069d6258fdcf9b13fc9065fa58d4d6cf5a65849bcf74d5bdb154786c74577466

Analysis

max time kernel
123s
max time network
151s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
03-06-2024 00:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

069d6258fdcf9b13fc9065fa58d4d6cf5a65849bcf74d5bdb154786c74577466.apk
Size

3.5MB
MD5

0745501a1a2b190983832460e999f1a3
SHA1

913220e033309c7eb6f3dea22d0784786bd3e76a
SHA256

069d6258fdcf9b13fc9065fa58d4d6cf5a65849bcf74d5bdb154786c74577466
SHA512

570ba89fbdd180c761d924247361f49c322a5379e3a9212b284c6a30a486d92937bf0106c7e5f602f991bc731af1742eb87d7298409599c56bb0067512acc15c
SSDEEP

98304:RRyzvEWAG0/BrC1q5JmShKKlWqwiqddfYswZ:RRyzvBF0/BmA5JmOFWqw7dxYl

Score

8^/10

discovery evasion persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs
evasion

System Information Discovery
T1426

Processes:

com.ticketcreator.barcodechecker

ioc process

/system/app/Superuser.apk com.ticketcreator.barcodechecker
/system/xbin/su com.ticketcreator.barcodechecker
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.ticketcreator.barcodechecker

description ioc process

File opened for read /proc/meminfo com.ticketcreator.barcodechecker
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

System Network Connections Discovery
T1421

Processes:

com.ticketcreator.barcodechecker

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.ticketcreator.barcodechecker
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

com.ticketcreator.barcodechecker

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.ticketcreator.barcodechecker
Checks the presence of a debugger
evasion

ioc	process
/system/app/Superuser.apk	com.ticketcreator.barcodechecker
/system/xbin/su	com.ticketcreator.barcodechecker

description	ioc	process
File opened for read	/proc/meminfo	com.ticketcreator.barcodechecker

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.ticketcreator.barcodechecker

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.ticketcreator.barcodechecker

com.ticketcreator.barcodechecker
1⤵
- Checks if the Android device is rooted.
- Checks memory information
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:5114

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.ticketcreator.barcodechecker/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
fa73cefb699224106188bdfbb97d63dc

SHA1
fd2b158ea80cc52d94a1bbee764c3303f2e3aca4

SHA256
fe81c174dedcbc5d17c185f0022ed4a80ce35849e006dc8153f9787f47c51e12

SHA512
340eb63e073d9c43083a2b61e208641c516b23e0dd04f2e2faf6b1c26b39010a71524dd8326e8de657e88d0298e5571591bd416617a17b9983f6eae8ec2c229a

Download Submit
/data/data/com.ticketcreator.barcodechecker/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
d7413ad72b7d0102405629a8c37a14e1

SHA1
4593b34ffafa271a783c9833f90688e338b3ccbb

SHA256
22dcce07ae42aa7970da616c53e2954e3aff545c40d367c5d520a3b418f058e8

SHA512
be2717a99da8396f16a26fa3406062bcc9fec708a445c2617280f570eebc3ca4b9864c81e14943df9918837b8f9d29f53faa6eea5cd711cd60a015fa9e0405ff

Download Submit
/data/data/com.ticketcreator.barcodechecker/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
f24ffb22d5190935d7e4ba1fc682e2bf

SHA1
e0a3aca13e57bcc062621383efacb744560291af

SHA256
6d2dd8d9d04d0e3c0b43cd1f08fb24fdfed5207b34d888b1dbfe49fc646085e9

SHA512
a1d2e6daf0940e0ec5d7f7c5d7009af3845f551d395d0e6a416235e89ead27caad0638dc681b7d368261d25fcc4dbf926ed104595a7db0218582643975ef94be

Download Submit
/data/data/com.ticketcreator.barcodechecker/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
a4b1e8bba06ab28559a7dbb859433bc5

SHA1
244d83e38b843ea2005a30378744091ab9f68a7f

SHA256
65dc14c7206e81c22d206d460b9614790e14e68a9541e5d122825bcdb87797f0

SHA512
b33d59a555ffe1d65acdb1bf16b1700d8489ce4d80f3d23825f6d3b939c6e172429e3e39e5d1eed2103d7fd42957b28780f03ac787ba5891ba7b56037b42f6f2

Download Submit
/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db

Filesize
16KB

MD5
eb52a90bb70b76e946b62f50b6f7fb85

SHA1
42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0

SHA256
48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4

SHA512
b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

Download Submit
/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db

Filesize
16KB

MD5
917db21e50bb5ee09cc19721e4e57b39

SHA1
ee73cfe5d4cf4542708abfccdb7d9973e53a0976

SHA256
0af235299ef815caa3e3b51a3ba7a1d1835549e287d14fe2b267f96553aa6866

SHA512
7f49b354040ea8aa1dcc86208160b9b81a521eb9a90df7ad832fefd3b2ae61a3ec15118faa216c342e5858d8b7ca92366cf8fa92536d49e72da7a48a9ed3134e

Download Submit
/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db

Filesize
16KB

MD5
ceab79d98a3c7164246a1d7e898c087c

SHA1
ba7390f7d16cabe23be72468485f6277b33370e5

SHA256
1b61891a11f559dae9ec26badc9ec3271fdffe261ae88ecefb987203068fc1d2

SHA512
a3c7ace99859ce6f70a658a98a1903e5e4d0ef81790d2eccabe81ab4519321f6b6fba32e96c8b84ec4162d4702a73befbb8998afbb12212e891d68f6dc99325b

Download Submit
/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db

Filesize
16KB

MD5
31673184e1c6afe135a5385c1db096e5

SHA1
ab2d355d7308a9b022c7efce4d1fdd0088b7c1c6

SHA256
9ac02b955d5fc9ffb4a3a5ef476d223e947997a160db317c58a96bae4abce3ad

SHA512
f6b7ab8c089d84112d5e9ee1c48a6e1e71003183f6a8d66b77f7f78d07a8d3d23340e5991330f61432b8b3a35eaa918dfd5ac9eb2fd68c7b3c662d298ddedd8b

Download Submit
/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db

Filesize
16KB

MD5
4d011442b1c8aa77eb978d57630b2f52

SHA1
f6845cd06373709fc353fe900615c1c0c1861462

SHA256
b4b5dc3aa00c06d9ab9110da11e5e8d28e895ed468b1c911b0afa31cb9131666

SHA512
1c2ffd39105374ed92b59f747df0087cfc5a8fe3f031e16426886d5bd02162a7a219f8367a456288cc1e00b48ed39445af4ff5370bc5dbbf2a74fcde183754f5

Download Submit
/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db

Filesize
16KB

MD5
adf6082723784327d7d1b34adf974e7d

SHA1
b1502f70eb881a1dfe41139cb719fefb877ee37c

SHA256
252defb835b04f4af7c59bde7bd119664e901928f1373171a287897e729cb2a9

SHA512
762f146c452e590e0e3015a080e9821b5488551b9cca7a212ceb11a853ddf6b1894c99d09ba20e6691f5078aaa8e17a6ed66dbbe541eaee152978fab6884e27b

Download Submit
/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
f8db9acfe73ced12e67712e01320bb36

SHA1
7311cfb0e6849623e79586a044a2c54e94cc67ce

SHA256
1df433ac2186c6346b5aa0f697e6c23e0a3d379133a2ec37030e909c454e0a25

SHA512
da23aeee0ca64320c75e614264e0b1fe636d95c2b537f7d43bd04d83a9dfb612f6c588a2089a23525dd5e1864b9307eb3062ecc479cf9d6d08bfbb684035063d

Download Submit
/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
72947b898d19d8d651e72dfad4f9c6e1

SHA1
9654313efa25171590a86aa2c6e67cbbb0f1ccb0

SHA256
ca94381b811cb4946d572bac73e8965469c59083ca0f73af0b84d95b1bd47963

SHA512
58cb268f0c84d4e16910ab8f5972e242accb3a76f2792f493caee8d950c27bc4094b81c139692e641ab9c54fc674f4a4de191dc99ac8416e4e2f52608e13a90b

Download Submit
/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
282f289a77913ed825ccb8c1b437c6be

SHA1
16fec12d2bacdb5a518b887ba944fdeaf32436d5

SHA256
ad6adfb82c80e7bb62c1e376b659bfccace9a8bac889ca22162a3853c34d8bdc

SHA512
193184e38d1d744e648bb78e4966632e07a366744268e14f1e30962c3dd7b84684c609ab86c9723a7bd572b3b27f595f4a8d4293f2479878f7036b2ba1917a45

Download Submit
/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
99f551bda3a0b973647c0590a8a7089d

SHA1
b8a3a77a70064cd1ca0b51f430401c422dab17c4

SHA256
846440461b86d5ab293439a6278222ffb379e56333df1c953471cfac40281f4c

SHA512
f08e97d169883b246c9d3730127b8b3337a722bf30f6d96b7b5418d04a7a4640c1c44ae05bd7fe5b4b9dc4b1e2984da616c12bbbce68177a045bbb1e477d7a3a

Download Submit
/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
7369e1c5a8b505c761cb86893f2ec903

SHA1
ef4780ca1af0819cbdf4d63c7bcb90ba8fb047cb

SHA256
adc1b5db2d0fdc3d1ab85206bbc20398894a7b01db30cf2d2110ac600accf7ba

SHA512
d212518f836180dd65f395c0cf9520ca9cfbfecabb7ca420f341c5f4b0308ba8c0e8d4185cb5337980a38f75ac66672169139acca3a2667d551b695a70f89588

Download Submit
/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
bb32e5649bbac56ab9317ebade1a3d87

SHA1
58c675f89beb0feedd6e47c9a25423f8317d2cf0

SHA256
0d479eb6f7192b38fbc02c2022bd0bc2943fcc8f707b7ad7a1df2c9d9f67647e

SHA512
1119a6c10e095a1f952e1d65601c0bd0441afe0f9272005bd403788af6dddce905eb80e730a7d79f344e571e6c453bc0ecd183800204cea45e056b7c217fd486

Download Submit
/data/data/com.ticketcreator.barcodechecker/files/.com.google.firebase.crashlytics.files.v2:com.ticketcreator.barcodechecker/com.crashlytics.settings.json

Filesize
728B

MD5
e56db5ebe40ecd60338400b3d82f4835

SHA1
54f5bd9031551f5c5d76d63562fb2530d9cf2f8a

SHA256
1762a91fd07ef95e6b01a8341f5fc1816b404fa2ddad99d01437c4bc0d5a0093

SHA512
e918b1151acc2ade92ea1cb209245fe801cab212346426fb061d0b393700737ef7d3210a377dd884e48eb450bba7d2007ef8b625b1517a713e08990b6d24a552

Download Submit
/data/data/com.ticketcreator.barcodechecker/files/.com.google.firebase.crashlytics.files.v2:com.ticketcreator.barcodechecker/open-sessions/665D079C0259000113FAE3743388E6C6/report

Filesize
742B

MD5
46009c710da68b3f398c4a47f63e1693

SHA1
3f2ca6f30a0b97695e5a5dcb426fd4ed3b2a030e

SHA256
5b91b426fc8013698ddf6aacaa1c4375daa83b4ca9507ad2d96fbeabe10e29ef

SHA512
f5968c87767caa3ae603f6a490fd3a69fb3c208614e307a93b09071b3ef659ebbc7f8757910b16ddc24e4e385ff30acb3ee236689e7eeb9a3e2f471fe2ada230

Download Submit
/data/data/com.ticketcreator.barcodechecker/files/.com.google.firebase.crashlytics.files.v2:com.ticketcreator.barcodechecker/open-sessions/665D079C0259000113FAE3743388E6C6/userlog

Filesize
182B

MD5
d60a1ef5c60fd562c5f609c652fa2082

SHA1
37ba26c9f2b71599118a7d8df7c360142dc186b4

SHA256
8ede8b1a0a6d8a6e06ae2e03c381059164de6074ae75c3b90ced3e895c57def1

SHA512
f1d515e775e1a138e91ccf91f423c7b8cf43f6638621169b70364d1a39ecb1f66f4e946ffd92dba3c0f026ee3e4697e647a0775816b57af197f366fbc38a9bc1

Download Submit
/data/data/com.ticketcreator.barcodechecker/files/.com.google.firebase.crashlytics.files.v2:com.ticketcreator.barcodechecker/open-sessions/665D079C0259000113FAE3743388E6C6/userlog.tmp

Filesize
16B

MD5
c33583fae4e0b61cde1c5b9227963237

SHA1
fe2ebe4d27469af1460f7e852031a04208ef629b

SHA256
35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

SHA512
fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

Download Submit
/data/data/com.ticketcreator.barcodechecker/files/PersistedInstallation2036458530066334178tmp

Filesize
562B

MD5
34ec708961d3346041ecda159377ae71

SHA1
5dce57bb138fc5478a819c43968f129cb8f026e0

SHA256
4c76e9f61be5ea5d9f8a1d339e36c65e51e0751865b5096e11cf6c89591b99c4

SHA512
4d45b97d20b9fc9626405f6235d5ad2a729cca2f76c7475cf0f1466ea7ae558ad93396bc153307cb4519162b397d15c88cc5231598a20d61dc57e4e408534f34

Download Submit
/data/data/com.ticketcreator.barcodechecker/files/PersistedInstallation8072952991299205968tmp

Filesize
90B

MD5
4b0e2b1dc6f9bbb1542bdff120e2a7f1

SHA1
6976e3b208989265ec34984b38cee44e6a382e60

SHA256
3677990086ead4dfff9b206b1b954f6e83724bc4cb72c2280b477e963e3adb24

SHA512
9c19041b268ff0b32f315993e26f8779d2e7dea5a3a7470afb3513c25e17efd3c2b79eae25ad67876c4aff21dcff28f306d2dc7e67ef244d6c1ddc18e67fc9b5

Download Submit
/data/data/com.ticketcreator.barcodechecker/files/uid.txt

Filesize
44B

MD5
f55ac94f915b757cc6a845b777eac456

SHA1
66c388f89fcf2f7f2eafc956065a2a531988ad07

SHA256
25a339c55a9a7667626684608602057f6f9e325383687962771c037ad33e0450

SHA512
0d65236fcea54911914934f08b14704619341fefd845dcb68f35eaea3a71febcaa4474ce51f316db8023c49038bdf54aacc1deaf50b471d8a45865dab745ac89

Download Submit