Analysis

  • max time kernel
    133s
  • max time network
    132s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240624-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
  • submitted
    06-07-2024 03:00

General

  • Target

    d75f907f12aa1c8b3b48c58ae65a23d9c7f7de2e06badb122c625d2916a3a0b5.apk

  • Size

    574KB

  • MD5

    82267a649aa0a1dbaea09a422f292fdf

  • SHA1

    f24dd169c52754e21d261e173327313ad66518ca

  • SHA256

    d75f907f12aa1c8b3b48c58ae65a23d9c7f7de2e06badb122c625d2916a3a0b5

  • SHA512

    0ec7a1a74d98274c984506119fb3c8faefb6c530995f3b667b0658b30dda9ced5b9200a3b2df9addffdefe1605e6ea58042389af99b2f30def7c5417b96bf93a

  • SSDEEP

    12288:aNSDw+uaAoPekatn0k661r5lMZRgJtxgKH3obMITiyLU4:XDu+ex0k661tlYctxJgg4

Malware Config

Signatures

Processes

  • com.cover.the.dumb.roll
    1⤵
    • Removes its main activity from the application launcher
    • Obtains sensitive information copied to the device clipboard
    • Queries information about active data network
    • Checks CPU information
    • Checks memory information
    PID:4490
  • com.cover.the.dumb.roll:Metrica
    1⤵
    • Checks if the Android device is rooted.
    • Schedules tasks to execute at a specified time
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4536

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.cover.the.dumb.roll/files/m

    Filesize

    12KB

    MD5

    9476f7d41c26698b51378569eb9a23f7

    SHA1

    b28175e06aff5939ab7416cf4ef067fdb1bdb25f

    SHA256

    0fac060c79c9ca0c543e4d3df83a6d63d3c370c3e0b23999fcbd8ceeca84b874

    SHA512

    50cef934fa6b134aa5b8d3edf57ff806a465c3dd38952c65b7c1f76b61f45c8b5c3e2ebdced5279922450554b659dcba698d12f059ea59f9914ca7d2470c6704

  • /data/user/0/com.cover.the.dumb.roll/files/m

    Filesize

    12KB

    MD5

    3783bb4c5c1b53615cca5ddb556d5846

    SHA1

    3e7b0ad4815e3919d6ff54548fae10b4ed3b0703

    SHA256

    8ebefd3163142c039247d31456b8472d0fc06c11c07e4a10b3cbc04cbc3aace4

    SHA512

    a03bca32b42a88b6e8561df159c4ae155b0959989670bd59d4f13a114f32bcb6027a8769f529764d8b3ed55f331cf97fda3fbe59664bcfa17315ecbb1fc6631f

  • /data/user/0/com.cover.the.dumb.roll/no_backup/credentials.dat

    Filesize

    226B

    MD5

    97a7d5a9311a1e25179833f792345f37

    SHA1

    80d6e5aeaa1610241a5293efe1d2825114cd8832

    SHA256

    fa350ed52bdad7ff686b6feb652a6a2cd691dea970fbba45f98f6c2c0fef0e3a

    SHA512

    e6e3ad8e1c27d391194e2b8ec686cec3d865da4911e0f9aa6ea62896f6376ee71fb363b15ce3caf6c90193af8d841d4257e5f034c265d8152735b848cd8f6365

  • /data/user/0/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll

    Filesize

    36KB

    MD5

    ddc3e051e7ecfacff39a30c4b51672bb

    SHA1

    16c57b3edee1789565cfbd6f1536200658c8d725

    SHA256

    7ebf6713f2e2a8fe65801ebebab99db6de08502a66a625732c4ac90c400ab9b5

    SHA512

    4b7918c4cfb12e3664e214a8067426bf298c33656db0954e0d215e4171b59c746cbdbfb306a50e734851ba7eaced8b5e0f2b34af0c8078323b68bcb09ac8cb21

  • /data/user/0/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll-journal

    Filesize

    20KB

    MD5

    1b29459316bc535c3e933ceef445a369

    SHA1

    d266fb9c73f7eb569e32cbd73b726c65c092fafc

    SHA256

    08ae9aedf7f276d68e7464f87ee47a3cf4d9ac976ef92926c40bbb8a01b2ea8e

    SHA512

    c37067b1cdc6b575a0ee078340255de6d043649399e4bdf6b93f6297b7276a62d2027c16537938a6a74c5f59cfed1e78d8dd3f270b6b44034a3f58e41439278f

  • /data/user/0/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll-journal

    Filesize

    20KB

    MD5

    5b0b7ddc53333dfd2d5def95b2729653

    SHA1

    8e73a2a28849088d584c368a32c726a6031b40bd

    SHA256

    344980dce5cced048b8001dc8fed992dfe87e2bf0055ff54f2c78642c4b1dc9e

    SHA512

    74874158df65cf93e5587c1f968d22ed2a14b601c7aea345aa986f070b694d748f18dcfcb83cc650ba74d2987a8ce0999e8d3e0a26963e5e86a4cbbdbbcb7c4d

  • /data/user/0/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll-journal

    Filesize

    8KB

    MD5

    0b0f90348cdacdb0579a41fb443cf684

    SHA1

    efc7610056f761c3acf3c039a516f19025dc18b6

    SHA256

    e4605279cbfa594f9d7cb517e94983b541d7abb38eac3248060c95f4b088c291

    SHA512

    1528d899eadb828bc5b6da47f9ecdd122bb5ecc336dd4512339cf5f169ffad53e3243460a90664b12e6f4c45b2e93e631b8778086588a8e5c262e78bc35c214a

  • /data/user/0/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll-journal

    Filesize

    12KB

    MD5

    ab712e9ec7eedad6e17af269f27acc45

    SHA1

    499a220a543c2e5802cdcafedffeb464618dad36

    SHA256

    d90c968404cda879d312041c3ba4b6241422cbccf993b9d769a8a6835cb29017

    SHA512

    1b190641236df17f384533a57c7c1a10532baec7444586f58b38913df92b91ca1f73bd2ab9d2948672cd962cc9023a5d58b3dec0c097b144db4619e9daa5cca8

  • /data/user/0/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll-journal

    Filesize

    12KB

    MD5

    8b0dd50c4d3e390b35cca52388b0b2c9

    SHA1

    592e815d1dd3727b996b9b8dd05f7d052ef797b0

    SHA256

    83649d0df76bc148287ecfb45c9d092d7d2a40dfa39d01393c471493576e076e

    SHA512

    d2313756e6c82d98faa472fa87e443ef27eda677ee579c639aa5fa85379e53aee1cc827b9586fd9260b5730a98ab50097afab874455fa4cef7fb91758a1d3f12

  • /data/user/0/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll-journal

    Filesize

    12KB

    MD5

    ce53276bfecdfe62018a1cbff34c012f

    SHA1

    4ab740a5af2d2e1aeb7aa689bd1569efa260fe52

    SHA256

    044a544dcfe577d4496e21e820b47660a532d319f5ef30fe0e193273d264b72a

    SHA512

    e6946c8fc3e7e1e128760a9154654542ed708ef6b6a0204abe3ec0d17a3f19fa43727941e736554866b977c2f2796fa5d3d78a1ebceeb84efba0d09e1ebb6e7b

  • /data/user/0/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180

    Filesize

    36KB

    MD5

    210893cdc782878f64df1c7cecce59e3

    SHA1

    d86482020101a2abad481181b925b080a7b2c1c4

    SHA256

    153c531d7faabccbef62421c5344b72b89be9276de386fea99f3e1364cf0f207

    SHA512

    3a9c141bafe39fb724f615820e06aa5db3eb1442db4ee26645fe6c59c8121158224cf50fe9ae2bd1fd6d5fd0f13e690f7ad745aa24938425c44255cc741726d1

  • /data/user/0/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180-journal

    Filesize

    512B

    MD5

    167cea203b8fa93781a9e98663309b51

    SHA1

    2d7956ef642e1dd8369ed7775da36279b7c1ed23

    SHA256

    3310d36b906aecc0adce0a7e22ce07e1b6b0a786c369c4bb72a62f1c611bdd10

    SHA512

    dcdb4459875be739bd4310b5200ea0d640cec0ffb12a03d4b9358a1ce21aab5e379ea593d64de3dac2b5a8b4b9691014a527cd6293085111e15b2fb6b18eb601

  • /data/user/0/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180-journal

    Filesize

    8KB

    MD5

    aef1179f20e002e9a6325ead2d792681

    SHA1

    25182272ef65555ea7d7ee1dfc6c7cc1b82e55d9

    SHA256

    289d37ce4c53cbd018952326eee11b1394258276b58ea915be1422ced31ae8ac

    SHA512

    14ee3b67e641d1a3f83d6b23365e4ee241ad498322874f24112ace5d7fe2e1a9fd1e9a41e58fb67ebef21bf35dfc8f8cbcd00e15ec9008f117118462cf651da0

  • /data/user/0/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180-journal

    Filesize

    8KB

    MD5

    3d74ca56290f6f164a48803e66fea9c1

    SHA1

    b9b92a1c66d2c36f85559fa89d6d21401c8d739c

    SHA256

    1ae170b1dbdca480f410f3cb71a3ef08a95426c80da5181c737cda5a70e22eec

    SHA512

    12dfaab6e98355fec8392b17d1f42144b6d06d69bd76f612ae71d6252af5b9849844e7406346db3fdef28ed9c664d06bd6cfddf68a23c05b181f6fd0fba905a3

  • /data/user/0/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180-journal

    Filesize

    12KB

    MD5

    b53f5ca687b02c7adede757e669ef287

    SHA1

    a514652a5bb7a31bda0c517d4a839cd516c734aa

    SHA256

    1a18f4b316c86e90a3e9bfc6dc6c285307887db2df0eef90f07446c0aa41b591

    SHA512

    741887c69dbb99e0af567876eb4892ea72079b6b987f99408e0a078ef023a7c0b84c85e3cf9e239f5795baf9dbc9b046a79606554c539b7005e88cde01b953a9

  • /data/user/0/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180-journal

    Filesize

    12KB

    MD5

    3c7ec192855062794c847e99ae497176

    SHA1

    bffcb7c414dfb1c4ebb5f63a30bc70190fa58c50

    SHA256

    baaf51cdcf523da39d06ca47fb27b9aed5efb82adf276d23563d967edec0147f

    SHA512

    23ad0fe7e3cf1144f0d6b72277ad7146be66fd2c78dd4f2d66b41367d923dca0bee553f0f283fd97e76d819ff50b4094f491e27891b45e407999dba842d1e9f5

  • /data/user/0/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180-journal

    Filesize

    12KB

    MD5

    06219277d2e6c1d8c37715f1bf3e205d

    SHA1

    d32aae5e425b57071fc25ce9c74a4e68b1a4c5cf

    SHA256

    5ead21f50645c1d3214e662b12cea8c3dabe6f0e4d8e2eec7b8d8d67aeb22953

    SHA512

    4b92f985d609ed4b669915725f7d889a7a49df830843b91123d985544c66d61782ef07bf3dea37c66286f2493d0d28c9074b03707264cc16608f55c92fe8352b

  • /data/user/0/com.cover.the.dumb.roll/no_backup/metrica_client_data.db

    Filesize

    20KB

    MD5

    fc318483a677c71a725dbbe6e9516df9

    SHA1

    8ac3af9cbfb464e53b709028d1f64a4d019bb2f4

    SHA256

    d6d65421dac425ed42a96af8b94a1d708f6e23b556f0bc80011eb4970304b7f9

    SHA512

    0e3a0d7629cbfdcaa59e415c4ba982355f249b9595d234c0de6fda993c65c121435c442945766017cd78533fbd059d7edfe2eda0185ec6e4d076499536a63140

  • /data/user/0/com.cover.the.dumb.roll/no_backup/metrica_client_data.db

    Filesize

    20KB

    MD5

    99d630a85830241bce5217a45a80a02d

    SHA1

    cadbcf287bb6c42c76383a1cefb29fbbafd2c3e8

    SHA256

    0f70c868539092f95080bfbe70a35bba14c1c819e4407009bdf65a56e98bde53

    SHA512

    8f890bfe8c9ed553884f455d8dac3d300195fa687b9c0e4de64b8679cf9465b3c5afbf148b0b8b35fca1b01c7fb088d00b3f8bede7bcdddae3488efd7a1fadab

  • /data/user/0/com.cover.the.dumb.roll/no_backup/metrica_client_data.db

    Filesize

    20KB

    MD5

    12e19738b8d95b9d4172adb0cf670b68

    SHA1

    140b9593ccf3f1fa3beb86ce9d2dc3a8316f6594

    SHA256

    4520bb0e07d672002a402c50881e0d16509cbea58441a55c9c5e6f71b8db491b

    SHA512

    2d83bcc6a6b70c114033c147acbdd8ce7b6450e11a96ac718b4a7fd21affb874f49fe01f2aa7133db2655c43521c50983b56bf3fa9b37634142ca467cfcc0d9d

  • /data/user/0/com.cover.the.dumb.roll/no_backup/metrica_client_data.db

    Filesize

    20KB

    MD5

    68f944b6aa09db7bc40ce748857bc1cf

    SHA1

    7f805678c5f0de2ad48fb44a7c005c9b9c7ce284

    SHA256

    f8e511aceb4da4aa5a51eeeca31865e28f9e11663d5d4cf6c50d0d160bc0185d

    SHA512

    3d4718074115e1bdfd2303fad1b25c66df6035b370c527513d4e3efd536eef527ba0c5f914629912db0e8ba41924129137c413d676497844ccfa153838f899ec

  • /data/user/0/com.cover.the.dumb.roll/no_backup/metrica_client_data.db-journal

    Filesize

    12KB

    MD5

    035e8751110983fa53563c2e796bf42e

    SHA1

    1863865026ab2bd4bb06c40906b7ac585a330a9e

    SHA256

    93f6fc3069d98e9894570acb6c1864e1edb4dd8b7a0e1a2d2e52f4ab58e03d43

    SHA512

    74b6dd26c364ec4803da87032e9b106f46399736c852068ae9e93b4a3a2d0790fb19bda367ef223cb0fcccd512735965b35b071e4fec5034ed72dbe9cfab65f6

  • /data/user/0/com.cover.the.dumb.roll/no_backup/metrica_client_data.db-journal

    Filesize

    12KB

    MD5

    31b824407c0771e5dd072eab2a211b5c

    SHA1

    fc100c49f78b1b6686134e5eeb5c863fc761a6a1

    SHA256

    c3d85be967a36bbb8865a1a217cf0176448a4b6a21a55f0b3aea04a26fc59913

    SHA512

    85f917eeab00b70e82a10fc866ff178bb7f5aeae0e8aa0754b89343d2108dfd67488d207d1bb611be5eccc21d318a77d12143e18ce35c641cfc73c751b516508

  • /data/user/0/com.cover.the.dumb.roll/no_backup/metrica_client_data.db-journal

    Filesize

    20KB

    MD5

    bec04b24493758de0f4887b69b5b2e74

    SHA1

    34efc023613ab14253056c161b745e37383d000e

    SHA256

    ca345853d76424c1b790e13d4e83d31bdd2140d68d3286559548ab085ee84cc3

    SHA512

    b0fe1687ed9a750c06007a067a80e3e9555d09f5f6fb605600013b3490043e2d42e70d146b20052223b7d65e1950ee788bf32c4ba294e2d6d5cb979b3881393f

  • /data/user/0/com.cover.the.dumb.roll/no_backup/metrica_client_data.db-journal

    Filesize

    44KB

    MD5

    bf398573da4e7b572fefaded4012a9b1

    SHA1

    04bafeca672cd66a07dee82619a10652286ac0f4

    SHA256

    4f3669a336b629cb9aa78cceb69c1a907587870d85f76f7de069e3ba3d35518f

    SHA512

    c0422d4cbc193c8dbd62558b9e7944e59e31c4af72f9bcf6abeb42d71f63bc16bdc75ce8e275c7895a016c130602463d0be417cf60fb89a90398775b3cd13141

  • /data/user/0/com.cover.the.dumb.roll/no_backup/metrica_client_data.db-journal

    Filesize

    12KB

    MD5

    03d13871e67973df7a557ef0fb1c6bde

    SHA1

    1d1351cbb9c9036b1dd011075666f6271c631131

    SHA256

    319e1a5065f3e625c15c500a9039c893ae49aefc9728b0f61e3aecb112b5dfcd

    SHA512

    114d213dfeec70c84b20e49749fd65df56f926a6d01ecdb5562f2f1709f1c89d35db7d843da26a003db2cbbc49e82f047bcbd4f8b75ff839f7da1b762414e69b

  • /data/user/0/com.cover.the.dumb.roll/no_backup/metrica_client_data.db-journal

    Filesize

    12KB

    MD5

    7f465fdd66587ed84fd0abfcfc9e489a

    SHA1

    75380b04ccbba1c73c3d2f75887a14bfef2f6128

    SHA256

    270fc160efe1673d3058dbd78957f1297e2fbb7d362d3a9463d1254535a47335

    SHA512

    1eb2cb4d3d5e3ba34b85f4ed7b65fc188dce840d5882335bcd01ac730b40f4120484195b1ccfdd45b3543d6f4e57891a188cd2eac3a53983c09c0fef8d9de463