a3a764e9c97606af14d4847f6816167345bbc2c0f7157e9e4dea1a3db7eee7f9

Analysis

max time kernel
166s
max time network
130s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
09-07-2024 09:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

base.apk
Size

2.8MB
MD5

c700a9f32dd2d42392572a3d827fdf36
SHA1

9728797ec1e93515da9c56215c30a6634f6521aa
SHA256

a3a764e9c97606af14d4847f6816167345bbc2c0f7157e9e4dea1a3db7eee7f9
SHA512

0ab84572d98ff8e3d0f04ffaf538352a89b35cf10f0f37167a84ad4053bf1411065423cdbebd5f5e09103556ba17d2cdc2bde9c650ea38b572fbc88bce0b4f74
SSDEEP

49152:z/YuZrOPQV2VEtUbCdNHcsan4xy1OpVRsm9iqhDc37njsgCWhqTco+Tcdwy0OPy3:bZVNUboNHcsUwDRf9iqhYLnAPWvo6swT

Score

6^/10

discovery persistence

Malware Config

Signatures

Acquires the wake lock 1 IoCs

Processes:

com.mycarroll.app

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.mycarroll.app
Queries information about active data network 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.mycarroll.app

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.mycarroll.app
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

System Network Configuration Discovery
T1422

Processes:

com.mycarroll.app

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.mycarroll.app
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

com.mycarroll.app

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.mycarroll.app
Checks CPU information 2 TTPs 1 IoCs

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.mycarroll.app

description ioc process

File opened for read /proc/cpuinfo com.mycarroll.app
Checks memory information 2 TTPs 1 IoCs

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.mycarroll.app

description ioc process

File opened for read /proc/meminfo com.mycarroll.app

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.mycarroll.app

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.mycarroll.app

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.mycarroll.app

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.mycarroll.app

description	ioc	process
File opened for read	/proc/cpuinfo	com.mycarroll.app

description	ioc	process
File opened for read	/proc/meminfo	com.mycarroll.app

com.mycarroll.app
1⤵
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
PID:4259
- ping -c 2 -W 10 -v google.com
  2⤵
  PID:4312
- ping -c 2 -W 10 -v google.com
  2⤵
  PID:4410

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.mycarroll.app/cache/1

Filesize
27B

MD5
a67719fc9ddcaedb369fcaa37e6747b3

SHA1
ba404d09c4446131c592299b20327c2ee03530d8

SHA256
88b02f3504259aece2b09faf52258565ba6bbd804b454f3349754db22e834aeb

SHA512
9224ab66cfb87bcf6fb86c0faee388a882c6e96cf78162b9f2fb028e57dfafec0fcf450df42bf48f4c394022da9d4a23bc2f7af3405b80d112aad4a79390bceb

Download Submit
/data/data/com.mycarroll.app/cache/~test.test

Filesize
4B

MD5
098f6bcd4621d373cade4e832627b4f6

SHA1
a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

SHA256
9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08

SHA512
ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

Download Submit
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db

Filesize
16KB

MD5
ce04be39e4f6c13bba89914bb2a79369

SHA1
1a2fd7c441ef1f20d6f93515fd97641d36f8c514

SHA256
caf3f0eea59a245ba9e9c76ad5eab2e825548221fbbb5fba852c154b8021a90d

SHA512
08ec2d6e75f02cb8f588f3468cf0f992a28f31038ece445cf2222e69a17fe2d9011adef5951d779b11c6625d7a0efcd435e70e135b7e6ea28f19a41afbe4b22b

Download Submit
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db

Filesize
16KB

MD5
ac334820c2a4d7fb5e06f586e9cf2f2a

SHA1
4d5cb2e3c1c6ac05a6f63e50e02a1a409b21b933

SHA256
2c66f838132da4e104bc7a597aae3260e5956e6e1ed8ff9fc1ee30813e7273e7

SHA512
ad567f84d827e10bf26bddb821a8bfa8b471d07ce2d2014447d8908952cc7dc50a6758addbdd954fc9476c6507bc266d04a6b53d8c319fbca914e324251ad3c7

Download Submit
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db

Filesize
16KB

MD5
83ad44bfb5ba149b1195dc3f991acd1a

SHA1
f1562b0f129602dbba529e1d5f98621b880b38dd

SHA256
5c56eb55768c5c8f8692c82dc92aca2045e84c4026fd4de71e844a158ab9e7b2

SHA512
c13865875da872d8e0bf93d3f2a6433b899407c47907fd9e5a1e01497912a9f8d35d2afe3d5a46e2542e790d53a066f17cdccbb17cdff72cbac43278477f1a91

Download Submit
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db

Filesize
16KB

MD5
f13aae3f50793004023829a758bd4c92

SHA1
7d39a978c12428338fef624a70027ab0da25c505

SHA256
26527c9080b76a21e7c23a64a5117c95f95a415cc542495529b680d24ace96e0

SHA512
724aa45e114f815fc6686d444df73ca177ee84e91b5db4968d7846ab263265e3097ef7ee7f3eb0dea5cc20ccd1153a43d3706fa1c7a4afc9597578ff1ce2f7f0

Download Submit
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db

Filesize
16KB

MD5
6e51f0580a08c55cb6598dee996c9be5

SHA1
225ee2d2dc97eb5e816e7c219c2212f7ac57a835

SHA256
6de59d2460af67b546c95f2ac9d7f38945f3bbfc46645c7f291ecb1dcfe05ace

SHA512
baacdfdef9d5d6abab374878f63d6749862f7f2bee7d27ec859ba2655d21fda76721bed71d1bde0799c332b0ebb6ce317d18c08706e36b04b0c0768fabe89f90

Download Submit
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7237409e0640cfab7bdbd429bf821a3b

SHA1
4c3da934842f8d4835dfe2a9c275a300e5123309

SHA256
5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

SHA512
c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

Download Submit
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
baa286b2b3f981f27c3a0dfcda0d34da

SHA1
48d976b93a862f6a62a65dd33d997547ea8e1716

SHA256
285c9210646fc720bc142b74dbd8d72dabe5701778496b1563c87b732ccae452

SHA512
bc3973d3f9496261f43dece9d0e099f57f576eab00b8b3a7731051cb4f78f32ee8edb4f37ba0849552576153c659e9aec8d6fd8844161427832e0d5e362436e3

Download Submit
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
672f80a9c8209418904c5b97d73adcd6

SHA1
b757f849f2bb92fac2dd5bef13f9fbb63253f9da

SHA256
2e17fae962ca161124b67bdfb6ddeeef79134dd336b7d2f1d5b3b5e475d04d9b

SHA512
2df7ca724e48b1dfb4642b4c483715c63116ad2d78a5e5d6140c4f5fe581638cb80a7fdf07431d4ca30459dba7a7187407b08f75ed122108523078a63f9e12c7

Download Submit
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
856a64014122fe56fcc517d50d1ac899

SHA1
55a50e2eaa5b968eefb16101d4618d5bb1029bb9

SHA256
034d0b28a9604a9b8641667b7194b355f58a4026753bc7872cd9736f729b659a

SHA512
4191edbb4399bc5da2590fb25c289b190cea3cb82db297d2b6bc850d08a6719fac619a11ad46714c83101ec5367c59a3e7b3f75cd5fdc45cac7d981c0059fe98

Download Submit
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
0e7692538a4b4d39b8ff262a4d67548a

SHA1
26a9c3bd81efbb7ae8ae6cb155e397fadb233637

SHA256
712941604c370d9e5b7704f8771666946f42098303578a7f8082be896817761e

SHA512
22fbea6545aa22491576c330b439f61a4459c6cf90aa3ddedbf9de5dec670a915e43cd9d8d8222bb22703768ce5e4fc39d5679b326a71237482311fb108949e9

Download Submit
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
f8f678a2f8a54d1ad4c725ea9716ac0a

SHA1
c2111ebb82b6072226482a4f1184387182d9867f

SHA256
d9aa6154e6a1fceae63b0f048397a1b6677b5ba932899bd0d0077918cfb093cb

SHA512
388c7977511ebe36c9c08044e1910a4ad15bdaae7c4fa7c25baf1c2e4e3c8a5d7fe9939106116c8e8e1d6bfa668707d2ebfd30e9f1dacbd29a212a337e5c70ad

Download Submit
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
cdf77fafed5295b9cea077d2497153bd

SHA1
daa2e93d589a6b3b4e02ea1650214dbc9b8f5b2c

SHA256
03300b1cdb617fad45dcfbe077b4736e265b6aeedfbc97af58abbf5e0c897ab4

SHA512
7c93a3fac7e26b19ca46cc65da1de2d26d2aa902caff61f254ada7a37c8ef44354f9ac5221d5e3e71ceb1c52e0af97ba0867535d8d8ae83c5ef58a29297f43be

Download Submit
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
83c1685d575db6abb6b2061a243350e6

SHA1
29c47f986738f16131ad6d00c9e409f9d81cd662

SHA256
75e0d930f66146c371f47468256554d9bd9cb039989230a5f6d75ca4a21e0c94

SHA512
6f2ee36387d6f6bb18083b8b6ee19c7060e00a595d7fba128752a1c20bba0d581bc9a3e3dc6253d5a2dc269103913c917bc799afc9f9fcf38af50076163d7fc2

Download Submit
/data/data/com.mycarroll.app/files/MessageId

Filesize
1B

MD5
c4ca4238a0b923820dcc509a6f75849b

SHA1
356a192b7913b04c54574d18c28d46e6395428ab

SHA256
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

SHA512
4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

Download Submit
/data/data/com.mycarroll.app/files/PersistedInstallation232739366180411652tmp

Filesize
90B

MD5
b05b740bc9a140a82cbd5288e95ca175

SHA1
65be7ffa0c1591133d6cb5101d2bd271cbf58bd6

SHA256
58ce3d82e51244955040f44b677d678a0e7fbe781e535a54a0d8a8016cf004b7

SHA512
52ba2e28e87dd4ce00b8c778675380a924708fa0a6cce700adefaeb8dc333d826055a72dbd33ca06de85b6f4387951bcc7c18c32c82da7a1cd035f75b2fc1696

Download Submit
/data/data/com.mycarroll.app/files/PersistedInstallation9177415610128306035tmp

Filesize
570B

MD5
a9c41caeaeb7bab9d0ef6e11530a8261

SHA1
209c9c9301eeaa2d516447314830d9e1b6d0e9f8

SHA256
f5162495885a6538d37946fc17b247ec47e9b52218b93685ace4748933e25cd4

SHA512
631fa94271b74620d71704afdbde1a4b1598d8101d7a2c5a9714942be159723bd8edd00fa83f26c0577fc61b0379ba312df2d3f3d6d45e1b4e38a4464712391b

Download Submit
/data/data/com.mycarroll.app/files/port.txt

Filesize
1B

MD5
6f8f57715090da2632453988d9a1501b

SHA1
6b0d31c0d563223024da45691584643ac78c96e8

SHA256
62c66a7a5dd70c3146618063c344e531e6d4b59e379808443ce962b3abd63c5a

SHA512
f14aae6a0e050b74e4b7b9a5b2ef1a60ceccbbca39b132ae3e8bf88d3a946c6d8687f3266fd2b626419d8b67dcf1d8d7c0fe72d4919d9bd05efbd37070cfb41a

Download Submit
/data/data/com.mycarroll.app/files/user_code

Filesize
6B

MD5
b4445bfe5c6119c06d4f2190fac788af

SHA1
56632c990a77b0e93e10c49bd06e2fd471ca2b4f

SHA256
f4f92596204459d00683c2027e5b0d50c8cd2fb42646800b8a31bbf89d8a6b21

SHA512
18e39ef69b7883d7745f88a3b8206f07f7e9a302c96f146b76dfc9a150be36545b7c7ae86ce77af4a17b82c5c91823fb6bfcdbe6610ac4a5e2bff1b3e0a255d6

Download Submit