Malware Analysis Report

2024-09-09 16:07

Sample ID 240602-3v1l7abf5s
Target 069d6258fdcf9b13fc9065fa58d4d6cf5a65849bcf74d5bdb154786c74577466.bin
SHA256 069d6258fdcf9b13fc9065fa58d4d6cf5a65849bcf74d5bdb154786c74577466
Tags
discovery evasion persistence irata
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

069d6258fdcf9b13fc9065fa58d4d6cf5a65849bcf74d5bdb154786c74577466

Threat Level: Known bad

The file 069d6258fdcf9b13fc9065fa58d4d6cf5a65849bcf74d5bdb154786c74577466.bin was found to be: Known bad.

Malicious Activity Summary

discovery evasion persistence irata

Irata family

Irata payload

Checks if the Android device is rooted.

Checks memory information

Queries information about the current Wi-Fi connection

Registers a broadcast receiver at runtime (usually for listening for system events)

Requests dangerous framework permissions

Checks the presence of a debugger

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-02 23:50

Signatures

Irata family

irata

Irata payload

Description Indicator Process Target
N/A N/A N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Required to be able to connect to paired Bluetooth devices. android.permission.BLUETOOTH_CONNECT N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-02 23:50

Reported

2024-06-02 23:54

Platform

android-x86-arm-20240514-en

Max time kernel

123s

Max time network

155s

Command Line

com.ticketcreator.barcodechecker

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /system/xbin/su N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks the presence of a debugger

evasion

Processes

com.ticketcreator.barcodechecker

Network

Country Destination Domain Proto
GB 142.250.200.42:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 www.google.com udp
GB 142.250.187.228:443 www.google.com tcp
GB 172.217.169.10:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 firebase-settings.crashlytics.com udp
GB 216.58.201.99:443 firebase-settings.crashlytics.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp
GB 172.217.169.66:443 tcp
GB 142.250.179.238:443 tcp

Files

/data/data/com.ticketcreator.barcodechecker/files/PersistedInstallation3423657791003451145tmp

MD5 7ae0b64cf9a4dc520bbdc9057d3e2cca
SHA1 a54d282832d5271084254d6d658563640f6a7892
SHA256 3b1a6c3458fbd450be468d4998f3ea30d3b77f2c0ce5b4deda4ad8e66722ec78
SHA512 6861c87c5aa5500b9f25c3b1b4d7af1289fd55e4ffed0c30c010f348e35645a231a6a5975eea781808a588b6ef669a9a782e0180fb56b8509eaece871fca3688

/data/data/com.ticketcreator.barcodechecker/databases/com.google.android.datatransport.events-journal

MD5 38a43bd21e44366cbdb49af8ba6a7b63
SHA1 2ef8d7c62f1958c294ec7ed5f0f00839ac6dfd09
SHA256 e36597134dc196e1b5c5cc5f8b7545e8cf3a0a5d1daf451d139efc982551d31f
SHA512 b0a02bf2f37b1fae2a18473b215300f6e67a173776542f4f2a80c0d42f123a3fa6d3128731404bc719c4d2c95a0e8420d5a8ba8e6636b4437201db6df42b1cfa

/data/data/com.ticketcreator.barcodechecker/databases/com.google.android.datatransport.events

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.ticketcreator.barcodechecker/databases/com.google.android.datatransport.events-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.ticketcreator.barcodechecker/databases/com.google.android.datatransport.events-wal

MD5 05f5f03084a2b6cdbfd85e7a7a2dfd18
SHA1 459a59958b080f7eee804d4fbfac26563db88a6f
SHA256 6e1a9ece1825ff355d7108b81a207a4a4d66462c743a75529bccb4ac57c32ba2
SHA512 b7a39d97552846c6282128dae3c45e1bef70a1998e4b4c4327f5d65f96b0037b4a373ac1ecc5240aac5b5a319792803fbe2f66765b7404320a568aa15ce7a952

/data/data/com.ticketcreator.barcodechecker/files/.com.google.firebase.crashlytics.files.v2:com.ticketcreator.barcodechecker/open-sessions/665D056702D2000110CD86180E044962/report

MD5 fca6e5fdbe9876481e7f33442920196f
SHA1 e8de375c2e02c63ced8761f4882ed182992ce1f3
SHA256 e372c00c06279a1c7737dd1e8e82d80038e855edb4cfe2a4aa38c668b2b8e9d6
SHA512 959cd1c2609f3556475c5d38b89ad8e395304133bd898eaff66262ed795144910fc8389afb63f60cea655f7d31f483253aabd813255caf0bf47bef31c6ee5f4b

/data/data/com.ticketcreator.barcodechecker/files/.com.google.firebase.crashlytics.files.v2:com.ticketcreator.barcodechecker/com.crashlytics.settings.json

MD5 313e1174eb652bb27d86d64b6c4d5c0b
SHA1 d29ce8508dacdebf385be40aca9cd5ac5a613e85
SHA256 55f740279316d1789fefca62d203e906178e7a52dd6d30a4b9afe0e830da3a11
SHA512 44684230b98d50676cfa6093a73879382ac89d7499d5aedc7fd3c957d7b3802d96a145ee1ded2383d7a4e05d22b45476e46eb20c333abd05b8af80c2cdbc1977

/data/data/com.ticketcreator.barcodechecker/files/PersistedInstallation2457685328973801563tmp

MD5 38082908fc95c5eac6b603e4cf65cd0b
SHA1 c4cb8cee96e8bdfc10acf06f626f9de998fa247c
SHA256 49271be12157dc9df51c7f79f959a1a26618c54a85b6a8d4f7730b1427580a9c
SHA512 9ed4905d06b2c5d6daaf89d0fe702930fcccb0f525702e81f119b551acd6932bb2aa4aceb5e49e306237cce7f176d06000bfcf1ee42fd1d345e085557cf9f621

/data/data/com.ticketcreator.barcodechecker/files/uid.txt

MD5 9e4cff13f418594b769af01efe6bc888
SHA1 b54a5f55b468e314d39845d0562d2e573d02a65e
SHA256 1f41d77df2b14e9f00718c2b1af6082f7159dce34c7221202cfd66f95317ccc3
SHA512 3576592d2290b186aee532c08454220f45766de1a59162f01420ecbc72e3c6d6435fe206b353ee96bcbbc0b1d4169152c7eabdc4853b71ace1e4f0763c6372f7

/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db-journal

MD5 56a668084615af13a12cec2b1dc3b4cc
SHA1 5b3049c776858b64cf9398982e2bf267d9025f9e
SHA256 5485259e7f7b114307e134898ea1edffbcd1777c9a8748190fbddba24a52a30c
SHA512 0214499c69c125495bcdbe43dd058950c9461af6e646fe78ce3e1b9d1c84e40cd8f2f2d15c0afe595445e5a41fca565d3db2846a8f5e16cfefdbb46fc51018a8

/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db

MD5 7237409e0640cfab7bdbd429bf821a3b
SHA1 4c3da934842f8d4835dfe2a9c275a300e5123309
SHA256 5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa
SHA512 c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db-wal

MD5 190e0eac6c223b3363f616756750942e
SHA1 f401ea616c34160445a1ccd1a5ae1584a62d5b2c
SHA256 9030dcbcf28df669d8ea6a627c7d3c24aefc75aa66559ac8211ba75894d7a692
SHA512 53b287319b420933396c6b7c70e14c2ca744b02ac589ea78187eb0d7424cfe449d6bccf2cff0e78812afcad996ef3e542c62a0159a230c1001f4f78444c19e6d

/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db-wal

MD5 3b4ae1c9cd764891e1b2f7380cd05474
SHA1 ec7afe1016cef9766a6d7d6dec34eb7565f7cf7b
SHA256 60424cd95475a1a6cbbc8a33a795a062c5abc28197cdd24f259e933ca417f32d
SHA512 165ee2a90b5bbec3373fe2a73d97c2a76905de923c785c7005764f5ea8c42df89d9f558052852674220af5861fc1b6672c85c5030fee261d27695bdcbcbed8c4

/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db

MD5 c9f148f75a827f319ed838d4e53b3ec6
SHA1 0ce8adabeb5a0b1ea17595954876c19a1927f066
SHA256 1328f2d339b6397fae517278e0145c113533322e120c41bb2a6afda34b6f26d7
SHA512 351f06b7757917082ef2515cf5dc175d4415f9cfdf5de0ad11ccda2e1939af5944980014e8565683d59fd4e76adb7b609e9fe35ef590c8e12975c8248872c2b3

/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db-wal

MD5 0cad5be14567536d580bbfd3a793c787
SHA1 9f8fc6d13fcff3190b52ba969717d013ae1f896b
SHA256 09046080b50212156efff4129dc0e70fa86b9f965a20799c86362bccefbcc8a9
SHA512 eb21e1a6f1a75e700f2f96ea1168bbfc25c24d5c5fe89a14feddab72057c974846424f77d8395fee2c8798f86f6471b0b02a496cdf6a24a09a9cbeecb2239502

/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db

MD5 7d219e8ddc50c51b6310d920be029b31
SHA1 0c97a8c2425a3dcf24587923b9f37dd8f76cb749
SHA256 6230f38213a3defa5e223a547eb063bbff595be00d3d69dac80880913c6e185b
SHA512 a5e83c4c357dd027bbc7c7918477b5a6aaa9ae2b31c56304e0cd6b62954e0160fa5e111c293dbb4f69bb8732b62c05694e80f39c3c31c10284ba1b7c7cebf149

/data/data/com.ticketcreator.barcodechecker/files/.com.google.firebase.crashlytics.files.v2:com.ticketcreator.barcodechecker/open-sessions/665D056702D2000110CD86180E044962/userlog.tmp

MD5 c33583fae4e0b61cde1c5b9227963237
SHA1 fe2ebe4d27469af1460f7e852031a04208ef629b
SHA256 35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512 fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

/data/data/com.ticketcreator.barcodechecker/files/.com.google.firebase.crashlytics.files.v2:com.ticketcreator.barcodechecker/open-sessions/665D056702D2000110CD86180E044962/userlog

MD5 105f65e61db6fca8f51ac044d3ad49f1
SHA1 fa025ddf6f4b5800f0b1207f0db5794caff9dc87
SHA256 bc6aac276b03fb19da8cfceaa7441003f9cb0668d8b4d2df543b273e13ba1ce4
SHA512 53437596cce0ba24eac2abe0c567c0f73cfa5876d5c54041ba3ef2ff80d6a595cb405b6e4c264d0097802f8a3abc6c2d5de419efba5d945311a14a6a104cb63c

/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db-wal

MD5 90fdeb9dcfa24bb7f43a5a2201940bc1
SHA1 b581ac81400f31a2c0a3337fe7e93d4d8cf8fd9d
SHA256 2febb3744c1444f0546242aa3482b9066e005f17072a4143014a3ab95994e447
SHA512 de724a9bf488815f78e6350dfd5ac00bd2a0590212f03d573392877a3a0033fdf99738669e61e902e8aea05cd0f7aa57d7dd55f50c4cb55a80f397ea127255cc

/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db

MD5 6cc67ab98b8733a790505b1d465902f6
SHA1 0b39f1dd5de955e11a3bccc14bf78834a6392a53
SHA256 b47d72a4931a1881cbd85e8f80887d4734495f7079b752198da1c7a3b65111ca
SHA512 433f63126539bd4deae2bcbf9eba8cb4535694fe5d85c4dedff6fd3108fa5da27d72aba46664a38ad36471cc5f058921dc906f34f4e05c79c041e63a84bb1bf2

/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db-wal

MD5 bd5a4bdae4576217e0c0eeffe055c34b
SHA1 d0a23e60d0b57b07371a5a70e5eb203380c31360
SHA256 271b48cfa97d7ed9ca1490205d20ebdac97c40e376568eee62c5281c129ee66d
SHA512 62434d3f11af9d132939becb802b68092c363d272a5866fd534230c71a7a275c1708a411202bf6e25a0cc120deac4d9503761572509a669571583c21994dd705

/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db

MD5 ddd7659eaa79710045194ea4a412f9e1
SHA1 3317fe467031d81b824038b09fb76c6d5c6f804d
SHA256 fbeba768d37b7cb50c9f6fcaf6e1b2cbf7918ae23ffcc2c9f0b44b290286416d
SHA512 45f9ad31a5a619f1d857e7f3cafe9d19f4e47883f9c52fb9085e75a229ef62a0959c3ac93dbfd925cda9b3b5f4034e60e201cf3a051bd0c9d25f28f210f77e51

/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db-wal

MD5 7d6a14c9068a424f4e369239d0af3b87
SHA1 00c19a98a288db5e546b13006ad566d82d671975
SHA256 b62a49864666067a0ba6e60b179c4e8a9209d143f0f6b986db6f202ace627dbd
SHA512 22fef0039fb91ad86d2c92d3e98fd0229583c4249ac68247cfe8e6703ee4bf3743cf32f5730791f2bdb32ab0166a1e09d08771543427d4ec7e4bac803a7aee8a

/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db

MD5 3e881d9a01ca707bed38018ac69f4518
SHA1 5820f9351d7cc8082de6e5686eb9f8fedf6fb830
SHA256 4a5bf9bfe9b032546f886dd5fe6717de78716734aaadab620c0444ed6df5151c
SHA512 8f0395c94b3a449f3c61e7117f400c7b8a12c23d3655be6772bce2c8aa0ec8d8be8000c5cd2c6e10b334ef54a4add5583717393c3239da80c334c45b8b392db8

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-02 23:50

Reported

2024-06-02 23:54

Platform

android-x64-20240514-en

Max time kernel

123s

Max time network

162s

Command Line

com.ticketcreator.barcodechecker

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /system/xbin/su N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks the presence of a debugger

evasion

Processes

com.ticketcreator.barcodechecker

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
GB 216.58.204.72:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 firebase-settings.crashlytics.com udp
GB 142.250.179.227:443 firebase-settings.crashlytics.com tcp
GB 142.250.187.206:443 android.apis.google.com tcp
GB 172.217.16.238:443 tcp
GB 142.250.179.226:443 tcp
GB 142.250.178.4:443 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.179.228:443 www.google.com tcp

Files

/data/data/com.ticketcreator.barcodechecker/files/PersistedInstallation2214039543814724716tmp

MD5 3aba80796e74de9bc1a6833872a1a7cc
SHA1 4fd477182bf98a34dcbc23c90bb20621a06d9eac
SHA256 0500dbc792e7d8538a2d1699f5484e2bc76d4bf594c309aa721d73380de6da98
SHA512 1701e3ceec4713b8ed690eb99e28b995ebd4954d3d74df7c8749db98415d8c45480bb40368e6e835934533af500501c5664a0f26be6dff263deea613c3160cf7

/data/data/com.ticketcreator.barcodechecker/databases/com.google.android.datatransport.events-journal

MD5 918e560dc53a14bd829152d6a35942b4
SHA1 0a5065c124776176e3d0a61ff059f8d03a9ff0a2
SHA256 d8474f00c8a5f403fdfe31066692db465899154629fef7208a59a67b8fbd1163
SHA512 7f03367ddeb948e63da802e6d548f9b872a702e3eabdd80a9d2aa127d4dc154c638310657e273c846d6f251208e05d2cf3a7c87a6739d2c3ac751ff2185f0e05

/data/data/com.ticketcreator.barcodechecker/databases/com.google.android.datatransport.events

MD5 4124d5ae769c208d9f7a206afc528edd
SHA1 db6badb06d711e0416d27f7558683a2336c9f219
SHA256 97c3b7281ec208026ebcc4461e8547809aa67edd346c7b456d3266df99d2ead1
SHA512 b602adeccfb7cb01866c7140777b30733ff25b3546d0ecd4400cbbbf4089e476506d4f81bebe62ec0ae209cb3f00af1e751d33abbf1dfaa5137e0cfc9f1237c0

/data/data/com.ticketcreator.barcodechecker/databases/com.google.android.datatransport.events-journal

MD5 f3fc02964699762c5693852eb598b5e2
SHA1 978dd0f53df5f194d99ac02053522947b32b6f13
SHA256 55bef79b75d6067f1b0c34e239dc4a3b0cd2dcb7bbc76a94c3e91cd0d04d743b
SHA512 71f5b7126c7ffaf8240c82359ec8ddf8e40a80b7ed4cb862c71feb640bc6c31a4aa9818dcb913e50ef8c8d6a883f1ce9a19628a9e4f1a17ce718654dd9059634

/data/data/com.ticketcreator.barcodechecker/files/.com.google.firebase.crashlytics.files.v2:com.ticketcreator.barcodechecker/open-sessions/665D056900F0000114830A255DA7B2AD/report

MD5 3f2d5082e9a8d77b420646adfb645855
SHA1 ad940d9a8fd46d1427134ff43503ab9ee4c066f1
SHA256 aa219a3f078096ef1d51f9bb3f809a54c00e01fe566cfbba6168a43a483c17a8
SHA512 edd1dcb5e24d98efd8bd396ca1e5a0b84c5176ce6b5349b3bc1953b6f2c61132a52dfb2a2262ab08352fcb66238b24799fcee4e46c1512f275489335f809a72f

/data/data/com.ticketcreator.barcodechecker/databases/com.google.android.datatransport.events-journal

MD5 473109e2e7c22660cb227fd68d1e0f72
SHA1 b891eed57c148dcc4c584287f3f7df0003dd3141
SHA256 9067ab27d04950fda620b2bcd98831e857987cec4eefb29c14ed59ea59941fc0
SHA512 24a55db57dbe84a09a3b2bdea6291029a50c2b657130b984b2b43d2ea32892d62a04cd76604cf11c365549b8654ed3214f7de59a48717043a086792ade7fbbde

/data/data/com.ticketcreator.barcodechecker/files/.com.google.firebase.crashlytics.files.v2:com.ticketcreator.barcodechecker/com.crashlytics.settings.json

MD5 9808fc753ec82bf09fbeb39ac858f431
SHA1 8b86dd5a90864b8bb60e5a40065383130070c577
SHA256 0822b0cbc465da71a325ebe8d81a695e70f1b81d3185373f3ad4421d4807991e
SHA512 9f60190a9af4bc8cb390dc4114b8e809198887a23909be7f8c05f2c14256a6ad3770741dfd16a910745d340dbc82e0d9bbb6dcd7d9de806d1e5de0fa3c4f17bd

/data/data/com.ticketcreator.barcodechecker/files/PersistedInstallation4422228063654471035tmp

MD5 e848c8a3886ec0a2e97758fc0b1ff1ff
SHA1 bb4a91f434932471ffbddcdc8edf68f6ed1a978a
SHA256 2bc7381b249295e2819e00605b904182376c83db9e57a5bab5bb38b36a69d09b
SHA512 ed00db2b360bd4d63ca8695e616f26600e81c75d60a345b0f09c8a877cee3d1125a4e55d075b8fdde4ff282a4672e73523a5d1eb8f2abbf3e846cc714a17b0b5

/data/data/com.ticketcreator.barcodechecker/files/uid.txt

MD5 e0faae3d3d98dd4c1915b929832b389f
SHA1 188c2eb56395de1c2d862cbd56c8224b3b4b17b5
SHA256 c0bfb23e55535a9588c3e67b5e4388c67f088aacdb97b5cec0bf46651504800b
SHA512 a6115ef100126a940e655ae6b5c48d925e33e7bf84406f81a229744c039a3a048193e92d9dc8dd4f34164702c7c26d06943bbf835a09dab430e2e418a56f44ff

/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db-journal

MD5 8ad06a6a379b2e4d89bfe4eae99bccff
SHA1 f2c368a005c616f374e53c76218fc4ec69b7db93
SHA256 8a44fdd3203341dfc71995e5e32511122c51842374406c31cb9b141ede4dd88e
SHA512 c910b853f23ffcf82ad116f3e0de40529dbf3f1186caff49728f316e476f6af9efae7f11d595fb28a669fde68fa52e1963806785d8d199ae9587e29e23a8d60e

/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db

MD5 eb52a90bb70b76e946b62f50b6f7fb85
SHA1 42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0
SHA256 48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4
SHA512 b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db-journal

MD5 c78d113389cf3393c05f1814f0cdd15e
SHA1 12de3f1fc3adc1d64722db851bb72f6f102b5c5f
SHA256 4964479d7301c640f3d22ca8e447ff58f29b4f7299384b7ec4c98a823672c870
SHA512 2712e2f7c23a1ad199c6d6907753216a962db9a5d3cbf8edd17651eb1c9eed54817bb88d64ffb40c756f0df4ba048e8ea4a25b356afdd2d1eaabc5d85b728b67

/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db-journal

MD5 41c16dd8737277724626a294ad165e70
SHA1 569f1676b89dc95dee335cca373ba2dcf967b1db
SHA256 36cd654743cb0fa42ebaeabc3548e180738422b2b75c3e8f902578c74231e03f
SHA512 e6f13f84d1470a76be124b0e622d3e25b90ff444d644370570f67c9a4a5739ee3515ebb22dc1907305a2b6399bc79fe697329b91b20b4a96ab545b84864dfc4d

/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db-journal

MD5 fc62483e47e66275228f669043d94e5f
SHA1 3b9235ac3f47aae5986f7b616b9ea9e4f12f3867
SHA256 ff180e51be6bb064e25a74b9a74d6452acb89ad8d326405f2409db58370dafd7
SHA512 e0680b0e626e28cc15e2de848e85a844f9b0cb7637180fc709c34ee237d1ea59e42b43c6c8a4638c52cd9ca58342a371e3bde497071af3f7bc98c317893ac840

/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db-journal

MD5 c3c4a2be9632b59045f204b581e5e6d7
SHA1 24e6c9ccdd3e39b1a7472f68bbbf87c56aaf4fe1
SHA256 cf81c86e6423d81f3bd1ee6fe3681d30e62b7518f7ace81f96de808f510b9232
SHA512 6eccc935b4bf21ee2cf6b23b90466d3139e7612a734466285fc403d71dc0b815129bc7c28fa239fae1a7d1f60974b7efa9f241e59b9866d95a848765517136a7

/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db-journal

MD5 5541ec348e8b4fd81e3df50b5dd35bc4
SHA1 6778788f60f895e21117f51b06def202c4758a73
SHA256 d789c57bb6369e2f4f0a462af854b67a35198d7e6606f24325518b45f6756b5d
SHA512 6501ed79896efbe89f1551720efc6db001bbc801042d5494178cae523f02e87cefa2fa2473733c9e3f69e12bded969f91bea0441a3bde543322fb866d061ed47

/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db

MD5 96bcddbe16fd13e1280300ebbcf434f8
SHA1 1bca1a716f5e74b8aeb36c95d523acd81b47150e
SHA256 92281777af8072ed0602928ae76eb6d73698850b744dad9aba9767b6f0d3a4a2
SHA512 440c22410c2a842fe008caa07c930ac065d6c9197e5ae9322fe15797d45167c85e53e139cd71ac622f764b29be18350dfcc5a0c1d3cb77f926cf119f027f369c

/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db

MD5 a2bcde9c8bc320c7f28de4cb691c3cfb
SHA1 299b70e829b13ebc5821838b35622dc197bfde89
SHA256 358f4986704b353601cb4ff3549e90a8d029649efe8de5fe23382177a629216d
SHA512 23bfaebc6db249653d98c5f89e2c9fb6a560c6770278ee401f953d32bef325bc8c96010986db5771703f25587920f2876fe7526779bce290a7cfa830218b2791

/data/data/com.ticketcreator.barcodechecker/files/.com.google.firebase.crashlytics.files.v2:com.ticketcreator.barcodechecker/open-sessions/665D056900F0000114830A255DA7B2AD/userlog.tmp

MD5 c33583fae4e0b61cde1c5b9227963237
SHA1 fe2ebe4d27469af1460f7e852031a04208ef629b
SHA256 35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512 fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

/data/data/com.ticketcreator.barcodechecker/files/.com.google.firebase.crashlytics.files.v2:com.ticketcreator.barcodechecker/open-sessions/665D056900F0000114830A255DA7B2AD/userlog

MD5 502134b3d5045ae959eddd4bf7184a15
SHA1 07ad2351485bb4500dfd9c74aa41ac2fc55b397b
SHA256 a81b864aba8a5b333ec5191908f8d4c76a4eb06ffa2fab71d251bead56b70375
SHA512 730ea9ca5c369d3a16c1d3cea13d80ba52d9c15399dbc035c4b2ce183880bf90a70021daf8ece7506e5049f53abf3119698cdc77e56a8cedb007e0e53c3fc9e8

/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db

MD5 e780a5d7bb1e0a6a7437ab3232786d7a
SHA1 f51af7b0df3e96cb8b5d9e4a0744b708c7919677
SHA256 e85671992debf9de10b0b49fe93f0f86835b18cc41d59781f64f900457545784
SHA512 e9eb6f7b50f062c2d0213d56670bb2b30a21b3c6b2fe4ab01975cdec99da8c0903f2cf65f1c35e0c74a064fe29521e9b5db01530ef0eb83e1167e9776a56b66d

/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db

MD5 26fcf1dde6ecba1e8e931b4b86d82b4e
SHA1 d2b21fe0d960922d4cd4cd7b62cf23ac99b1452a
SHA256 e632673fddbfd89dfae0b3de838613084c11e540e2fb1d290a6bc1d242be5ea4
SHA512 778e46a2939c29a2470900ab7a0fcd72d31e1b1ec59e0523b74541ea954238f04d68e908237f63a6f5e861a80cb1b59e6227ff2c10e3249623dc2ac6366f8793

/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db

MD5 adf6082723784327d7d1b34adf974e7d
SHA1 b1502f70eb881a1dfe41139cb719fefb877ee37c
SHA256 252defb835b04f4af7c59bde7bd119664e901928f1373171a287897e729cb2a9
SHA512 762f146c452e590e0e3015a080e9821b5488551b9cca7a212ceb11a853ddf6b1894c99d09ba20e6691f5078aaa8e17a6ed66dbbe541eaee152978fab6884e27b

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-02 23:50

Reported

2024-06-02 23:54

Platform

android-x64-arm64-20240514-en

Max time kernel

123s

Max time network

132s

Command Line

com.ticketcreator.barcodechecker

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /system/xbin/su N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Checks the presence of a debugger

evasion

Processes

com.ticketcreator.barcodechecker

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp
US 1.1.1.1:53 firebase-settings.crashlytics.com udp
GB 142.250.187.195:443 firebase-settings.crashlytics.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.204.72:443 ssl.google-analytics.com tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp

Files

/data/data/com.ticketcreator.barcodechecker/files/PersistedInstallation4220155053632519133tmp

MD5 1d250de99dc9c14545698991add4deca
SHA1 d0bc559daa80a8040a3fc830148d4245762beac3
SHA256 78fdaca897d9273de6d8942cca024d2111e1a69b59b4c30161ec48c6402693cb
SHA512 b175d880ead27758d66e0007b09d4000daeeb89c231d26a88eb2c098c2d17beb8f3d00bf10ad022f9e29d68f48388369bb43e265d192c9ed5393d3ff2704894c

/data/data/com.ticketcreator.barcodechecker/databases/com.google.android.datatransport.events-journal

MD5 5e2571afdf6d30445dd965147cc43ac7
SHA1 851e4f10d4b458cfd243f04a74e3411000c0b02d
SHA256 8170a72fb509716921f2060948d100c499bd2f91bd090730846229167f78e214
SHA512 a4dae6a57f81523bfe4371f2ff23cdefc59e6272d70825529259bf7feec92291401059cc7c53cec7bb82c79cbc6f34cc9b05f0edd14bfc7b699d20c54377895e

/data/data/com.ticketcreator.barcodechecker/databases/com.google.android.datatransport.events

MD5 f9a65ba8e88fe66ed1ff365a1c7fc429
SHA1 c0bd80de928ad06a681698e10a13d0261921a0f3
SHA256 ecaef4d294ddaf9e4f6993cb4f6a5edbc5fb2e7664b432fde2a60be254c56a07
SHA512 b8e76a4ae2764c7cc150417a4ecb187fa7f6e5240ec9750baf97fc510031347ced54038b64fbe6bb601526876c94e27011d30ed44401ffeee83b8de14947130c

/data/data/com.ticketcreator.barcodechecker/databases/com.google.android.datatransport.events-journal

MD5 3d12bde6ae11dd4826181cbbdabb36d2
SHA1 591393aaf60343341c0fae73053808ea767c772b
SHA256 e42a7e80e466bfeb5e945889340fe7edb487ead50876a0b93b83008c5723f5b4
SHA512 133f33f9b762cdfc4eaa23198ffe648cf90dff97a172989cb7319d343e6af32050724eaaab4660cb26f89c517ad8414582e6278f126dcc9ee7a023aa97c3855e

/data/data/com.ticketcreator.barcodechecker/files/.com.google.firebase.crashlytics.files.v2:com.ticketcreator.barcodechecker/open-sessions/665D05670107000111A1582D06083560/report

MD5 7c0b4386f4780a22ef71d359b849f119
SHA1 ef0053e785b4d1792a6d18324eed2810b178305a
SHA256 aed0aeb02e8cdc032b8e776fa0d7937a6a0966abd46fa683af7e87237e8ba97a
SHA512 1f34d286006986ec213ee50f26fb35d391d9135947e46767cc356254b393c64c78ac8dd798d0f557feb0abb1df8475aaee5ce2e6c6f00ca001148bde1827eead

/data/data/com.ticketcreator.barcodechecker/databases/com.google.android.datatransport.events-journal

MD5 0a3c35e4e66767f963d82ec1baa551e1
SHA1 1115f62f5aacfaf35314c468a5e9c9fa3347e3d6
SHA256 54055e8b3014b92617999a421c7e1605881016d1522f40ebb7223c5da306de95
SHA512 9def324a86a4d0467b5c6065e155a52258716b2356dc4e9cd9da2a1641c83f1426460e2de52c42b4b9112ec765246291eedf5a7103adcd2d2948c89fd85cae77

/data/data/com.ticketcreator.barcodechecker/files/PersistedInstallation7615413311110285798tmp

MD5 bb400539aab236065966ea79b085c212
SHA1 ac790be242ba81b3289ff2243ff2f641a00442ef
SHA256 ff0fef275d3ab2fdd69350598fd5e2d3fe29afa0c07e5ebe79f1621a020fee3a
SHA512 c70b9ccfef303b0eb5c968a1b57cb0e0f19834ba4e190046732a5ef31cee9d4a3b7337f199e2093e3824a06c387253157a188998fe5186b0f35723f1a6474e3a

/data/data/com.ticketcreator.barcodechecker/files/.com.google.firebase.crashlytics.files.v2:com.ticketcreator.barcodechecker/com.crashlytics.settings.json

MD5 db3929a51c4cff591cb400127cde77f4
SHA1 2462f732f9176c893423d44caeb35e086175dea3
SHA256 70d384334aa96ae81ad73c31df4d140b3330c6b74726d54547519dd5af9430af
SHA512 8ada513ee79d198f77c5eef8f185a8c2a768678712262aa51b91e7427dbc7603638f59f73bb73ea584c16a36850e7ad2c700514ed2d2a6c7c7b351699efa6ffc

/data/data/com.ticketcreator.barcodechecker/files/uid.txt

MD5 ab24cd6b682fcb4c58b47841d83bf83d
SHA1 d2edea8a553937237f1610ca532be33a3223a58b
SHA256 2921c4e49430eca2ef0bd57e7d7a015e4cb53c56b4450302f4cf44c52cfc17f9
SHA512 f823495131a8d04ca349ed40846560a864e224a28ec7e581a7789ff32083d34417ccce810e8d6ad6e36b3b9802352c884be7bf0199c3945b39d280b1b6a3be6e

/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db-journal

MD5 b4a1a3f0379d23e3d30b4cd29055a895
SHA1 a98e62854a427d38c1674f09a188227b7f66b304
SHA256 dbf8f50f5a041fcbd6d675d2558ed33d8d1289cae297eae72a9156b17f68407d
SHA512 c45623ba6dcbe6f4c02f9b4cf527f5a7caf444fd92a48102c05be818b7059934835280af1c8f1819fdf067c056c358133c31f3ff0b67a6395afd71c72078906e

/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db

MD5 d9cf75fdd1c2292d986f6c3d5d60f2c8
SHA1 07ecb1d3a26d952ae5fecf54f36699ab498510b1
SHA256 2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a
SHA512 442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db-journal

MD5 8587134b6951bd430d429a1fd22b77e4
SHA1 7e8d7d55d5165f93673e9f833db085190b068598
SHA256 a150e764f7d5856ca2d2e8efb9d60c03dc001d471f803a55272604ad97217db6
SHA512 2b6bce5840e42825b0fe5e8cb77b421c01ca70824e04610a5ebd4d1c7ff7e5554279c0d82827ec2c64ff0d48b2955c1d36664750d9b893e624110ce8b0531e0f

/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db-journal

MD5 d50962b6bb8de8c2f9b0166b94138b65
SHA1 4027a79480049ac44d6180ecf420dda67d0c652f
SHA256 05ed69a17cf379a3756ab0a213c860b503386fde1dde73a43a462fa3b93f0c65
SHA512 037f8729c3e89a3829b2577547a401f63a5aa9594471aa5d044bfa82b74cf4cd02707686c967f2f3fd7090b3d13145b8027ead710bd6304d65c83b176e704ef1

/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db-journal

MD5 3212fd4f5fd48bf902df5edb3db6a028
SHA1 c908baad5806b6fd20207e320ee9267f860003db
SHA256 4df7bd0a681441a9b98b8cace68450c5d0068e817f782b4b81d62dec60c4ae71
SHA512 393985df9ac7548e518c532d0b7c0531a525f98e6819484dfe1d3382d0626ef1a0b26301469ef27530c1f4478926c5225c2892ea78fd2e246419b8a15144143d

/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db-journal

MD5 9ec1d73e6009945240736259ec4eeb32
SHA1 e05f4bc53f5d7926152774a198e1d9891a88cd83
SHA256 2a539d333aaa51a471b194170c4a6d500a78ce6c24b8b079721d5b9cfb2c8eee
SHA512 813ca87e56a19afd37760476cafac7e150ac472a083394d60bb7a3940b8c64b194f0e30d90eecbb3d5eb11e91cb4a078c88656bda95df1f1827e7dd72eb3db22

/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db-journal

MD5 9583d43a428aff375c525f2f76123446
SHA1 bb3f910a8dc29234cc104f5075db074aa0411bf1
SHA256 196b693586bb3357079dd76439ee80b8c6a58bd04968ed4fef8959d07410d6ce
SHA512 b5b70921a0fbeeaa296f485cb38e2f4b3a14265392bae318db05636ef342bc7e818364524fa9c3dc9ba187bbb4a4e7ee135ebf611f53310e991fd02ea232fe9f

/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db

MD5 95b74e908c0073aca7d184dd22507299
SHA1 592f5020346259630a25414f12ad3955abe8cd41
SHA256 cba776c7d53b767667f292d804496d61a4a40de3dbbf3b6fc376a4c4d9ba4e40
SHA512 0e7f7ac991c1d084b73a61ee91e1a855faedc04089a5210c23f53137ea2f2b308dcf60544a09b232569e19fa736b104b6d6791318b0f734fd449e3edd3bb5280

/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db

MD5 b6f58ed72f0c097437a06a670fb68e92
SHA1 aee4d9a9156a17fd55f155d6fc8875b21941bfef
SHA256 b06a84b6e682e1e1ad6cc914059c1ccae4780af2c1276dd3aa72d454cecc8d42
SHA512 11bccfc1fd6173d1394970fb83724b81071a28416091e17cb58173a630946aff1e1e3c8cf795a19481157526b759b94f8bf9f9c89fe1b11fd7dc577f6305b5ba

/data/data/com.ticketcreator.barcodechecker/files/.com.google.firebase.crashlytics.files.v2:com.ticketcreator.barcodechecker/open-sessions/665D05670107000111A1582D06083560/userlog.tmp

MD5 c33583fae4e0b61cde1c5b9227963237
SHA1 fe2ebe4d27469af1460f7e852031a04208ef629b
SHA256 35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512 fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

/data/data/com.ticketcreator.barcodechecker/files/.com.google.firebase.crashlytics.files.v2:com.ticketcreator.barcodechecker/open-sessions/665D05670107000111A1582D06083560/userlog

MD5 665418170df19786dbc35480ae32dbd7
SHA1 c5e33a90a2bed133ccba1c3c85b95c4e7da0a9ee
SHA256 233b5532774ee08163483bd2a4a0dec1d27bbfbdcda70cd80313f23fc67c6bd6
SHA512 25a9a6c380105620d598ad6b9288e5d60621a7eb022e5f2fd339ce34f6c7db224183e7428cdae0ddddbcd09affaff373b33a767cca7a41b160b0d3e1f534286e

/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db

MD5 f5934fb8665a73e5c7a3bf9cef692ed3
SHA1 aa05208c3ecb95e3dd0ba350ab6269f2341a468e
SHA256 4ea446b7edecf6c5489085d270c6ef139e2ebbf5f40b02edba4e223751a937be
SHA512 904723bc13a26274007d2766a447fe0be8c44d1b8a8efbf29b84bd65170d5b7d49678fbc105b8801ef1fd67a57077876516751489940decb750811cba269a1a0

/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db

MD5 46905f6105374b58746a44d956e28f60
SHA1 385cff5cd3dc8d8c6828813025cb5b64126b0eec
SHA256 2f374ba9c649e081c30ad9e0c2d678d1240d1eda2b47c5752f155ac80b01a1f6
SHA512 2241586fc9af7bb08cb98c0bbeb391aca0118d412d72b2618a26b0e811612afa1365be26ffcbe74641b024d7d1f837501b160f6ad64db3f1b8b138333904adb0

/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db

MD5 de82e2c94d2718988804b035a46d17b1
SHA1 705f5ff19093ad209f2a666085d6ccaed3bf58a4
SHA256 29110e626f8f49171d14a819b34492d094120f21ed7a963007fe95439d771d39
SHA512 68f5f88e638e76cb5036dad6b320896f1735f64067ace152e0baea81e9ea0d153559f53bd5c608b397281369dafd14c5f5965f92f567dc89db157414a699023e