463f9ed427c5d003dbe5d0c79ec0046f7f7b4b73d412588661bf86d3aca8088a

Analysis

max time kernel
29s
max time network
132s
platform
android_x64
resource
android-x64-arm64-20231215-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system
submitted
13/02/2024, 02:57

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

463f9ed427c5d003dbe5d0c79ec0046f7f7b4b73d412588661bf86d3aca8088a.apk
Size

4.3MB
MD5

19d7d3ff409bf1b5ed9e8f73fbc7bda3
SHA1

ea7883aacb78245fbbbe0192635d94ffce7b73e2
SHA256

463f9ed427c5d003dbe5d0c79ec0046f7f7b4b73d412588661bf86d3aca8088a
SHA512

9a723550714b813d2b1a726e945d306ef3d7cb617fbfe802cd4b49ce403311fcb6b1f8f23c69b70d95343965d0650392ee9ea27293ff45bcb70da2b5cffde658
SSDEEP

98304:pA+u4Y1sNALlOUajvyoTwr5qTZ8s9EcRjJeA1kZ3:pAk8OdHlBJ83

Score

8^/10

banker

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 IoCs

banker

description	ioc	Process
Framework service call	android.content.pm.IPackageManager.getInstalledApplications	com.drnull.v5

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.drnull.v5

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.drnull.v5

com.drnull.v5
1⤵
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
- Acquires the wake lock
- Uses Crypto APIs (Might try to encrypt user data)
PID:4630

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.drnull.v5/databases/com.google.android.datatransport.events

Filesize
12KB

MD5
171aedf968e17a2744d2585715606cb9

SHA1
bbeddeb3b89fcf809619c35b4a318a80e7d5b029

SHA256
d2ab452d9360848f46af866b870b5c6fc98230b09c72b89cb1a4b2778586678e

SHA512
78a0f517ee3d21c153dda6dbfec4187ebaee9d520d7b1b63f358bcb125d08aea53f26943907a56fdeba40161d9fc7e4fd63f9ae3154dd2ad887ba0162738285b

Download Submit
/data/data/com.drnull.v5/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
d98b59fb51406c1dfc4f16dcbc0f05c8

SHA1
0a3556b8da137bde0e4c76b541b0565ec2a79727

SHA256
d75a512f4ac815fd4159f3b8233f8c48d5fcf72170be5de2eecf9a55af51e1ad

SHA512
e93968a8ead838948a57b5063cd27cf5b27263270190eae7217fe9f884149cf35a3fcf23b2f46b8d2e2b004cf34438700e43738de19d8f6213e22f15bb7048fa

Download Submit
/data/data/com.drnull.v5/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
415114ee2ea67558584d50043b68d077

SHA1
011ed8359897d62cb62361e3890b42d7fa27512a

SHA256
a299b3bee8da5d2b5a09b09cc9ffe25cd2946ff26309575688d21d5d5145a94b

SHA512
79afe612570f3c44695b5a8678437e42769d937c1a9ffb638a354376750025c9915224fd8230b5dbd053fa67403f2e79c3fd6e300a0a918f715269a9d84f9e2d

Download Submit
/data/data/com.drnull.v5/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
0f63a9497ea408380bc69e9c66414ebb

SHA1
22b592fc6e37cba75f9ffecf47ad4a3010895f95

SHA256
f6f8cf74cef6f5d0c48179b3f0f120e9a7718531f2461e46fd7f006602bd1ca8

SHA512
1125b2047212c6d28e207a61c14f6a96be822e2d9073dfdce994c35da7a1f429f332ec9e43f88043a17023c5f990e51d8482448e086c7f99adc74b688a5192c1

Download Submit
/data/data/com.drnull.v5/files/PersistedInstallation6639775748836885252tmp

Filesize
569B

MD5
f4edd81a821673f873247b380855f270

SHA1
e3da6e32bf097510d3126e26a778d8a47566c556

SHA256
5444680fc589edfbb16e8869148f9c1b8ed4bc4be2399262b9c0ac3a842ed0a5

SHA512
f84f57346e55f532172417b92614a19779fe0e0afea1216c40093e0fc3157bb5aabb984dd99dc60b66604335288cbf17c0ccf4b97ff4292a5edbacfbe1d97bd4

Download Submit
/data/data/com.drnull.v5/files/PersistedInstallation6812623903275019913tmp

Filesize
90B

MD5
2c0ecdb1212f0833f574b37c325d0004

SHA1
4a7dcc9b54705af96cd2fc5ee80844c2c1b6b485

SHA256
6dca4bd95ecd5c9c835545dc704706a3321476dec5ed6f92acb2e07b2eb747f7

SHA512
5b6fe062674922191d2e7dfde9592ff709b11aeeb182dac801a06636a96135eccaa5f9f18ea1fde9a10e9f7851c53a333ab1833cc2f0b3555b4bfa550e6cef5a

Download Submit
/data/data/com.drnull.v5/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
7ff0442a8910683983f3f9f975c52335

SHA1
fcac7c8127a0530ca9a071d8b4b87ce9ad24254f

SHA256
dd3359e81d7f89b71921acf9092d7dbfb97f0438e89799bea4e449a3e67a57df

SHA512
2bb0748aea06d818d8d269b0158c06a584f639b84000f2103af4e162877938d8cb314647a539de768bbdeab0bef55a312bf232a900bd61cc2f04b7ef405da60f

Download Submit
/data/misc/profiles/cur/0/com.drnull.v5/primary.prof

Filesize
1KB

MD5
3bf4327df6b1fcec0de5399a885183ed

SHA1
4f2ceeb901b71d3f3c5d56ee9ac0430c94088308

SHA256
87964145ade7a79f223cadc1c48ed417d86ac1872b5f6d533814312da485e6ba

SHA512
5c3c3416af07cfa265043ee24909c59ea99d482f8e77f18a33b02cb0dfee6e48587341ee575dbd687fca82d249a00130c047b754994cfff9f9a4275724de4043

Download Submit