Malware Analysis Report

2024-09-09 16:10

Sample ID 240603-aaej1adb25
Target 069d6258fdcf9b13fc9065fa58d4d6cf5a65849bcf74d5bdb154786c74577466
SHA256 069d6258fdcf9b13fc9065fa58d4d6cf5a65849bcf74d5bdb154786c74577466
Tags
irata discovery evasion persistence
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

069d6258fdcf9b13fc9065fa58d4d6cf5a65849bcf74d5bdb154786c74577466

Threat Level: Known bad

The file 069d6258fdcf9b13fc9065fa58d4d6cf5a65849bcf74d5bdb154786c74577466 was found to be: Known bad.

Malicious Activity Summary

irata discovery evasion persistence

Irata family

Irata payload

Checks if the Android device is rooted.

Checks memory information

Queries information about the current Wi-Fi connection

Registers a broadcast receiver at runtime (usually for listening for system events)

Requests dangerous framework permissions

Checks the presence of a debugger

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-03 00:00

Signatures

Irata family

irata

Irata payload

Description Indicator Process Target
N/A N/A N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Required to be able to connect to paired Bluetooth devices. android.permission.BLUETOOTH_CONNECT N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 00:00

Reported

2024-06-03 00:03

Platform

android-x86-arm-20240514-en

Max time kernel

123s

Max time network

131s

Command Line

com.ticketcreator.barcodechecker

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /system/xbin/su N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks the presence of a debugger

evasion

Processes

com.ticketcreator.barcodechecker

Network

Country Destination Domain Proto
GB 142.250.200.14:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 firebase-settings.crashlytics.com udp
GB 142.250.180.3:443 firebase-settings.crashlytics.com tcp
GB 216.58.204.67:443 tcp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp

Files

/data/data/com.ticketcreator.barcodechecker/files/PersistedInstallation4706843197149920029tmp

MD5 4216c6be7e66781eb544e29ff5542126
SHA1 e4937b3eca5da1edde58f72bf5cf5c174705751a
SHA256 8fb91bf31bb4768d767fc2eea825ce3a2d2d2ba75c6c83ad024e24ef8f7e4979
SHA512 0be272a06c5edefd573e08ab94774c1738c94fd4a25f1adebc114cfa9503f08e32bbb630b7c690ed92bbda8e0ddddba024fd6290c1391ffc1e157756cd643c89

/data/data/com.ticketcreator.barcodechecker/databases/com.google.android.datatransport.events-journal

MD5 1680cd2754fe367212ad8af58ef5c311
SHA1 36f5d2b035c77b9521eb1634db64ae624061aafc
SHA256 11067d0057834137d8220d4f9478f91e03feedf442a16e719c111ba7e03ba8fc
SHA512 c3bfe4e43e07143f7dad6f6e71a715ce4c03847f2b076be912d56c3bec75ddba283239a0379b312b57ba94dbcad1b8436967c355d8ac32460539ac1f5724957e

/data/data/com.ticketcreator.barcodechecker/databases/com.google.android.datatransport.events

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.ticketcreator.barcodechecker/databases/com.google.android.datatransport.events-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.ticketcreator.barcodechecker/databases/com.google.android.datatransport.events-wal

MD5 3f08e296c6f802a0c3ee63ae4a1c01e0
SHA1 352c746fbd544a56eafb8d2aae76f34037e10e61
SHA256 c2ddc9e28ddefec79e2cad80fc929cdb83b091d74c1887301191fca5c29567ba
SHA512 7873f07417d0bd2bbfb665850fcb2a10c492042b3401760447d75e9a621063ec4348128fcf79810a5fb1faa9822219aea038de8d26ded7517bae921157936084

/data/data/com.ticketcreator.barcodechecker/files/.com.google.firebase.crashlytics.files.v2:com.ticketcreator.barcodechecker/open-sessions/665D079A014E000110BE1062C6522275/report

MD5 cdc3fa870a42057cb0f509ed37e12176
SHA1 fe0c1cc78077bd64c6ede8247910aaf75d9ca079
SHA256 79e92bc8a012afeb01e400f344b9d79301bcaacaacc67398ae13f09503b0efb0
SHA512 de71504f1607b22ba70758e325d97b27f30383d66702ba1904ce29a979f6fefac46a7d6506108271a37678bb736a5a8cc92d2da11778895f5e2c21ef70815472

/data/data/com.ticketcreator.barcodechecker/files/uid.txt

MD5 6ffe4b36fee4fd69d51d3670998db132
SHA1 d3afc195760f97b245985b44bf9fd4d2cca9a8e7
SHA256 0964f17dc0683b25e3701b9f7bbc6f7aaa3bc89655698b41b32a1a2a21696977
SHA512 282f26dc3fb731a2a5b247a643aef6f1ac064858d544ccc8d6fb752b9701791257bb3692bc7173ee14d96bfddd57356dc63f554218a4e1e7864bac176302525d

/data/data/com.ticketcreator.barcodechecker/files/.com.google.firebase.crashlytics.files.v2:com.ticketcreator.barcodechecker/com.crashlytics.settings.json

MD5 bf067ebf5f919122211b85b40962acb9
SHA1 bf03b72cca3b655306ccec5a17f1eb4857a85ecc
SHA256 ad336fe70acd5bdc01d2fb168ebb001c45da1a980dbfd012b15b00f433befe3d
SHA512 e2fa7c41f8025e51079ec46cc66e5ae341bcf61126d93668d27788ff3936f703fed4ab385b538e7b712afd07aefe04e3463e9fec42e28ac7585e78a4a68ad7f2

/data/data/com.ticketcreator.barcodechecker/files/PersistedInstallation4640067795826620941tmp

MD5 aa1c34d2edf88982e3d18fce1024dc90
SHA1 8ebad69b7166e3a3b4c8db45baf6a797393d620a
SHA256 632f628c49d85bd3bbae0779c749954ff6d5c6621d74a0a275c2812263852e79
SHA512 5f2d8b3d2676e242dd6f1739a1b1c0a09cb3e545b547d907b716e1d81efa7f3071d65be78bec8014ef3d5180c8cc558d2587edac2061ad334a19356f40b03b43

/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db-journal

MD5 da3a179f0d1957de4f8bde164ffdfc98
SHA1 727e964d75c066004697a526be8b65b3998f2be8
SHA256 59f8dae4d7dc8e838caa663977c273cf6e25f588551193c56abc09d2b4f2acb0
SHA512 ba345dc75480081d77878196f60737bbc460666bd7edca0dc678fea6aada78ca840295e80fcc5b50dbb610778d4dc860249ec1cf7f856d41977fa25e6adf8012

/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db

MD5 7237409e0640cfab7bdbd429bf821a3b
SHA1 4c3da934842f8d4835dfe2a9c275a300e5123309
SHA256 5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa
SHA512 c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db-wal

MD5 19aa6fc81cd8088c3974c4c48b4665d6
SHA1 ee26e385838ddda8eb1ad1b3fb6896c4e1e18f11
SHA256 725530cfdec8b0e8a42a70711f50d11ddc117e7b1dd9f899a99151b3901a5076
SHA512 907da74b480ff7094bf19c322f3e3a673d4c34eaf1e9b4badd7355fa53c84657f7ebd79c643e03d2bf74e9b927fc53e7e115f5fc2613054a4b0bf5343dfb62b8

/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db-wal

MD5 142bb58f118a99e5476b24a11e137d44
SHA1 a88f759f7b14186081b5868f28a2f60d2c7fb04d
SHA256 b8d56c45b321605bbd6b0c303263307c928b9ab8a27e51ddc22a6da0871380e3
SHA512 7d6fc69c5447884ea56c27561b1ad57add7a9413ec66e011989153232e313e6fa3f1e3cff1dc009d551320880120112582b67dc192745ca73f44d43ced62e52a

/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db

MD5 78ae873c281990d0c2a618b0a258f4a2
SHA1 1362d6da187629970b28415d150846efba2e1eb5
SHA256 6a627af8f3c020bf8fbea01ebb382c9b5c0731506a4388161146542989676931
SHA512 e99f8e5d1bc9bb1e19d0943a4d75c8998332ac712258a9d0d4a7439da127dc8e4a14e6cbd075dcd590ed8165f9f5d9089cc36fbbdbf050bd1cdcc24de4604428

/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db-wal

MD5 d42dbf9d674197b44327da6b0cc1b804
SHA1 2472ed87e14b210f17b8985340e534dc104063bf
SHA256 3384b06436cfe1457f005389fee5bd3c708502a316f777f88aaf93378ba58e6c
SHA512 6ff1f05e00b58d80e792ff77dea9fbe8b762e7b224ff0020707f856595d759335e599870d1bfa516798363520f6ab8d61214309618fdc8b92a69aa5a7233f36d

/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db

MD5 d5ca97cb637b8b1edf828e6437a38362
SHA1 aadfa77919b7f4e20702ac8aa01d7057dffc0ec1
SHA256 5907d7d1e49f6cfb104a0c60e1f44e74b54e5b922584230e690f0997f1aa7741
SHA512 523542d86f537582b68d22e0d87b73a2c47da4a70813fe7bb951ec889927dd3b413632fc4ceb7934f072db4ac928f0c16758be47a88994d1f027a7fdc55493fd

/data/data/com.ticketcreator.barcodechecker/files/.com.google.firebase.crashlytics.files.v2:com.ticketcreator.barcodechecker/open-sessions/665D079A014E000110BE1062C6522275/userlog.tmp

MD5 c33583fae4e0b61cde1c5b9227963237
SHA1 fe2ebe4d27469af1460f7e852031a04208ef629b
SHA256 35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512 fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

/data/data/com.ticketcreator.barcodechecker/files/.com.google.firebase.crashlytics.files.v2:com.ticketcreator.barcodechecker/open-sessions/665D079A014E000110BE1062C6522275/userlog

MD5 93f0c229616889da5271b4b53a248f51
SHA1 8e51dd79d33cd437af4b2034920aabe34dd6bc2c
SHA256 41fe62764842c8542034c7f46a0f7cc8f3a9ddc7b77037576de8c54f3f93750f
SHA512 94e85817c45871e5adc867ac2136f01d6693698349dc9b5fd4a87e8cfb791ccd672772aa1733522ba232711927493ef2a3d605526c72e8bb3b5b04d5f0ae502c

/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db-wal

MD5 2d8ae70fabd1a88dfc131e786ef4c3d8
SHA1 507a5265437d9f9444b79a6f1629927f7b203438
SHA256 e7427776117f70319a532894537c07b1a3859065038fe7381fe790c4b609b365
SHA512 4035c6c9b0cd3c4a23699c9ed3a0c8d3ef9a0cfa7c5d14f3d82ce8bb5d6665f6f131c7141186e81448a7d9f74cc149862c89100502667dbbfe1a7c3d5e21a978

/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db

MD5 25ac4bc2f6a727bc289a4f2c1dd805a6
SHA1 e1c7ffa6878869622c0f29c5f6bb37416bfd60cd
SHA256 e646967efd85536b141ef6fb016e15816308cbd3a9865c6010171a933ebc1500
SHA512 da0b6efe43fcea4e01c2c807e736834a411e9d67df4409060c454361456dfe5bf219a986434d5797c8c13a41e8ed6583506bbe620c4121d48ffa7862803ad687

/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db-wal

MD5 9453368837e9d72ed5cd770a2badbc4c
SHA1 3ec747d9cdea225f500dc333b727dfaedad3e9af
SHA256 bad5e4a98ab7415bd19d7a9821c2bb5b2831768189065ba1111bd1406cd54468
SHA512 24521c5eed5e820f4344c4061e3982bdfaa8a8a7ef95f8175a4757bc4a5ccdd440ee3fa8e19ca706f3449c29bbfe42290e5780407c3ed543d90d658f62591dd7

/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db

MD5 f7a5a03f0bd2a94d371c7e4b6bf2d56a
SHA1 a6d5496b8fe74703f186d5d893fad4cf935cb928
SHA256 264d078ac6f01b4e0dae81ef1c3cd3c901569146a8cb7013e7efa46e80390891
SHA512 1700bf4034cf329f04ff966edac382c161f6bdef83df743357d6b677f6747d4fdec8e24d008a325e49c56002241739c8deb00ca60d2d52e191103dc7e77ca978

/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db-wal

MD5 71b05a35b22552c52c8b26d7e4f9de06
SHA1 389498ace93301fd379e335a196c4e1372a2cdf8
SHA256 861fb47c9c38e676ba078f3e5d13093bddabe4bf18370b40c55eba8fc44e9334
SHA512 bad0adf98f2d26a3ed6b0eeaf492f0cf7fb90cf83f83231b71b32490ffe218eeb7d547e2dd4e6427895ed4360a8e6f73862f4b78b1316d3dfd52bf4c7739c156

/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db

MD5 3e881d9a01ca707bed38018ac69f4518
SHA1 5820f9351d7cc8082de6e5686eb9f8fedf6fb830
SHA256 4a5bf9bfe9b032546f886dd5fe6717de78716734aaadab620c0444ed6df5151c
SHA512 8f0395c94b3a449f3c61e7117f400c7b8a12c23d3655be6772bce2c8aa0ec8d8be8000c5cd2c6e10b334ef54a4add5583717393c3239da80c334c45b8b392db8

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 00:00

Reported

2024-06-03 00:03

Platform

android-x64-20240514-en

Max time kernel

123s

Max time network

151s

Command Line

com.ticketcreator.barcodechecker

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /system/xbin/su N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks the presence of a debugger

evasion

Processes

com.ticketcreator.barcodechecker

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.202:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.204.72:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 firebase-settings.crashlytics.com udp
GB 142.250.200.3:443 firebase-settings.crashlytics.com tcp
GB 216.58.212.226:443 tcp
GB 172.217.16.238:443 tcp
GB 142.250.200.36:443 tcp
GB 142.250.200.36:443 tcp
GB 172.217.16.238:443 tcp
GB 172.217.16.238:443 tcp

Files

/data/data/com.ticketcreator.barcodechecker/files/PersistedInstallation8072952991299205968tmp

MD5 4b0e2b1dc6f9bbb1542bdff120e2a7f1
SHA1 6976e3b208989265ec34984b38cee44e6a382e60
SHA256 3677990086ead4dfff9b206b1b954f6e83724bc4cb72c2280b477e963e3adb24
SHA512 9c19041b268ff0b32f315993e26f8779d2e7dea5a3a7470afb3513c25e17efd3c2b79eae25ad67876c4aff21dcff28f306d2dc7e67ef244d6c1ddc18e67fc9b5

/data/data/com.ticketcreator.barcodechecker/databases/com.google.android.datatransport.events-journal

MD5 f24ffb22d5190935d7e4ba1fc682e2bf
SHA1 e0a3aca13e57bcc062621383efacb744560291af
SHA256 6d2dd8d9d04d0e3c0b43cd1f08fb24fdfed5207b34d888b1dbfe49fc646085e9
SHA512 a1d2e6daf0940e0ec5d7f7c5d7009af3845f551d395d0e6a416235e89ead27caad0638dc681b7d368261d25fcc4dbf926ed104595a7db0218582643975ef94be

/data/data/com.ticketcreator.barcodechecker/databases/com.google.android.datatransport.events

MD5 fa73cefb699224106188bdfbb97d63dc
SHA1 fd2b158ea80cc52d94a1bbee764c3303f2e3aca4
SHA256 fe81c174dedcbc5d17c185f0022ed4a80ce35849e006dc8153f9787f47c51e12
SHA512 340eb63e073d9c43083a2b61e208641c516b23e0dd04f2e2faf6b1c26b39010a71524dd8326e8de657e88d0298e5571591bd416617a17b9983f6eae8ec2c229a

/data/data/com.ticketcreator.barcodechecker/databases/com.google.android.datatransport.events-journal

MD5 a4b1e8bba06ab28559a7dbb859433bc5
SHA1 244d83e38b843ea2005a30378744091ab9f68a7f
SHA256 65dc14c7206e81c22d206d460b9614790e14e68a9541e5d122825bcdb87797f0
SHA512 b33d59a555ffe1d65acdb1bf16b1700d8489ce4d80f3d23825f6d3b939c6e172429e3e39e5d1eed2103d7fd42957b28780f03ac787ba5891ba7b56037b42f6f2

/data/data/com.ticketcreator.barcodechecker/files/.com.google.firebase.crashlytics.files.v2:com.ticketcreator.barcodechecker/open-sessions/665D079C0259000113FAE3743388E6C6/report

MD5 46009c710da68b3f398c4a47f63e1693
SHA1 3f2ca6f30a0b97695e5a5dcb426fd4ed3b2a030e
SHA256 5b91b426fc8013698ddf6aacaa1c4375daa83b4ca9507ad2d96fbeabe10e29ef
SHA512 f5968c87767caa3ae603f6a490fd3a69fb3c208614e307a93b09071b3ef659ebbc7f8757910b16ddc24e4e385ff30acb3ee236689e7eeb9a3e2f471fe2ada230

/data/data/com.ticketcreator.barcodechecker/databases/com.google.android.datatransport.events-journal

MD5 d7413ad72b7d0102405629a8c37a14e1
SHA1 4593b34ffafa271a783c9833f90688e338b3ccbb
SHA256 22dcce07ae42aa7970da616c53e2954e3aff545c40d367c5d520a3b418f058e8
SHA512 be2717a99da8396f16a26fa3406062bcc9fec708a445c2617280f570eebc3ca4b9864c81e14943df9918837b8f9d29f53faa6eea5cd711cd60a015fa9e0405ff

/data/data/com.ticketcreator.barcodechecker/files/.com.google.firebase.crashlytics.files.v2:com.ticketcreator.barcodechecker/com.crashlytics.settings.json

MD5 e56db5ebe40ecd60338400b3d82f4835
SHA1 54f5bd9031551f5c5d76d63562fb2530d9cf2f8a
SHA256 1762a91fd07ef95e6b01a8341f5fc1816b404fa2ddad99d01437c4bc0d5a0093
SHA512 e918b1151acc2ade92ea1cb209245fe801cab212346426fb061d0b393700737ef7d3210a377dd884e48eb450bba7d2007ef8b625b1517a713e08990b6d24a552

/data/data/com.ticketcreator.barcodechecker/files/PersistedInstallation2036458530066334178tmp

MD5 34ec708961d3346041ecda159377ae71
SHA1 5dce57bb138fc5478a819c43968f129cb8f026e0
SHA256 4c76e9f61be5ea5d9f8a1d339e36c65e51e0751865b5096e11cf6c89591b99c4
SHA512 4d45b97d20b9fc9626405f6235d5ad2a729cca2f76c7475cf0f1466ea7ae558ad93396bc153307cb4519162b397d15c88cc5231598a20d61dc57e4e408534f34

/data/data/com.ticketcreator.barcodechecker/files/uid.txt

MD5 f55ac94f915b757cc6a845b777eac456
SHA1 66c388f89fcf2f7f2eafc956065a2a531988ad07
SHA256 25a339c55a9a7667626684608602057f6f9e325383687962771c037ad33e0450
SHA512 0d65236fcea54911914934f08b14704619341fefd845dcb68f35eaea3a71febcaa4474ce51f316db8023c49038bdf54aacc1deaf50b471d8a45865dab745ac89

/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db-journal

MD5 f8db9acfe73ced12e67712e01320bb36
SHA1 7311cfb0e6849623e79586a044a2c54e94cc67ce
SHA256 1df433ac2186c6346b5aa0f697e6c23e0a3d379133a2ec37030e909c454e0a25
SHA512 da23aeee0ca64320c75e614264e0b1fe636d95c2b537f7d43bd04d83a9dfb612f6c588a2089a23525dd5e1864b9307eb3062ecc479cf9d6d08bfbb684035063d

/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db

MD5 eb52a90bb70b76e946b62f50b6f7fb85
SHA1 42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0
SHA256 48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4
SHA512 b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db-journal

MD5 72947b898d19d8d651e72dfad4f9c6e1
SHA1 9654313efa25171590a86aa2c6e67cbbb0f1ccb0
SHA256 ca94381b811cb4946d572bac73e8965469c59083ca0f73af0b84d95b1bd47963
SHA512 58cb268f0c84d4e16910ab8f5972e242accb3a76f2792f493caee8d950c27bc4094b81c139692e641ab9c54fc674f4a4de191dc99ac8416e4e2f52608e13a90b

/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db-journal

MD5 282f289a77913ed825ccb8c1b437c6be
SHA1 16fec12d2bacdb5a518b887ba944fdeaf32436d5
SHA256 ad6adfb82c80e7bb62c1e376b659bfccace9a8bac889ca22162a3853c34d8bdc
SHA512 193184e38d1d744e648bb78e4966632e07a366744268e14f1e30962c3dd7b84684c609ab86c9723a7bd572b3b27f595f4a8d4293f2479878f7036b2ba1917a45

/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db-journal

MD5 99f551bda3a0b973647c0590a8a7089d
SHA1 b8a3a77a70064cd1ca0b51f430401c422dab17c4
SHA256 846440461b86d5ab293439a6278222ffb379e56333df1c953471cfac40281f4c
SHA512 f08e97d169883b246c9d3730127b8b3337a722bf30f6d96b7b5418d04a7a4640c1c44ae05bd7fe5b4b9dc4b1e2984da616c12bbbce68177a045bbb1e477d7a3a

/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db-journal

MD5 7369e1c5a8b505c761cb86893f2ec903
SHA1 ef4780ca1af0819cbdf4d63c7bcb90ba8fb047cb
SHA256 adc1b5db2d0fdc3d1ab85206bbc20398894a7b01db30cf2d2110ac600accf7ba
SHA512 d212518f836180dd65f395c0cf9520ca9cfbfecabb7ca420f341c5f4b0308ba8c0e8d4185cb5337980a38f75ac66672169139acca3a2667d551b695a70f89588

/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db-journal

MD5 bb32e5649bbac56ab9317ebade1a3d87
SHA1 58c675f89beb0feedd6e47c9a25423f8317d2cf0
SHA256 0d479eb6f7192b38fbc02c2022bd0bc2943fcc8f707b7ad7a1df2c9d9f67647e
SHA512 1119a6c10e095a1f952e1d65601c0bd0441afe0f9272005bd403788af6dddce905eb80e730a7d79f344e571e6c453bc0ecd183800204cea45e056b7c217fd486

/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db

MD5 917db21e50bb5ee09cc19721e4e57b39
SHA1 ee73cfe5d4cf4542708abfccdb7d9973e53a0976
SHA256 0af235299ef815caa3e3b51a3ba7a1d1835549e287d14fe2b267f96553aa6866
SHA512 7f49b354040ea8aa1dcc86208160b9b81a521eb9a90df7ad832fefd3b2ae61a3ec15118faa216c342e5858d8b7ca92366cf8fa92536d49e72da7a48a9ed3134e

/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db

MD5 ceab79d98a3c7164246a1d7e898c087c
SHA1 ba7390f7d16cabe23be72468485f6277b33370e5
SHA256 1b61891a11f559dae9ec26badc9ec3271fdffe261ae88ecefb987203068fc1d2
SHA512 a3c7ace99859ce6f70a658a98a1903e5e4d0ef81790d2eccabe81ab4519321f6b6fba32e96c8b84ec4162d4702a73befbb8998afbb12212e891d68f6dc99325b

/data/data/com.ticketcreator.barcodechecker/files/.com.google.firebase.crashlytics.files.v2:com.ticketcreator.barcodechecker/open-sessions/665D079C0259000113FAE3743388E6C6/userlog.tmp

MD5 c33583fae4e0b61cde1c5b9227963237
SHA1 fe2ebe4d27469af1460f7e852031a04208ef629b
SHA256 35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512 fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

/data/data/com.ticketcreator.barcodechecker/files/.com.google.firebase.crashlytics.files.v2:com.ticketcreator.barcodechecker/open-sessions/665D079C0259000113FAE3743388E6C6/userlog

MD5 d60a1ef5c60fd562c5f609c652fa2082
SHA1 37ba26c9f2b71599118a7d8df7c360142dc186b4
SHA256 8ede8b1a0a6d8a6e06ae2e03c381059164de6074ae75c3b90ced3e895c57def1
SHA512 f1d515e775e1a138e91ccf91f423c7b8cf43f6638621169b70364d1a39ecb1f66f4e946ffd92dba3c0f026ee3e4697e647a0775816b57af197f366fbc38a9bc1

/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db

MD5 31673184e1c6afe135a5385c1db096e5
SHA1 ab2d355d7308a9b022c7efce4d1fdd0088b7c1c6
SHA256 9ac02b955d5fc9ffb4a3a5ef476d223e947997a160db317c58a96bae4abce3ad
SHA512 f6b7ab8c089d84112d5e9ee1c48a6e1e71003183f6a8d66b77f7f78d07a8d3d23340e5991330f61432b8b3a35eaa918dfd5ac9eb2fd68c7b3c662d298ddedd8b

/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db

MD5 4d011442b1c8aa77eb978d57630b2f52
SHA1 f6845cd06373709fc353fe900615c1c0c1861462
SHA256 b4b5dc3aa00c06d9ab9110da11e5e8d28e895ed468b1c911b0afa31cb9131666
SHA512 1c2ffd39105374ed92b59f747df0087cfc5a8fe3f031e16426886d5bd02162a7a219f8367a456288cc1e00b48ed39445af4ff5370bc5dbbf2a74fcde183754f5

/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db

MD5 adf6082723784327d7d1b34adf974e7d
SHA1 b1502f70eb881a1dfe41139cb719fefb877ee37c
SHA256 252defb835b04f4af7c59bde7bd119664e901928f1373171a287897e729cb2a9
SHA512 762f146c452e590e0e3015a080e9821b5488551b9cca7a212ceb11a853ddf6b1894c99d09ba20e6691f5078aaa8e17a6ed66dbbe541eaee152978fab6884e27b

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-03 00:00

Reported

2024-06-03 00:03

Platform

android-x64-arm64-20240514-en

Max time kernel

123s

Max time network

132s

Command Line

com.ticketcreator.barcodechecker

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /system/xbin/su N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Checks the presence of a debugger

evasion

Processes

com.ticketcreator.barcodechecker

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp
US 1.1.1.1:53 firebase-settings.crashlytics.com udp
GB 142.250.187.227:443 firebase-settings.crashlytics.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.200:443 ssl.google-analytics.com tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp

Files

/data/data/com.ticketcreator.barcodechecker/files/PersistedInstallation9093116031134397937tmp

MD5 ee856e1d5bd1ea3928069d8acf864e45
SHA1 cc4fe880c933817f910b4d1dd2dc2d837d124345
SHA256 c9d7d60d4f4f8ede666e67eb732471b6a896162176bff4e9ac15284bf43158ba
SHA512 7ea1d0f7c629b61ee4b34ed7f1612f86fa937a1344ba154b9d15a0e1cc326976e0612c4dea7813da0804c88a51178cfa2d43266a55d2fe9a422277535b1db5a6

/data/data/com.ticketcreator.barcodechecker/databases/com.google.android.datatransport.events-journal

MD5 ef3f28eab3b415e97d0489cc5a9766be
SHA1 2033804ee84c768485575259c50a8f215058ac45
SHA256 f09a4f1b6980512fef1c4b77b8d545c33810c42c015784a2aafe91cdde973ba8
SHA512 616e64d80b080d78a6b891b0d6dcbc1a961db63b82de6878922a1ba32e60a49467bcad770b00732a497bf10c8e8f4df1e2f620511930e67cff6201e757f5bb09

/data/data/com.ticketcreator.barcodechecker/databases/com.google.android.datatransport.events

MD5 580f5af0d4cbdf0954055a923d15bf00
SHA1 5a2c5aa1c420b8f636977032a8190af9867a19f3
SHA256 38c15744dda9bda1f819bec8b9e80ee2956f8035e6ff937a285143431664c17d
SHA512 9069d9b230e5abd8e6affbbfe654d034c27b851cea5ef29d48c3ec57836739aa68754ba7264ac785f85f0d52511fec2cdf3adbe940aec0de31fa0b23b3b24841

/data/data/com.ticketcreator.barcodechecker/files/.com.google.firebase.crashlytics.files.v2:com.ticketcreator.barcodechecker/open-sessions/665D079B009B000111AD86DEDC9E04F6/report

MD5 6d28277f5b86c6312149036c93f4f8fb
SHA1 8ea8058fdcc97ea0417e0d0b2f5684e5d32806b1
SHA256 1d258da4141ab0f74e04f0c55052a7e8c75f44a4aad709f017f71a836e4105c3
SHA512 79112e440dad64f30e9e670ffd2170df9eb555d4cd4074728d250576980f22f77aa47b0331e11e20a5b93cdffde1fc8e2a977c134d47739ff523561d5dcc4d29

/data/data/com.ticketcreator.barcodechecker/databases/com.google.android.datatransport.events-journal

MD5 3244f3e42df493d55d5128873fb4d2a3
SHA1 7a254d428333c8b69ce132772dfbb0f11bbb7fec
SHA256 7cf1ab6cf30025bad1e958281426b23c35d614d65360400394fca3735ea86d73
SHA512 108699f513c6ea2b7e6bb4e09fd9ba86450b995a234e5cd081fe016ab6cc1661f353c432ac4ffed5b477c12ee0db5800bef066e7070b366f8bb8864332c5bc4c

/data/data/com.ticketcreator.barcodechecker/databases/com.google.android.datatransport.events-journal

MD5 c0622796a89faaf9f1bf5b5179bf7916
SHA1 fc0787748760e8c5f5cd07fd379f49b8bc898a2e
SHA256 d9d493715b9be2137a1119efe65ff9e677398c256c9911f53f519cff21b93e04
SHA512 2692e879e1e23b65ce2ae4f8f74c972ec841be3a8bed34d55c40d376e12f39a252bc7b664c1ec07418167efda8483d43e74fc4aeeea313052ce630f984b61fcf

/data/data/com.ticketcreator.barcodechecker/files/.com.google.firebase.crashlytics.files.v2:com.ticketcreator.barcodechecker/com.crashlytics.settings.json

MD5 35f8f84095b6fa002dde50be2fb90d11
SHA1 eb09741629491a9337da4d96ca835c3c745e6932
SHA256 c6527525cc0ba00900f2fb5b70aa52663c12a70c075b2ebe476e55d8362c7301
SHA512 62cb617de7b8afac78a0b0eef221a8c0086e9f138fafebd45bb420997c04afa88e3fc23a45db98a67ea355d6f52c52ec6627900c63f91f81e279b50da243d9b3

/data/data/com.ticketcreator.barcodechecker/files/PersistedInstallation9088641574894224754tmp

MD5 43fd5d166ebb324fa11e50bdf6374dba
SHA1 aac391eda5879618552e79d18767dacc496863df
SHA256 215d68f55204f80458227ffd802032f80eaf5f660ff4b2e052937134d2eb1dcd
SHA512 62d1042de00c5ef564a33668080afbcf154f0569969884f18cec4fcb18d1d7b76e21525c49db0feb033580b21ff08a1bb19f29e1cf22b5edd007acf67abd4507

/data/data/com.ticketcreator.barcodechecker/files/uid.txt

MD5 61d4bb5ae1eb2f214043589bbb67552e
SHA1 741cc61ff93dab53891bf4ece6c9c3cea0ee8a65
SHA256 80534f3b8e83dc18113b51b2e5ef54eb1d9e5a7dc72e0eef9c1ba95c2e000338
SHA512 bf894577729e241cf988c0863138e1280f4279b7783ce67a9432cfc32b708fdaf267dbf1d06bfc0064f5d59928b8e28f27f61422f1538ce143492af7d224a3c4

/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db-journal

MD5 c441d8a308f125578b1534151002a89b
SHA1 6f837f6539eb774354bd6a9d78ed5354435e7d49
SHA256 5751e3832508fc50fc1ec78c98070bcbd7456db43bcccc3f0cc7681432d2440a
SHA512 fe08cf983ec9496e4d3a4821d943dc85798b4ba7e95581d5fc3a496df573585290d826eed8e4f8e8b95d5f6a8b05a2cdac84d1b5e58944dcbd494eeaa3fc087d

/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db

MD5 d9cf75fdd1c2292d986f6c3d5d60f2c8
SHA1 07ecb1d3a26d952ae5fecf54f36699ab498510b1
SHA256 2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a
SHA512 442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db-journal

MD5 f575bf7dd223fae62dc3ec6014bfcb7e
SHA1 f39fe2a574e2a2a10f822876ebb6bf5cb4ebbd3a
SHA256 63515f20950ace7dcec84de4f9c249196d106f5f8d3873e9f87cd34f529ec43a
SHA512 84a011affe1e018383e162ccfeb775a200775941187f7bb280d961834c25a49a03b02c331b48d2ac646b94e80eac81a5ecceda09532d7a972c13ef60cf114bf8

/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db-journal

MD5 fa0c01b781c36d71dd826047dadb3a33
SHA1 715732c4c69cefc7f1b1e283055e8e89abb9652e
SHA256 5614dbc65b5396e9be33437f214576d272927df5ba61555e49bf83f275a07757
SHA512 607db2771f7356a24dad7b69c8aaab22da3418669968589bb964eb1e08e294d82b1345574b300a6c3e73a4236d4db92f2a64f80b1893d381f6d8ffbc98b272b2

/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db-journal

MD5 e1c8117fae6f1b9a59fc4eb5388bb1d4
SHA1 70fe1dd9fddf3ea3dae24dcb0635eb893c60625b
SHA256 c82e8ceb37461929ac6b96c62bbdf1172512596343aca6fa81b54199d0262f53
SHA512 d61e7e449b3cdcac7a1994fde72efa022cb097c136c69d91957774ec51f779a435a08e4f16ea7f00091893b69885d840211677cc71b55c0f9d3dd053c2cfad7a

/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db-journal

MD5 efa3b74f0285f58bf5fbf4aadb4941c4
SHA1 d94d55950ed8d746d7fe75bc7171516995717264
SHA256 fec5bd4eebf2cbd451a5ca7822be3e2f4aa602ca79496f2609a00e79c5e74253
SHA512 c22aff45f425007900ed7be8110b469ece9ecdba70a3a31e5f3f36b90ee5a7256c15d50cd993b30ce431673ebcb63803976dc9d29943d65f1f3d21e21045eb50

/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db-journal

MD5 8744dbe6154295bcbfdbb6be929f98f9
SHA1 727145af04773e98af7e51a551d1e43cb5cae20a
SHA256 7d2ded4e8c6c00ad68db2dca529af8a4e683dca879635e0488ff3e9ca15e0598
SHA512 586eaa0243f24dbd9cf7b540d36bde12be16e5fd5a6e4f8f7861e0896a06d04c93ceca9f38ea6c0b5fcd7a15e54c6d4e74a70e2252f48fcf9c547a3e5f666bec

/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db

MD5 1c2ce57c1ab66ff75fa9bb02ae2e1ec2
SHA1 941525d8671929dfcd9479c103a39ad963775006
SHA256 34654bdd83ef6b33c902e06e3b50e080c9454446e27c88441b9cf878413b3342
SHA512 756250937c59d47b40a0d16c0d948c5308689508a4a9257291752d15f79f788e2e717d50305a14e5041ebdba748209eafaf91bc23f11dd9f9a99e3f78d7b0dde

/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db

MD5 f4eebde434ea05fb8a6aea355f40ca48
SHA1 c65a762c80fcbd2ce4b5ad5e00affd78f0e4fbd0
SHA256 041f9a89ef2abd27d52c4dea017a994de8ffa61221c8c50b4f712fd6023a2ef9
SHA512 a3d8bf38e1e2cc9f8c962d3bf114aa61718276bb117a41bcbe0c681f913bed77d126a746b941fc562062b6eb10bd36129314c6e1d011642cebdce50ed327a4e1

/data/data/com.ticketcreator.barcodechecker/files/.com.google.firebase.crashlytics.files.v2:com.ticketcreator.barcodechecker/open-sessions/665D079B009B000111AD86DEDC9E04F6/userlog.tmp

MD5 c33583fae4e0b61cde1c5b9227963237
SHA1 fe2ebe4d27469af1460f7e852031a04208ef629b
SHA256 35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512 fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

/data/data/com.ticketcreator.barcodechecker/files/.com.google.firebase.crashlytics.files.v2:com.ticketcreator.barcodechecker/open-sessions/665D079B009B000111AD86DEDC9E04F6/userlog

MD5 7853fd6578cb5e67e46993fc1c3bcda1
SHA1 169fadd58ff5d5278ccac7dceec27b41c2b389e6
SHA256 7c6cf429b2e1f5592cf26e776af62b0a04bf1d029aa3b4c1bfbca00068d6d8a8
SHA512 3bd12770c641add48f6bfa2dcb3cc0246afe8d422c17d50b26daf283e7e1b27629d63c5b19e8ebc57bfa62e5e33d3025763f95a2d01148e98fb34c6803774d58

/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db

MD5 9fbbb1b4ad614d8f5417509abf84d036
SHA1 362b55a3c3d9eff529a12b60b0b68f6cd7719744
SHA256 4dfb4773ddf6760af3d7f04d3fb705d1f00a9e2f6aa3240880a1c01c5c1c6f3f
SHA512 3c68fbf927fc97e294b353f30b636fe15eb1866448affe10c0f15a170a0cdd041bc43644415e2b076ed838aebbc88cf6bba83d08226d478de63b6ddf166a0722

/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db

MD5 3fcb2c164a61190fd6b3632d42a0c438
SHA1 8b8a63312ad0cce6ddcff574e81e3e30234e1573
SHA256 e8c43b5ec11a5850720eb7dc3b60b007907429f004b013b1a14c1ff732943d02
SHA512 4d390f4caa5a7b0245fe2a9aa7c079356729e877f9ef9256f654cea1b8eec79de939abc323bc94beef219487af0d58771f18fedc7db557e1f81d00536dcc6f58

/data/data/com.ticketcreator.barcodechecker/databases/google_app_measurement_local.db

MD5 de82e2c94d2718988804b035a46d17b1
SHA1 705f5ff19093ad209f2a666085d6ccaed3bf58a4
SHA256 29110e626f8f49171d14a819b34492d094120f21ed7a963007fe95439d771d39
SHA512 68f5f88e638e76cb5036dad6b320896f1735f64067ace152e0baea81e9ea0d153559f53bd5c608b397281369dafd14c5f5965f92f567dc89db157414a699023e