069d6258fdcf9b13fc9065fa58d4d6cf5a65849bcf74d5bdb154786c74577466

Analysis

max time kernel
123s
max time network
132s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
03/06/2024, 00:00 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

069d6258fdcf9b13fc9065fa58d4d6cf5a65849bcf74d5bdb154786c74577466.apk
Size

3.5MB
MD5

0745501a1a2b190983832460e999f1a3
SHA1

913220e033309c7eb6f3dea22d0784786bd3e76a
SHA256

069d6258fdcf9b13fc9065fa58d4d6cf5a65849bcf74d5bdb154786c74577466
SHA512

570ba89fbdd180c761d924247361f49c322a5379e3a9212b284c6a30a486d92937bf0106c7e5f602f991bc731af1742eb87d7298409599c56bb0067512acc15c
SSDEEP

98304:RRyzvEWAG0/BrC1q5JmShKKlWqwiqddfYswZ:RRyzvBF0/BmA5JmOFWqw7dxYl

Score

8^/10

discovery evasion

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	com.ticketcreator.barcodechecker
/system/xbin/su	com.ticketcreator.barcodechecker

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.ticketcreator.barcodechecker

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.ticketcreator.barcodechecker

Checks the presence of a debugger
evasion

com.ticketcreator.barcodechecker
1⤵
- Checks if the Android device is rooted.
- Checks memory information
- Queries information about the current Wi-Fi connection
PID:4525

Network

DNS

android.apis.google.com

Remote address:

1.1.1.1:53

Request

android.apis.google.com

IN A

Response

android.apis.google.com

IN CNAME

clients.l.google.com

clients.l.google.com

IN A

142.250.179.238
DNS

firebase-settings.crashlytics.com

Remote address:

1.1.1.1:53

Request

firebase-settings.crashlytics.com

IN A

Response

firebase-settings.crashlytics.com

IN A

142.250.187.227
GET

https://firebase-settings.crashlytics.com/spi/v2/platforms/android/gmp/1:221435429262:android:4f2979d0e1f9691d/settings?instance=dfd082df0be58560ce498e2110f9232b0728dfcf&build_version=50&display_version=6&source=1

Remote address:

142.250.187.227:443

Request

GET /spi/v2/platforms/android/gmp/1:221435429262:android:4f2979d0e1f9691d/settings?instance=dfd082df0be58560ce498e2110f9232b0728dfcf&build_version=50&display_version=6&source=1 HTTP/1.1
X-CRASHLYTICS-DEVELOPER-TOKEN: 470fa2b4ae81cd56ecbcda9735803434cec591fa
X-CRASHLYTICS-DEVICE-MODEL: Google/Pixel 2
X-CRASHLYTICS-INSTALLATION-ID: 07aa6436648b41188b2dcd9c9879ca45
X-CRASHLYTICS-OS-DISPLAY-VERSION: 11
Accept: application/json
X-CRASHLYTICS-API-CLIENT-VERSION: 18.3.1
User-Agent: Crashlytics Android SDK/18.3.1
X-CRASHLYTICS-API-CLIENT-TYPE: android
X-CRASHLYTICS-GOOGLE-APP-ID: 1:221435429262:android:4f2979d0e1f9691d
X-CRASHLYTICS-OS-BUILD-VERSION: 7800151
Host: firebase-settings.crashlytics.com
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Content-Type: application/json; charset=utf-8
Vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
X-Content-Type-Options: nosniff
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Mon, 03 Jun 2024 00:00:30 GMT
Cross-Origin-Resource-Policy: same-site
Cross-Origin-Opener-Policy: same-origin-allow-popups
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
DNS

ssl.google-analytics.com

Remote address:

1.1.1.1:53

Request

ssl.google-analytics.com

IN A

Response

ssl.google-analytics.com

IN A

142.250.187.200

172.217.16.238:443

tls, https

1.5kB
40 B
1
1
142.250.179.238:443

android.apis.google.com

tls

5.7kB
9.0kB
25
24
142.250.187.227:443

https://firebase-settings.crashlytics.com/spi/v2/platforms/android/gmp/1:221435429262:android:4f2979d0e1f9691d/settings?instance=dfd082df0be58560ce498e2110f9232b0728dfcf&build_version=50&display_version=6&source=1

tls, http

2.0kB
6.7kB
12
11

HTTP Request

GET https://firebase-settings.crashlytics.com/spi/v2/platforms/android/gmp/1:221435429262:android:4f2979d0e1f9691d/settings?instance=dfd082df0be58560ce498e2110f9232b0728dfcf&build_version=50&display_version=6&source=1

HTTP Response

200
142.250.187.200:443

ssl.google-analytics.com

tls

1.3kB
6.0kB
8
8
216.58.201.100:443

tls, https

909 B
40 B
2
1
216.58.201.100:443

www.google.com

tls

11.6kB
14.2kB
33
41

224.0.0.251:5353

3.7kB
11
1.1.1.1:53

android.apis.google.com

dns

69 B
109 B
1
1

DNS Request

android.apis.google.com

DNS Response

142.250.179.238
1.1.1.1:53

firebase-settings.crashlytics.com

dns

79 B
95 B
1
1

DNS Request

firebase-settings.crashlytics.com

DNS Response

142.250.187.227
1.1.1.1:53

ssl.google-analytics.com

dns

70 B
86 B
1
1

DNS Request

ssl.google-analytics.com

DNS Response

142.250.187.200

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.ticketcreator.barcodechecker/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
580f5af0d4cbdf0954055a923d15bf00

SHA1
5a2c5aa1c420b8f636977032a8190af9867a19f3

SHA256
38c15744dda9bda1f819bec8b9e80ee2956f8035e6ff937a285143431664c17d

SHA512
9069d9b230e5abd8e6affbbfe654d034c27b851cea5ef29d48c3ec57836739aa68754ba7264ac785f85f0d52511fec2cdf3adbe940aec0de31fa0b23b3b24841

Download Submit
/data/data/com.ticketcreator.barcodechecker/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
c0622796a89faaf9f1bf5b5179bf7916

SHA1
fc0787748760e8c5f5cd07fd379f49b8bc898a2e

SHA256
d9d493715b9be2137a1119efe65ff9e677398c256c9911f53f519cff21b93e04

SHA512
2692e879e1e23b65ce2ae4f8f74c972ec841be3a8bed34d55c40d376e12f39a252bc7b664c1ec07418167efda8483d43e74fc4aeeea313052ce630f984b61fcf

Download Submit
/data/data/com.ticketcreator.barcodechecker/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
ef3f28eab3b415e97d0489cc5a9766be

SHA1
2033804ee84c768485575259c50a8f215058ac45

SHA256
f09a4f1b6980512fef1c4b77b8d545c33810c42c015784a2aafe91cdde973ba8

SHA512
616e64d80b080d78a6b891b0d6dcbc1a961db63b82de6878922a1ba32e60a49467bcad770b00732a497bf10c8e8f4df1e2f620511930e67cff6201e757f5bb09

Download Submit
/data/data/com.ticketcreator.barcodechecker/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
3244f3e42df493d55d5128873fb4d2a3

SHA1
7a254d428333c8b69ce132772dfbb0f11bbb7fec

SHA256
7cf1ab6cf30025bad1e958281426b23c35d614d65360400394fca3735ea86d73

SHA512
108699f513c6ea2b7e6bb4e09fd9ba86450b995a234e5cd081fe016ab6cc1661f353c432ac4ffed5b477c12ee0db5800bef066e7070b366f8bb8864332c5bc4c

Download Submit
/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d9cf75fdd1c2292d986f6c3d5d60f2c8

SHA1
07ecb1d3a26d952ae5fecf54f36699ab498510b1

SHA256
2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a

SHA512
442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

Download Submit
/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db

Filesize
16KB

MD5
1c2ce57c1ab66ff75fa9bb02ae2e1ec2

SHA1
941525d8671929dfcd9479c103a39ad963775006

SHA256
34654bdd83ef6b33c902e06e3b50e080c9454446e27c88441b9cf878413b3342

SHA512
756250937c59d47b40a0d16c0d948c5308689508a4a9257291752d15f79f788e2e717d50305a14e5041ebdba748209eafaf91bc23f11dd9f9a99e3f78d7b0dde

Download Submit
/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db

Filesize
16KB

MD5
f4eebde434ea05fb8a6aea355f40ca48

SHA1
c65a762c80fcbd2ce4b5ad5e00affd78f0e4fbd0

SHA256
041f9a89ef2abd27d52c4dea017a994de8ffa61221c8c50b4f712fd6023a2ef9

SHA512
a3d8bf38e1e2cc9f8c962d3bf114aa61718276bb117a41bcbe0c681f913bed77d126a746b941fc562062b6eb10bd36129314c6e1d011642cebdce50ed327a4e1

Download Submit
/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db

Filesize
16KB

MD5
9fbbb1b4ad614d8f5417509abf84d036

SHA1
362b55a3c3d9eff529a12b60b0b68f6cd7719744

SHA256
4dfb4773ddf6760af3d7f04d3fb705d1f00a9e2f6aa3240880a1c01c5c1c6f3f

SHA512
3c68fbf927fc97e294b353f30b636fe15eb1866448affe10c0f15a170a0cdd041bc43644415e2b076ed838aebbc88cf6bba83d08226d478de63b6ddf166a0722

Download Submit
/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db

Filesize
16KB

MD5
3fcb2c164a61190fd6b3632d42a0c438

SHA1
8b8a63312ad0cce6ddcff574e81e3e30234e1573

SHA256
e8c43b5ec11a5850720eb7dc3b60b007907429f004b013b1a14c1ff732943d02

SHA512
4d390f4caa5a7b0245fe2a9aa7c079356729e877f9ef9256f654cea1b8eec79de939abc323bc94beef219487af0d58771f18fedc7db557e1f81d00536dcc6f58

Download Submit
/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db

Filesize
16KB

MD5
de82e2c94d2718988804b035a46d17b1

SHA1
705f5ff19093ad209f2a666085d6ccaed3bf58a4

SHA256
29110e626f8f49171d14a819b34492d094120f21ed7a963007fe95439d771d39

SHA512
68f5f88e638e76cb5036dad6b320896f1735f64067ace152e0baea81e9ea0d153559f53bd5c608b397281369dafd14c5f5965f92f567dc89db157414a699023e

Download Submit
/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
c441d8a308f125578b1534151002a89b

SHA1
6f837f6539eb774354bd6a9d78ed5354435e7d49

SHA256
5751e3832508fc50fc1ec78c98070bcbd7456db43bcccc3f0cc7681432d2440a

SHA512
fe08cf983ec9496e4d3a4821d943dc85798b4ba7e95581d5fc3a496df573585290d826eed8e4f8e8b95d5f6a8b05a2cdac84d1b5e58944dcbd494eeaa3fc087d

Download Submit
/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
f575bf7dd223fae62dc3ec6014bfcb7e

SHA1
f39fe2a574e2a2a10f822876ebb6bf5cb4ebbd3a

SHA256
63515f20950ace7dcec84de4f9c249196d106f5f8d3873e9f87cd34f529ec43a

SHA512
84a011affe1e018383e162ccfeb775a200775941187f7bb280d961834c25a49a03b02c331b48d2ac646b94e80eac81a5ecceda09532d7a972c13ef60cf114bf8

Download Submit
/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
fa0c01b781c36d71dd826047dadb3a33

SHA1
715732c4c69cefc7f1b1e283055e8e89abb9652e

SHA256
5614dbc65b5396e9be33437f214576d272927df5ba61555e49bf83f275a07757

SHA512
607db2771f7356a24dad7b69c8aaab22da3418669968589bb964eb1e08e294d82b1345574b300a6c3e73a4236d4db92f2a64f80b1893d381f6d8ffbc98b272b2

Download Submit
/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
e1c8117fae6f1b9a59fc4eb5388bb1d4

SHA1
70fe1dd9fddf3ea3dae24dcb0635eb893c60625b

SHA256
c82e8ceb37461929ac6b96c62bbdf1172512596343aca6fa81b54199d0262f53

SHA512
d61e7e449b3cdcac7a1994fde72efa022cb097c136c69d91957774ec51f779a435a08e4f16ea7f00091893b69885d840211677cc71b55c0f9d3dd053c2cfad7a

Download Submit
/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
efa3b74f0285f58bf5fbf4aadb4941c4

SHA1
d94d55950ed8d746d7fe75bc7171516995717264

SHA256
fec5bd4eebf2cbd451a5ca7822be3e2f4aa602ca79496f2609a00e79c5e74253

SHA512
c22aff45f425007900ed7be8110b469ece9ecdba70a3a31e5f3f36b90ee5a7256c15d50cd993b30ce431673ebcb63803976dc9d29943d65f1f3d21e21045eb50

Download Submit
/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
8744dbe6154295bcbfdbb6be929f98f9

SHA1
727145af04773e98af7e51a551d1e43cb5cae20a

SHA256
7d2ded4e8c6c00ad68db2dca529af8a4e683dca879635e0488ff3e9ca15e0598

SHA512
586eaa0243f24dbd9cf7b540d36bde12be16e5fd5a6e4f8f7861e0896a06d04c93ceca9f38ea6c0b5fcd7a15e54c6d4e74a70e2252f48fcf9c547a3e5f666bec

Download Submit
/data/data/com.ticketcreator.barcodechecker/files/.com.google.firebase.crashlytics.files.v2:com.ticketcreator.barcodechecker/com.crashlytics.settings.json

Filesize
728B

MD5
35f8f84095b6fa002dde50be2fb90d11

SHA1
eb09741629491a9337da4d96ca835c3c745e6932

SHA256
c6527525cc0ba00900f2fb5b70aa52663c12a70c075b2ebe476e55d8362c7301

SHA512
62cb617de7b8afac78a0b0eef221a8c0086e9f138fafebd45bb420997c04afa88e3fc23a45db98a67ea355d6f52c52ec6627900c63f91f81e279b50da243d9b3

Download Submit
/data/data/com.ticketcreator.barcodechecker/files/.com.google.firebase.crashlytics.files.v2:com.ticketcreator.barcodechecker/open-sessions/665D079B009B000111AD86DEDC9E04F6/report

Filesize
742B

MD5
6d28277f5b86c6312149036c93f4f8fb

SHA1
8ea8058fdcc97ea0417e0d0b2f5684e5d32806b1

SHA256
1d258da4141ab0f74e04f0c55052a7e8c75f44a4aad709f017f71a836e4105c3

SHA512
79112e440dad64f30e9e670ffd2170df9eb555d4cd4074728d250576980f22f77aa47b0331e11e20a5b93cdffde1fc8e2a977c134d47739ff523561d5dcc4d29

Download Submit
/data/data/com.ticketcreator.barcodechecker/files/.com.google.firebase.crashlytics.files.v2:com.ticketcreator.barcodechecker/open-sessions/665D079B009B000111AD86DEDC9E04F6/userlog

Filesize
182B

MD5
7853fd6578cb5e67e46993fc1c3bcda1

SHA1
169fadd58ff5d5278ccac7dceec27b41c2b389e6

SHA256
7c6cf429b2e1f5592cf26e776af62b0a04bf1d029aa3b4c1bfbca00068d6d8a8

SHA512
3bd12770c641add48f6bfa2dcb3cc0246afe8d422c17d50b26daf283e7e1b27629d63c5b19e8ebc57bfa62e5e33d3025763f95a2d01148e98fb34c6803774d58

Download Submit
/data/data/com.ticketcreator.barcodechecker/files/.com.google.firebase.crashlytics.files.v2:com.ticketcreator.barcodechecker/open-sessions/665D079B009B000111AD86DEDC9E04F6/userlog.tmp

Filesize
16B

MD5
c33583fae4e0b61cde1c5b9227963237

SHA1
fe2ebe4d27469af1460f7e852031a04208ef629b

SHA256
35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

SHA512
fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

Download Submit
/data/data/com.ticketcreator.barcodechecker/files/PersistedInstallation9088641574894224754tmp

Filesize
558B

MD5
43fd5d166ebb324fa11e50bdf6374dba

SHA1
aac391eda5879618552e79d18767dacc496863df

SHA256
215d68f55204f80458227ffd802032f80eaf5f660ff4b2e052937134d2eb1dcd

SHA512
62d1042de00c5ef564a33668080afbcf154f0569969884f18cec4fcb18d1d7b76e21525c49db0feb033580b21ff08a1bb19f29e1cf22b5edd007acf67abd4507

Download Submit
/data/data/com.ticketcreator.barcodechecker/files/PersistedInstallation9093116031134397937tmp

Filesize
90B

MD5
ee856e1d5bd1ea3928069d8acf864e45

SHA1
cc4fe880c933817f910b4d1dd2dc2d837d124345

SHA256
c9d7d60d4f4f8ede666e67eb732471b6a896162176bff4e9ac15284bf43158ba

SHA512
7ea1d0f7c629b61ee4b34ed7f1612f86fa937a1344ba154b9d15a0e1cc326976e0612c4dea7813da0804c88a51178cfa2d43266a55d2fe9a422277535b1db5a6

Download Submit
/data/data/com.ticketcreator.barcodechecker/files/uid.txt

Filesize
44B

MD5
61d4bb5ae1eb2f214043589bbb67552e

SHA1
741cc61ff93dab53891bf4ece6c9c3cea0ee8a65

SHA256
80534f3b8e83dc18113b51b2e5ef54eb1d9e5a7dc72e0eef9c1ba95c2e000338

SHA512
bf894577729e241cf988c0863138e1280f4279b7783ce67a9432cfc32b708fdaf267dbf1d06bfc0064f5d59928b8e28f27f61422f1538ce143492af7d224a3c4

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.