Analysis
-
max time kernel
132s -
max time network
156s -
platform
android_x64 -
resource
android-x64-20240624-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system -
submitted
06-07-2024 03:00
Static task
static1
Behavioral task
behavioral1
Sample
d75f907f12aa1c8b3b48c58ae65a23d9c7f7de2e06badb122c625d2916a3a0b5.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
d75f907f12aa1c8b3b48c58ae65a23d9c7f7de2e06badb122c625d2916a3a0b5.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
d75f907f12aa1c8b3b48c58ae65a23d9c7f7de2e06badb122c625d2916a3a0b5.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
d75f907f12aa1c8b3b48c58ae65a23d9c7f7de2e06badb122c625d2916a3a0b5.apk
-
Size
574KB
-
MD5
82267a649aa0a1dbaea09a422f292fdf
-
SHA1
f24dd169c52754e21d261e173327313ad66518ca
-
SHA256
d75f907f12aa1c8b3b48c58ae65a23d9c7f7de2e06badb122c625d2916a3a0b5
-
SHA512
0ec7a1a74d98274c984506119fb3c8faefb6c530995f3b667b0658b30dda9ced5b9200a3b2df9addffdefe1605e6ea58042389af99b2f30def7c5417b96bf93a
-
SSDEEP
12288:aNSDw+uaAoPekatn0k661r5lMZRgJtxgKH3obMITiyLU4:XDu+ex0k661tlYctxJgg4
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
Processes:
com.cover.the.dumb.roll:Metricaioc process /system/app/Superuser.apk com.cover.the.dumb.roll:Metrica /sbin/su com.cover.the.dumb.roll:Metrica -
Processes:
com.cover.the.dumb.rollpid process 4959 com.cover.the.dumb.roll -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
Processes:
com.cover.the.dumb.rolldescription ioc process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.cover.the.dumb.roll -
Queries information about active data network 1 TTPs 1 IoCs
Processes:
com.cover.the.dumb.rolldescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.cover.the.dumb.roll -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
com.cover.the.dumb.rolldescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.cover.the.dumb.roll -
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
Processes:
com.cover.the.dumb.roll:Metricacom.cover.the.dumb.rolldescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.cover.the.dumb.roll:Metrica Framework service call android.app.IActivityManager.registerReceiver com.cover.the.dumb.roll -
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
Processes:
com.cover.the.dumb.roll:Metricadescription ioc process Framework service call android.app.job.IJobScheduler.schedule com.cover.the.dumb.roll:Metrica -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.cover.the.dumb.roll:Metricadescription ioc process Framework API call javax.crypto.Cipher.doFinal com.cover.the.dumb.roll:Metrica -
Checks CPU information 2 TTPs 1 IoCs
Processes:
com.cover.the.dumb.rolldescription ioc process File opened for read /proc/cpuinfo com.cover.the.dumb.roll -
Checks memory information 2 TTPs 1 IoCs
Processes:
com.cover.the.dumb.rolldescription ioc process File opened for read /proc/meminfo com.cover.the.dumb.roll
Processes
-
com.cover.the.dumb.roll1⤵
- Removes its main activity from the application launcher
- Obtains sensitive information copied to the device clipboard
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
PID:4959
-
com.cover.the.dumb.roll:Metrica1⤵
- Checks if the Android device is rooted.
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:5000
Network
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Scheduled Task/Job
1Defense Evasion
Hide Artifacts
1Suppress Application Icon
1Virtualization/Sandbox Evasion
2System Checks
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
8KB
MD57aec84397cc7efaac9bdf58654b6d14a
SHA1f7a1b184b47cc96bc0c1555a848adec9f27c9c19
SHA256520c582261fe55006ded8404aec0acb52f7bd8d59eaff11eeb1e382c69090ff0
SHA5124ba78526636c71948fef9c062361bf8b34542fbc644f1ed9564d5a0abddb2a0668a11c82e3e818ca605eeccaedda4ac1080d0e4ab4c8f34d3c8cd1416a478950
-
Filesize
20KB
MD5e2da854cfbd2dd93f2cd8e9c985fccf3
SHA14ce21be3e10e06dd33ed9d44a6c0697b8200b79c
SHA256cdb80951ec9142dc96018bbbb55cbd23ea49c750ae2a96ba2537f1d37812035e
SHA5124b1cc55209a272e9a217eb155b45fea9b897bf281d05930f1b92ec92f3436406566e0d9be6e6c1fe54d444b0516f1ff1d7855d0a7041c22e748b600bc7f92993
-
Filesize
226B
MD5b9655a5944f17a5d96488e5a1ad40db9
SHA14353bbab6a7a29bdb722e076fc6ba8e67b02ebbc
SHA2566361305b2b0fdc65e8e26a4c0017863edb55261825d76006d812f9e0cfd493da
SHA512b02140ebe6bc0658ef4c4231e73f7ab2cfe3a3169a6b0bfbfd9b543dbe950bc3fd9d78b11def29701a239137054ddaf295e6509e69a03a773e40b2ebfba20c3e
-
Filesize
36KB
MD511c9500b14d3666af5b6efefb6c68e5f
SHA1fbcbb2619a57b27122460a36d344bbb70072dd03
SHA2566fbfd08e376d1ec80ecbbd26282c78d75ef630acccc377055addb52dc1970f36
SHA51223d93b53a62d0312b66f9847b615a1a80adb79a1dd1a8f562611fa72e296bc0bf287c8f409a638e7d0c24ad4dbeee0ffda5b1b7e82393426cf1044fbf7724e92
-
Filesize
512B
MD50668927c104d60e3c1dde507d69d8374
SHA151827eceb2ae557da9ebd0c0c65be2cf63312816
SHA2563a3c2c128bdf9bdfd5ff1a18ff918d5af7fa9cf090851adc5f59009202148818
SHA5121e2389205759fbccaeed3051a45720c302ca5d3c69513895395b52e06d7a2005c6dbc2502f31f5c0f38f4742097b53c8c9d878f339cd04d83b442feba266083c
-
Filesize
8KB
MD5d89c19b9d86d2dadc32a0125c0600f04
SHA183c6e7035c2b475bc0a43e27fbb02613c60443c9
SHA2560451c01f935e6f387cebb076f0e9ea5650cb9cf3de27847b1a0c0b40e8dc7666
SHA512c98c8cf061045b61470051a3e9fa5852413d65e06d7b00aca790e75ded86c0d94aa8e17603cb46b54446e895327200c5251f2ba5e6ccaeae323e2fefc3012abb
-
Filesize
8KB
MD572f3ca3adc742b39886d225f1c63ad3c
SHA1a954b3d279923f5b76848ac874979834b86d6d9a
SHA256fbef47aff0b5572d011fca374401b31c60b1464574cd37f206e0ac8d8b742156
SHA512e89318a7a661f0aa12c859c06324a3e63debe338633600f40e1aa2337ec5103d53ba75cbf26c2be3824a1e6b638a161b77cede9d76b8bdf75360c336cf193fbe
-
Filesize
12KB
MD52c14388687d421516db858dc4d28fc4f
SHA1f99d4fcab54c5c3edfe8d13c41c734426a1d814c
SHA256ef3063f6ef5ce7e30d073501006f0a7e5aa9389d39d05221cde80e4b0c977c71
SHA51222a2352df87ecd70f5383a01fa9b711963e06aa365e65e85a3e330eeb2cf97f565ad9e1cab153e9b9cdb8f3fffe1a7b76394ab5cfc26dbebdfc0da36d4a3f20b
-
Filesize
12KB
MD5b87e2cf81d6f6528507a8fb18b09bdfa
SHA1f459f6e22d5a00e3a31f7697245eab5e9e4e35ac
SHA256ff1e2130f9052649fe562b026f73288917b3918f8741d2a4b21f2e213eddf2f3
SHA512e9f0424b47e8f11c6851fb812cd12062f20600ae79c1722841d7862f29a2e38dda8105f75c5cddfbd129d1262f298cd66aa192bc2e598c25592abe26b5d28a30
-
Filesize
12KB
MD5bdf4a4e60954bf853dfcf14267b78fff
SHA1e1e8418e533b3186e4890ba9d928e34a49d56874
SHA2563783b760b25d40998103a7087f66aec04fcb0746c623fc9382fe6a6ecb4c3585
SHA5120761c1206cd4fae55cf4099051df63565b1848a66971dac282e1714aa2573ec2d21266a78576682023c89420568f16661a0ba50d8be21e74a72a32c8ff95a077
-
/data/data/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180
Filesize36KB
MD5587959b119cb109b86a61979d81da4de
SHA18c9f5aeb99779b167335dc2f6f7d43fdd0a2e434
SHA2562f0300217e6694132f9509fbebc6ea8a6d31b05a224945e6216f4585bc35c912
SHA5122a66c8b0febc3fc99af8d63e034f8324148adf96245a3a22485794418e33de633fc6019e5cd03124824d3b0e7b1ecdd9861cfaad90782cf779d25ae60de2a51d
-
/data/data/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize512B
MD507cb222a14b88ab39f4949129a228bc8
SHA1fdab0529f8703aa61de21db14ae6911663e3c0ee
SHA2561f4c6c70536bb8d6c63853f4b72cbaaf276b15fe4b126ecf59c57d04ba577068
SHA512965d2c0bc4ec8f8b71bfa0f50bc5bdc6d58a3e7c20edf109ab2318a37d17fe5701fb4295c6246d5cdff1365470bc38517969365f3a5c9e603a846b319635c486
-
/data/data/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize8KB
MD570815147387f612f4f116c533bbc98b2
SHA1146f1ee3110827e35cf7e19b0e11706d619cbe53
SHA256f49bbf10eb2b72fd2efbc451fe05c0baff193fbe2cc4335661db319ce6ddca77
SHA51211dbc00af2926f9ceda3aa05c250020d80a61681d5d575dd87d8adf6592f1671492c65c2cc5d86f5dfb771a958edc33799c087972dfda39abcdedb5015c46da3
-
/data/data/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize8KB
MD5a2de13948963523e5a9317c6884d51f8
SHA126c708cfd4bacff8d808dd54251a664870fe0ed5
SHA256085879cbfa06ef2f7424c98721050bc78909a425baf1fe53e1a4df9c697a3f58
SHA5126f9ec698d8dab06ce6c2aa0c3c632d16cd18d20d84159a0d8d7511749842854f0aa96720c2ea05edc01235b39ae5b4b12abf5e12bbd388362b7a51441b5cf074
-
/data/data/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize12KB
MD5958620de9da698e905576f3487c417a3
SHA1d13f01b561bab6072b37e9f4fc9105c3458affa8
SHA25686ef3179bec860de773036a649d70ca53071f069603a6e605cfa4d3ddf16c421
SHA5121cc0cdfdf9ac5b6748c9f905bbd1df845231d69a97651d20061f5705f6fd4d4cec5f938c0b98bca884ca538a11cbe57c8323afeb426c4c702383725b6035a468
-
/data/data/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize12KB
MD579a0514c11da3e2f102e6f5ed81afefa
SHA1f51a34030453e094c93afc5c43dc2b2c9f10e14f
SHA256650af52127f48f93d230f53c43c34d517427f0b1aad485330fcbb4809c1624e5
SHA51288d0326e39c16b22b9ebfbcfeb378d7c5655860212c0c66c6c4f84cc3502f0f9efd407f22e4c043f8bc3590c3f50c03444235c709ade86c00a9d6242e79ae02d
-
/data/data/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize12KB
MD5af31c5ffde9c6bf191d2f0f04f75ca2c
SHA1edb44691d4c0da1e0d62d70658f1af06a8a3c9a1
SHA25632cb6861289d7c91f6ad541d56edccaabb1d9d2dea74478cc32459b1598eba1d
SHA512c08a231f9786f9cd61a1d9779f14dc506edf111d4829bf634be39c4725817df06e45d81ebc60a166075653d39cb5bcda7eebb44b71496e57ca59ad44c889a5ca
-
Filesize
20KB
MD5d1a8a9d8dfc96e0ce3743da08398af02
SHA1b44759f35df59b7e997ac8f5b7169dbd5c7f0891
SHA256cc4d89c025d129612fea8191f877df1b07b2a446f110c73940521274718f5fbf
SHA5128157789dcbf5719597cec91275611ad6265abd6b999fa559caa11bc9aabcb47a2a0d78866eefff0d1a737363dd62c9f6f0657011476a1ad120d2d451ad85e4eb
-
Filesize
20KB
MD5a0a548793a510f9caed081689f935eeb
SHA12d1aad0213b2b86bfe52dd2485741fb00eb02f3a
SHA2564564ec31a51694e8349f462d5ada137b3f37b7c42515a7fe34ea8ef33b5063c5
SHA512624204c5e505d3f2822a9761109babe81079ce8552551f23b7315baa171ef7881e5b5c4eab607a53b9bf080be6cb3100ff8cedf4cc86fa6218cd18301fcdc367
-
Filesize
20KB
MD5c83ffedacf6314ba77393059d9e5fc62
SHA1c4c4af55a14d3c20a69bd4669365a17e78bbf195
SHA2565f8535f8fa4d6bbf04be4c4bf4c02633b730fe214239efdc5dc25295fdcff1f1
SHA512834e7e51fb5016f9747741a964dc5c660841f7dae2598ce511aa39f2d4be29050ae16d52e30ab6109680e056b8084a6a62a0671fc595e53fb485702c233b56dd
-
Filesize
20KB
MD5fc26bb0153382385b7d29af692c77059
SHA1b93075e459bfb36f8370b84997e9108f13942f2e
SHA2560c72c2c53f59c1dfa3fbfee8b1a0bb158e04ab31808e225045ca4ecf09288ee3
SHA5124d7b965a7bd3c8746817452dd1fa3d3518b985f1bbaf7f9c96fb0d4b52d0bdc52a6dc2bc417af396ea28aad002f618fc11d8b10318521a2836b8f63ad3951580
-
Filesize
12KB
MD5c0271d23616aeb174e9971e5585c4bf6
SHA1ce466870fa250bf211e6bd19578ed4be10124beb
SHA2561eb494274d44f7d531162a2ea73d9647f87eddb50f0b4ee4442baaabc1cd7593
SHA512a4f10c5bca5c3890dce704fb3dadbe6846604a7d0e56e3cf72223059e88ce740f09259f06f7f37138280b2a9cabc2ee660a594d4e32c3406a37be6d652beae34
-
Filesize
12KB
MD58eabb32cbc705ece33da43a435a75d56
SHA15a1c77c5c6a791b8504a497af9aae4f69cb5aec3
SHA256318e238ab11401255b00564afc6483c412ca6285183a6731541c89dfb12cfb63
SHA512921ed465a5d7aacf2ca23072c8e330ab6d529a15aedceb4115767bed584083137a3062d311a5aae473ffd82a2cce9d0e353aac09eca2d6adf1c10d5bb66b88fd
-
Filesize
12KB
MD59628ed2345e64e9c2d25d52bb296cea8
SHA19cb506567f4ecf2dd568f9e2ed58e953ec15fe5f
SHA2569102a6115ef9a46278d7f91cb1e5ed6749ac600bae784b400cc4d126815f142a
SHA512e49a1991195b7bc6ecd3ea8333ae93650463d17fbbdf784baed54d35903de1c9dc0c6d10a6d92ca11d37001e6d2e7fc1c0b4759d6a66c7bac93f25dd1967f680
-
Filesize
44KB
MD54940ccffe0bf009a9f11df82fed4e3ba
SHA1985c4a3304ce6fe2c707918b6d8e79477347523f
SHA2562a2c40fa63349df51f2f80fbfd290608957ff7510e85a5fdf8ffe4aff966e214
SHA51242c80a60c4d2dadcae081a3798013f3cc843b31e9b2d01ad8e1bea994da5358489dd4b5bb34a9645741c4e82cec7fa246cbf9c2b83d088c390dc67feaadf7f06
-
Filesize
20KB
MD5df9ddb8c5d1b3eb6b34b69232c7f957c
SHA1f05b2d71a527d00ddff853ffcd21c6c8487419df
SHA2565327c9503c20d5fae9a072208c35e4f8e5932f3ba9297cf62efd289ebd167066
SHA512372dd7b3986bc1b3fcb5fd81b03d168c30cbe7bce862bd87f34176daebe637e5aabfd7ce0fcc36974aff8a71e758b2b91119dfacea2487f2b69b397478898842
-
Filesize
12KB
MD539e0c9bfbc098e4585b734752a126b75
SHA12edcf11ed4cbd6dc7ec89e288fbd08aaf48060a1
SHA25667ffab13557b4cde682bf9bca0d70064ed7ccee7155ac4086a4bb09a56996e5e
SHA5121834296fbfd4dd8d24884734cc03e2f2134d0e1dbc32d1c718535ca01992c39c8587776b69b9d153201d4abe71cef71fffd9acdda9106aec6f2d591906b1ad80
-
Filesize
12KB
MD5a2c45d1c5c7042ac89ac55c9424b7965
SHA148cd3f2542fc1f78dfaf0d3fbef4bc88c48bb1f1
SHA2563de85459a7abc07637ec02be361bbf41429a07096bd69c279158502507bfac76
SHA5125252537c87bf5a38f02e15da76292177d618a0a96e8dc47163028fefc555354e7752ef7ca6b7d268245f3ebbfc1163594b5418eb6015d73828435dd2503e391c
-
Filesize
20KB
MD59982ed95bfee80a89c9ef7738833884e
SHA1817c232833d1ab42ab66bdc55bf3932d6e6223ad
SHA256d0497718e2537c4cc9e75b5bedbe9e8575cfa5ae05d267e01554e1d4f15d5596
SHA5126f63252d2ea47abcb2e0717f5f3c1fc0bcb3e28bf02e625557f88bbc84c8535405866de9528ec75fc95213c156944008dd9855e10d1b3c876b3918811123c55c