Analysis
-
max time kernel
132s -
max time network
179s -
platform
android_x86 -
resource
android-x86-arm-20240624-en -
resource tags
-
submitted
05-07-2024 01:52
General
-
Target
d75f907f12aa1c8b3b48c58ae65a23d9c7f7de2e06badb122c625d2916a3a0b5.apk
-
Size
574KB
-
MD5
82267a649aa0a1dbaea09a422f292fdf
-
SHA1
f24dd169c52754e21d261e173327313ad66518ca
-
SHA256
d75f907f12aa1c8b3b48c58ae65a23d9c7f7de2e06badb122c625d2916a3a0b5
-
SHA512
0ec7a1a74d98274c984506119fb3c8faefb6c530995f3b667b0658b30dda9ced5b9200a3b2df9addffdefe1605e6ea58042389af99b2f30def7c5417b96bf93a
-
SSDEEP
12288:aNSDw+uaAoPekatn0k661r5lMZRgJtxgKH3obMITiyLU4:XDu+ex0k661tlYctxJgg4
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
-
Removes its main activity from the application launcher 1 TTPs 1 IoCs
-
Queries information about active data network 1 TTPs 1 IoCs
-
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
-
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
-
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
-
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
-
com.cover.the.dumb.roll1⤵
- Removes its main activity from the application launcher
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
-
com.cover.the.dumb.roll:Metrica1⤵
- Checks if the Android device is rooted.
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.cover.the.dumb.roll/files/mFilesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
/data/data/com.cover.the.dumb.roll/files/mFilesize
8KB
MD5c2c47592357037ebee2620e24eba829c
SHA110cf558444de7510a0a166d11496dd8c8238f2f2
SHA256524c9a70855677d5585944132728ea275844a9ab99a0698d19fc4924cf236e3f
SHA5122ba0e943b5f39479d26e8bde0ed1305d7f9f928c08a3d63ed116f534e7fafe1f431ab69aba43af9bb9a2f9051f31ffa7543b1bfa58304746f76470b80818ef3a
-
/data/data/com.cover.the.dumb.roll/no_backup/credentials.datFilesize
226B
MD5f7c648de5712e68eaad9fe3dfda3279e
SHA1e77993531378568137856c2600ac130b1fe6e2ba
SHA2561b885919cf0c761b7b0809266db2766386c0dcaaa4429f4f21a778f8a8f79b9b
SHA51249b5911fdac1a69de1e77d33a7cbc8322b8b3da53ae8f45e6cbdeb12187ed4c2bb6fac48887bc14dc7aa176731b52a7867cc81182a905a7ad42440ea74338719
-
/data/data/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll-journalFilesize
8KB
MD58e39576b2d6cd4d249e483a09f73a215
SHA127847b0b3785c65c52ac55b83f8ff6c42b80670e
SHA256782061faebeb001b99be77224a2e9376105b30c807fbdbeb665480a08284c19d
SHA512abdc49ad9f05d75f2ca21f2de22ebe17f69868a380489b4ebef2dd9f263a73d91892d848c066fb6c97ce2de051f3c112c0043d292a274f71a6b60146d41c7b3e
-
/data/data/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll-shmFilesize
32KB
MD530367b7e3e9a8634cffb5c5afeeafff9
SHA1a2f2634397b55543386b19adf38bf1c07c69685d
SHA25630a5aeb02c5dafd0d468215eb757457653abffc63be4ebf39c41056ba8d6a96d
SHA5121c3e42e142643ea8a3fa97f9aba7b79e70cf8697214e8836b439972181a265f450660796fe30989f632323eb1d7fb666dce93b060cf58285bf25c96809203903
-
/data/data/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll-walFilesize
374KB
MD5d9428bf8adc7e295ef9a6bf5fb2d7019
SHA180576c1c4d662812b304324c9ac0561fcb488152
SHA2562e21d37b3f93fa1272351682ed22567972128706b68e1a536e59f5258ecc49da
SHA5123786017db881dae3fa36f2a68b1122e311943f98763e5f1201080512f9343570a963a5df3355ce6d67fb3cd1a605e0b5685aa2b44d46ed544d401d3e26f49ccc
-
/data/data/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180Filesize
20KB
MD53360c7bf0e6c43c25502694ae3eeccfc
SHA1a89ee5272f6882277d29525b2314e97e14b77a51
SHA25660a20c5a042ace21ba3ded555e9a6b19f4476aefbe4ef26ff75ef68b7c3cdc70
SHA51227c11733014b292bc98327215f4621c358ff5d63b487114df15356065e103c67ec469cf1444bfb0aa676a43c80c6cac330ecdb546bb8fc26c2c85c4534fa862e
-
/data/data/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180-journalFilesize
512B
MD5843d1ab607fa3f8e61068972b5372168
SHA13d77c78f240a704ccfd1823896e4cb46b8a753d0
SHA256886fef23c26b32a1357bd3084ed3b0a2c0ae68f6ba240e16838119f3e645bece
SHA5124d838954186a4108cb8acfab42319ca7980d6a65240c15f1f4aef8096762f2c8db960b139fb3897032a3f4ab765a9ac6896ee2af550e703cd079176185bb0b90
-
/data/data/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180-shmFilesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
/data/data/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180-walFilesize
177KB
MD56fae88102620b5fb07385869fe2570b1
SHA19c124dab29ca9383f24ef1c19e31103b556084fd
SHA2569cba525fae98c656619e8cc6ab26a0dda5f3ac4f2544d37970959cb3f5ebbbe8
SHA512069299a87353c0ddbfc32750d8608c9a4ea9973f7957f9dd908eeb2661b64036a04487e4b18737d8fcc8631559d0e588f5e0ec10c3903535ad8d9971183dd880
-
/data/data/com.cover.the.dumb.roll/no_backup/metrica_client_data.dbFilesize
20KB
MD5f8245320fcb01da479b4c7c430a51e23
SHA1084cbec91a5498754cf87d3adf4dcee59e8d3e4f
SHA25665978cddc1520a1a27d60321cc4552647f59ef665f539022ed8b5270197e5e9a
SHA51235717af08a2bec68f90f9cc53a3e21ecc9f27a3f51ad06b913940472573fab5f14c67431613ca29d62d2418e80de6e8d223c706541d75bb7c6f6395c7e78c77f
-
/data/data/com.cover.the.dumb.roll/no_backup/metrica_client_data.dbFilesize
20KB
MD5ac26a375d5d673c2a7b39bbe42efacaa
SHA1a7384db83f153cce2cdd67a97a20df068f6ecd67
SHA256001ea8b38280af72e70a8168524cfb2b07a711040948397d36fcace03b593716
SHA51245e1842b55ebab067e53fb3c6ab880c0a652a951f26c1cae5363f429207db5f1aa56c821e89973612b73f9c0d186561221b6129db22e447ccd421b40342dd6bf
-
/data/data/com.cover.the.dumb.roll/no_backup/metrica_client_data.dbFilesize
20KB
MD509f6f05aa973f061a112822000aa27ac
SHA143e49ecc4b3309f0466658c569f4f6aad0bf2753
SHA256707023226368eed1d661c53f62b79cb5d346f56327bd4ecc3a2fabe8120c2b05
SHA512b2c35fc5a16d31f2453122be1a251d1795c4a1fddbac2e8ec84952240ceb2f294fe346c0db15ee055dae919736e7ac6d43fdc5dfab1ba3b4f267f671ed9a53c8
-
/data/data/com.cover.the.dumb.roll/no_backup/metrica_client_data.dbFilesize
301KB
MD56ee7fe1180bbc52b3a127c1e1e2f7bd7
SHA11fa740a57d5962e712f29b782f64928c7b9bada0
SHA256b3af205b3495b6d450551a3198615272ba229c736b0afb5c73d953c8ad313d27
SHA51279add18414c2790e1eb68be569fcf174b7f0a1698cfe6cff36e1b8376da12bf9be80cf88a576f7a593c03c21a0006acd8b56d127f224783f70b7028ab2b52e34
-
/data/data/com.cover.the.dumb.roll/no_backup/metrica_client_data.db-journalFilesize
512B
MD5046193d1abb515ebe25b83afe7d00ab8
SHA11bee5f49bba9f1ecc1c659c7ff4d92b7650a9c57
SHA256ec365a27afeaf03bcec09d3600ec6224bd41359a7a0085e5db96756227112690
SHA5127b7c68a80b6437f9fa172821e5fe2efaa571703f02377d3148661cdf1ca8359836ec33a96504bdd07a22f9df0e2c43fb6748a31a8978f3f50afac6149752d64f
-
/data/data/com.cover.the.dumb.roll/no_backup/metrica_client_data.db-shmFilesize
32KB
MD51c4274aa7a9a5cac8c6d1df71e4588c6
SHA1abaecd685e01cc68801292e3dc7085654a22feba
SHA2563f6cd5f480ae69859b7841450f3d032c528ba385ebf9f371b9c8fdc6eb4231be
SHA5121adb95935798607bd36cedcd183924d3068f50097d017b278da7caee7771532b61ec3606f6189b6dec8426eb038fe40be75079ce35894b1a8e0d1d815261150c
-
/data/data/com.cover.the.dumb.roll/no_backup/metrica_client_data.db-walFilesize
8KB
MD5f9d5f4f3db44b5afa1edfebfc7d3b4c0
SHA1c839398fa088dadcee1394758d35520760e9982a
SHA256351a1e15a670e29ae2275934d407ff5ec3b882d8f4799dffcddfe7deccc0367b
SHA5128ddf5a6e8a77d20a772b6aeef5ebacc385e261216239e2155e9b1b6f657f6bb10efcbc053d305b964721462f7dab33a5394397e5b7feb568af6930b2e789e647
-
/data/data/com.cover.the.dumb.roll/no_backup/metrica_client_data.db-walFilesize
32KB
MD54333e16b62aaf966b4aa8f1c3e02fcde
SHA1b5dfffc4111780c2d52ba45826c757d00c8d9f83
SHA25644b278baf62a53292bed6d4ae7ef112a8fe35fe149502f58f88d946714bfedc0
SHA5123189af9b404b13df2b9de79be964f89035148dbe66e6737417952ee214c307de7808456da9d3d5d4ef2c43e2f62fa4382606947fe759400f027d67dbe3b5bc7c
-
/data/data/com.cover.the.dumb.roll/no_backup/metrica_client_data.db-walFilesize
8KB
MD5610cec2be58972b9e305644c8a3fdacd
SHA18602f9f452645bc6c8dd1d80f6472ea336c6c53a
SHA25672917aa9b9806157fae1f754fcbd12091de3c4cc163625bebd8bf16574d10328
SHA512056e5189769e92a12a3227f9cee9671e7e1bd82ccd1330f27c11b1ea41e17180f8a2fdc6c38b86cb94180f1c8ff712c4c5b8fbb70248c1c4456b8049b52eb2b4
-
/data/data/com.cover.the.dumb.roll/no_backup/metrica_client_data.db-walFilesize
32KB
MD541c6c1f40cabf68f0e8948ce555b7e3c
SHA1d6b137ee17cab83a8c2cc6e11285250191152441
SHA25640120c223c1c12d21dbfdbff57c5738f7f74f1a34711ef17ddfd2b74eeacd3d1
SHA5125971d47d728c4063db5c7ea2f66959da7efa41fcea958ded9f5944a570b6ba1f1477c3492f6dc57e40f5199766d7bd4bcc17656efb820fcec0a3ab3a8b3ccef2