Analysis

  • max time kernel
    133s
  • max time network
    158s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    05-07-2024 19:39

General

  • Target

    d75f907f12aa1c8b3b48c58ae65a23d9c7f7de2e06badb122c625d2916a3a0b5.apk

  • Size

    574KB

  • MD5

    82267a649aa0a1dbaea09a422f292fdf

  • SHA1

    f24dd169c52754e21d261e173327313ad66518ca

  • SHA256

    d75f907f12aa1c8b3b48c58ae65a23d9c7f7de2e06badb122c625d2916a3a0b5

  • SHA512

    0ec7a1a74d98274c984506119fb3c8faefb6c530995f3b667b0658b30dda9ced5b9200a3b2df9addffdefe1605e6ea58042389af99b2f30def7c5417b96bf93a

  • SSDEEP

    12288:aNSDw+uaAoPekatn0k661r5lMZRgJtxgKH3obMITiyLU4:XDu+ex0k661tlYctxJgg4

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 2 IoCs
  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
  • Queries information about active data network 1 TTPs 1 IoCs
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
  • Reads information about phone network operator. 1 TTPs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.cover.the.dumb.roll
    1⤵
    • Removes its main activity from the application launcher
    • Queries information about active data network
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks CPU information
    • Checks memory information
    PID:4253
  • com.cover.the.dumb.roll:Metrica
    1⤵
    • Checks if the Android device is rooted.
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4288

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.cover.the.dumb.roll/files/m

    Filesize

    32KB

    MD5

    bad63b7007e000ffea19b1b2a6386fa1

    SHA1

    ac71488d04f9ca5b7872747fda5d50c59f448410

    SHA256

    4bf43ff10913f93fe97f12bc09cd48eac0a5f89e5293f458511dd22425aee213

    SHA512

    61a19f9865d7f13ddc84711f6a5d5e78a78f32681d15dcfddefc602d9b22855714fe1271e6596625df7753063df0e6918fd10ba8fe0f3bce941525ea58b2fa89

  • /data/data/com.cover.the.dumb.roll/files/m

    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

  • /data/data/com.cover.the.dumb.roll/no_backup/credentials.dat

    Filesize

    226B

    MD5

    597fec8c0cae6f8d35a643df902321a7

    SHA1

    bf6bf88be7d7872b29df2b87872e68ae89e59afa

    SHA256

    d285fdc8d89b7c2fe9cafc3dece74b6251aa10e03cdb41fd4f05bc0d6cf46320

    SHA512

    6462f8d34d438593140b6c47b38f282e2e7f35e952e638bcb48596689539d4f1a5797f62850cdce3c2d7a191eacac6fd8f752d5e7a1a845576c282fc3ca163c8

  • /data/data/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll-journal

    Filesize

    8KB

    MD5

    0d35c7dbab747cb499392fde0166f00d

    SHA1

    14fcb3e558d6586b04a9d5398f8ec5a90f53d1c3

    SHA256

    caf1ec29a86e3d0fb9f7de45b0dd11b2949f9c52cb69eab8a27abd1d68651a18

    SHA512

    7f2366eeb1bea51a376b2be3792fb794e0603ac203fb81e12d5a4164dc2551015a74a8656a66c9e510540747a23c18d423c11ce0c2833ac87cfd08d0fa75b1e7

  • /data/data/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll-shm

    Filesize

    32KB

    MD5

    e1f3c907a4628d27d3c90cb8f98e43d2

    SHA1

    f5a7bd7feec4f681e00afeb555d1241a66bf4c74

    SHA256

    c65466382ff7716f7eb535f7034c4eeb280ce0f1bbeae1420ec3e5839cc2c8d0

    SHA512

    ae26a731ef63cf3e9b2fbfca1d36dfa9c3c6d97ce79479cebcd80eb6a1e4125284cc0e1b7a87a1235f2a8c88c05b899dbd5aa7c5be68d04baf437e853946a4e5

  • /data/data/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll-wal

    Filesize

    382KB

    MD5

    36365e9764c96b5b8fc950ee76ec697c

    SHA1

    8917d218247e3f1df09bc979de772fa34c181e20

    SHA256

    7f6e76d372d7e6b9da00d3c1182ce2d52cda7e7776312a58ad837ba775b2ec1d

    SHA512

    8593269f5d35d25096d8eabf4018d553ff73b8926f20505ecbc5de00540040f6d63652e5a9f8c6d380e7ff4ecb4caa8229e4127e03083da37586faadebe72188

  • /data/data/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180

    Filesize

    20KB

    MD5

    4e3154332b5c667487aa79ae51f6c9cd

    SHA1

    8359ad76752e35fd787be08d189f3de79222001c

    SHA256

    17e3bf844b56114128dc9d93d090b98be462453a5a0f04ea79696f6451ea3b63

    SHA512

    6414f3cc23ae0920e7a104b83ea4ab5d8224a85db8d181e57b3acefcedaab19d18096bb20c7a17d58f2b83f7dbba848e20d723a977fd2db67bc8c199f4394c8e

  • /data/data/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180-journal

    Filesize

    512B

    MD5

    1d1803804d56759bacceb4d954757725

    SHA1

    03b6bb98b67eb25e63a7b2175d32582440f0df8b

    SHA256

    81530bcef4fa47848d6bfdd147bc59b15300b72656c7b8700994b5a2a3831e26

    SHA512

    37ec932a4bcca1acde4e9e5cc8f803ad493e1ee27919824fb7339143e027fb5e42c2f470cf53d5755ccd7d32551d57b8065329d97add449d9c30e602774832e0

  • /data/data/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180-shm

    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

  • /data/data/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180-wal

    Filesize

    177KB

    MD5

    7e826601cafe1ce21a637b94fa79855f

    SHA1

    1a4f6ae9ccc8eddd2059c7910162494c9989e19b

    SHA256

    2591a39b0e0997afe2d294d0205c4fee5c57c0fa731c63df971c6db6d56b471f

    SHA512

    9c1ed9afb4f469e3744978e313c10832a867126dd0fc399b1e89b539ceff70ec7bc99c8e281418e7725eafdb3b3fb6a930febe003cda7273a3a9720d91abeeff

  • /data/data/com.cover.the.dumb.roll/no_backup/metrica_client_data.db

    Filesize

    20KB

    MD5

    ac26a375d5d673c2a7b39bbe42efacaa

    SHA1

    a7384db83f153cce2cdd67a97a20df068f6ecd67

    SHA256

    001ea8b38280af72e70a8168524cfb2b07a711040948397d36fcace03b593716

    SHA512

    45e1842b55ebab067e53fb3c6ab880c0a652a951f26c1cae5363f429207db5f1aa56c821e89973612b73f9c0d186561221b6129db22e447ccd421b40342dd6bf

  • /data/data/com.cover.the.dumb.roll/no_backup/metrica_client_data.db

    Filesize

    20KB

    MD5

    e2c33bc8cd931a7e4df735151888e552

    SHA1

    3a48ed99ec2d0f06c2fa624e0a2e43a158e748c0

    SHA256

    e241eaa434700b27c0929e27f271cb7df798f1d5ace868c510525ef4bd7f33be

    SHA512

    b41a12fbab66a720153b7bb5d44655293476e2ecc2e1e67cacdb74bdafd4a94abc5f9cb86cf00efc278802f1d840a1ca438aae43ef92fd298fdddc89b9040b6f

  • /data/data/com.cover.the.dumb.roll/no_backup/metrica_client_data.db

    Filesize

    20KB

    MD5

    f6704c63d411892d3a4091c3399bf2b2

    SHA1

    57d772c8e9648661268a40aa735af2cb9269876f

    SHA256

    9a0d42eab16a081bd1fe9afde65470b0769613aed55408abefbf8666cc0ddebe

    SHA512

    4f6c32d47eba3a4fd8681aeb2f65a7c1cd83ae0c95becd2048b657da48c5191b05d3bc6a5aa494f37dd027d523be06745eb78a0cb9ff16fccedbe3577c617e6d

  • /data/data/com.cover.the.dumb.roll/no_backup/metrica_client_data.db

    Filesize

    20KB

    MD5

    245b6129fa3dbf20b1bb6ea61fc1d680

    SHA1

    0531d7e7556493d23db8b357cc2b108426ce0ac6

    SHA256

    89b5bf4af5c3363e59aee1110ea8dc42ffab0c8992376a04596a3e05c988c55f

    SHA512

    6d8db939e65d7f9103ae30f8c52ad3d1a5551f9209877345e83ed96201e593ec7c04c8cccc1970bfdd995074c7a1e4b877a50b8434be988c50e02d3749b34571

  • /data/data/com.cover.the.dumb.roll/no_backup/metrica_client_data.db

    Filesize

    333KB

    MD5

    233853cff26ae5bd6bdad6c7a72e9306

    SHA1

    d8824c6a3da75c1876fb39bb6bd243d847c558f2

    SHA256

    8f11aa3591d0bee430b12cf4b391612dc81b1c72b6b5991f4f08bfaad9ec8754

    SHA512

    76c1319aab814ba5f6d2abe2f849093eba377b44ca0a83a3358020403d428daefbf33bd3b5937ef50941dbacd2b8165c9eb1e4cf4af7d5887b99cc81d47a9784

  • /data/data/com.cover.the.dumb.roll/no_backup/metrica_client_data.db-journal

    Filesize

    512B

    MD5

    e623bad2722635dd2f8bd5e6a77e5c95

    SHA1

    2ab8c8d83656d39f6070c83addd5657d3748f86f

    SHA256

    34695aed3daa58d863ca8d22144e47ead821f5041e4ab53b17ee22abb21be5ca

    SHA512

    a7f97af4ceaf3707858444535aa71bae6718e3bd7538ea723a615905c4967ff119952a98a25f939ef0f2a1862ced8e90099c5bcfbed4672b8968adb0443dda82

  • /data/data/com.cover.the.dumb.roll/no_backup/metrica_client_data.db-shm

    Filesize

    32KB

    MD5

    1c4274aa7a9a5cac8c6d1df71e4588c6

    SHA1

    abaecd685e01cc68801292e3dc7085654a22feba

    SHA256

    3f6cd5f480ae69859b7841450f3d032c528ba385ebf9f371b9c8fdc6eb4231be

    SHA512

    1adb95935798607bd36cedcd183924d3068f50097d017b278da7caee7771532b61ec3606f6189b6dec8426eb038fe40be75079ce35894b1a8e0d1d815261150c

  • /data/data/com.cover.the.dumb.roll/no_backup/metrica_client_data.db-wal

    Filesize

    8KB

    MD5

    f77a33da1bea7276892c4223165d1faf

    SHA1

    558c8fb8c5d534f841780cdbac124ab218db21a6

    SHA256

    88ab6562cc06e9d93e9a585f96456c4ef8859c95953093940a0d2426b9f176c9

    SHA512

    f256e1c5af68d576f0fc2a0c7f1bcc0a34dff2f2220ccd3de42d49f048c7b6ee26e1e1daceb574bab3371420e4d177d10b5de59d0aeebf5f9a009c11bbdf564d

  • /data/data/com.cover.the.dumb.roll/no_backup/metrica_client_data.db-wal

    Filesize

    8KB

    MD5

    4ba5be0e5a5ad8bd7d016653375acda2

    SHA1

    c186dbdda9d0728d588455f2687f56d5104674c5

    SHA256

    0faa6a15bdc6959803fbd09d5c0aa93a0f6444cfa9f62e3bc43a8007f4013bae

    SHA512

    c37c4737e28413d697198520dc3b8406227fcb76981c3b9854ffc7e7179d8a96f3570a14edec22824ecbd00ad6712e2b746e1f8b121029a66c5ba7e326fca5bb

  • /data/data/com.cover.the.dumb.roll/no_backup/metrica_client_data.db-wal

    Filesize

    32KB

    MD5

    54207cab17db4cd9ef67ee2c2c8601eb

    SHA1

    0bc26389265cc754104a9a20c771ab2f57a98e8a

    SHA256

    8f8b99303bc75b06e230e4b1630f69ec6cbe4863bad16f5ab77cd435e5ccf174

    SHA512

    7e16057f31b875a40e22232fca9d9de4daed4a83d350cb000c8cc8d19c1b83a137b14ea4451fa9898f78eeb947007c37a090b3f192377151b0188c20aef820bb

  • /data/data/com.cover.the.dumb.roll/no_backup/metrica_client_data.db-wal

    Filesize

    8KB

    MD5

    033542421abf51826e71868164974bf0

    SHA1

    5cb9181999916efca2dce922fab15b22ab512b99

    SHA256

    0c08f2caa2ed5c8c077f71683bfcc03618290176c39403bd623e3ced75563cc1

    SHA512

    c3bddd03b0211ab4d42582c4f624200b09a189f5e65a4cae504f6ae228370837e6736d2cb4d0af025c95e044f0bc56b352a9e17f4f20fd80f2e48381c24d886b

  • /data/data/com.cover.the.dumb.roll/no_backup/metrica_client_data.db-wal

    Filesize

    20KB

    MD5

    6784b2a00cf458850799d1f3d2992a1c

    SHA1

    525528ba816ba9e4464dc10ebe38f6c1e561f591

    SHA256

    79c780d4546f27bf3e365a80bdcc63035c56c2ace84e200d1da1439244a4e5ba

    SHA512

    14f448ead5a3dbfdbd8393baf93b84df8a75b46b4bcccd28daa8fb23560319abcc00cf09ae3838c415ce8e1389fa9682c673fea84111b18d5cad55f302798b72