/data/data/com.mycarroll.app/files/user_code

Filesize
6B

MD5
8640c0e9f5ba2ba660d974c8ab834ae9

SHA1
1efbca9d04cb0cba609139fb745b4ba4c4d279b1

SHA256
4b507856a545d96180538647d694db6c0e07e8d12ccea0a155f9ff5f4ac12b4e

SHA512
f8a11b16e4feb32c9a2d91d44a16a3f375f898158283eb9fe7980b5721c53356440d71587a5876a2ed4ccab6dbc6e5c1f9b5084e1390cb44d0a0928c233f9854

Download Submit