Analysis
-
max time kernel
133s -
max time network
132s -
platform
android_x64 -
resource
android-x64-arm64-20240624-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system -
submitted
06-07-2024 03:00
Static task
static1
Behavioral task
behavioral1
Sample
d75f907f12aa1c8b3b48c58ae65a23d9c7f7de2e06badb122c625d2916a3a0b5.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
d75f907f12aa1c8b3b48c58ae65a23d9c7f7de2e06badb122c625d2916a3a0b5.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
d75f907f12aa1c8b3b48c58ae65a23d9c7f7de2e06badb122c625d2916a3a0b5.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
d75f907f12aa1c8b3b48c58ae65a23d9c7f7de2e06badb122c625d2916a3a0b5.apk
-
Size
574KB
-
MD5
82267a649aa0a1dbaea09a422f292fdf
-
SHA1
f24dd169c52754e21d261e173327313ad66518ca
-
SHA256
d75f907f12aa1c8b3b48c58ae65a23d9c7f7de2e06badb122c625d2916a3a0b5
-
SHA512
0ec7a1a74d98274c984506119fb3c8faefb6c530995f3b667b0658b30dda9ced5b9200a3b2df9addffdefe1605e6ea58042389af99b2f30def7c5417b96bf93a
-
SSDEEP
12288:aNSDw+uaAoPekatn0k661r5lMZRgJtxgKH3obMITiyLU4:XDu+ex0k661tlYctxJgg4
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 3 IoCs
Processes:
com.cover.the.dumb.roll:Metricaioc process /sbin/su com.cover.the.dumb.roll:Metrica /system/bin/su com.cover.the.dumb.roll:Metrica /system/app/Superuser.apk com.cover.the.dumb.roll:Metrica -
Processes:
com.cover.the.dumb.rollpid process 4490 com.cover.the.dumb.roll -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
Processes:
com.cover.the.dumb.rolldescription ioc process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.cover.the.dumb.roll -
Queries information about active data network 1 TTPs 1 IoCs
Processes:
com.cover.the.dumb.rolldescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.cover.the.dumb.roll -
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
Processes:
com.cover.the.dumb.roll:Metricadescription ioc process Framework service call android.app.job.IJobScheduler.schedule com.cover.the.dumb.roll:Metrica -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.cover.the.dumb.roll:Metricadescription ioc process Framework API call javax.crypto.Cipher.doFinal com.cover.the.dumb.roll:Metrica -
Checks CPU information 2 TTPs 1 IoCs
Processes:
com.cover.the.dumb.rolldescription ioc process File opened for read /proc/cpuinfo com.cover.the.dumb.roll -
Checks memory information 2 TTPs 1 IoCs
Processes:
com.cover.the.dumb.rolldescription ioc process File opened for read /proc/meminfo com.cover.the.dumb.roll
Processes
-
com.cover.the.dumb.roll1⤵
- Removes its main activity from the application launcher
- Obtains sensitive information copied to the device clipboard
- Queries information about active data network
- Checks CPU information
- Checks memory information
PID:4490
-
com.cover.the.dumb.roll:Metrica1⤵
- Checks if the Android device is rooted.
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4536
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
12KB
MD59476f7d41c26698b51378569eb9a23f7
SHA1b28175e06aff5939ab7416cf4ef067fdb1bdb25f
SHA2560fac060c79c9ca0c543e4d3df83a6d63d3c370c3e0b23999fcbd8ceeca84b874
SHA51250cef934fa6b134aa5b8d3edf57ff806a465c3dd38952c65b7c1f76b61f45c8b5c3e2ebdced5279922450554b659dcba698d12f059ea59f9914ca7d2470c6704
-
Filesize
12KB
MD53783bb4c5c1b53615cca5ddb556d5846
SHA13e7b0ad4815e3919d6ff54548fae10b4ed3b0703
SHA2568ebefd3163142c039247d31456b8472d0fc06c11c07e4a10b3cbc04cbc3aace4
SHA512a03bca32b42a88b6e8561df159c4ae155b0959989670bd59d4f13a114f32bcb6027a8769f529764d8b3ed55f331cf97fda3fbe59664bcfa17315ecbb1fc6631f
-
Filesize
226B
MD597a7d5a9311a1e25179833f792345f37
SHA180d6e5aeaa1610241a5293efe1d2825114cd8832
SHA256fa350ed52bdad7ff686b6feb652a6a2cd691dea970fbba45f98f6c2c0fef0e3a
SHA512e6e3ad8e1c27d391194e2b8ec686cec3d865da4911e0f9aa6ea62896f6376ee71fb363b15ce3caf6c90193af8d841d4257e5f034c265d8152735b848cd8f6365
-
Filesize
36KB
MD5ddc3e051e7ecfacff39a30c4b51672bb
SHA116c57b3edee1789565cfbd6f1536200658c8d725
SHA2567ebf6713f2e2a8fe65801ebebab99db6de08502a66a625732c4ac90c400ab9b5
SHA5124b7918c4cfb12e3664e214a8067426bf298c33656db0954e0d215e4171b59c746cbdbfb306a50e734851ba7eaced8b5e0f2b34af0c8078323b68bcb09ac8cb21
-
Filesize
20KB
MD51b29459316bc535c3e933ceef445a369
SHA1d266fb9c73f7eb569e32cbd73b726c65c092fafc
SHA25608ae9aedf7f276d68e7464f87ee47a3cf4d9ac976ef92926c40bbb8a01b2ea8e
SHA512c37067b1cdc6b575a0ee078340255de6d043649399e4bdf6b93f6297b7276a62d2027c16537938a6a74c5f59cfed1e78d8dd3f270b6b44034a3f58e41439278f
-
Filesize
20KB
MD55b0b7ddc53333dfd2d5def95b2729653
SHA18e73a2a28849088d584c368a32c726a6031b40bd
SHA256344980dce5cced048b8001dc8fed992dfe87e2bf0055ff54f2c78642c4b1dc9e
SHA51274874158df65cf93e5587c1f968d22ed2a14b601c7aea345aa986f070b694d748f18dcfcb83cc650ba74d2987a8ce0999e8d3e0a26963e5e86a4cbbdbbcb7c4d
-
Filesize
8KB
MD50b0f90348cdacdb0579a41fb443cf684
SHA1efc7610056f761c3acf3c039a516f19025dc18b6
SHA256e4605279cbfa594f9d7cb517e94983b541d7abb38eac3248060c95f4b088c291
SHA5121528d899eadb828bc5b6da47f9ecdd122bb5ecc336dd4512339cf5f169ffad53e3243460a90664b12e6f4c45b2e93e631b8778086588a8e5c262e78bc35c214a
-
Filesize
12KB
MD5ab712e9ec7eedad6e17af269f27acc45
SHA1499a220a543c2e5802cdcafedffeb464618dad36
SHA256d90c968404cda879d312041c3ba4b6241422cbccf993b9d769a8a6835cb29017
SHA5121b190641236df17f384533a57c7c1a10532baec7444586f58b38913df92b91ca1f73bd2ab9d2948672cd962cc9023a5d58b3dec0c097b144db4619e9daa5cca8
-
Filesize
12KB
MD58b0dd50c4d3e390b35cca52388b0b2c9
SHA1592e815d1dd3727b996b9b8dd05f7d052ef797b0
SHA25683649d0df76bc148287ecfb45c9d092d7d2a40dfa39d01393c471493576e076e
SHA512d2313756e6c82d98faa472fa87e443ef27eda677ee579c639aa5fa85379e53aee1cc827b9586fd9260b5730a98ab50097afab874455fa4cef7fb91758a1d3f12
-
Filesize
12KB
MD5ce53276bfecdfe62018a1cbff34c012f
SHA14ab740a5af2d2e1aeb7aa689bd1569efa260fe52
SHA256044a544dcfe577d4496e21e820b47660a532d319f5ef30fe0e193273d264b72a
SHA512e6946c8fc3e7e1e128760a9154654542ed708ef6b6a0204abe3ec0d17a3f19fa43727941e736554866b977c2f2796fa5d3d78a1ebceeb84efba0d09e1ebb6e7b
-
/data/user/0/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180
Filesize36KB
MD5210893cdc782878f64df1c7cecce59e3
SHA1d86482020101a2abad481181b925b080a7b2c1c4
SHA256153c531d7faabccbef62421c5344b72b89be9276de386fea99f3e1364cf0f207
SHA5123a9c141bafe39fb724f615820e06aa5db3eb1442db4ee26645fe6c59c8121158224cf50fe9ae2bd1fd6d5fd0f13e690f7ad745aa24938425c44255cc741726d1
-
/data/user/0/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize512B
MD5167cea203b8fa93781a9e98663309b51
SHA12d7956ef642e1dd8369ed7775da36279b7c1ed23
SHA2563310d36b906aecc0adce0a7e22ce07e1b6b0a786c369c4bb72a62f1c611bdd10
SHA512dcdb4459875be739bd4310b5200ea0d640cec0ffb12a03d4b9358a1ce21aab5e379ea593d64de3dac2b5a8b4b9691014a527cd6293085111e15b2fb6b18eb601
-
/data/user/0/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize8KB
MD5aef1179f20e002e9a6325ead2d792681
SHA125182272ef65555ea7d7ee1dfc6c7cc1b82e55d9
SHA256289d37ce4c53cbd018952326eee11b1394258276b58ea915be1422ced31ae8ac
SHA51214ee3b67e641d1a3f83d6b23365e4ee241ad498322874f24112ace5d7fe2e1a9fd1e9a41e58fb67ebef21bf35dfc8f8cbcd00e15ec9008f117118462cf651da0
-
/data/user/0/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize8KB
MD53d74ca56290f6f164a48803e66fea9c1
SHA1b9b92a1c66d2c36f85559fa89d6d21401c8d739c
SHA2561ae170b1dbdca480f410f3cb71a3ef08a95426c80da5181c737cda5a70e22eec
SHA51212dfaab6e98355fec8392b17d1f42144b6d06d69bd76f612ae71d6252af5b9849844e7406346db3fdef28ed9c664d06bd6cfddf68a23c05b181f6fd0fba905a3
-
/data/user/0/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize12KB
MD5b53f5ca687b02c7adede757e669ef287
SHA1a514652a5bb7a31bda0c517d4a839cd516c734aa
SHA2561a18f4b316c86e90a3e9bfc6dc6c285307887db2df0eef90f07446c0aa41b591
SHA512741887c69dbb99e0af567876eb4892ea72079b6b987f99408e0a078ef023a7c0b84c85e3cf9e239f5795baf9dbc9b046a79606554c539b7005e88cde01b953a9
-
/data/user/0/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize12KB
MD53c7ec192855062794c847e99ae497176
SHA1bffcb7c414dfb1c4ebb5f63a30bc70190fa58c50
SHA256baaf51cdcf523da39d06ca47fb27b9aed5efb82adf276d23563d967edec0147f
SHA51223ad0fe7e3cf1144f0d6b72277ad7146be66fd2c78dd4f2d66b41367d923dca0bee553f0f283fd97e76d819ff50b4094f491e27891b45e407999dba842d1e9f5
-
/data/user/0/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize12KB
MD506219277d2e6c1d8c37715f1bf3e205d
SHA1d32aae5e425b57071fc25ce9c74a4e68b1a4c5cf
SHA2565ead21f50645c1d3214e662b12cea8c3dabe6f0e4d8e2eec7b8d8d67aeb22953
SHA5124b92f985d609ed4b669915725f7d889a7a49df830843b91123d985544c66d61782ef07bf3dea37c66286f2493d0d28c9074b03707264cc16608f55c92fe8352b
-
Filesize
20KB
MD5fc318483a677c71a725dbbe6e9516df9
SHA18ac3af9cbfb464e53b709028d1f64a4d019bb2f4
SHA256d6d65421dac425ed42a96af8b94a1d708f6e23b556f0bc80011eb4970304b7f9
SHA5120e3a0d7629cbfdcaa59e415c4ba982355f249b9595d234c0de6fda993c65c121435c442945766017cd78533fbd059d7edfe2eda0185ec6e4d076499536a63140
-
Filesize
20KB
MD599d630a85830241bce5217a45a80a02d
SHA1cadbcf287bb6c42c76383a1cefb29fbbafd2c3e8
SHA2560f70c868539092f95080bfbe70a35bba14c1c819e4407009bdf65a56e98bde53
SHA5128f890bfe8c9ed553884f455d8dac3d300195fa687b9c0e4de64b8679cf9465b3c5afbf148b0b8b35fca1b01c7fb088d00b3f8bede7bcdddae3488efd7a1fadab
-
Filesize
20KB
MD512e19738b8d95b9d4172adb0cf670b68
SHA1140b9593ccf3f1fa3beb86ce9d2dc3a8316f6594
SHA2564520bb0e07d672002a402c50881e0d16509cbea58441a55c9c5e6f71b8db491b
SHA5122d83bcc6a6b70c114033c147acbdd8ce7b6450e11a96ac718b4a7fd21affb874f49fe01f2aa7133db2655c43521c50983b56bf3fa9b37634142ca467cfcc0d9d
-
Filesize
20KB
MD568f944b6aa09db7bc40ce748857bc1cf
SHA17f805678c5f0de2ad48fb44a7c005c9b9c7ce284
SHA256f8e511aceb4da4aa5a51eeeca31865e28f9e11663d5d4cf6c50d0d160bc0185d
SHA5123d4718074115e1bdfd2303fad1b25c66df6035b370c527513d4e3efd536eef527ba0c5f914629912db0e8ba41924129137c413d676497844ccfa153838f899ec
-
Filesize
12KB
MD5035e8751110983fa53563c2e796bf42e
SHA11863865026ab2bd4bb06c40906b7ac585a330a9e
SHA25693f6fc3069d98e9894570acb6c1864e1edb4dd8b7a0e1a2d2e52f4ab58e03d43
SHA51274b6dd26c364ec4803da87032e9b106f46399736c852068ae9e93b4a3a2d0790fb19bda367ef223cb0fcccd512735965b35b071e4fec5034ed72dbe9cfab65f6
-
Filesize
12KB
MD531b824407c0771e5dd072eab2a211b5c
SHA1fc100c49f78b1b6686134e5eeb5c863fc761a6a1
SHA256c3d85be967a36bbb8865a1a217cf0176448a4b6a21a55f0b3aea04a26fc59913
SHA51285f917eeab00b70e82a10fc866ff178bb7f5aeae0e8aa0754b89343d2108dfd67488d207d1bb611be5eccc21d318a77d12143e18ce35c641cfc73c751b516508
-
Filesize
20KB
MD5bec04b24493758de0f4887b69b5b2e74
SHA134efc023613ab14253056c161b745e37383d000e
SHA256ca345853d76424c1b790e13d4e83d31bdd2140d68d3286559548ab085ee84cc3
SHA512b0fe1687ed9a750c06007a067a80e3e9555d09f5f6fb605600013b3490043e2d42e70d146b20052223b7d65e1950ee788bf32c4ba294e2d6d5cb979b3881393f
-
Filesize
44KB
MD5bf398573da4e7b572fefaded4012a9b1
SHA104bafeca672cd66a07dee82619a10652286ac0f4
SHA2564f3669a336b629cb9aa78cceb69c1a907587870d85f76f7de069e3ba3d35518f
SHA512c0422d4cbc193c8dbd62558b9e7944e59e31c4af72f9bcf6abeb42d71f63bc16bdc75ce8e275c7895a016c130602463d0be417cf60fb89a90398775b3cd13141
-
Filesize
12KB
MD503d13871e67973df7a557ef0fb1c6bde
SHA11d1351cbb9c9036b1dd011075666f6271c631131
SHA256319e1a5065f3e625c15c500a9039c893ae49aefc9728b0f61e3aecb112b5dfcd
SHA512114d213dfeec70c84b20e49749fd65df56f926a6d01ecdb5562f2f1709f1c89d35db7d843da26a003db2cbbc49e82f047bcbd4f8b75ff839f7da1b762414e69b
-
Filesize
12KB
MD57f465fdd66587ed84fd0abfcfc9e489a
SHA175380b04ccbba1c73c3d2f75887a14bfef2f6128
SHA256270fc160efe1673d3058dbd78957f1297e2fbb7d362d3a9463d1254535a47335
SHA5121eb2cb4d3d5e3ba34b85f4ed7b65fc188dce840d5882335bcd01ac730b40f4120484195b1ccfdd45b3543d6f4e57891a188cd2eac3a53983c09c0fef8d9de463