Analysis
-
max time kernel
133s -
max time network
169s -
platform
android_x64 -
resource
android-x64-arm64-20240624-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system -
submitted
05-07-2024 19:39
Static task
static1
Behavioral task
behavioral1
Sample
d75f907f12aa1c8b3b48c58ae65a23d9c7f7de2e06badb122c625d2916a3a0b5.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
d75f907f12aa1c8b3b48c58ae65a23d9c7f7de2e06badb122c625d2916a3a0b5.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
d75f907f12aa1c8b3b48c58ae65a23d9c7f7de2e06badb122c625d2916a3a0b5.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
d75f907f12aa1c8b3b48c58ae65a23d9c7f7de2e06badb122c625d2916a3a0b5.apk
-
Size
574KB
-
MD5
82267a649aa0a1dbaea09a422f292fdf
-
SHA1
f24dd169c52754e21d261e173327313ad66518ca
-
SHA256
d75f907f12aa1c8b3b48c58ae65a23d9c7f7de2e06badb122c625d2916a3a0b5
-
SHA512
0ec7a1a74d98274c984506119fb3c8faefb6c530995f3b667b0658b30dda9ced5b9200a3b2df9addffdefe1605e6ea58042389af99b2f30def7c5417b96bf93a
-
SSDEEP
12288:aNSDw+uaAoPekatn0k661r5lMZRgJtxgKH3obMITiyLU4:XDu+ex0k661tlYctxJgg4
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 3 IoCs
Processes:
com.cover.the.dumb.roll:Metricaioc process /system/app/Superuser.apk com.cover.the.dumb.roll:Metrica /sbin/su com.cover.the.dumb.roll:Metrica /system/bin/su com.cover.the.dumb.roll:Metrica -
Processes:
com.cover.the.dumb.rollpid process 4529 com.cover.the.dumb.roll -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
Processes:
com.cover.the.dumb.rolldescription ioc process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.cover.the.dumb.roll -
Queries information about active data network 1 TTPs 1 IoCs
Processes:
com.cover.the.dumb.rolldescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.cover.the.dumb.roll -
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
Processes:
com.cover.the.dumb.roll:Metricadescription ioc process Framework service call android.app.job.IJobScheduler.schedule com.cover.the.dumb.roll:Metrica -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.cover.the.dumb.roll:Metricadescription ioc process Framework API call javax.crypto.Cipher.doFinal com.cover.the.dumb.roll:Metrica -
Checks CPU information 2 TTPs 1 IoCs
Processes:
com.cover.the.dumb.rolldescription ioc process File opened for read /proc/cpuinfo com.cover.the.dumb.roll -
Checks memory information 2 TTPs 1 IoCs
Processes:
com.cover.the.dumb.rolldescription ioc process File opened for read /proc/meminfo com.cover.the.dumb.roll
Processes
-
com.cover.the.dumb.roll1⤵
- Removes its main activity from the application launcher
- Obtains sensitive information copied to the device clipboard
- Queries information about active data network
- Checks CPU information
- Checks memory information
PID:4529
-
com.cover.the.dumb.roll:Metrica1⤵
- Checks if the Android device is rooted.
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4572
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
12KB
MD52d2a6c3d41d345634bee4bdd5a21bdb2
SHA135e13f3be9060e36a2c7db0ec4057641acb78945
SHA256fd897b0e75acbcb5da9a8c5e649f389d100dbc0d5bada42aff1b711e80bcce79
SHA51230a8c95d544da1a6456e8a96f86239a325c515edc6d8e295680fc771da4b3760845c23e78da222665e57e215c37230f3017416be7fced46d59d215a6feac35e9
-
Filesize
12KB
MD5ea76bc3ddb58d1447d4899e0d6d09472
SHA1f8fe0d523ae75d9ab00c0ae6aac37f99a3fe17cd
SHA2568d8fcc720489f1dbeca3440c1db7425d232c2d887c25e78e113472c107098e71
SHA512a26febebd8bf490a3b27f4bc40a496f53acfc4225c5c21727306b4763dd577aa66b95e8a7196e4c0ac13d846ee3e8880148fc35337264adedd011f6ed7b28878
-
Filesize
226B
MD52681bdd832748e4a5fc5d10237b53261
SHA11fd592a8edd6fc4ea1afa5d700d56c50774de9fa
SHA256e0f68bc9ee9d3b00fddf315b49bd519687348826041c29fda6208f9990faea7c
SHA512f49a5aa65b211310d1176a80944ac689a84447be9abfcdbe3c99beab7dd1bb11c24424bed2aee2400cae4a3c198e896162e911017a4dc0a8067dd710d7c177e3
-
Filesize
36KB
MD5e36d7325ccba6ce65a28f9f47d34e5e8
SHA11121477138e1df00611af627b7e70974601670e7
SHA256d475bd1ab0380e7658292c7ad8aaf5e073db0f57c0d1771b8a0ceb4be06515dc
SHA5123403a711d83ea3ee71ff172d639fed98d8dd70b97724dc8b8fcf239c6a89ae71bf5c9e7bf38106108409b6c38ec62a86f85b55d107b3d6e8e1a7e6b6cfc7c247
-
Filesize
20KB
MD5b82419e24855542e9cac51329234eb43
SHA1699daa1830a11c4f503bd9d63dfd1a28d33a1c3d
SHA256bc4e92717eb5f8209e00291146c078928e9a009b7ff09cae477f0ad03bed823b
SHA512aa88f47493b5ac0974734a7ffe0514132b32cf374e2f81c91d1ad3bddfb527714d8b542f4f98b60ab278668ae3374840a7498ab8ad81eeb236336e1feb78a900
-
Filesize
20KB
MD58898134fa5f97f934215f88327e66516
SHA1d9647d2756b1172a1b155d115b3bc642c356cbcd
SHA256c4f749511b981e44e8e52f0f90212de8f03ca3af2049f74a643e6db741a7f525
SHA51223e9e874a71b188acc3402a68e4ceb8c25a027f3857999be0f0f6669fbb296010151785ee3053a6e8dc027a7e6b21680a059aaf9d6dd09721e795ca598481ada
-
Filesize
8KB
MD5ad4da5e84eb216c330e87211ed7ecb3c
SHA13a0a8d17b584369d777946bbeade5633f48afc5d
SHA256a74f2c0f2c5ca344268c36dfd425fb04bbf4993ba8d2ebfb351e793cf9f1b202
SHA512fb1cc37347c8555e8dda50246dc6c00c5e5c6cef1c5395d50cd1df9523c7ce2ae4b0df71d040db56e94f03ca94a7c321a26362f121d1595ae2083b66f988d4b0
-
Filesize
12KB
MD5bcd1baf0f62bad1d3eccc9352ddfbd18
SHA1185a1dea3874e93f6b1e0688d10fd4f83b350fd3
SHA2568b9d9de8e820ff5f84c1b24a204e716051650458ea4bf980223e8b1d2b69c316
SHA5122ea72c1f3d60f3d497f01466f60ec8efd215da6a286603df7a4fc30abbce3abab373dad7e43192da36d4edeb1c1a49cbf2ea197d43191ba7f3b4776247f99c90
-
Filesize
12KB
MD51deb95eace37f2b20c60fd0e4e6864f6
SHA1e3dd4daac65d23520027d23af7874b886df15a92
SHA256d5fb7d01aa237551d8e0c91842822fd5124cbe26e130c4b36eadb805a21028ca
SHA51227df0423be35182ffb80fc3a6d5be45967ac813d8171790fd260866fd66fee06514ce530e92da9ccd2eb6dcdafa6733cb23bdb01f64dcb75eb914d4aab8c82bf
-
Filesize
12KB
MD52a28f4a079791dd8679d201173f161c1
SHA14ca1d12089680b1fec90c8bd686288a5972e7ff0
SHA256509354e5a66c8e008fbf781c2773d97d11f5fda1e38410ccffa8e0277d1a9978
SHA512ce75da3c3f2f3fe4c16a2e78ea39f8f442351a2f2e69a101d2962fc7a64fdde4390d5649ca938f929cb80a83f6e71eee51291e0f29853bd78b9d07c109f9e655
-
/data/user/0/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180
Filesize36KB
MD51f2fc012e7edde296433c7b47edfdbeb
SHA1d78d975d7ec17de5c6b4b7cdb1ed7508dfd16b26
SHA256358431a052eb453d991f48833a62982ce855940835646064342dcb8527f3785c
SHA512fa03740ff7168dae83751f0b7b92441183ee6d77b98c8f1ec106169e344f099c916ed684642b3c82b406905b600a4bac63b98dd0a5d00f40a58fa7e4275e44df
-
/data/user/0/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize512B
MD51e963bfc86224a84945df496c9303579
SHA180cedbe303c5a1b1137f72ff2510e51158bfcb52
SHA2566ba9d5f2aaede22b3a4394409473de804155d0e2b739716655e22c095a54bd8c
SHA5126f23c0c910a4f211cd9c70b7cb5726debb61ffd3b465ceb3bb38a4cef160ebef7a27b171278517b4da77c202d4cfcc9210da87c87382aa4db6652e2638029cc5
-
/data/user/0/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize8KB
MD52efcc6676558171863da737020f9ce41
SHA156486079c4b07e7c0ec67da3dd750bbfac9a3132
SHA256e54b4a8639e3ed6bd192960bdf24e0eeeba09d568247d484454083a2b64e1435
SHA512e62bc040b6088e184753d1cb394772722a69bcbec1ab5f542522b7afca075c257d0605cf878deee43006f3dcfeb721a46d97fd99d7dcb16add41037f09105698
-
/data/user/0/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize8KB
MD520529cd924bbd4dcbe8bebaeb7f22a47
SHA1bc47a6a0107c02c6926155417a7f01292180815d
SHA2567a95ab591967a5c0a66d9408a8c8ab8beb6458902861703acb1e7c0e20565d04
SHA51240f1f4a99eb22bc6710f468123818179a34cd615f499bdade0ca4c215716c0450ce715d725c4ae2fc819c5f692873a9a374f34e7bb28dc7f4d7612906468d71d
-
/data/user/0/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize12KB
MD506c6ed06179c7666cb1e840a9f256ca7
SHA101fe56b1fc065739b116fb36dce50e33d353e5ac
SHA25655daac3ad4ef4115072af75b7cf74f3c3ad56452befde15dff8a962200789184
SHA512039dcab392e6ddfad4ba128d2c8adfca08b6c5f0ce4aba5f6057b139031503538d363b63caa217343eb34c4c8a700d6aab052c43e64baee5bbb5c52a9fa482a9
-
/data/user/0/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize8KB
MD5046fe3809cc27c33dfabf57c11a43fa2
SHA15707bf174e70454ebfc7c5c1aa62fc6cd0228a0d
SHA256702faff43587df6168d567dc3c105d12ac51b9a26d5e94d686e68cf5349e8537
SHA51296fdcbbb19f4c613da60499d23633927d9738cd643ad9f332412ff49e034bcfada23dccad73f5bea24a4ad406a14a860462cd0670e6c8f41a420a0757b14d232
-
/data/user/0/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize12KB
MD51f9c48332b48d2e9a5dd4dda4f23dfc1
SHA168affc8d92bb82157f45fa7a6731ae7807601ad6
SHA2568402c67f78843d2cbbb15f97002151c53e9142483a5d2ae8ed2e78ab611b900d
SHA51228bd66d96963319c4a34e1f07bcfa81c84ef26a89af03ab676eb1ca3482abc033d03f2142aa60cbac752ef633f9fbd58d0f571482b5d8c1852439e8fa67e157e
-
Filesize
20KB
MD5fc318483a677c71a725dbbe6e9516df9
SHA18ac3af9cbfb464e53b709028d1f64a4d019bb2f4
SHA256d6d65421dac425ed42a96af8b94a1d708f6e23b556f0bc80011eb4970304b7f9
SHA5120e3a0d7629cbfdcaa59e415c4ba982355f249b9595d234c0de6fda993c65c121435c442945766017cd78533fbd059d7edfe2eda0185ec6e4d076499536a63140
-
Filesize
20KB
MD5e8a74b68b8b7f42201de05046d7ac578
SHA1549d8ee1f4dfafe2556b9d3e81dd611ad3c95231
SHA256e4e47f1525293fdb788342e7aabe5ed9f15e3f40c1d27cf3393e2a63ba136fb8
SHA5123d78d462beb7fe14d0729b9454318061f7f3ca59be198c8f2fa5bec56060a4eb4f17c3502b61bec25670f1ec8e94b38a9885992d1aa119b3767f38b60bf09170
-
Filesize
20KB
MD5d18aa9887141bbc8e6e77898c58195b8
SHA1c83c64eb30b474fd9d0c746ba72f55db693d6c2c
SHA256d3f93bebca5039cb3a5d3c90bbcc016034064bf88efe426bb58bf1d56598d42a
SHA512119ce2e41f1723de8a980b93223c6b1894b7fea741d2963c9fc0aa5be6d1cbf528d0c222551b789af57c5bf8af09fad8a65101fbc015f21f6fd8f220306fff4e
-
Filesize
20KB
MD5faaf87811e8714fb54363f2c815dcbf5
SHA1ba2ca383cc64155cef3cd23d0474c17309bb70d8
SHA256f7a68dabf37ecda019a00241eb14c7fbea8bda33331ee223b85e8bd811b3dd03
SHA5125e46b10e4043b01136d95cfe8adf308833b2a1f8e3b6d08ca900ab37511e5c4704e1c0173dba315d9017b6203041f5fb6d0cd5bbefa7ff93df80ae723e118d2d
-
Filesize
12KB
MD535f772eec25c1cf4de2183cde806a464
SHA160cff5bf72375bd1e95b8781cf85de2a1ebdf465
SHA2566f6551386442e8ede0dbca671da4284340ec85542ae6d1702f527b21887bd473
SHA512a2a0ee5140a63fe5ff297391130e45809cd9c5e9057e313351e058241bf230d7ec15733c31705527eccd46732c9ddd4aa36ea677255a710e5f005dcd45f74be3
-
Filesize
44KB
MD526e07c4a24bfad37f917450124da1937
SHA129de9317b8b68a6428787db8c92b0ce8e0e7c456
SHA256e1e732d9b199e5e16c971ea4038e22c81abbb158a06a885836776c50c87b08bc
SHA51283860e2539aa6f5225b9a0217bc670f83c5f5489dcd1655e2d1f543942adc73e3bb2d7df63604df453fb821c66f94d7f8ac69df74f91e7022cff1bad99efb6f6
-
Filesize
12KB
MD5e1ed3988b1d45704f8ea3c0c0a4ea473
SHA14138f745b9bd3e8f4a7ac7bb8288e4e193d3ef43
SHA256baf928d2b8bb3bc844c54fed5e4c0a389781830a4f053865654c4b054d1d2607
SHA512b9dc1ff3bb2bfd2c79873670fdb6b1735c94f45dc63d8e6a52a00404d435d70dda7137e4ec20dd9941cc8bd69c3b5d3ebb5cc47c6a52135d3c2f7795de27d219
-
Filesize
8KB
MD5a07dbd22d5c157be06de61ea75e584cf
SHA107f81ae96e5778db000bc88c1d7090f2238fbad9
SHA25617cd7f810215fb8ade7ba55930994f20ab9e562411b4807c430cf75d4e62c78f
SHA51276072210709cb62c77d9cd5053fe0e56b943f6eb36da4fc0d6caa375eb00b07968241b69ebbccbccde9fb724a3eb612754674442b18b4f38ed4938f786a05697
-
Filesize
12KB
MD5640688e61d3913d66abe0bfd119aaba6
SHA1cadd4851b07bd78e92a46262e64ba1c4568c7107
SHA2563622a0d2ee7099db6a011920c49299d601e5c97447c660ae397a003b0c3d1bcf
SHA5124da6b1a6bd6979a6059d8c36bbbdae878531ee54d62a662057ccf0f27840d0694b41b1ee02a4e8d0ecaa2b60971500cc8335fdfcbebbbcb8720efc68b372296e
-
Filesize
20KB
MD56528b68989ad7ba952aae105132289c2
SHA12f112558970a78216db03c8e1b0e7c0f28d0124f
SHA256434e1401ed41afd026ae549c725384f2a247ad2dcd782d4adac62fd61bce82a6
SHA51266f1f71a56d0026ba5f4b517863c84743777d638599551911f715325e015122fba151a018e901ad88c390ea0f0b01c4a7371b4aa24605544203304de0e1472a4