1603409b5a0725977e7129b6df72bb9049b3a32e2e923b03b46821ebc90c263b

Analysis

max time kernel
33s
max time network
138s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
13-02-2024 02:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1603409b5a0725977e7129b6df72bb9049b3a32e2e923b03b46821ebc90c263b.apk
Size

3.4MB
MD5

0d3198347aca8f11e2d90225079aff6a
SHA1

8369d08c4158e404537a8d6f854fdb487b700671
SHA256

1603409b5a0725977e7129b6df72bb9049b3a32e2e923b03b46821ebc90c263b
SHA512

d8e725c472c001d897902611abaac075fd8057b3d63e6dff9b97610e46d004a6274bdfc05f0d88cfac2c64baccf85f897e3c6f7d97bd425ada61e993adffa4bb
SSDEEP

98304:2A+u4Y1sNALlOUajv+oTwr5qXawoqi0vlvqV6Ihp:2Ak8OdjKWv+p

Score

8^/10

banker

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 IoCs

banker

description	ioc	Process
Framework service call	android.content.pm.IPackageManager.getInstalledApplications	com.drnull.v5

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.drnull.v5

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.drnull.v5

com.drnull.v5
1⤵
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
- Acquires the wake lock
- Uses Crypto APIs (Might try to encrypt user data)
PID:4218

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.drnull.v5/databases/com.google.android.datatransport.events

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.drnull.v5/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
ab4fb0a76acc73e807b48563cef8f5e0

SHA1
757cae5ffdcc5848de8b9f2d6261f7e3eccd049c

SHA256
05861941f75537a2cacd1702027a14e47b9bad92b0d389534624b221662e1de9

SHA512
f2cb8099441237dabd29b2bf0084716408d083aca9d6a9ebd616e1ae7192fd194f81031e299899bd173d90a408a321d64605081d6a515ae9bd3942092ee0db72

Download Submit
/data/data/com.drnull.v5/databases/com.google.android.datatransport.events-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.drnull.v5/databases/com.google.android.datatransport.events-wal

Filesize
68KB

MD5
fada997aa05b91b4fba249c975821c9b

SHA1
ff14cc141f946846c743b52ad779dcbd436a2bfb

SHA256
0ee9b9480a351a0b8f35801ad561d2835b82c2520465b87fec5b8e9d608ac3c2

SHA512
6de8c2229b940300da6f6c48ef864468ce5a49c5ae333eed3c6ae5c059abb9f5ac95427311d279501e2d8140aef89b6b71c0bee7751c5e095a898b56bc282406

Download Submit
/data/data/com.drnull.v5/files/PersistedInstallation4639111625203887884tmp

Filesize
567B

MD5
f9a40b8e5a4c93cb9a269f2e55ecc231

SHA1
e0e45d9caad1e676598f69debeca52c9043b0b83

SHA256
de89e4846b895ca8f8c6d90548cd0292211ce40f25f91514af075343d5732a9a

SHA512
c5827c7a55cea0460f445cb6c3ed95d17295dda44b29919e6a540f36ea7fc40062697c6b48026a2d0a8f960f394dd949a33921c0b67edd7925c9d599639f0c78

Download Submit
/data/data/com.drnull.v5/files/PersistedInstallation9111196311408983501tmp

Filesize
90B

MD5
3d7e9bbd216368cdb5d921ae4a0ac137

SHA1
7f6534877519f25fd2b809c608ea2940da1cd9d4

SHA256
42783e078d1eddf91fc6e389916440a6568f2828ab81c68e46aeb8f937f513e0

SHA512
3fb23b2df80463b671df6e0f3b96e0d7788bbca6c32df89bf5fcbd5851cfcfb96e952ad4d3928cfc56a2f616b5f06328d8f31e6afe2bc46b46a7119b42db5d2f

Download Submit
/data/data/com.drnull.v5/files/database.db

Filesize
102B

MD5
fb2658a0fdc199a2678e7414eaedd873

SHA1
34208c89b6b0a2c4d1f9338af93ca49532c8ac59

SHA256
e10b710148f545bf03c0c263bdf060b840d44264f81ce7b836a21af02a5674c4

SHA512
24f9fed14d4bb69d842e02390def57af4d4ab7c7baa13720b18a9f6c0f675b685b753738dc6c9f1d71ccc031d814710c07399b5f1c3cb0e432c4d18af4172cb7

Download Submit
/data/data/com.drnull.v5/files/database.db

Filesize
102B

MD5
5a5ef2074959b132400371873610f72e

SHA1
a35072c90512cfdc48c5100a03053d421719e245

SHA256
d2c2ca55ac632534a04c7e1016501506e509cbdd5c525f7111f489cf7ac30e60

SHA512
367ce019c03b827c47f120866f585e3b78be0396ef8583bea52c0aa039680d2e133144805dd29c01065c55cdb3d2b4c1b0f53af5d6f0c3187fd7164ef8f64b0c

Download Submit
/data/data/com.drnull.v5/files/database.db

Filesize
337B

MD5
db81274087fbdefbfd96c119b9ece12f

SHA1
035ec5d8f2a0e55199c8b1110f496ef315fa6699

SHA256
cb58aa82cf2cd35d41b473085e1736a91334d0a8c80e63ecd5082ea1eebc36a9

SHA512
29a586ee57b557b0b8c6987408f9515417bb06f26994baadd10498c77f745d3b8cd33067801aa3402c66ef02d6bcabe6f20e1059c021e4b448ef37f8ad2955dd

Download Submit
/data/data/com.drnull.v5/files/database.db

Filesize
403B

MD5
324e15fd7ce55074e8286287f92647a9

SHA1
173c000e7676ce0d0d1566a34042e2296c3e6a3a

SHA256
28de1c1a6c4ffad94a9d50e35280e00d49770a6b25a6df0dc4dfa79823f38aeb

SHA512
4fefcb2e750aeeb930ee55a64cb24eed8ad774f989e35c8c8252c4a425a5b2f97a0f91a483e51e0381b59ccda736b19f9512766ea9556ddeacd9924d4ce10e43

Download Submit
/data/misc/profiles/cur/0/com.drnull.v5/primary.prof

Filesize
1KB

MD5
3bf4327df6b1fcec0de5399a885183ed

SHA1
4f2ceeb901b71d3f3c5d56ee9ac0430c94088308

SHA256
87964145ade7a79f223cadc1c48ed417d86ac1872b5f6d533814312da485e6ba

SHA512
5c3c3416af07cfa265043ee24909c59ea99d482f8e77f18a33b02cb0dfee6e48587341ee575dbd687fca82d249a00130c047b754994cfff9f9a4275724de4043

Download Submit