1603409b5a0725977e7129b6df72bb9049b3a32e2e923b03b46821ebc90c263b

Analysis

max time kernel
29s
max time network
149s
platform
android_x64
resource
android-x64-arm64-20231215-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system
submitted
13/02/2024, 02:25

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

1603409b5a0725977e7129b6df72bb9049b3a32e2e923b03b46821ebc90c263b.apk
Size

3.4MB
MD5

0d3198347aca8f11e2d90225079aff6a
SHA1

8369d08c4158e404537a8d6f854fdb487b700671
SHA256

1603409b5a0725977e7129b6df72bb9049b3a32e2e923b03b46821ebc90c263b
SHA512

d8e725c472c001d897902611abaac075fd8057b3d63e6dff9b97610e46d004a6274bdfc05f0d88cfac2c64baccf85f897e3c6f7d97bd425ada61e993adffa4bb
SSDEEP

98304:2A+u4Y1sNALlOUajv+oTwr5qXawoqi0vlvqV6Ihp:2Ak8OdjKWv+p

Score

8^/10

banker

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 IoCs

banker

description	ioc	Process
Framework service call	android.content.pm.IPackageManager.getInstalledApplications	com.drnull.v5

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.drnull.v5

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.drnull.v5

com.drnull.v5
1⤵
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
- Acquires the wake lock
- Uses Crypto APIs (Might try to encrypt user data)
PID:4491

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.drnull.v5/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
4d6ea8417e869e8e947aeac846b307d7

SHA1
e21010ce7426c3b6c1f9a4f1d41f6e321a4ae58e

SHA256
f327ab8a3dbfe8524ba6a79718e80fa1ccc5f26a34428cf5fa1f258e2961e135

SHA512
165bcbe978d07b163a793832131588fe18a649928ee2914fcd2e1e60e0298e56c771a6d0f06537e05ad487375fb56b9fafcd3d3c07ddef8a83ae1d21a8786ec8

Download Submit
/data/data/com.drnull.v5/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
005fac57826dd8a4164310147ca9b617

SHA1
7f890a0557dd568297c6fb809f09aa6d9b7bf9ab

SHA256
2e0d990c54475b7db6683826a0b2293581a88e713f41014e7d0f0aa25940c83d

SHA512
8631c3f7fac77ce4ea669292e3085726433e15bd892d5822a8d3e03dde48d440fcbd10d02de7640da4dc073ffcf2b6ec62f2872617be5983435139540445fe83

Download Submit
/data/data/com.drnull.v5/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
a4ad921dcb77c64ff9fa86c5651efc13

SHA1
40cefab369f4059f697c2f483d4d034224e64d50

SHA256
371a3429da4f532d4d12e6296ca1f79944a670c1c4ef9f08630fcc016911456f

SHA512
f74041dde36928625171a8cd90e92894a9402ae5f1dac6eda7e0065a77f9882c3a7ba658fdea713eda990633149b99aee9ab78af6a7cd33c293b19d8827024ea

Download Submit
/data/data/com.drnull.v5/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
c68800f9930e35699d6d07b74c3c4d75

SHA1
699ada26f9ed423df0112b72161393a769a0ed10

SHA256
665626bc93b827c6231893bc82ce8d8d859aae1ed55c5d361e825a584a94bb95

SHA512
aeaf347d0ee2ec72f0015c79c2cefe1b0647f085bd1246e387f352d1864bf60bbaa7f11a2f7b2f332d14edaf44d12b74cb8e865446934a729e39bdea896bcc66

Download Submit
/data/data/com.drnull.v5/files/PersistedInstallation2359175370124175958tmp

Filesize
569B

MD5
778f5a9471a5385eda15c7230727bba9

SHA1
c836ea99cb6f34fad67a45b53419aaf9abe1bdb5

SHA256
5fba93c354d05d16b07dfc593b8a68846f53791f8029b440627236ab089a77fd

SHA512
13c7be6225cc48517ff1aac499f96ef7d9e5619efcbe59802aedc0edaa7003a6dbb27ea3133a2c119413e8c6e2babf0c0eeb00a4e8df942b7c62925de8cc2949

Download Submit
/data/data/com.drnull.v5/files/PersistedInstallation4293868691165057638tmp

Filesize
90B

MD5
5ecffdfc581927c037cef246cfafb4ae

SHA1
5c96b0002955c437f5c223329ceb4e83a86d7753

SHA256
71dab837d4d67d65731cfd54d6e4035f33b4648818703c58785f62810794f388

SHA512
ae2e42105b80ca218f747ff8b15adda44304fdb60910e164e153fe9ca9b31136f737562ba85402838b2ab86dc8390d5a89fa267b5be7390bc26e56073247ed78

Download Submit
/data/data/com.drnull.v5/files/database.db

Filesize
403B

MD5
e4b931be3586bdc4486a1220307113cd

SHA1
ffb6715e8dd7abd422641b180829ced33c04ecdb

SHA256
a306408ca7c759f7922d112c027ae1539c2527467589e1e29458a18a68bb1849

SHA512
a1bed9294807602e144710319166f23de39add25ae7ebed3b4889e53e4ec25545683322168f591508d50b20dda2b608d1f67edc492916c5753a7d03d47691c1f

Download Submit
/data/data/com.drnull.v5/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
f8e2bba9b897883678cf9ef355292542

SHA1
66e17d27999ccf7ac39a91a2ff4aa89104248909

SHA256
b175be2c6959939a1f6b6e6ac9246abb3338b8c39b9f7f79f31883004fc33b3f

SHA512
e99c8c3fe03aa77ec66f33281c5bca70f0dcf0aebf3d75afbe7e52c90810b4686bc5b86ab7dd3127f51c808c269550928044323793419200d6a19e195402f28c

Download Submit
/data/misc/profiles/cur/0/com.drnull.v5/primary.prof

Filesize
1KB

MD5
3bf4327df6b1fcec0de5399a885183ed

SHA1
4f2ceeb901b71d3f3c5d56ee9ac0430c94088308

SHA256
87964145ade7a79f223cadc1c48ed417d86ac1872b5f6d533814312da485e6ba

SHA512
5c3c3416af07cfa265043ee24909c59ea99d482f8e77f18a33b02cb0dfee6e48587341ee575dbd687fca82d249a00130c047b754994cfff9f9a4275724de4043

Download Submit