069d6258fdcf9b13fc9065fa58d4d6cf5a65849bcf74d5bdb154786c74577466

Analysis

max time kernel
123s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
03-06-2024 00:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

069d6258fdcf9b13fc9065fa58d4d6cf5a65849bcf74d5bdb154786c74577466.apk
Size

3.5MB
MD5

0745501a1a2b190983832460e999f1a3
SHA1

913220e033309c7eb6f3dea22d0784786bd3e76a
SHA256

069d6258fdcf9b13fc9065fa58d4d6cf5a65849bcf74d5bdb154786c74577466
SHA512

570ba89fbdd180c761d924247361f49c322a5379e3a9212b284c6a30a486d92937bf0106c7e5f602f991bc731af1742eb87d7298409599c56bb0067512acc15c
SSDEEP

98304:RRyzvEWAG0/BrC1q5JmShKKlWqwiqddfYswZ:RRyzvBF0/BmA5JmOFWqw7dxYl

Score

8^/10

discovery evasion persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs
evasion

System Information Discovery
T1426

Processes:

com.ticketcreator.barcodechecker

ioc process

/system/app/Superuser.apk com.ticketcreator.barcodechecker
/system/xbin/su com.ticketcreator.barcodechecker
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.ticketcreator.barcodechecker

description ioc process

File opened for read /proc/meminfo com.ticketcreator.barcodechecker
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

System Network Connections Discovery
T1421

Processes:

com.ticketcreator.barcodechecker

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.ticketcreator.barcodechecker
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

com.ticketcreator.barcodechecker

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.ticketcreator.barcodechecker
Checks the presence of a debugger
evasion

ioc	process
/system/app/Superuser.apk	com.ticketcreator.barcodechecker
/system/xbin/su	com.ticketcreator.barcodechecker

description	ioc	process
File opened for read	/proc/meminfo	com.ticketcreator.barcodechecker

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.ticketcreator.barcodechecker

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.ticketcreator.barcodechecker

com.ticketcreator.barcodechecker
1⤵
- Checks if the Android device is rooted.
- Checks memory information
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4286

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.ticketcreator.barcodechecker/databases/com.google.android.datatransport.events

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.ticketcreator.barcodechecker/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
1680cd2754fe367212ad8af58ef5c311

SHA1
36f5d2b035c77b9521eb1634db64ae624061aafc

SHA256
11067d0057834137d8220d4f9478f91e03feedf442a16e719c111ba7e03ba8fc

SHA512
c3bfe4e43e07143f7dad6f6e71a715ce4c03847f2b076be912d56c3bec75ddba283239a0379b312b57ba94dbcad1b8436967c355d8ac32460539ac1f5724957e

Download Submit
/data/data/com.ticketcreator.barcodechecker/databases/com.google.android.datatransport.events-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.ticketcreator.barcodechecker/databases/com.google.android.datatransport.events-wal

Filesize
68KB

MD5
3f08e296c6f802a0c3ee63ae4a1c01e0

SHA1
352c746fbd544a56eafb8d2aae76f34037e10e61

SHA256
c2ddc9e28ddefec79e2cad80fc929cdb83b091d74c1887301191fca5c29567ba

SHA512
7873f07417d0bd2bbfb665850fcb2a10c492042b3401760447d75e9a621063ec4348128fcf79810a5fb1faa9822219aea038de8d26ded7517bae921157936084

Download Submit
/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7237409e0640cfab7bdbd429bf821a3b

SHA1
4c3da934842f8d4835dfe2a9c275a300e5123309

SHA256
5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

SHA512
c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

Download Submit
/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db

Filesize
16KB

MD5
78ae873c281990d0c2a618b0a258f4a2

SHA1
1362d6da187629970b28415d150846efba2e1eb5

SHA256
6a627af8f3c020bf8fbea01ebb382c9b5c0731506a4388161146542989676931

SHA512
e99f8e5d1bc9bb1e19d0943a4d75c8998332ac712258a9d0d4a7439da127dc8e4a14e6cbd075dcd590ed8165f9f5d9089cc36fbbdbf050bd1cdcc24de4604428

Download Submit
/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d5ca97cb637b8b1edf828e6437a38362

SHA1
aadfa77919b7f4e20702ac8aa01d7057dffc0ec1

SHA256
5907d7d1e49f6cfb104a0c60e1f44e74b54e5b922584230e690f0997f1aa7741

SHA512
523542d86f537582b68d22e0d87b73a2c47da4a70813fe7bb951ec889927dd3b413632fc4ceb7934f072db4ac928f0c16758be47a88994d1f027a7fdc55493fd

Download Submit
/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db

Filesize
16KB

MD5
25ac4bc2f6a727bc289a4f2c1dd805a6

SHA1
e1c7ffa6878869622c0f29c5f6bb37416bfd60cd

SHA256
e646967efd85536b141ef6fb016e15816308cbd3a9865c6010171a933ebc1500

SHA512
da0b6efe43fcea4e01c2c807e736834a411e9d67df4409060c454361456dfe5bf219a986434d5797c8c13a41e8ed6583506bbe620c4121d48ffa7862803ad687

Download Submit
/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db

Filesize
16KB

MD5
f7a5a03f0bd2a94d371c7e4b6bf2d56a

SHA1
a6d5496b8fe74703f186d5d893fad4cf935cb928

SHA256
264d078ac6f01b4e0dae81ef1c3cd3c901569146a8cb7013e7efa46e80390891

SHA512
1700bf4034cf329f04ff966edac382c161f6bdef83df743357d6b677f6747d4fdec8e24d008a325e49c56002241739c8deb00ca60d2d52e191103dc7e77ca978

Download Submit
/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db

Filesize
16KB

MD5
3e881d9a01ca707bed38018ac69f4518

SHA1
5820f9351d7cc8082de6e5686eb9f8fedf6fb830

SHA256
4a5bf9bfe9b032546f886dd5fe6717de78716734aaadab620c0444ed6df5151c

SHA512
8f0395c94b3a449f3c61e7117f400c7b8a12c23d3655be6772bce2c8aa0ec8d8be8000c5cd2c6e10b334ef54a4add5583717393c3239da80c334c45b8b392db8

Download Submit
/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
da3a179f0d1957de4f8bde164ffdfc98

SHA1
727e964d75c066004697a526be8b65b3998f2be8

SHA256
59f8dae4d7dc8e838caa663977c273cf6e25f588551193c56abc09d2b4f2acb0

SHA512
ba345dc75480081d77878196f60737bbc460666bd7edca0dc678fea6aada78ca840295e80fcc5b50dbb610778d4dc860249ec1cf7f856d41977fa25e6adf8012

Download Submit
/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
19aa6fc81cd8088c3974c4c48b4665d6

SHA1
ee26e385838ddda8eb1ad1b3fb6896c4e1e18f11

SHA256
725530cfdec8b0e8a42a70711f50d11ddc117e7b1dd9f899a99151b3901a5076

SHA512
907da74b480ff7094bf19c322f3e3a673d4c34eaf1e9b4badd7355fa53c84657f7ebd79c643e03d2bf74e9b927fc53e7e115f5fc2613054a4b0bf5343dfb62b8

Download Submit
/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
142bb58f118a99e5476b24a11e137d44

SHA1
a88f759f7b14186081b5868f28a2f60d2c7fb04d

SHA256
b8d56c45b321605bbd6b0c303263307c928b9ab8a27e51ddc22a6da0871380e3

SHA512
7d6fc69c5447884ea56c27561b1ad57add7a9413ec66e011989153232e313e6fa3f1e3cff1dc009d551320880120112582b67dc192745ca73f44d43ced62e52a

Download Submit
/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
d42dbf9d674197b44327da6b0cc1b804

SHA1
2472ed87e14b210f17b8985340e534dc104063bf

SHA256
3384b06436cfe1457f005389fee5bd3c708502a316f777f88aaf93378ba58e6c

SHA512
6ff1f05e00b58d80e792ff77dea9fbe8b762e7b224ff0020707f856595d759335e599870d1bfa516798363520f6ab8d61214309618fdc8b92a69aa5a7233f36d

Download Submit
/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
2d8ae70fabd1a88dfc131e786ef4c3d8

SHA1
507a5265437d9f9444b79a6f1629927f7b203438

SHA256
e7427776117f70319a532894537c07b1a3859065038fe7381fe790c4b609b365

SHA512
4035c6c9b0cd3c4a23699c9ed3a0c8d3ef9a0cfa7c5d14f3d82ce8bb5d6665f6f131c7141186e81448a7d9f74cc149862c89100502667dbbfe1a7c3d5e21a978

Download Submit
/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
9453368837e9d72ed5cd770a2badbc4c

SHA1
3ec747d9cdea225f500dc333b727dfaedad3e9af

SHA256
bad5e4a98ab7415bd19d7a9821c2bb5b2831768189065ba1111bd1406cd54468

SHA512
24521c5eed5e820f4344c4061e3982bdfaa8a8a7ef95f8175a4757bc4a5ccdd440ee3fa8e19ca706f3449c29bbfe42290e5780407c3ed543d90d658f62591dd7

Download Submit
/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
71b05a35b22552c52c8b26d7e4f9de06

SHA1
389498ace93301fd379e335a196c4e1372a2cdf8

SHA256
861fb47c9c38e676ba078f3e5d13093bddabe4bf18370b40c55eba8fc44e9334

SHA512
bad0adf98f2d26a3ed6b0eeaf492f0cf7fb90cf83f83231b71b32490ffe218eeb7d547e2dd4e6427895ed4360a8e6f73862f4b78b1316d3dfd52bf4c7739c156

Download Submit
/data/data/com.ticketcreator.barcodechecker/files/.com.google.firebase.crashlytics.files.v2:com.ticketcreator.barcodechecker/com.crashlytics.settings.json

Filesize
728B

MD5
bf067ebf5f919122211b85b40962acb9

SHA1
bf03b72cca3b655306ccec5a17f1eb4857a85ecc

SHA256
ad336fe70acd5bdc01d2fb168ebb001c45da1a980dbfd012b15b00f433befe3d

SHA512
e2fa7c41f8025e51079ec46cc66e5ae341bcf61126d93668d27788ff3936f703fed4ab385b538e7b712afd07aefe04e3463e9fec42e28ac7585e78a4a68ad7f2

Download Submit
/data/data/com.ticketcreator.barcodechecker/files/.com.google.firebase.crashlytics.files.v2:com.ticketcreator.barcodechecker/open-sessions/665D079A014E000110BE1062C6522275/report

Filesize
741B

MD5
cdc3fa870a42057cb0f509ed37e12176

SHA1
fe0c1cc78077bd64c6ede8247910aaf75d9ca079

SHA256
79e92bc8a012afeb01e400f344b9d79301bcaacaacc67398ae13f09503b0efb0

SHA512
de71504f1607b22ba70758e325d97b27f30383d66702ba1904ce29a979f6fefac46a7d6506108271a37678bb736a5a8cc92d2da11778895f5e2c21ef70815472

Download Submit
/data/data/com.ticketcreator.barcodechecker/files/.com.google.firebase.crashlytics.files.v2:com.ticketcreator.barcodechecker/open-sessions/665D079A014E000110BE1062C6522275/userlog

Filesize
183B

MD5
93f0c229616889da5271b4b53a248f51

SHA1
8e51dd79d33cd437af4b2034920aabe34dd6bc2c

SHA256
41fe62764842c8542034c7f46a0f7cc8f3a9ddc7b77037576de8c54f3f93750f

SHA512
94e85817c45871e5adc867ac2136f01d6693698349dc9b5fd4a87e8cfb791ccd672772aa1733522ba232711927493ef2a3d605526c72e8bb3b5b04d5f0ae502c

Download Submit
/data/data/com.ticketcreator.barcodechecker/files/.com.google.firebase.crashlytics.files.v2:com.ticketcreator.barcodechecker/open-sessions/665D079A014E000110BE1062C6522275/userlog.tmp

Filesize
16B

MD5
c33583fae4e0b61cde1c5b9227963237

SHA1
fe2ebe4d27469af1460f7e852031a04208ef629b

SHA256
35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

SHA512
fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

Download Submit
/data/data/com.ticketcreator.barcodechecker/files/PersistedInstallation4640067795826620941tmp

Filesize
561B

MD5
aa1c34d2edf88982e3d18fce1024dc90

SHA1
8ebad69b7166e3a3b4c8db45baf6a797393d620a

SHA256
632f628c49d85bd3bbae0779c749954ff6d5c6621d74a0a275c2812263852e79

SHA512
5f2d8b3d2676e242dd6f1739a1b1c0a09cb3e545b547d907b716e1d81efa7f3071d65be78bec8014ef3d5180c8cc558d2587edac2061ad334a19356f40b03b43

Download Submit
/data/data/com.ticketcreator.barcodechecker/files/PersistedInstallation4706843197149920029tmp

Filesize
90B

MD5
4216c6be7e66781eb544e29ff5542126

SHA1
e4937b3eca5da1edde58f72bf5cf5c174705751a

SHA256
8fb91bf31bb4768d767fc2eea825ce3a2d2d2ba75c6c83ad024e24ef8f7e4979

SHA512
0be272a06c5edefd573e08ab94774c1738c94fd4a25f1adebc114cfa9503f08e32bbb630b7c690ed92bbda8e0ddddba024fd6290c1391ffc1e157756cd643c89

Download Submit
/data/data/com.ticketcreator.barcodechecker/files/uid.txt

Filesize
44B

MD5
6ffe4b36fee4fd69d51d3670998db132

SHA1
d3afc195760f97b245985b44bf9fd4d2cca9a8e7

SHA256
0964f17dc0683b25e3701b9f7bbc6f7aaa3bc89655698b41b32a1a2a21696977

SHA512
282f26dc3fb731a2a5b247a643aef6f1ac064858d544ccc8d6fb752b9701791257bb3692bc7173ee14d96bfddd57356dc63f554218a4e1e7864bac176302525d

Download Submit