Analysis

  • max time kernel
    133s
  • max time network
    169s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240624-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
  • submitted
    05-07-2024 19:39

General

  • Target

    d75f907f12aa1c8b3b48c58ae65a23d9c7f7de2e06badb122c625d2916a3a0b5.apk

  • Size

    574KB

  • MD5

    82267a649aa0a1dbaea09a422f292fdf

  • SHA1

    f24dd169c52754e21d261e173327313ad66518ca

  • SHA256

    d75f907f12aa1c8b3b48c58ae65a23d9c7f7de2e06badb122c625d2916a3a0b5

  • SHA512

    0ec7a1a74d98274c984506119fb3c8faefb6c530995f3b667b0658b30dda9ced5b9200a3b2df9addffdefe1605e6ea58042389af99b2f30def7c5417b96bf93a

  • SSDEEP

    12288:aNSDw+uaAoPekatn0k661r5lMZRgJtxgKH3obMITiyLU4:XDu+ex0k661tlYctxJgg4

Malware Config

Signatures

Processes

  • com.cover.the.dumb.roll
    1⤵
    • Removes its main activity from the application launcher
    • Obtains sensitive information copied to the device clipboard
    • Queries information about active data network
    • Checks CPU information
    • Checks memory information
    PID:4529
  • com.cover.the.dumb.roll:Metrica
    1⤵
    • Checks if the Android device is rooted.
    • Schedules tasks to execute at a specified time
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4572

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.cover.the.dumb.roll/files/m

    Filesize

    12KB

    MD5

    2d2a6c3d41d345634bee4bdd5a21bdb2

    SHA1

    35e13f3be9060e36a2c7db0ec4057641acb78945

    SHA256

    fd897b0e75acbcb5da9a8c5e649f389d100dbc0d5bada42aff1b711e80bcce79

    SHA512

    30a8c95d544da1a6456e8a96f86239a325c515edc6d8e295680fc771da4b3760845c23e78da222665e57e215c37230f3017416be7fced46d59d215a6feac35e9

  • /data/user/0/com.cover.the.dumb.roll/files/m

    Filesize

    12KB

    MD5

    ea76bc3ddb58d1447d4899e0d6d09472

    SHA1

    f8fe0d523ae75d9ab00c0ae6aac37f99a3fe17cd

    SHA256

    8d8fcc720489f1dbeca3440c1db7425d232c2d887c25e78e113472c107098e71

    SHA512

    a26febebd8bf490a3b27f4bc40a496f53acfc4225c5c21727306b4763dd577aa66b95e8a7196e4c0ac13d846ee3e8880148fc35337264adedd011f6ed7b28878

  • /data/user/0/com.cover.the.dumb.roll/no_backup/credentials.dat

    Filesize

    226B

    MD5

    2681bdd832748e4a5fc5d10237b53261

    SHA1

    1fd592a8edd6fc4ea1afa5d700d56c50774de9fa

    SHA256

    e0f68bc9ee9d3b00fddf315b49bd519687348826041c29fda6208f9990faea7c

    SHA512

    f49a5aa65b211310d1176a80944ac689a84447be9abfcdbe3c99beab7dd1bb11c24424bed2aee2400cae4a3c198e896162e911017a4dc0a8067dd710d7c177e3

  • /data/user/0/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll

    Filesize

    36KB

    MD5

    e36d7325ccba6ce65a28f9f47d34e5e8

    SHA1

    1121477138e1df00611af627b7e70974601670e7

    SHA256

    d475bd1ab0380e7658292c7ad8aaf5e073db0f57c0d1771b8a0ceb4be06515dc

    SHA512

    3403a711d83ea3ee71ff172d639fed98d8dd70b97724dc8b8fcf239c6a89ae71bf5c9e7bf38106108409b6c38ec62a86f85b55d107b3d6e8e1a7e6b6cfc7c247

  • /data/user/0/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll-journal

    Filesize

    20KB

    MD5

    b82419e24855542e9cac51329234eb43

    SHA1

    699daa1830a11c4f503bd9d63dfd1a28d33a1c3d

    SHA256

    bc4e92717eb5f8209e00291146c078928e9a009b7ff09cae477f0ad03bed823b

    SHA512

    aa88f47493b5ac0974734a7ffe0514132b32cf374e2f81c91d1ad3bddfb527714d8b542f4f98b60ab278668ae3374840a7498ab8ad81eeb236336e1feb78a900

  • /data/user/0/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll-journal

    Filesize

    20KB

    MD5

    8898134fa5f97f934215f88327e66516

    SHA1

    d9647d2756b1172a1b155d115b3bc642c356cbcd

    SHA256

    c4f749511b981e44e8e52f0f90212de8f03ca3af2049f74a643e6db741a7f525

    SHA512

    23e9e874a71b188acc3402a68e4ceb8c25a027f3857999be0f0f6669fbb296010151785ee3053a6e8dc027a7e6b21680a059aaf9d6dd09721e795ca598481ada

  • /data/user/0/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll-journal

    Filesize

    8KB

    MD5

    ad4da5e84eb216c330e87211ed7ecb3c

    SHA1

    3a0a8d17b584369d777946bbeade5633f48afc5d

    SHA256

    a74f2c0f2c5ca344268c36dfd425fb04bbf4993ba8d2ebfb351e793cf9f1b202

    SHA512

    fb1cc37347c8555e8dda50246dc6c00c5e5c6cef1c5395d50cd1df9523c7ce2ae4b0df71d040db56e94f03ca94a7c321a26362f121d1595ae2083b66f988d4b0

  • /data/user/0/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll-journal

    Filesize

    12KB

    MD5

    bcd1baf0f62bad1d3eccc9352ddfbd18

    SHA1

    185a1dea3874e93f6b1e0688d10fd4f83b350fd3

    SHA256

    8b9d9de8e820ff5f84c1b24a204e716051650458ea4bf980223e8b1d2b69c316

    SHA512

    2ea72c1f3d60f3d497f01466f60ec8efd215da6a286603df7a4fc30abbce3abab373dad7e43192da36d4edeb1c1a49cbf2ea197d43191ba7f3b4776247f99c90

  • /data/user/0/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll-journal

    Filesize

    12KB

    MD5

    1deb95eace37f2b20c60fd0e4e6864f6

    SHA1

    e3dd4daac65d23520027d23af7874b886df15a92

    SHA256

    d5fb7d01aa237551d8e0c91842822fd5124cbe26e130c4b36eadb805a21028ca

    SHA512

    27df0423be35182ffb80fc3a6d5be45967ac813d8171790fd260866fd66fee06514ce530e92da9ccd2eb6dcdafa6733cb23bdb01f64dcb75eb914d4aab8c82bf

  • /data/user/0/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll-journal

    Filesize

    12KB

    MD5

    2a28f4a079791dd8679d201173f161c1

    SHA1

    4ca1d12089680b1fec90c8bd686288a5972e7ff0

    SHA256

    509354e5a66c8e008fbf781c2773d97d11f5fda1e38410ccffa8e0277d1a9978

    SHA512

    ce75da3c3f2f3fe4c16a2e78ea39f8f442351a2f2e69a101d2962fc7a64fdde4390d5649ca938f929cb80a83f6e71eee51291e0f29853bd78b9d07c109f9e655

  • /data/user/0/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180

    Filesize

    36KB

    MD5

    1f2fc012e7edde296433c7b47edfdbeb

    SHA1

    d78d975d7ec17de5c6b4b7cdb1ed7508dfd16b26

    SHA256

    358431a052eb453d991f48833a62982ce855940835646064342dcb8527f3785c

    SHA512

    fa03740ff7168dae83751f0b7b92441183ee6d77b98c8f1ec106169e344f099c916ed684642b3c82b406905b600a4bac63b98dd0a5d00f40a58fa7e4275e44df

  • /data/user/0/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180-journal

    Filesize

    512B

    MD5

    1e963bfc86224a84945df496c9303579

    SHA1

    80cedbe303c5a1b1137f72ff2510e51158bfcb52

    SHA256

    6ba9d5f2aaede22b3a4394409473de804155d0e2b739716655e22c095a54bd8c

    SHA512

    6f23c0c910a4f211cd9c70b7cb5726debb61ffd3b465ceb3bb38a4cef160ebef7a27b171278517b4da77c202d4cfcc9210da87c87382aa4db6652e2638029cc5

  • /data/user/0/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180-journal

    Filesize

    8KB

    MD5

    2efcc6676558171863da737020f9ce41

    SHA1

    56486079c4b07e7c0ec67da3dd750bbfac9a3132

    SHA256

    e54b4a8639e3ed6bd192960bdf24e0eeeba09d568247d484454083a2b64e1435

    SHA512

    e62bc040b6088e184753d1cb394772722a69bcbec1ab5f542522b7afca075c257d0605cf878deee43006f3dcfeb721a46d97fd99d7dcb16add41037f09105698

  • /data/user/0/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180-journal

    Filesize

    8KB

    MD5

    20529cd924bbd4dcbe8bebaeb7f22a47

    SHA1

    bc47a6a0107c02c6926155417a7f01292180815d

    SHA256

    7a95ab591967a5c0a66d9408a8c8ab8beb6458902861703acb1e7c0e20565d04

    SHA512

    40f1f4a99eb22bc6710f468123818179a34cd615f499bdade0ca4c215716c0450ce715d725c4ae2fc819c5f692873a9a374f34e7bb28dc7f4d7612906468d71d

  • /data/user/0/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180-journal

    Filesize

    12KB

    MD5

    06c6ed06179c7666cb1e840a9f256ca7

    SHA1

    01fe56b1fc065739b116fb36dce50e33d353e5ac

    SHA256

    55daac3ad4ef4115072af75b7cf74f3c3ad56452befde15dff8a962200789184

    SHA512

    039dcab392e6ddfad4ba128d2c8adfca08b6c5f0ce4aba5f6057b139031503538d363b63caa217343eb34c4c8a700d6aab052c43e64baee5bbb5c52a9fa482a9

  • /data/user/0/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180-journal

    Filesize

    8KB

    MD5

    046fe3809cc27c33dfabf57c11a43fa2

    SHA1

    5707bf174e70454ebfc7c5c1aa62fc6cd0228a0d

    SHA256

    702faff43587df6168d567dc3c105d12ac51b9a26d5e94d686e68cf5349e8537

    SHA512

    96fdcbbb19f4c613da60499d23633927d9738cd643ad9f332412ff49e034bcfada23dccad73f5bea24a4ad406a14a860462cd0670e6c8f41a420a0757b14d232

  • /data/user/0/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180-journal

    Filesize

    12KB

    MD5

    1f9c48332b48d2e9a5dd4dda4f23dfc1

    SHA1

    68affc8d92bb82157f45fa7a6731ae7807601ad6

    SHA256

    8402c67f78843d2cbbb15f97002151c53e9142483a5d2ae8ed2e78ab611b900d

    SHA512

    28bd66d96963319c4a34e1f07bcfa81c84ef26a89af03ab676eb1ca3482abc033d03f2142aa60cbac752ef633f9fbd58d0f571482b5d8c1852439e8fa67e157e

  • /data/user/0/com.cover.the.dumb.roll/no_backup/metrica_client_data.db

    Filesize

    20KB

    MD5

    fc318483a677c71a725dbbe6e9516df9

    SHA1

    8ac3af9cbfb464e53b709028d1f64a4d019bb2f4

    SHA256

    d6d65421dac425ed42a96af8b94a1d708f6e23b556f0bc80011eb4970304b7f9

    SHA512

    0e3a0d7629cbfdcaa59e415c4ba982355f249b9595d234c0de6fda993c65c121435c442945766017cd78533fbd059d7edfe2eda0185ec6e4d076499536a63140

  • /data/user/0/com.cover.the.dumb.roll/no_backup/metrica_client_data.db

    Filesize

    20KB

    MD5

    e8a74b68b8b7f42201de05046d7ac578

    SHA1

    549d8ee1f4dfafe2556b9d3e81dd611ad3c95231

    SHA256

    e4e47f1525293fdb788342e7aabe5ed9f15e3f40c1d27cf3393e2a63ba136fb8

    SHA512

    3d78d462beb7fe14d0729b9454318061f7f3ca59be198c8f2fa5bec56060a4eb4f17c3502b61bec25670f1ec8e94b38a9885992d1aa119b3767f38b60bf09170

  • /data/user/0/com.cover.the.dumb.roll/no_backup/metrica_client_data.db

    Filesize

    20KB

    MD5

    d18aa9887141bbc8e6e77898c58195b8

    SHA1

    c83c64eb30b474fd9d0c746ba72f55db693d6c2c

    SHA256

    d3f93bebca5039cb3a5d3c90bbcc016034064bf88efe426bb58bf1d56598d42a

    SHA512

    119ce2e41f1723de8a980b93223c6b1894b7fea741d2963c9fc0aa5be6d1cbf528d0c222551b789af57c5bf8af09fad8a65101fbc015f21f6fd8f220306fff4e

  • /data/user/0/com.cover.the.dumb.roll/no_backup/metrica_client_data.db

    Filesize

    20KB

    MD5

    faaf87811e8714fb54363f2c815dcbf5

    SHA1

    ba2ca383cc64155cef3cd23d0474c17309bb70d8

    SHA256

    f7a68dabf37ecda019a00241eb14c7fbea8bda33331ee223b85e8bd811b3dd03

    SHA512

    5e46b10e4043b01136d95cfe8adf308833b2a1f8e3b6d08ca900ab37511e5c4704e1c0173dba315d9017b6203041f5fb6d0cd5bbefa7ff93df80ae723e118d2d

  • /data/user/0/com.cover.the.dumb.roll/no_backup/metrica_client_data.db-journal

    Filesize

    12KB

    MD5

    35f772eec25c1cf4de2183cde806a464

    SHA1

    60cff5bf72375bd1e95b8781cf85de2a1ebdf465

    SHA256

    6f6551386442e8ede0dbca671da4284340ec85542ae6d1702f527b21887bd473

    SHA512

    a2a0ee5140a63fe5ff297391130e45809cd9c5e9057e313351e058241bf230d7ec15733c31705527eccd46732c9ddd4aa36ea677255a710e5f005dcd45f74be3

  • /data/user/0/com.cover.the.dumb.roll/no_backup/metrica_client_data.db-journal

    Filesize

    44KB

    MD5

    26e07c4a24bfad37f917450124da1937

    SHA1

    29de9317b8b68a6428787db8c92b0ce8e0e7c456

    SHA256

    e1e732d9b199e5e16c971ea4038e22c81abbb158a06a885836776c50c87b08bc

    SHA512

    83860e2539aa6f5225b9a0217bc670f83c5f5489dcd1655e2d1f543942adc73e3bb2d7df63604df453fb821c66f94d7f8ac69df74f91e7022cff1bad99efb6f6

  • /data/user/0/com.cover.the.dumb.roll/no_backup/metrica_client_data.db-journal

    Filesize

    12KB

    MD5

    e1ed3988b1d45704f8ea3c0c0a4ea473

    SHA1

    4138f745b9bd3e8f4a7ac7bb8288e4e193d3ef43

    SHA256

    baf928d2b8bb3bc844c54fed5e4c0a389781830a4f053865654c4b054d1d2607

    SHA512

    b9dc1ff3bb2bfd2c79873670fdb6b1735c94f45dc63d8e6a52a00404d435d70dda7137e4ec20dd9941cc8bd69c3b5d3ebb5cc47c6a52135d3c2f7795de27d219

  • /data/user/0/com.cover.the.dumb.roll/no_backup/metrica_client_data.db-journal

    Filesize

    8KB

    MD5

    a07dbd22d5c157be06de61ea75e584cf

    SHA1

    07f81ae96e5778db000bc88c1d7090f2238fbad9

    SHA256

    17cd7f810215fb8ade7ba55930994f20ab9e562411b4807c430cf75d4e62c78f

    SHA512

    76072210709cb62c77d9cd5053fe0e56b943f6eb36da4fc0d6caa375eb00b07968241b69ebbccbccde9fb724a3eb612754674442b18b4f38ed4938f786a05697

  • /data/user/0/com.cover.the.dumb.roll/no_backup/metrica_client_data.db-journal

    Filesize

    12KB

    MD5

    640688e61d3913d66abe0bfd119aaba6

    SHA1

    cadd4851b07bd78e92a46262e64ba1c4568c7107

    SHA256

    3622a0d2ee7099db6a011920c49299d601e5c97447c660ae397a003b0c3d1bcf

    SHA512

    4da6b1a6bd6979a6059d8c36bbbdae878531ee54d62a662057ccf0f27840d0694b41b1ee02a4e8d0ecaa2b60971500cc8335fdfcbebbbcb8720efc68b372296e

  • /data/user/0/com.cover.the.dumb.roll/no_backup/metrica_client_data.db-journal

    Filesize

    20KB

    MD5

    6528b68989ad7ba952aae105132289c2

    SHA1

    2f112558970a78216db03c8e1b0e7c0f28d0124f

    SHA256

    434e1401ed41afd026ae549c725384f2a247ad2dcd782d4adac62fd61bce82a6

    SHA512

    66f1f71a56d0026ba5f4b517863c84743777d638599551911f715325e015122fba151a018e901ad88c390ea0f0b01c4a7371b4aa24605544203304de0e1472a4