1603409b5a0725977e7129b6df72bb9049b3a32e2e923b03b46821ebc90c263b

Analysis

max time kernel
28s
max time network
137s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
13/02/2024, 02:27

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

1603409b5a0725977e7129b6df72bb9049b3a32e2e923b03b46821ebc90c263b.apk
Size

3.4MB
MD5

0d3198347aca8f11e2d90225079aff6a
SHA1

8369d08c4158e404537a8d6f854fdb487b700671
SHA256

1603409b5a0725977e7129b6df72bb9049b3a32e2e923b03b46821ebc90c263b
SHA512

d8e725c472c001d897902611abaac075fd8057b3d63e6dff9b97610e46d004a6274bdfc05f0d88cfac2c64baccf85f897e3c6f7d97bd425ada61e993adffa4bb
SSDEEP

98304:2A+u4Y1sNALlOUajv+oTwr5qXawoqi0vlvqV6Ihp:2Ak8OdjKWv+p

Score

8^/10

banker

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 IoCs

banker

description	ioc	Process
Framework service call	android.content.pm.IPackageManager.getInstalledApplications	com.drnull.v5

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.drnull.v5

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.drnull.v5

com.drnull.v5
1⤵
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
- Acquires the wake lock
- Uses Crypto APIs (Might try to encrypt user data)
PID:4243

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.drnull.v5/databases/com.google.android.datatransport.events

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.drnull.v5/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
59313ee72f42b3288df1068a300cde96

SHA1
4df595d3d1fa40ea3a0e4c9115e3faca50110b9e

SHA256
6b56609afad0f72feda177f4dd1580f3d74c40e20fde81f4bbadceffa8b908ac

SHA512
7d664c69ef8307358e3eea4b2db8fd779838d1413d983962323d929cfc44f9a1b5df18b6479b26ce883f1a73ba07c1902cb28fff0d9d8f8d7915d9a0d0ba565e

Download Submit
/data/data/com.drnull.v5/databases/com.google.android.datatransport.events-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.drnull.v5/databases/com.google.android.datatransport.events-wal

Filesize
68KB

MD5
50f86de5bad02097d8497fef83075fe3

SHA1
b4ea884caf79db3da97c8fe7069806362d633921

SHA256
0e89421429d5b358d755a3a865a73613f76d40120d89ceb668f2416b68e1a132

SHA512
4140dcafb83c11dad4f2ee4b49b14a82276d052bde9e74db80fbf564587ae57ecbd7f53b925e190a5d3c3b9a0c90440efcd53982ea4c961e1e0aed1173318ebd

Download Submit
/data/data/com.drnull.v5/files/PersistedInstallation2199405956356152946tmp

Filesize
90B

MD5
84826caf9247ccb3d4bc29305710146f

SHA1
34af8695ab4d62109d362836d26a3837918ce464

SHA256
d87d27cd2380d2d83582c0dccec3d7a3ff97b53593d96e2ce04c9fe337836078

SHA512
a4938ead2ed61f9579a107eb508765fdb022176b57f3705d6210a517f36f1943632f61dfd416edac470c1a1d82421822cb7ca99100c0054d5d1782fdcb227a4c

Download Submit
/data/data/com.drnull.v5/files/PersistedInstallation3711425931469747799tmp

Filesize
570B

MD5
f3b68a31468f586c8c8c470272607fa0

SHA1
ec3826109dc1c926be3cc43c391bf21a816e3208

SHA256
cc81f7a762fb273de628a2db488df95758f0cdaf9ce4fad1e00b3ccccb0b5dee

SHA512
f0be4e43da75fd174a7f4c3f92b4191a424eb250721913b8d4c5694f9d23332398a2a5dde9015018a08ba56242dd03c109b3b4359a3cb4c3849e5078c6e95293

Download Submit
/data/data/com.drnull.v5/files/database.db

Filesize
403B

MD5
e72441b77027664fbf1f2195846e8ea5

SHA1
005816724b5f254121ff951af7ef18b75cde23cf

SHA256
f1b1c6dbc0fc96dd16ca396effa594b46dc410e896fe3a295263b26fb02306bf

SHA512
98953dac7a6fba2eeab564a2440d8548dd30cfbb71dcda3282de1ad37ebed50dcfb5c818d67b40cdcd01bd5765f018a3bfe53de54fb4e28aceb98f3bc704acac

Download Submit
/data/data/com.drnull.v5/files/profileInstalled

Filesize
24B

MD5
5e8b843e125fde68bb092c0eb0ebfab5

SHA1
239281d9c5549dc6d4b8fa65c421b723f3aefe9f

SHA256
f1fd9f1ff1e93743679a874d98eadf025aa4d701ab0c9d882d821183a9f43426

SHA512
6694805a05245e8a089847fd0219cb2598a79e4a6bc218145eafd2dd4eeadefbf8d165d691360d783de9fcb13084114879b7e792d9389ae92eb6f33939029924

Download Submit
/data/data/com.drnull.v5/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
edbeeeb4de645d23a93acbcbba1d5052

SHA1
a58ecc1672f0ceba8c3847e54f5fc3da18ad8ef0

SHA256
cf329a1593dcc3257bc377537b03f1a24726e9811b4b881a35d2b99e536edbc5

SHA512
894ff097a1e220e6fd7eb5c594e19769ad7dcf4f5ec970727fefa595a3ae23a4e5b95451a18a457f61da50e5e755dcb4b1655854e366d3194527d8dd00964d2f

Download Submit
/data/misc/profiles/cur/0/com.drnull.v5/primary.prof

Filesize
1KB

MD5
3bf4327df6b1fcec0de5399a885183ed

SHA1
4f2ceeb901b71d3f3c5d56ee9ac0430c94088308

SHA256
87964145ade7a79f223cadc1c48ed417d86ac1872b5f6d533814312da485e6ba

SHA512
5c3c3416af07cfa265043ee24909c59ea99d482f8e77f18a33b02cb0dfee6e48587341ee575dbd687fca82d249a00130c047b754994cfff9f9a4275724de4043

Download Submit