d75f907f12aa1c8b3b48c58ae65a23d9c7f7de2e06badb122c625d2916a3a0b5

Analysis

max time kernel
175s
max time network
141s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
05-07-2024 01:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d75f907f12aa1c8b3b48c58ae65a23d9c7f7de2e06badb122c625d2916a3a0b5.apk
Size

574KB
MD5

82267a649aa0a1dbaea09a422f292fdf
SHA1

f24dd169c52754e21d261e173327313ad66518ca
SHA256

d75f907f12aa1c8b3b48c58ae65a23d9c7f7de2e06badb122c625d2916a3a0b5
SHA512

0ec7a1a74d98274c984506119fb3c8faefb6c530995f3b667b0658b30dda9ced5b9200a3b2df9addffdefe1605e6ea58042389af99b2f30def7c5417b96bf93a
SSDEEP

12288:aNSDw+uaAoPekatn0k661r5lMZRgJtxgKH3obMITiyLU4:XDu+ex0k661tlYctxJgg4

Score

8^/10

collection credential_access discovery evasion execution impact persistence stealth trojan

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 3 IoCs
evasion

T1426

Processes:

com.cover.the.dumb.roll:Metrica

ioc process

/system/app/Superuser.apk com.cover.the.dumb.roll:Metrica
/sbin/su com.cover.the.dumb.roll:Metrica
/system/bin/su com.cover.the.dumb.roll:Metrica
Removes its main activity from the application launcher 1 TTPs 1 IoCs
stealth trojan evasion

T1628.001

Processes:

com.cover.the.dumb.roll

pid process

4475 com.cover.the.dumb.roll
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

T1414

T1641.001

Processes:

com.cover.the.dumb.roll

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.cover.the.dumb.roll
Queries information about active data network 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.cover.the.dumb.roll

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.cover.the.dumb.roll
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
execution persistence

T1603

Processes:

com.cover.the.dumb.roll:Metrica

description ioc process

Framework service call android.app.job.IJobScheduler.schedule com.cover.the.dumb.roll:Metrica
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

com.cover.the.dumb.roll:Metrica

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.cover.the.dumb.roll:Metrica
Checks CPU information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

com.cover.the.dumb.roll

description ioc process

File opened for read /proc/cpuinfo com.cover.the.dumb.roll
Checks memory information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

com.cover.the.dumb.roll

description ioc process

File opened for read /proc/meminfo com.cover.the.dumb.roll

ioc	process
/system/app/Superuser.apk	com.cover.the.dumb.roll:Metrica
/sbin/su	com.cover.the.dumb.roll:Metrica
/system/bin/su	com.cover.the.dumb.roll:Metrica

pid	process
4475	com.cover.the.dumb.roll

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.cover.the.dumb.roll

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.cover.the.dumb.roll

description	ioc	process
Framework service call	android.app.job.IJobScheduler.schedule	com.cover.the.dumb.roll:Metrica

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.cover.the.dumb.roll:Metrica

description	ioc	process
File opened for read	/proc/cpuinfo	com.cover.the.dumb.roll

description	ioc	process
File opened for read	/proc/meminfo	com.cover.the.dumb.roll

com.cover.the.dumb.roll
1⤵
- Removes its main activity from the application launcher
- Obtains sensitive information copied to the device clipboard
- Queries information about active data network
- Checks CPU information
- Checks memory information
PID:4475

com.cover.the.dumb.roll:Metrica
1⤵
- Checks if the Android device is rooted.
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4520

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.cover.the.dumb.roll/files/m
Filesize
12KB

MD5
53c1fb5808b4241eebc5b77f7020241e

SHA1
bf61bf71f040c7ab7d28a8477b2b90bde1474f49

SHA256
e82b60117239f6310dd9898fecfcdd9ba21b9a87334394b62e20e0b1ec7349fb

SHA512
3e88a8a008412e379487ce04eb1d590d9246aa7c24617350611ec86139ff49fc64169ebdc0f5acfcf7a27474dbbbb82c6600ed8c21791a8de87e5c02ce9a20cc

Download Submit
/data/user/0/com.cover.the.dumb.roll/files/m
Filesize
12KB

MD5
e0023e28402d8a9a9e023e18377fe550

SHA1
27b727e97191156413deaa0afba5aaa793fde135

SHA256
3babc583ca4dd395e4ef76ae8a427fa9cf9ade5bb8b8457c3e37ca92ad621971

SHA512
602ac60b1d1dc7baf9b2b284f0d422eed2e2d791faa327fe1af0f5a58a9a38f6ec999fe2652daea2311a2d2ec209cadf3b522f9906cd2b5e05350f9f4521a3f4

Download Submit
/data/user/0/com.cover.the.dumb.roll/no_backup/credentials.dat
Filesize
226B

MD5
d40f882769ba82fed72f28e745a1df0b

SHA1
99e33ecff4e34774e8cc662707451117a98d8d65

SHA256
b513776adcdd5e81135aa931932744b2d61841010e51d9271d389b681545fbda

SHA512
a386eede661e9b4ab34835e2220c131477c66cff2b3c3de265c744bcdace84fceed28a571e1f4cc05c868774029d5f291c357d75420f4669fac33abb4c01f950

Download Submit
/data/user/0/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll
Filesize
36KB

MD5
360dadfbff406efcbed833f8faf4cdc8

SHA1
7d8d60eb35775c85c9091c8413dba2df86b1516e

SHA256
82741fcbdc09c44a3231290427406898b27f52fa719a48c3f9c50fe53600a6c2

SHA512
bed33666dbeb41acdcaf16d1b5e48a71aa74d124d78746f6580706ae15322ecb3398c7562f84f9f1fa302f089f8460c4ece7ec79b2d4121e1185f0b3920d4869

Download Submit
/data/user/0/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll-journal
Filesize
20KB

MD5
dd3439f8f72a5a99a34ff9b034620f71

SHA1
88e7c5ade0868b0d8e1fb76fb81072fa39d5cc00

SHA256
a8284d4c58ab2951192a5655b9649a6719cfbaa6d4875e6209e6c7a76680581c

SHA512
291a51c65baa3a13ba55ca69ad7cb04f3fa01ae136f98b4a8f62954215bacc93a472372136dcf2fb2ed58032598e05c5d3dcc3d56eb5db8fb69900fd98e96b3a

Download Submit
/data/user/0/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll-journal
Filesize
20KB

MD5
6a08a328e866e8c983302ea033ca1da1

SHA1
986dc8b3e4d9977c91c94861a10a834b8dc35640

SHA256
87bf902d378150413534bf7dd67b986d704bd9551cc3afcd3ab4b04b4783b004

SHA512
497d710e8e620c3a0f120604bab6c5e5bfecc5c470ceaad8ee90363b6e068af4a7a4d7836c4d2fb70fa7a0d786f70a05f8a12f42453b5df8f39ec0f1aaa43d5e

Download Submit
/data/user/0/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll-journal
Filesize
8KB

MD5
1bb568bab892b779e19f4c5c21b9182a

SHA1
7b5c177fe13fad48eab7970bacb77140ba2afe52

SHA256
14edeeb8c8361ffd645ebcc20ba6b4e1f5de7b55053d2b3cfd21eecd73e8de67

SHA512
7440e58f1642a0d1b588359dbeacc2afdf573e6dd84fce2b3b1fd303e19a2fc14556ed91920d28a140ea2e466d4a1259e693195970ce20488e7a99fef6fb696c

Download Submit
/data/user/0/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll-journal
Filesize
12KB

MD5
e397c8d451d1483d8712d870b2cef06e

SHA1
40a16156c34cbed512e9c2001ba01b8ed9454399

SHA256
a99b9974e07fc5596ad515525e961884c6f34883d58dc15cabdf86176d168539

SHA512
9130a3b55ac15f487d330d3fae3cd6602caa7f3bd421eb5c66749d332e6a01a3f3664f3bef334ed8f5af0d0e128d9d178ecede49656e8cddab080db7791753ff

Download Submit
/data/user/0/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll-journal
Filesize
12KB

MD5
bdd74d068b6f078d6ebc77dfa920cf55

SHA1
7ddfa3f2f4dfd159140be8cea8db2e949bc5d6f4

SHA256
367c7ee4af5326eec18ce0e5e56ff934240b0a669d45687a7b2891b988d0c348

SHA512
a802b2584bdea964b2efea0787e0eb431a809e535bf2a32290140020586b9ecab0132241d1287c697779c137d2d0592a53256052ff43e30721f61e5ffab92c20

Download Submit
/data/user/0/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll-journal
Filesize
12KB

MD5
8248063609b564136cd912eb54e885b3

SHA1
c09a46f95536daa5992baa2a9f7d021445e28585

SHA256
3347dd98c186d778f7a1e0b71035ef2f9af7b3567ac0f9dda94127174df9cba1

SHA512
819c2e425799d3585d8d41d6e5f8d248129405e284b7c7647ec9ba540f98b9b872a1c715778c488c324249259c76a8fa837631d185aec27139df89e751b38e61

Download Submit
/data/user/0/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180
Filesize
36KB

MD5
ca275fa0527e94b1d61c4b418ce0c346

SHA1
649c16efc8d1622eafc366da08e9efe8160c0c21

SHA256
c3ff91f0c2c7fafb3516d425df0dae0ba4397a46a8a1d8e185fc33b41f213235

SHA512
8c5c9c79efb3922806afd302e95de50c222050bc81beee020364598d4dbaad699a8376634471f814e5e2313f7ed775be9124d2241b25eb8ba8485870379778a1

Download Submit
/data/user/0/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize
512B

MD5
d19a2a6b02bb83101afa4b1d88ba7f92

SHA1
65c112fe0954975ca95ea200537f74f0b0d6c760

SHA256
310f512db5f494e483a530b4755be2e6799f98cb1fc0de87b59f37565d21b54e

SHA512
3d75da1cf6158d67af567ff7a6425a60f4590cf7530f4f136d883e0dbdb0a992a0747b5005093211339088a9ec1a6116cb0a661cf5a62760f452214084dbb8c7

Download Submit
/data/user/0/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize
8KB

MD5
2a58509166e5d82d6f233dc201f6074b

SHA1
234625261a1e5ac497cbeb47a17416c772941c81

SHA256
8d690ab32c9f35a05555baee05b24a4f124f8e795606678c170f48cfcb61f830

SHA512
9fe035324172418cb2f3d7f6d62adbdfc332a25f3f12f66e3c019bad6c670d9aff5093755e0d6623ab41b106c8bb05f44ecb1f80d864fb7b7851ebe4374abcea

Download Submit
/data/user/0/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize
8KB

MD5
d48bf3365b56288a0a67e3919bc62942

SHA1
199c4b39e7094ad5063fe8e760bd047b79462668

SHA256
7f66ab95f01f5fd7bc748acf54685a2eace3da16924c71489ad2c646022bbfad

SHA512
fe4daf4ea1ba3e0502baa2126b5a060ee950c3c7be84b36293fa3647b29150f8f08f0bfb55ae0cae6d6fa0b64fd076f4a45391df29ef2fc7e3b6e15035d195bb

Download Submit
/data/user/0/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize
12KB

MD5
1434ecdd8972edaed2bd51b5b48c13c6

SHA1
d1965bba70634c4824ce2f9ad07b4aa0c39bedc9

SHA256
d27ff93ef18bf228770b769e938d33f10d556fb23b495f66032604f2692a6752

SHA512
a2c015fc9ad2b089779bdf646d3de738219fa4ee22b4d6b4ef65aa01a0fd2b1a7d895397770db35dd9c8cef75c6ec5d347ee5c01f7d886aa7df24312b8055237

Download Submit
/data/user/0/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize
12KB

MD5
2debb682865cb6245476bb743f23d199

SHA1
4995aad382cef5b98e95fccc95c53086043fb155

SHA256
6b5a2770449bbd95e7a2c11b1aa985642a127915a1e2745a234b8b57f083dda1

SHA512
dd98c8b227da227df0e1d191470759f494f1fc0eb71c14748b6f52519eb58353af0a35b8b160ac1ccb8f42e35fa3324301f0056e0548ccb8687194a809563f39

Download Submit
/data/user/0/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize
12KB

MD5
a1e4ee55a246713de10ede65b5cc8de7

SHA1
ef914f8e1d942ec7a78abbb19145141df45c9b2f

SHA256
59b3534a8706ec46ba1b5813b6e5730e7adb2ea5be8dd6562b653810499cce8d

SHA512
f07c53582dbd8a518ae5d1381b4170feabe0a65692c755d59b9ad8d501644ae85809879c02a67ba55935372a21cee48175c8dcbf4b89468507d56fa17854a293

Download Submit
/data/user/0/com.cover.the.dumb.roll/no_backup/metrica_client_data.db
Filesize
20KB

MD5
fc318483a677c71a725dbbe6e9516df9

SHA1
8ac3af9cbfb464e53b709028d1f64a4d019bb2f4

SHA256
d6d65421dac425ed42a96af8b94a1d708f6e23b556f0bc80011eb4970304b7f9

SHA512
0e3a0d7629cbfdcaa59e415c4ba982355f249b9595d234c0de6fda993c65c121435c442945766017cd78533fbd059d7edfe2eda0185ec6e4d076499536a63140

Download Submit
/data/user/0/com.cover.the.dumb.roll/no_backup/metrica_client_data.db
Filesize
20KB

MD5
122556625e712d8b4081a42240f412c1

SHA1
6d14d8b34405a9de045f689d37f82950083e68cf

SHA256
c9a99cee7069f7504974fd1e6c77617a9cc3ca0bb661424c4285dc42974d4d1e

SHA512
73fe9229b18978824cc8561fd99e9d0420f1d8ee50eaef4faf58eacb4872c388d08ef0648fcd87c173fb0b4b00b89d48d7703ed988df497b40b40f899c307395

Download Submit
/data/user/0/com.cover.the.dumb.roll/no_backup/metrica_client_data.db
Filesize
20KB

MD5
5aaa6d9e0b2afe2df3039b6f9748aae6

SHA1
561b174f7ab37aeb15d50bbc4421fd24502b3e04

SHA256
e76b817467ee952bea2441d8550ca9191894e3e7a0c5312271fc3ff80a0bc448

SHA512
42ebb4777d383a6f1aa30e678e3344a073fb5e3b4e1dde83ac8957fc55c70df2c8a1196e9d18c90e3a23c1ac3422d2378396a32868d7d89ef38b7f75029b13f0

Download Submit
/data/user/0/com.cover.the.dumb.roll/no_backup/metrica_client_data.db
Filesize
20KB

MD5
e56207a54088e5b8ab2b84949cec98c1

SHA1
992ab7e16042c224442f7003ebdca78ae370bf73

SHA256
35a4ae43c0fa3c01320bc6ae60cc001b68a4244e1407b34ef6acf46b4437ca7b

SHA512
2c84054f829e3e7a11a266df48d791afed9e2d027a6e95830c3c9146ef98b061036b4a8a1602c509006b4db1baade8bc3560921daea841fca352aef4a3bd6f97

Download Submit
/data/user/0/com.cover.the.dumb.roll/no_backup/metrica_client_data.db-journal
Filesize
12KB

MD5
4103f4f99d0e5db0a859b12c04cfc41a

SHA1
bcbfd204e0b0b2774c17bf67703184b98ec36149

SHA256
dd073648cfbc88b824f67321a0be5045ee18eedf282264e34180b80a5823fe17

SHA512
3072a9c447fec51bb111788a12da571ac7b2711a58153926acc330c2aa31b787c377de8862276ba5fdc1c8b3928ab1c2a65555597f7fa5d7e9ab656086b156be

Download Submit
/data/user/0/com.cover.the.dumb.roll/no_backup/metrica_client_data.db-journal
Filesize
12KB

MD5
570ce85c503f02ad8e4a14b596e074f1

SHA1
a9d58fc6386c7309c8538ab656d0f1b95cc8e8a7

SHA256
ef66d37ea3aae421405aed2614b99687e0ceed4074dac7dc32e87b14ed7b8afb

SHA512
31b1cee58a028e6b04159da226f91b9ba3bb9ded4997c544d2ac2479ffd2e27439f4ea92f633dc59c25128dd631e11b9f24cb13aff3c3201d337c779605098bc

Download Submit
/data/user/0/com.cover.the.dumb.roll/no_backup/metrica_client_data.db-journal
Filesize
44KB

MD5
f35eec7ed20a9b7b6d44b918c99aaebd

SHA1
b7d36c30bffd761b3749a037ddc350bf2f31b82e

SHA256
b36f0c3dee79ea2df12844490e336d37c18b3436e66b72a83f83e81ee66d612f

SHA512
179ede3eafd9d79be21a7f126b0fbd62b74737eaf76988712c8eab1797c4a7351cbd3f47ca73377db168a8b071455577a807eee7ce467b492a2c68c197ca2f8b

Download Submit
/data/user/0/com.cover.the.dumb.roll/no_backup/metrica_client_data.db-journal
Filesize
8KB

MD5
a35d44b255d8ea1bd1115937a854bcbb

SHA1
0f8dfb3aa9f44bc42e6f7360c14e4a76d54cc07a

SHA256
1eb1139da4ce664555376517f8341b9e93b2c4ea97325c6f35bdce1d9fcd6791

SHA512
ad7a241413bbbaef995ab97e6ed5b208272694fa98b5ccd3bf0107744508f2d9420624d4a2f6a07c7b8b1bfb316f579d06c50b312bdbcede7c66faccec6fb9b9

Download Submit
/data/user/0/com.cover.the.dumb.roll/no_backup/metrica_client_data.db-journal
Filesize
20KB

MD5
0ca901bbf19286283df175890b4016c0

SHA1
0e5d2194cd3b50d6af5b318be2c97c31f7715a30

SHA256
9190f425329b8459afc76f8bf399199753672c62152f867fccc10fa88e490489

SHA512
5487d053062e6428e4d299da87284b4d796058fcc2421b9882ef8f7f77161c8a1a0e33963ca3f6e6399a914310ea1a00445099ab2bb8dbf1057022db1f32f066

Download Submit
/data/user/0/com.cover.the.dumb.roll/no_backup/metrica_client_data.db-journal
Filesize
12KB

MD5
95039dc7a3b1586b33987e549a8828b6

SHA1
609819cf4418e2de70281fe1a9debe4e4c0ff970

SHA256
bed6d9d67c77750fefc17f289c52f0f297141448c978c75e36f4042ebaca4a6b

SHA512
043b09a04f057dd436f37dbab9e261af005fe84e4dd25422fef73a04bce64b942869478ac2e135d2cd4d1b8ee5dc9be58520cdd39061d4fc13ff1f187ea0c482

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads