1603409b5a0725977e7129b6df72bb9049b3a32e2e923b03b46821ebc90c263b

Analysis

max time kernel
72s
max time network
157s
platform
android_x64
resource
android-33-x64-arm64-20231215-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20231215-enlocale:en-usos:android-13-x64system
submitted
13/02/2024, 02:17

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

1603409b5a0725977e7129b6df72bb9049b3a32e2e923b03b46821ebc90c263b.apk
Size

3.4MB
MD5

0d3198347aca8f11e2d90225079aff6a
SHA1

8369d08c4158e404537a8d6f854fdb487b700671
SHA256

1603409b5a0725977e7129b6df72bb9049b3a32e2e923b03b46821ebc90c263b
SHA512

d8e725c472c001d897902611abaac075fd8057b3d63e6dff9b97610e46d004a6274bdfc05f0d88cfac2c64baccf85f897e3c6f7d97bd425ada61e993adffa4bb
SSDEEP

98304:2A+u4Y1sNALlOUajv+oTwr5qXawoqi0vlvqV6Ihp:2Ak8OdjKWv+p

Score

8^/10

banker

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 IoCs

banker

description	ioc	Process
Framework service call	android.content.pm.IPackageManager.getInstalledApplications	com.drnull.v5

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.drnull.v5

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.drnull.v5

com.drnull.v5
1⤵
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
- Acquires the wake lock
- Uses Crypto APIs (Might try to encrypt user data)
PID:4297

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.drnull.v5/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
cd73245a1628b9f637e8f277c7d15293

SHA1
e236acc45738a2e52ee53428a45c98af88a1be28

SHA256
f5e00c79a3e4306fcea2319afd50919c4c6b76da8c76431cb96e7aa82fa6f3f0

SHA512
a1e866012a3934a168fe322aa0532dda1991d478937cacb71914d79a6b1720f188647b83cf08c5c165d8944abbeb9d0b37fe5b1f22fb7d3ce4cd7df3b3a095a1

Download Submit
/data/data/com.drnull.v5/databases/com.google.android.datatransport.events-journal

Filesize
4KB

MD5
4ecdfb7dd3564f13bec6069eff6ae224

SHA1
4ac0bd253fb109cfa53530dedc8b9e3aee16ef98

SHA256
81bc5ea135c362068fadf0a71e19c504421af23150501f965e1f4f0dc9c866dd

SHA512
a25d485d14789cb8fe94379122a1b4fea6cb01f51f6efd83ddf4e6b5b663e0b93e7431efe185c3751e966cf4d2a2706cfec5392bc090a86adf2cb22ee7ae9f48

Download Submit
/data/data/com.drnull.v5/files/PersistedInstallation5945683370722970620tmp

Filesize
90B

MD5
a76a24ab02f094ac2771699fa159d86b

SHA1
2876666e588426dbeb75cf68d812137aa47538a3

SHA256
3826e09e74f037b5aaac005c644b0dd433b5721dce5e222b0aaf60d9f65cff93

SHA512
973c630a131b5c36b6164fd417860807ccdc11c5d378355aaf1aaec1570b02fbdbb255ada58f27baed2ece4de940387e21fc183955ada8d41961fcb4ac1c542b

Download Submit
/data/data/com.drnull.v5/files/PersistedInstallation886931856341849721tmp

Filesize
569B

MD5
88f853badef73f44470891c316765de1

SHA1
7edc7f40a029a97e07e395c98424a9f7902caae6

SHA256
c9426af737d533a228f09ee1db5c794629158c4cf256ddcbb07ca77eadae8c48

SHA512
48920c585efb5b5b9edbf79b94e343260bf691d6190852467a8647b8a123bcf444af610ee87fac75c16a4e68646a96048f90cd0c1e657bff7cef4a658af8501e

Download Submit
/data/data/com.drnull.v5/files/database.db

Filesize
102B

MD5
ab90e6727a769dfcc9c170e76cc95c0d

SHA1
316b2785eee05d453b94506e3bf338fb07768c47

SHA256
17ff22ec4305d3f969ec54a771aa415088acd92565492d2b52a2c3bb448bb8ea

SHA512
4eeaf95d1ceaabb06ded61b9e6d06ea124fe7d20a1f50408d894b90f9afef2fbb87600db790f6b3336bdbcdf57fb165ffc492329d5498fa6815b2989df707e3a

Download Submit
/data/data/com.drnull.v5/files/profileInstalled

Filesize
24B

MD5
0f7a26d588ab4970b79ec52988e08b74

SHA1
b2d8b887909356caa0e95aa5f604bfb6dfa241de

SHA256
a99fb972ac1c1a8e88d5cf2349a05a0799cbe951d55cdfdd17e77b3b04f7d1e8

SHA512
5201e673af2b7c0635188e7cca02c50d90797a77ae3a7b570720bf40a20be49e1a7d3bfab175c7d4c1bc399c606e07f5e2934df24ae01514cacb948871d19e93

Download Submit
/data/data/com.drnull.v5/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
9f549baddcff73d5cbc96e62574ea6d4

SHA1
16e51ae7d360ade0a4736e12fda5041153502f1c

SHA256
678be98ee8e110560ec014526e7bf33a7cf7349582e498bc2f055b8e01632750

SHA512
323f44f167f2196325c8aae8c98a8f4516bbbac0db3bce9e48342c8a8f9419a9dd74958444eb65e59bec86f272a496e8d51cf0447b627bd63f15b5225542afbe

Download Submit
/data/misc/profiles/cur/0/com.drnull.v5/primary.prof

Filesize
1KB

MD5
b47a28282770692af90b09a8e74573aa

SHA1
25726a46f508ba3ef074cff9d7878bfdd5023cc7

SHA256
0e987a595a78437968504f7cc3b5c9f8ab619322ea653a768afc40e06a9a5e84

SHA512
eac21cb9fff26d4f22ce07523d82c38046f1a3742167f381d2ce493b398faf9baa1a7081c2cf3be8a03ae21df5ae76214c8825f423798e9d154df4c22c5adf04

Download Submit