Analysis
-
max time kernel
133s -
max time network
156s -
platform
android_x64 -
resource
android-x64-20240624-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system -
submitted
05-07-2024 19:39
Static task
static1
Behavioral task
behavioral1
Sample
d75f907f12aa1c8b3b48c58ae65a23d9c7f7de2e06badb122c625d2916a3a0b5.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
d75f907f12aa1c8b3b48c58ae65a23d9c7f7de2e06badb122c625d2916a3a0b5.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
d75f907f12aa1c8b3b48c58ae65a23d9c7f7de2e06badb122c625d2916a3a0b5.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
d75f907f12aa1c8b3b48c58ae65a23d9c7f7de2e06badb122c625d2916a3a0b5.apk
-
Size
574KB
-
MD5
82267a649aa0a1dbaea09a422f292fdf
-
SHA1
f24dd169c52754e21d261e173327313ad66518ca
-
SHA256
d75f907f12aa1c8b3b48c58ae65a23d9c7f7de2e06badb122c625d2916a3a0b5
-
SHA512
0ec7a1a74d98274c984506119fb3c8faefb6c530995f3b667b0658b30dda9ced5b9200a3b2df9addffdefe1605e6ea58042389af99b2f30def7c5417b96bf93a
-
SSDEEP
12288:aNSDw+uaAoPekatn0k661r5lMZRgJtxgKH3obMITiyLU4:XDu+ex0k661tlYctxJgg4
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
Processes:
com.cover.the.dumb.roll:Metricaioc process /system/app/Superuser.apk com.cover.the.dumb.roll:Metrica /sbin/su com.cover.the.dumb.roll:Metrica -
Processes:
com.cover.the.dumb.rollpid process 4970 com.cover.the.dumb.roll -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
Processes:
com.cover.the.dumb.rolldescription ioc process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.cover.the.dumb.roll -
Queries information about active data network 1 TTPs 1 IoCs
Processes:
com.cover.the.dumb.rolldescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.cover.the.dumb.roll -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
com.cover.the.dumb.rolldescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.cover.the.dumb.roll -
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
Processes:
com.cover.the.dumb.rollcom.cover.the.dumb.roll:Metricadescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.cover.the.dumb.roll Framework service call android.app.IActivityManager.registerReceiver com.cover.the.dumb.roll:Metrica -
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
Processes:
com.cover.the.dumb.roll:Metricadescription ioc process Framework service call android.app.job.IJobScheduler.schedule com.cover.the.dumb.roll:Metrica -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.cover.the.dumb.roll:Metricadescription ioc process Framework API call javax.crypto.Cipher.doFinal com.cover.the.dumb.roll:Metrica -
Checks CPU information 2 TTPs 1 IoCs
Processes:
com.cover.the.dumb.rolldescription ioc process File opened for read /proc/cpuinfo com.cover.the.dumb.roll -
Checks memory information 2 TTPs 1 IoCs
Processes:
com.cover.the.dumb.rolldescription ioc process File opened for read /proc/meminfo com.cover.the.dumb.roll
Processes
-
com.cover.the.dumb.roll1⤵
- Removes its main activity from the application launcher
- Obtains sensitive information copied to the device clipboard
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
PID:4970
-
com.cover.the.dumb.roll:Metrica1⤵
- Checks if the Android device is rooted.
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:5009
Network
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Scheduled Task/Job
1Defense Evasion
Hide Artifacts
1Suppress Application Icon
1Virtualization/Sandbox Evasion
2System Checks
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
12KB
MD55ec22ed4accdcf6733f9f1b1c15b554a
SHA1e1963d6602c7572345cfc0c6228007664a07ff24
SHA25639b6595378fef8f78fe049b9d0653c687a6aa20668ffca6940275eb60785aae4
SHA51252e6b71a6ee7264bf536bc1fb8c75904f228c18bc633b82ac17f1de2f73691dc6bedcfac724be653c962c3d969f2626435cc5e2d3416ca268398f285afb30fb0
-
Filesize
12KB
MD5eeafb5a5ea9f96c8dbfa3def21db8a5a
SHA1664e31c09b0710c8d9a21c4d786fa3eec807043a
SHA256120700f6bf6f70615787a90c0c50be353eed856120022ce9b592a670f0de735b
SHA512f9420bf17a299fde813b06feebb5e521e88d736f3ddbdef96c13c120fa3d86154891f4545e26fde804404f150e7b61d5124b413b7193af63cb161ee7f8e8c27d
-
Filesize
226B
MD5f23dbf1922594711bdf205f7fd38944c
SHA13aee42a1a3f343866fa3703594017e1a2bc19b2c
SHA256b5da7346095edff5163806803b9e47a509a39abd7f73e47fbdd4360fd17806fa
SHA5123a498bf61493b776e641a038239cfc411f65682997c48aaa2efa790ee8cd37bc725bca3fdf71cdecf06fbaf89a44ce46484e5b166ff2ed68ae7e4bbfe207850a
-
Filesize
36KB
MD535d8c8b99431c074ebcb1f0c65dd36a5
SHA1d287a5e58c2a7899f9efb3efc346bf719c4decad
SHA2562d5984b0b75978f7dfe533159c36cad9ea46d545969f8cee909071d0d3de79e7
SHA512c10c955fdaa041698b3d9e182433c5d556e6312c0e7848fb4ea7547d960fba95e4318450f79246ebee5c47d54b81cf509eeb9f05f612d50d858d684119312a35
-
Filesize
20KB
MD574b99e9c3b5289fe9c7613c3dba3b570
SHA1d3488ff947f5561125d14e0cf3739a86715c2a3f
SHA256d3e93047b08ac3aa14f609bcc8b0923c0401966c97ef3a84201dcb211dde57c7
SHA512679b8bb22e3adac6ea92d138c49a61c5d0e49fe958024c2907fd8a214301b8e5975e93f71833eab24718c1f2fd3b6cb8a73a709155944c27af8753c1f9b49cc5
-
Filesize
8KB
MD5193bd897eba4269ddba146cce8d068e5
SHA1fbc2da50a48372359809ce8c3fec2172030884aa
SHA256925ad6a287e5ad0fa077b4cafe5d248d276263f89f11ae12aa33f263910a1c0b
SHA5125c2714f8439bfb4e7941c23cad8cc62fee538485a05aa2171c39fd1f8081b2556cade17e1386c1c4d17f914eab0d18f15a9b2c098d35ba653c1d605d48efe404
-
Filesize
8KB
MD5de6db0dceca77e25cbb3aaf43344fac3
SHA12a010b2359ab0637447f51b40b6994fc743e7385
SHA25629087927851355aecd8670c0748fa0eb18e0d3af853ae4415f37d684606872c8
SHA51261c2fa78df0639769a7c4929c5e044fa0604f211c1d32e5698f07d504ffdd81657cbe9038a1f9b5589237f69134da7219f94159f924df5c51b251bc29cf6dac2
-
Filesize
12KB
MD5f969d751abb5f4341a63bcdd20c7fba8
SHA1570b0ea62def689e579fa8b3645660a120e9518e
SHA256ca1cd79901491ee170299094956c3361992b63a02c36854edb8247b301ea4380
SHA51283d3bc2c64ba73011330afa61c4699958895ed7ee3e03e9f73f6c9aaaa9ccf2ab10e4f823b0ce2e7006e9ef76f535fc401eb65ca92d8887ae38e1c4a78995022
-
Filesize
12KB
MD56f1395aa0e98402e2a28d3b12c77f72a
SHA13b7b276b18dbd41bbd9391b2b6b53a7bd8af2eea
SHA25695ae04dfbce81aaff1f712421574975e97fc9376f3d9792a6ca3807aead0fd12
SHA5124cd54e49cdae3a634eda362de852877c89f07154b66738cc552189ca66d158d2b54467a6e5246c7dd880407a3058a763dfd48ddf74000da5b9fb7e73a5ece5f9
-
Filesize
12KB
MD5d8238597f1b8a3f8855ef738ab2f242d
SHA1f71d635c37a4497e2d2ba5c5d08ec831ab0d7908
SHA256cdb123c0add00e4dafbf1efad482b3b8be524844707772c52e5c0d65d6208631
SHA5120531482db0b9f9564e18afe8c100e6b96ca733cdb067f14568145ba19febe52100dd766445090b253e00fb4c49330ecfc9ebcfdb294ea73b7b678f230d929943
-
/data/data/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180
Filesize36KB
MD5cacce775688211d197220a164b09b085
SHA159bc9eba2b4130e0e07890b44920e7f75be55ff5
SHA256206ff4bf782908b04860aca525bd58aa50c8c74ebac9904efbb5619a01f30950
SHA512072de07a959e6d7de60203fdf77b5628f247d17fb76c5061183d749a275f37b7e4a53cf2807ddd8878445597c697ddf1fc5b8271503ea808dfd657186d31f543
-
/data/data/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize512B
MD59edd8bd526bf5f9bfd70919e7e07a332
SHA1a6adb22e40c019c0a261781426f1b1c1b8212598
SHA256cf05b76df7473cc254fe97f6207eeca24c0f0e7b3181a6057129bdeb3e6fe594
SHA512fb4cdda429eb0f5b7b67bb9d2f30955caf03eb096aecc01feb8cae794afa1328291e73789d917a4a50d605d6cf1aa75ba0852306d357e442788ccb8013de795d
-
/data/data/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize8KB
MD561ed2fe6b0394f53182d3fa0e2139710
SHA1a595ce7eca8d428be2f47c323347b5c1c8579446
SHA256980d2b5e6769e5e1631a6f9490afeb2758d556ee7754d8ae5cda32ab6d58f7f7
SHA51243b16ad845a46cce2b2f88dcdd9407a1dc5af09b202a08cf218963057d25d92f8bc1e5ea438fdf5cb161fb013a365bbe83ada4699b8e9f5c8d473d5a13722459
-
/data/data/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize8KB
MD58b36ab0ce4f8e6b029872762656c273f
SHA1487ecafd428323fbcecfd0bf4444f4a6e4797cdc
SHA25613526987854b6294817be391dc38a42945c76cbda1d4e6d2b1f96d1f4be0745f
SHA512c33fe7bcf8faf455f89ca2c42ed74c47b3b90090da33749b96ba0b541875a6bfabeba1fcef0c712eab37d0fe2d2c0723f7f2623beed2d1725c07c1805629d2ca
-
/data/data/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize12KB
MD5fc13d94f53bf767eddc04f0e8e7f19a9
SHA19af5e7d36c1733b6ed3d3bf298774613e6320534
SHA25633b46a251e3cc914c1f89d53473f69a646fd32153ae8a996f1381b9b8fed1bc6
SHA51235a1197d54486653ba26c2a7e43059f282277024c72d9e2795a755b603188a29edf81c3e1eba96fc0e7215e72e8ca20d02d914c099f0ed55984d7c313cc7e73a
-
/data/data/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize12KB
MD52bf0f10d6ef6f018eabcf93369311d7a
SHA136937fd84412d7ac912e3a3c6ba709973c979441
SHA256b061762c589622a0b8a132f0aaca9a2c87b0d476ef92a37bd024604fa37ba4b2
SHA512410f7b27563c435d37ec1e90d75d82095a2fbeeebe073762f0750e63c1e39111db855ddb4f07d051db365489f1a1f49248cf44f459422cd63367cbee02499da3
-
/data/data/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize12KB
MD5de9556da95839274a17738cad67f869f
SHA15f4671ba30bad4e225eec7af32691f7322fdf944
SHA256eff1bf168ef499859b059e8983aff6eb8bd95921291fcf388e3bfbd9d3ecd042
SHA512e0f33ab35509850bbe55998dbaadcc80dadcb79dc2cfecd7814dfee96eb34e47c72c2a647780d6b2b1164ceb50a44e45571c6685cd7ec7c863f7ee9243b88c89
-
Filesize
20KB
MD5a0a548793a510f9caed081689f935eeb
SHA12d1aad0213b2b86bfe52dd2485741fb00eb02f3a
SHA2564564ec31a51694e8349f462d5ada137b3f37b7c42515a7fe34ea8ef33b5063c5
SHA512624204c5e505d3f2822a9761109babe81079ce8552551f23b7315baa171ef7881e5b5c4eab607a53b9bf080be6cb3100ff8cedf4cc86fa6218cd18301fcdc367
-
Filesize
20KB
MD5b9d6903d92aea3914bff87ec736df79f
SHA1cdc4509888f10757c49ace558203d9faa7e084d9
SHA256d94b6b2fe5a39d5dc5044f9b1d17786f586b918d9dcec6020d08124056e52aaf
SHA5123bad4b61b16a0310e14b49be3860b4f7713444fb0f231a935ea551d3d4622af9d6699a8681d7631c3858012dc49a5a037c8722e23c074a94bcdd94d1cd59f4d0
-
Filesize
20KB
MD5831b010d3c8015f14db1be20d29d374c
SHA11fbcfd38ffbea7dfe80a3604d5772bbe41935dfc
SHA256f381f3b96bf6eca3f964d5eeb7ec25788d500d83be80b35a491e52c9414b67d9
SHA51245c86aea0d88b03ce19bea31db6af4ce2641fb96188d0b337bea1cbe9b09341bf03151822cc7352042cc97dddd1dd62fc8a3ff5afae9b2f544c5999b0197ca1e
-
Filesize
20KB
MD535f788b3b23386c45e547f133caab746
SHA13c04610f102d37666b48b024398bcd222e72d9b3
SHA256e577affd5794e534c66d9723fc1e5499fbafb269ab38ff063921a3b85c2442ec
SHA512142d1a07c17a066a6345b26f2d81a67034b9250cd6b2db4ccf82d0d9bd8d54c8009560ce786e5da1126c347ba854449651cb56c04606ebd01c45e493e116f51f
-
Filesize
20KB
MD5b5fbe3c6404bbd7103240514ea8e64ca
SHA1476f3adcf748c9302ec812b96561f38119eaf2a2
SHA2561ec008e54100a4988995aee9a99804cf6d55eab5bebc98c2dd6a76506427e436
SHA512d920932110099ff82b62408c913763e6d6f653f911d7410c07f1e240f443889452d54001ddddb6248a5b512aead95cec425483cbd8013d1b4f9c5b64467d70ee
-
Filesize
12KB
MD5bfa01ee5e5c77a470e6d30a224f97769
SHA156a831a0bbd1c01453fb60626b591429930c90a3
SHA25683b35330c221d814d06bef91c2674f51f92c9c857585f93435e49056774946a4
SHA512f9ff11a849e450e820b45d0fafa1c01dde644bd08499950438c94fdc0b19c2b84cc47205d41bfde4ffd71c5db2d96865d8ac6790133ea01ed28b8bde7ca9c21c
-
Filesize
12KB
MD53da570e482f9a0c5481c9fd9225e5968
SHA154e0340ccc5d56a410de2cb18c78ed68c744e63e
SHA256faa2e451be02f540e9536be712ed0cb5650ccb26f3cba25e7df1e25a814ad0e3
SHA512a39ce062b0cf68cfbf187a7ce76d9a5dfa4bcaa86a497a631f9065a1dcdbb82d7205153b3b7db6f3d88bf12958ed6f5a9b2f056ae74c461b919367195e1595a7
-
Filesize
12KB
MD55b7741f4da8bcef98751e785ceeefd59
SHA1392329fd5bfc73f2b2f7a39c2fe4c3af00bd6bdc
SHA2562ee5b93952d95a16e1a776ffa668975df502efb4146e655677409108a520947d
SHA512bfcd3011f73d8a28fde3507af217d30bf51750fddc8ec7f5cfac6d6a1ffd634402c7a2b73e8235189ca754a03c571a2d464e7d3da58e7633ddf90e286d416ae9
-
Filesize
44KB
MD57574fe232cf50b14cb4dd5abaff27ab5
SHA16155ac70c50fcdba6a36a295015934833a981048
SHA256f9f75c26f70f227a3b6a5389067a363056688a6b60bbb91f8cf71a6bcc444e64
SHA5128f8f999e3bba281c7a519ee34324b01a6a034d03fd17ed938858a4f7fc5ee83409689e18deb2ba2c517d2a94dddff7a8a77025be32037c69f8b07744c11fae07
-
Filesize
8KB
MD51764b07dbe66a579d6018d851423b8cf
SHA1add2b9f794c886d08eac715a676090e481c685c7
SHA256d0ad7c7b5b06e1f630c37af996250aaef59b1b3a2c1b87e3bda272688c9df957
SHA51286043e7bb41f0b4c9816b52975870ac88215ada674b8555f0dab581d511dede3da21c20697ff824bb197389f36f3ce3765cc4c32645b641b0676d98b1251c0b3
-
Filesize
20KB
MD55dccd7264d5e6d6093f3282333c7d13c
SHA199003ed66d690c1ba41a993c28241d49f14c0314
SHA2569f2c5ecd1842822c471595bd9620f105d821adbd4aa16ccc1090263b751904de
SHA512a67b95b1e04cfdc419e92dbb038fb803dce0b3b4ba7c62ce7a2082d1f84df7aab32d144b0b0ced8a76834913795179ff5117511f77eb68dd9e4a63e90b61ac66
-
Filesize
12KB
MD536047f7efd8bdefe5274f4810072a6e6
SHA10801a98ba89bc621e2ea48bd203fae94383f5c57
SHA256be5161af74db04830d2a7ec725d7e1a325d1121cc5e22a31631107303996c58f
SHA512bab061acd253d45871d7ccb63af707141677685b3e7c0644cb1e556d756a22d455262b01d6bb551f64c553f7630a3ae28873020879ac7c995c6197b1f5949bbb