Analysis Overview
SHA256
a3a764e9c97606af14d4847f6816167345bbc2c0f7157e9e4dea1a3db7eee7f9
Threat Level: Known bad
The file base.apk was found to be: Known bad.
Malicious Activity Summary
Irata family
Irata payload
Requests dangerous framework permissions
Acquires the wake lock
Queries information about active data network
Queries the mobile country code (MCC)
Registers a broadcast receiver at runtime (usually for listening for system events)
Checks CPU information
Checks memory information
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-07-09 09:22
Signatures
Irata family
Irata payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an app to post notifications. | android.permission.POST_NOTIFICATIONS | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-09 09:22
Reported
2024-07-09 09:26
Platform
android-x86-arm-20240624-en
Max time kernel
166s
Max time network
130s
Command Line
Signatures
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.mycarroll.app
ping -c 2 -W 10 -v google.com
ping -c 2 -W 10 -v google.com
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | google.com | udp |
| US | 1.1.1.1:53 | 14.213.58.216.in-addr.arpa | udp |
| GB | 216.58.204.78:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.201.110:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | obscap.com | udp |
| US | 104.244.124.75:443 | obscap.com | tcp |
| US | 104.244.124.75:443 | obscap.com | tcp |
Files
/data/data/com.mycarroll.app/files/PersistedInstallation232739366180411652tmp
| MD5 | b05b740bc9a140a82cbd5288e95ca175 |
| SHA1 | 65be7ffa0c1591133d6cb5101d2bd271cbf58bd6 |
| SHA256 | 58ce3d82e51244955040f44b677d678a0e7fbe781e535a54a0d8a8016cf004b7 |
| SHA512 | 52ba2e28e87dd4ce00b8c778675380a924708fa0a6cce700adefaeb8dc333d826055a72dbd33ca06de85b6f4387951bcc7c18c32c82da7a1cd035f75b2fc1696 |
/data/data/com.mycarroll.app/files/port.txt
| MD5 | 6f8f57715090da2632453988d9a1501b |
| SHA1 | 6b0d31c0d563223024da45691584643ac78c96e8 |
| SHA256 | 62c66a7a5dd70c3146618063c344e531e6d4b59e379808443ce962b3abd63c5a |
| SHA512 | f14aae6a0e050b74e4b7b9a5b2ef1a60ceccbbca39b132ae3e8bf88d3a946c6d8687f3266fd2b626419d8b67dcf1d8d7c0fe72d4919d9bd05efbd37070cfb41a |
/data/data/com.mycarroll.app/cache/~test.test
| MD5 | 098f6bcd4621d373cade4e832627b4f6 |
| SHA1 | a94a8fe5ccb19ba61c4c0873d391e987982fbbd3 |
| SHA256 | 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08 |
| SHA512 | ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-journal
| MD5 | baa286b2b3f981f27c3a0dfcda0d34da |
| SHA1 | 48d976b93a862f6a62a65dd33d997547ea8e1716 |
| SHA256 | 285c9210646fc720bc142b74dbd8d72dabe5701778496b1563c87b732ccae452 |
| SHA512 | bc3973d3f9496261f43dece9d0e099f57f576eab00b8b3a7731051cb4f78f32ee8edb4f37ba0849552576153c659e9aec8d6fd8844161427832e0d5e362436e3 |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db
| MD5 | 7237409e0640cfab7bdbd429bf821a3b |
| SHA1 | 4c3da934842f8d4835dfe2a9c275a300e5123309 |
| SHA256 | 5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa |
| SHA512 | c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-wal
| MD5 | 83c1685d575db6abb6b2061a243350e6 |
| SHA1 | 29c47f986738f16131ad6d00c9e409f9d81cd662 |
| SHA256 | 75e0d930f66146c371f47468256554d9bd9cb039989230a5f6d75ca4a21e0c94 |
| SHA512 | 6f2ee36387d6f6bb18083b8b6ee19c7060e00a595d7fba128752a1c20bba0d581bc9a3e3dc6253d5a2dc269103913c917bc799afc9f9fcf38af50076163d7fc2 |
/data/data/com.mycarroll.app/files/PersistedInstallation9177415610128306035tmp
| MD5 | a9c41caeaeb7bab9d0ef6e11530a8261 |
| SHA1 | 209c9c9301eeaa2d516447314830d9e1b6d0e9f8 |
| SHA256 | f5162495885a6538d37946fc17b247ec47e9b52218b93685ace4748933e25cd4 |
| SHA512 | 631fa94271b74620d71704afdbde1a4b1598d8101d7a2c5a9714942be159723bd8edd00fa83f26c0577fc61b0379ba312df2d3f3d6d45e1b4e38a4464712391b |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-wal
| MD5 | 672f80a9c8209418904c5b97d73adcd6 |
| SHA1 | b757f849f2bb92fac2dd5bef13f9fbb63253f9da |
| SHA256 | 2e17fae962ca161124b67bdfb6ddeeef79134dd336b7d2f1d5b3b5e475d04d9b |
| SHA512 | 2df7ca724e48b1dfb4642b4c483715c63116ad2d78a5e5d6140c4f5fe581638cb80a7fdf07431d4ca30459dba7a7187407b08f75ed122108523078a63f9e12c7 |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db
| MD5 | ce04be39e4f6c13bba89914bb2a79369 |
| SHA1 | 1a2fd7c441ef1f20d6f93515fd97641d36f8c514 |
| SHA256 | caf3f0eea59a245ba9e9c76ad5eab2e825548221fbbb5fba852c154b8021a90d |
| SHA512 | 08ec2d6e75f02cb8f588f3468cf0f992a28f31038ece445cf2222e69a17fe2d9011adef5951d779b11c6625d7a0efcd435e70e135b7e6ea28f19a41afbe4b22b |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-wal
| MD5 | 856a64014122fe56fcc517d50d1ac899 |
| SHA1 | 55a50e2eaa5b968eefb16101d4618d5bb1029bb9 |
| SHA256 | 034d0b28a9604a9b8641667b7194b355f58a4026753bc7872cd9736f729b659a |
| SHA512 | 4191edbb4399bc5da2590fb25c289b190cea3cb82db297d2b6bc850d08a6719fac619a11ad46714c83101ec5367c59a3e7b3f75cd5fdc45cac7d981c0059fe98 |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db
| MD5 | ac334820c2a4d7fb5e06f586e9cf2f2a |
| SHA1 | 4d5cb2e3c1c6ac05a6f63e50e02a1a409b21b933 |
| SHA256 | 2c66f838132da4e104bc7a597aae3260e5956e6e1ed8ff9fc1ee30813e7273e7 |
| SHA512 | ad567f84d827e10bf26bddb821a8bfa8b471d07ce2d2014447d8908952cc7dc50a6758addbdd954fc9476c6507bc266d04a6b53d8c319fbca914e324251ad3c7 |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-wal
| MD5 | 0e7692538a4b4d39b8ff262a4d67548a |
| SHA1 | 26a9c3bd81efbb7ae8ae6cb155e397fadb233637 |
| SHA256 | 712941604c370d9e5b7704f8771666946f42098303578a7f8082be896817761e |
| SHA512 | 22fbea6545aa22491576c330b439f61a4459c6cf90aa3ddedbf9de5dec670a915e43cd9d8d8222bb22703768ce5e4fc39d5679b326a71237482311fb108949e9 |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db
| MD5 | 83ad44bfb5ba149b1195dc3f991acd1a |
| SHA1 | f1562b0f129602dbba529e1d5f98621b880b38dd |
| SHA256 | 5c56eb55768c5c8f8692c82dc92aca2045e84c4026fd4de71e844a158ab9e7b2 |
| SHA512 | c13865875da872d8e0bf93d3f2a6433b899407c47907fd9e5a1e01497912a9f8d35d2afe3d5a46e2542e790d53a066f17cdccbb17cdff72cbac43278477f1a91 |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-wal
| MD5 | f8f678a2f8a54d1ad4c725ea9716ac0a |
| SHA1 | c2111ebb82b6072226482a4f1184387182d9867f |
| SHA256 | d9aa6154e6a1fceae63b0f048397a1b6677b5ba932899bd0d0077918cfb093cb |
| SHA512 | 388c7977511ebe36c9c08044e1910a4ad15bdaae7c4fa7c25baf1c2e4e3c8a5d7fe9939106116c8e8e1d6bfa668707d2ebfd30e9f1dacbd29a212a337e5c70ad |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db
| MD5 | f13aae3f50793004023829a758bd4c92 |
| SHA1 | 7d39a978c12428338fef624a70027ab0da25c505 |
| SHA256 | 26527c9080b76a21e7c23a64a5117c95f95a415cc542495529b680d24ace96e0 |
| SHA512 | 724aa45e114f815fc6686d444df73ca177ee84e91b5db4968d7846ab263265e3097ef7ee7f3eb0dea5cc20ccd1153a43d3706fa1c7a4afc9597578ff1ce2f7f0 |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-wal
| MD5 | cdf77fafed5295b9cea077d2497153bd |
| SHA1 | daa2e93d589a6b3b4e02ea1650214dbc9b8f5b2c |
| SHA256 | 03300b1cdb617fad45dcfbe077b4736e265b6aeedfbc97af58abbf5e0c897ab4 |
| SHA512 | 7c93a3fac7e26b19ca46cc65da1de2d26d2aa902caff61f254ada7a37c8ef44354f9ac5221d5e3e71ceb1c52e0af97ba0867535d8d8ae83c5ef58a29297f43be |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db
| MD5 | 6e51f0580a08c55cb6598dee996c9be5 |
| SHA1 | 225ee2d2dc97eb5e816e7c219c2212f7ac57a835 |
| SHA256 | 6de59d2460af67b546c95f2ac9d7f38945f3bbfc46645c7f291ecb1dcfe05ace |
| SHA512 | baacdfdef9d5d6abab374878f63d6749862f7f2bee7d27ec859ba2655d21fda76721bed71d1bde0799c332b0ebb6ce317d18c08706e36b04b0c0768fabe89f90 |
/data/data/com.mycarroll.app/files/MessageId
| MD5 | c4ca4238a0b923820dcc509a6f75849b |
| SHA1 | 356a192b7913b04c54574d18c28d46e6395428ab |
| SHA256 | 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b |
| SHA512 | 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a |
/data/data/com.mycarroll.app/files/user_code
| MD5 | b4445bfe5c6119c06d4f2190fac788af |
| SHA1 | 56632c990a77b0e93e10c49bd06e2fd471ca2b4f |
| SHA256 | f4f92596204459d00683c2027e5b0d50c8cd2fb42646800b8a31bbf89d8a6b21 |
| SHA512 | 18e39ef69b7883d7745f88a3b8206f07f7e9a302c96f146b76dfc9a150be36545b7c7ae86ce77af4a17b82c5c91823fb6bfcdbe6610ac4a5e2bff1b3e0a255d6 |
/data/data/com.mycarroll.app/cache/1
| MD5 | a67719fc9ddcaedb369fcaa37e6747b3 |
| SHA1 | ba404d09c4446131c592299b20327c2ee03530d8 |
| SHA256 | 88b02f3504259aece2b09faf52258565ba6bbd804b454f3349754db22e834aeb |
| SHA512 | 9224ab66cfb87bcf6fb86c0faee388a882c6e96cf78162b9f2fb028e57dfafec0fcf450df42bf48f4c394022da9d4a23bc2f7af3405b80d112aad4a79390bceb |
Analysis: behavioral2
Detonation Overview
Submitted
2024-07-09 09:22
Reported
2024-07-09 09:26
Platform
android-x64-20240624-en
Max time kernel
3s
Max time network
185s
Command Line
Signatures
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Processes
com.mycarroll.app
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.200.8:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.179.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | google.com | udp |
| US | 1.1.1.1:53 | 110.201.58.216.in-addr.arpa | udp |
| US | 1.1.1.1:53 | obscap.com | udp |
| US | 104.244.124.75:443 | obscap.com | tcp |
| US | 104.244.124.75:443 | obscap.com | tcp |
| US | 104.244.124.75:443 | obscap.com | tcp |
| GB | 216.58.201.100:443 | tcp | |
| GB | 216.58.201.100:443 | tcp | |
| US | 104.244.124.75:443 | obscap.com | tcp |
| GB | 172.217.16.238:443 | tcp | |
| GB | 216.58.201.98:443 | tcp |
Files
/data/data/com.mycarroll.app/files/PersistedInstallation301012949031762985tmp
| MD5 | c3112fbdb5c6d82c861787f637009e85 |
| SHA1 | fbed6979d39ea43f4c124349052d2306e8eeeb01 |
| SHA256 | a3e3d8dfaac5ec5174e19da4252e4656fa0c6e7d3ba21c454a50d225b022f846 |
| SHA512 | 64f4de05b6691ef647b9f812393f8ca9d66b435ac65ec95c81e915a2520726e2bcf695a16ac03923bc65073e43e8b665351088c2033c0dafc019de853e0a2209 |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-journal
| MD5 | c00301e7e6602a9b7f71a64aebcbaec6 |
| SHA1 | e5f752f87c1b5be610efa05c053bf49dec173067 |
| SHA256 | f849a1f1f02c778ebf1adb9b11c98a821c2d816dc5fc2f11b2b2d68c62c433bd |
| SHA512 | 96d2f8cf5426efeac46a634e09b171b37d76c39c80076021f20b9a0135bc2c976d0819987a3be0c66eb2ba53c38a95e45f6fed49553caffd6dc9e8b707ef5502 |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db
| MD5 | eb52a90bb70b76e946b62f50b6f7fb85 |
| SHA1 | 42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0 |
| SHA256 | 48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4 |
| SHA512 | b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-journal
| MD5 | 4ee893d1b7a5a349c467509f719553e8 |
| SHA1 | 82e25cb227c3b82dbb67c2d3986ca216c7c0263e |
| SHA256 | b600cfc53ff6061c4923d95dd97ed4ae752cb5da900a0e9b4adfd953cfd6baec |
| SHA512 | d7707873ee8faca2264a4ea57d271d2dddcb0f17de6d3da05bfa6884a7035d2ee3b777993d36a6c342b7475009bc04c109bb2ebcb8acfa4aad135d4dfe8414f2 |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-journal
| MD5 | eaa3ec61a8544448065c381db83de359 |
| SHA1 | a064a1add722418173d5bc26994fe9b09236e700 |
| SHA256 | cc2283a33bf23ee8005023b0525d5e7cbdc92a1f6c2484caf89171eb1fdd4a50 |
| SHA512 | abb26dd031578a6e3188e48a94dbe5f8d72fbcbb23f21f72623e3e57b1173408be71882907a2fb7e805a69f48f8150380635cd428acffb05d65728c2b3e7ee5d |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-journal
| MD5 | db25f4b66de022ff4991d8d30832fb03 |
| SHA1 | eb75bf9a5bd4b6e1eb792e8e2796dc5ee4f1f99f |
| SHA256 | a69b6374f9e308b0c289a729cc7a441a7c49fc36a884ed7546832e6cfe6f0c16 |
| SHA512 | 7a9144d3759b18478c4db23239cb30b692daee48d5767c146eb4d9c18cb36cb9f4b427f64dc6d9ac52e4eb7cd4aa0450a1b7d0e283787ff5f4afc96b937e0efb |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-journal
| MD5 | cae057ae3a12d4490309bbbc72de506e |
| SHA1 | 299cd1541d8960894b1c8fd17fdc0e797e0a9353 |
| SHA256 | cb5843f7e240f2c3ec4c8a233e4526361e9d7ed6738e57c5d7da77d2af66c360 |
| SHA512 | e66982f8598a8a7ff38a419fe6eecc8c2164f4bfae6a5cebfde6f0155a2fc07826c4ae5c167771310b3a01db1804715fcc71e246c6e7ab1d9dbcc1bd2dde9c05 |
/data/data/com.mycarroll.app/files/port.txt
| MD5 | 6f8f57715090da2632453988d9a1501b |
| SHA1 | 6b0d31c0d563223024da45691584643ac78c96e8 |
| SHA256 | 62c66a7a5dd70c3146618063c344e531e6d4b59e379808443ce962b3abd63c5a |
| SHA512 | f14aae6a0e050b74e4b7b9a5b2ef1a60ceccbbca39b132ae3e8bf88d3a946c6d8687f3266fd2b626419d8b67dcf1d8d7c0fe72d4919d9bd05efbd37070cfb41a |
/data/data/com.mycarroll.app/cache/~test.test
| MD5 | 098f6bcd4621d373cade4e832627b4f6 |
| SHA1 | a94a8fe5ccb19ba61c4c0873d391e987982fbbd3 |
| SHA256 | 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08 |
| SHA512 | ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff |
/data/data/com.mycarroll.app/files/PersistedInstallation4802585745547801207tmp
| MD5 | 7a91f59f3d07ca2184c2d017f9c93daa |
| SHA1 | efb486475dfadcd711cdac2f1d3970ae18f6a5c4 |
| SHA256 | a7b345201e3e364918c503cffef9caa0fcf119c8b0dc8e00b8f28b9df7c333d0 |
| SHA512 | 3b07da4e90348a5506d47a9dc07e000ec08598158318407351c0b69f829efa5fb11f96ee5414dfa2f6b63c5d7dd17b96adbbcf5723a6b72a7e474a231c5d7845 |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-journal
| MD5 | 0839f8c581dfdf65880caba5a7616ab0 |
| SHA1 | ebdf29731a0dbc2e6a7635c5e0b48809c8a2604a |
| SHA256 | 11581246bba4375205b47342c742ef280de6fa5626eb189841dd217db7b95a2c |
| SHA512 | 18abe78b7e71eb5ac358e7b2e88ec558cdd1d25540148a6e392fd5668551b444b61d913e47cb0025346786948eac81743eff2b40e3c052650c7664dc2588ab78 |
/data/data/com.mycarroll.app/databases/google_app_measurement_local.db
| MD5 | e653b1da206841d8a61a050e2cbe71a0 |
| SHA1 | 5e343f13f2c47cb3174243388bcc9f216574e2f0 |
| SHA256 | df8bfddd04a7c17b5b5f82b5240ab00a7b9348b4c016ea9926a6e849cec1a7ca |
| SHA512 | 9e8d2f513778eaf5d47c0ecc2206d218c143e3ba7bd6d09b2cd0d15515be329da1f78b6e4b041525bd7031c42869bf6e25e465d24695c95302d8187b6b6cda88 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-07-09 09:22
Reported
2024-07-09 09:26
Platform
android-x64-arm64-20240624-en
Max time kernel
123s
Max time network
132s
Command Line
Signatures
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Processes
com.mycarroll.app
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.187.238:443 | tcp | |
| GB | 142.250.187.238:443 | tcp | |
| GB | 142.250.187.238:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.187.200:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.200.36:443 | tcp | |
| GB | 142.250.200.36:443 | tcp |
Files
/data/user/0/com.mycarroll.app/files/PersistedInstallation4779244433340771543tmp
| MD5 | 8a44c9616bc3c6d52df7b2efc0bc328b |
| SHA1 | dbe304ab2c0a007272ac01b2b649e9c1992ea47c |
| SHA256 | cadb4fd814f1c74eaa5a49273d125a6e37d099f1ed45bbece18193b6845b8450 |
| SHA512 | 949c5907e38c10cc298382f49e2c056ad42e6a6eb6808fd542ed16981bf26aec2da172c498f157b1c067f4b14665b5a7f95c68e62fe7018c2bae2d602644c48f |
/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db-journal
| MD5 | b08daedd1ae074f42edb6aeec1949d39 |
| SHA1 | 9eee155c318311dd8ff8d75e7be076fd5185d8bb |
| SHA256 | d9a0b23779cb054e85f1164346c883b678f063c83cf63be6210bec5721fff7f6 |
| SHA512 | b805858d2f383a5a62e4b2cae1f049f4d804d3f588e0b496dc629989bd900e017c9588f5bf00a1ed35b6718d9256acb8a382ad557726b2849a13d439cae52183 |
/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db
| MD5 | d9cf75fdd1c2292d986f6c3d5d60f2c8 |
| SHA1 | 07ecb1d3a26d952ae5fecf54f36699ab498510b1 |
| SHA256 | 2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a |
| SHA512 | 442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb |
/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db-journal
| MD5 | be3d2d6cbbb09ca5d69423daf439134f |
| SHA1 | 88fdaed32ebd44b1a0cdfc52175c28bba44b17d6 |
| SHA256 | e99b5bee1ce51d843c4700958f9ca760f829531fad677862decba7b1510db55f |
| SHA512 | fd56e94ad23a774e2e22d866ea347d3a312c1def40a755c2f6ba6323977ad425bdc7e147daa4d1f73418c2393151ab6ab4d33e7cfeb83c03280a9033e592661f |
/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db-journal
| MD5 | 13b7a8ec65ae49bc4981a34007aeff25 |
| SHA1 | ec115adbe3ecf4dd4c27f6cd9ac0ee22d9bccc8b |
| SHA256 | e9071e52bf33796e63335eedaf4b885f6d332eec78a2723d868b4a9a668878b9 |
| SHA512 | 87072947a392e797b46c6471d0c381735dc961217fc3fc3d92333c6096996f2453e190a9e71ba9226f2915f8338fa9ce4f01d412693199003f23f46ab127a653 |
/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db-journal
| MD5 | 6235c3e3e174c956d9b4549f51a7cdef |
| SHA1 | 77245c90dcd9ebd57eac2f164565c3cdc899dd8e |
| SHA256 | cdb1da4da98c0a6ebcd89e9819bed953e47f86649ba88d57b707888592d97190 |
| SHA512 | 2833d0ffd70051de599adb53e16ccb8567b6662cd824efab6608668806dea48107d815fddcd5b6cd80b0ca0b17b5a3bf686f1b351565add0f43500ebb9fc81cc |
/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db-journal
| MD5 | a1bcc4f242479d4c7c166a29f2216203 |
| SHA1 | 1debcda38126f95f5b1d4f67127f70a31e8608a3 |
| SHA256 | 83a7e87307541928386924f23cdc852f72ed8bc1d00073a21e301b0cacae278b |
| SHA512 | 396c5345af7a2b74d8cc4fc29fd5ad30978671b84493db9c255e784ba5a35dda015069929a6d58d12811930bc8fc0b29aa2a3b703196aa7421aeb39d102cce31 |
/data/user/0/com.mycarroll.app/files/PersistedInstallation5060631681483169087tmp
| MD5 | 1ac95af3a5754400e4c05dfaa49701b6 |
| SHA1 | 19921d03f1ed61691a9224030b2bae18926ea300 |
| SHA256 | ada785450d6526e3815986345870bb60286227851dbf54bb252e5adc4b7ad48e |
| SHA512 | ce8f3c78caa959d1749ad98ff8e1a9825bec3b5b5de6be4ae85003efde08a9c824a937d5b1c36222fafb5187cd2e8c6e947ab79b299453cfa5622a4d03833fbf |
/data/user/0/com.mycarroll.app/files/port.txt
| MD5 | 6f8f57715090da2632453988d9a1501b |
| SHA1 | 6b0d31c0d563223024da45691584643ac78c96e8 |
| SHA256 | 62c66a7a5dd70c3146618063c344e531e6d4b59e379808443ce962b3abd63c5a |
| SHA512 | f14aae6a0e050b74e4b7b9a5b2ef1a60ceccbbca39b132ae3e8bf88d3a946c6d8687f3266fd2b626419d8b67dcf1d8d7c0fe72d4919d9bd05efbd37070cfb41a |
/data/user/0/com.mycarroll.app/cache/~test.test
| MD5 | 098f6bcd4621d373cade4e832627b4f6 |
| SHA1 | a94a8fe5ccb19ba61c4c0873d391e987982fbbd3 |
| SHA256 | 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08 |
| SHA512 | ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff |
/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db-journal
| MD5 | a57eb40d6ff81aaadd8bcd5b0be58599 |
| SHA1 | 272cd8b001bae3d780add216bc144e77ff3e50f3 |
| SHA256 | bfb7c0a80a1608222e4001db5c8b68af35bd854de2e490d01f79e6240fd4850e |
| SHA512 | a9e59367970c55e50e1d18852fe0ea33178eb41bb4498f00d0f417ffaa67567a0a6d9d9f9880ef5e93b272b1a6d68ce3d51f4a99d998fe30cbd284b9e3f81268 |
/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db
| MD5 | e73b7190488b18e96154c5ce40e4a6ae |
| SHA1 | e6516f146cf3552bdd521ccca956d6d0d7a4ddb8 |
| SHA256 | 906efad5ae6944c6c0d8452d0562bc2235fbfcded098e4d5ec60569d22c0d2b8 |
| SHA512 | b9aea0ef231c7ddd52759936d2420f2fbd0e3e723ad3f5368080da82b53ab6e29e6c19839bf315d924c4c2d33e92fcb7442d9ddc5a3581121fc8464117b0c03d |
/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db
| MD5 | 9e93ee6ac871f7a2a78469342ee11818 |
| SHA1 | e97af15708a36f2ccc46eea7ec9f7eeee04646d9 |
| SHA256 | 5338254a330997f066a4f6d82cb2dd3b40096e8c0bcf1e3892897f4535c10c7d |
| SHA512 | db009a5db94beab98406344b6f66f6bef296511385eeb2e070e7fc800001dfd75a31065bd480e0ce8f8dea6385bd3d96d6a2ab4916edb15df2ef07b05cb54a12 |
/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db
| MD5 | d66c36cc59bfb6cd9f9c967f6fdd01db |
| SHA1 | efa01cdc7e93cf6a6245df4b29787fe58e9a8826 |
| SHA256 | fa85ad28356658119d96d33c40ab5d24ca02f8538884cd3766887fcec18abed9 |
| SHA512 | 1049d60cd93fdf85289c573e6a66c039f816b010bd00315877d5cae48f0aa04c3f918cf744721386bb355e0acafc176e37804f57a96306e29f34d4dadf9d9b0f |