Analysis
-
max time kernel
133s -
max time network
158s -
platform
android_x86 -
resource
android-x86-arm-20240624-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system -
submitted
05-07-2024 19:39
Static task
static1
Behavioral task
behavioral1
Sample
d75f907f12aa1c8b3b48c58ae65a23d9c7f7de2e06badb122c625d2916a3a0b5.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
d75f907f12aa1c8b3b48c58ae65a23d9c7f7de2e06badb122c625d2916a3a0b5.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
d75f907f12aa1c8b3b48c58ae65a23d9c7f7de2e06badb122c625d2916a3a0b5.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
d75f907f12aa1c8b3b48c58ae65a23d9c7f7de2e06badb122c625d2916a3a0b5.apk
-
Size
574KB
-
MD5
82267a649aa0a1dbaea09a422f292fdf
-
SHA1
f24dd169c52754e21d261e173327313ad66518ca
-
SHA256
d75f907f12aa1c8b3b48c58ae65a23d9c7f7de2e06badb122c625d2916a3a0b5
-
SHA512
0ec7a1a74d98274c984506119fb3c8faefb6c530995f3b667b0658b30dda9ced5b9200a3b2df9addffdefe1605e6ea58042389af99b2f30def7c5417b96bf93a
-
SSDEEP
12288:aNSDw+uaAoPekatn0k661r5lMZRgJtxgKH3obMITiyLU4:XDu+ex0k661tlYctxJgg4
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
Processes:
com.cover.the.dumb.roll:Metricaioc process /system/app/Superuser.apk com.cover.the.dumb.roll:Metrica /sbin/su com.cover.the.dumb.roll:Metrica -
Processes:
com.cover.the.dumb.rollpid process 4253 com.cover.the.dumb.roll -
Queries information about active data network 1 TTPs 1 IoCs
Processes:
com.cover.the.dumb.rolldescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.cover.the.dumb.roll -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
com.cover.the.dumb.rolldescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.cover.the.dumb.roll -
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
Processes:
com.cover.the.dumb.rollcom.cover.the.dumb.roll:Metricadescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.cover.the.dumb.roll Framework service call android.app.IActivityManager.registerReceiver com.cover.the.dumb.roll:Metrica -
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
Processes:
com.cover.the.dumb.roll:Metricadescription ioc process Framework service call android.app.job.IJobScheduler.schedule com.cover.the.dumb.roll:Metrica -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.cover.the.dumb.roll:Metricadescription ioc process Framework API call javax.crypto.Cipher.doFinal com.cover.the.dumb.roll:Metrica -
Checks CPU information 2 TTPs 1 IoCs
Processes:
com.cover.the.dumb.rolldescription ioc process File opened for read /proc/cpuinfo com.cover.the.dumb.roll -
Checks memory information 2 TTPs 1 IoCs
Processes:
com.cover.the.dumb.rolldescription ioc process File opened for read /proc/meminfo com.cover.the.dumb.roll
Processes
-
com.cover.the.dumb.roll1⤵
- Removes its main activity from the application launcher
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
PID:4253
-
com.cover.the.dumb.roll:Metrica1⤵
- Checks if the Android device is rooted.
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4288
Network
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Scheduled Task/Job
1Defense Evasion
Hide Artifacts
1Suppress Application Icon
1Virtualization/Sandbox Evasion
2System Checks
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
32KB
MD5bad63b7007e000ffea19b1b2a6386fa1
SHA1ac71488d04f9ca5b7872747fda5d50c59f448410
SHA2564bf43ff10913f93fe97f12bc09cd48eac0a5f89e5293f458511dd22425aee213
SHA51261a19f9865d7f13ddc84711f6a5d5e78a78f32681d15dcfddefc602d9b22855714fe1271e6596625df7753063df0e6918fd10ba8fe0f3bce941525ea58b2fa89
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
226B
MD5597fec8c0cae6f8d35a643df902321a7
SHA1bf6bf88be7d7872b29df2b87872e68ae89e59afa
SHA256d285fdc8d89b7c2fe9cafc3dece74b6251aa10e03cdb41fd4f05bc0d6cf46320
SHA5126462f8d34d438593140b6c47b38f282e2e7f35e952e638bcb48596689539d4f1a5797f62850cdce3c2d7a191eacac6fd8f752d5e7a1a845576c282fc3ca163c8
-
Filesize
8KB
MD50d35c7dbab747cb499392fde0166f00d
SHA114fcb3e558d6586b04a9d5398f8ec5a90f53d1c3
SHA256caf1ec29a86e3d0fb9f7de45b0dd11b2949f9c52cb69eab8a27abd1d68651a18
SHA5127f2366eeb1bea51a376b2be3792fb794e0603ac203fb81e12d5a4164dc2551015a74a8656a66c9e510540747a23c18d423c11ce0c2833ac87cfd08d0fa75b1e7
-
Filesize
32KB
MD5e1f3c907a4628d27d3c90cb8f98e43d2
SHA1f5a7bd7feec4f681e00afeb555d1241a66bf4c74
SHA256c65466382ff7716f7eb535f7034c4eeb280ce0f1bbeae1420ec3e5839cc2c8d0
SHA512ae26a731ef63cf3e9b2fbfca1d36dfa9c3c6d97ce79479cebcd80eb6a1e4125284cc0e1b7a87a1235f2a8c88c05b899dbd5aa7c5be68d04baf437e853946a4e5
-
Filesize
382KB
MD536365e9764c96b5b8fc950ee76ec697c
SHA18917d218247e3f1df09bc979de772fa34c181e20
SHA2567f6e76d372d7e6b9da00d3c1182ce2d52cda7e7776312a58ad837ba775b2ec1d
SHA5128593269f5d35d25096d8eabf4018d553ff73b8926f20505ecbc5de00540040f6d63652e5a9f8c6d380e7ff4ecb4caa8229e4127e03083da37586faadebe72188
-
/data/data/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180
Filesize20KB
MD54e3154332b5c667487aa79ae51f6c9cd
SHA18359ad76752e35fd787be08d189f3de79222001c
SHA25617e3bf844b56114128dc9d93d090b98be462453a5a0f04ea79696f6451ea3b63
SHA5126414f3cc23ae0920e7a104b83ea4ab5d8224a85db8d181e57b3acefcedaab19d18096bb20c7a17d58f2b83f7dbba848e20d723a977fd2db67bc8c199f4394c8e
-
/data/data/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize512B
MD51d1803804d56759bacceb4d954757725
SHA103b6bb98b67eb25e63a7b2175d32582440f0df8b
SHA25681530bcef4fa47848d6bfdd147bc59b15300b72656c7b8700994b5a2a3831e26
SHA51237ec932a4bcca1acde4e9e5cc8f803ad493e1ee27919824fb7339143e027fb5e42c2f470cf53d5755ccd7d32551d57b8065329d97add449d9c30e602774832e0
-
/data/data/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180-shm
Filesize32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
/data/data/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180-wal
Filesize177KB
MD57e826601cafe1ce21a637b94fa79855f
SHA11a4f6ae9ccc8eddd2059c7910162494c9989e19b
SHA2562591a39b0e0997afe2d294d0205c4fee5c57c0fa731c63df971c6db6d56b471f
SHA5129c1ed9afb4f469e3744978e313c10832a867126dd0fc399b1e89b539ceff70ec7bc99c8e281418e7725eafdb3b3fb6a930febe003cda7273a3a9720d91abeeff
-
Filesize
20KB
MD5ac26a375d5d673c2a7b39bbe42efacaa
SHA1a7384db83f153cce2cdd67a97a20df068f6ecd67
SHA256001ea8b38280af72e70a8168524cfb2b07a711040948397d36fcace03b593716
SHA51245e1842b55ebab067e53fb3c6ab880c0a652a951f26c1cae5363f429207db5f1aa56c821e89973612b73f9c0d186561221b6129db22e447ccd421b40342dd6bf
-
Filesize
20KB
MD5e2c33bc8cd931a7e4df735151888e552
SHA13a48ed99ec2d0f06c2fa624e0a2e43a158e748c0
SHA256e241eaa434700b27c0929e27f271cb7df798f1d5ace868c510525ef4bd7f33be
SHA512b41a12fbab66a720153b7bb5d44655293476e2ecc2e1e67cacdb74bdafd4a94abc5f9cb86cf00efc278802f1d840a1ca438aae43ef92fd298fdddc89b9040b6f
-
Filesize
20KB
MD5f6704c63d411892d3a4091c3399bf2b2
SHA157d772c8e9648661268a40aa735af2cb9269876f
SHA2569a0d42eab16a081bd1fe9afde65470b0769613aed55408abefbf8666cc0ddebe
SHA5124f6c32d47eba3a4fd8681aeb2f65a7c1cd83ae0c95becd2048b657da48c5191b05d3bc6a5aa494f37dd027d523be06745eb78a0cb9ff16fccedbe3577c617e6d
-
Filesize
20KB
MD5245b6129fa3dbf20b1bb6ea61fc1d680
SHA10531d7e7556493d23db8b357cc2b108426ce0ac6
SHA25689b5bf4af5c3363e59aee1110ea8dc42ffab0c8992376a04596a3e05c988c55f
SHA5126d8db939e65d7f9103ae30f8c52ad3d1a5551f9209877345e83ed96201e593ec7c04c8cccc1970bfdd995074c7a1e4b877a50b8434be988c50e02d3749b34571
-
Filesize
333KB
MD5233853cff26ae5bd6bdad6c7a72e9306
SHA1d8824c6a3da75c1876fb39bb6bd243d847c558f2
SHA2568f11aa3591d0bee430b12cf4b391612dc81b1c72b6b5991f4f08bfaad9ec8754
SHA51276c1319aab814ba5f6d2abe2f849093eba377b44ca0a83a3358020403d428daefbf33bd3b5937ef50941dbacd2b8165c9eb1e4cf4af7d5887b99cc81d47a9784
-
Filesize
512B
MD5e623bad2722635dd2f8bd5e6a77e5c95
SHA12ab8c8d83656d39f6070c83addd5657d3748f86f
SHA25634695aed3daa58d863ca8d22144e47ead821f5041e4ab53b17ee22abb21be5ca
SHA512a7f97af4ceaf3707858444535aa71bae6718e3bd7538ea723a615905c4967ff119952a98a25f939ef0f2a1862ced8e90099c5bcfbed4672b8968adb0443dda82
-
Filesize
32KB
MD51c4274aa7a9a5cac8c6d1df71e4588c6
SHA1abaecd685e01cc68801292e3dc7085654a22feba
SHA2563f6cd5f480ae69859b7841450f3d032c528ba385ebf9f371b9c8fdc6eb4231be
SHA5121adb95935798607bd36cedcd183924d3068f50097d017b278da7caee7771532b61ec3606f6189b6dec8426eb038fe40be75079ce35894b1a8e0d1d815261150c
-
Filesize
8KB
MD5f77a33da1bea7276892c4223165d1faf
SHA1558c8fb8c5d534f841780cdbac124ab218db21a6
SHA25688ab6562cc06e9d93e9a585f96456c4ef8859c95953093940a0d2426b9f176c9
SHA512f256e1c5af68d576f0fc2a0c7f1bcc0a34dff2f2220ccd3de42d49f048c7b6ee26e1e1daceb574bab3371420e4d177d10b5de59d0aeebf5f9a009c11bbdf564d
-
Filesize
8KB
MD54ba5be0e5a5ad8bd7d016653375acda2
SHA1c186dbdda9d0728d588455f2687f56d5104674c5
SHA2560faa6a15bdc6959803fbd09d5c0aa93a0f6444cfa9f62e3bc43a8007f4013bae
SHA512c37c4737e28413d697198520dc3b8406227fcb76981c3b9854ffc7e7179d8a96f3570a14edec22824ecbd00ad6712e2b746e1f8b121029a66c5ba7e326fca5bb
-
Filesize
32KB
MD554207cab17db4cd9ef67ee2c2c8601eb
SHA10bc26389265cc754104a9a20c771ab2f57a98e8a
SHA2568f8b99303bc75b06e230e4b1630f69ec6cbe4863bad16f5ab77cd435e5ccf174
SHA5127e16057f31b875a40e22232fca9d9de4daed4a83d350cb000c8cc8d19c1b83a137b14ea4451fa9898f78eeb947007c37a090b3f192377151b0188c20aef820bb
-
Filesize
8KB
MD5033542421abf51826e71868164974bf0
SHA15cb9181999916efca2dce922fab15b22ab512b99
SHA2560c08f2caa2ed5c8c077f71683bfcc03618290176c39403bd623e3ced75563cc1
SHA512c3bddd03b0211ab4d42582c4f624200b09a189f5e65a4cae504f6ae228370837e6736d2cb4d0af025c95e044f0bc56b352a9e17f4f20fd80f2e48381c24d886b
-
Filesize
20KB
MD56784b2a00cf458850799d1f3d2992a1c
SHA1525528ba816ba9e4464dc10ebe38f6c1e561f591
SHA25679c780d4546f27bf3e365a80bdcc63035c56c2ace84e200d1da1439244a4e5ba
SHA51214f448ead5a3dbfdbd8393baf93b84df8a75b46b4bcccd28daa8fb23560319abcc00cf09ae3838c415ce8e1389fa9682c673fea84111b18d5cad55f302798b72