1603409b5a0725977e7129b6df72bb9049b3a32e2e923b03b46821ebc90c263b

Analysis

max time kernel
19s
max time network
130s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
13-02-2024 03:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1603409b5a0725977e7129b6df72bb9049b3a32e2e923b03b46821ebc90c263b.apk
Size

3.4MB
MD5

0d3198347aca8f11e2d90225079aff6a
SHA1

8369d08c4158e404537a8d6f854fdb487b700671
SHA256

1603409b5a0725977e7129b6df72bb9049b3a32e2e923b03b46821ebc90c263b
SHA512

d8e725c472c001d897902611abaac075fd8057b3d63e6dff9b97610e46d004a6274bdfc05f0d88cfac2c64baccf85f897e3c6f7d97bd425ada61e993adffa4bb
SSDEEP

98304:2A+u4Y1sNALlOUajv+oTwr5qXawoqi0vlvqV6Ihp:2Ak8OdjKWv+p

Score

8^/10

banker

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 IoCs

banker

description	ioc	Process
Framework service call	android.content.pm.IPackageManager.getInstalledApplications	com.drnull.v5

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.drnull.v5

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.drnull.v5

com.drnull.v5
1⤵
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
- Acquires the wake lock
- Uses Crypto APIs (Might try to encrypt user data)
PID:4249

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.drnull.v5/databases/com.google.android.datatransport.events

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.drnull.v5/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
36c017363fc66684915dc0d74d5191e8

SHA1
4a23cc3a87f949614ef70a26194528fbf6f44db3

SHA256
1b7ea3332eae8430850b7a59856817e0d589508e98a8d060c7d860fa87e244db

SHA512
fea32a11b7c4a22c34563b5a99eff51d025ac761b16f59dc0daea3eb3182534eaa3ab996efa7e6c6a65a38278a7fdf5dd089bdce9678f09ee4f13b29ec7ad4b0

Download Submit
/data/data/com.drnull.v5/databases/com.google.android.datatransport.events-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.drnull.v5/databases/com.google.android.datatransport.events-wal

Filesize
68KB

MD5
73d4a949e7447bef0386c75e0db6b892

SHA1
b11aa8f7ba4d1a0be4bdd240a4843badb73840da

SHA256
3d131917223b92349a977611fe00d99d0eadad05f3c1dd43c882705b0b5a833f

SHA512
559bdaebd949115f8670836102d2f084091d2a3bf01292c4088d418988483c3509105d17152823ec0c5c11832d7d22b3c96a3305c7f8047ba53d8b2d8c7cd4f7

Download Submit
/data/data/com.drnull.v5/files/PersistedInstallation259474725582364395tmp

Filesize
566B

MD5
a0a897448c94eaf8ad3aaa483d03b089

SHA1
319878c9538631bd5dee10e5eaa95615e19a7cdd

SHA256
1649e5b0a276664657f2f7d16879503eb15e2c0ac70418b8e33c854355094591

SHA512
4fd9aef5b39d1b16eb0032c0a158a7833d6b9711d095124e6a8ba63dae8481721adb0e3ceba0689a8270d80f4515dae73ba48d8eeb41b08b23c089d1b0bd5187

Download Submit
/data/data/com.drnull.v5/files/PersistedInstallation5605367999228577217tmp

Filesize
90B

MD5
e27674793495769dff6b93081da5d072

SHA1
ffc70a883d36a619d3081bf798d2e0435bcb650e

SHA256
e3f724ccfe9aed7c063de009552f26fe57820ff8d30479687f1052b23ca1c40f

SHA512
4b0fec39b9c89653680f362b5c5c95d99efef432ca1a4d70e8e67f192ac6ff6101a629d58e90605fca1e5e3487dec4e21ed3aadef500636c8b0f3678b8a8a733

Download Submit
/data/data/com.drnull.v5/files/database.db

Filesize
102B

MD5
81a8cef9ccb2421285eca6212740ef59

SHA1
1ed76afbed4bef47d504f21674c213a49d0b589d

SHA256
57d7f1d5fbb8cd9586dd01510b10d3fc0fa25fda51f4417175292e9e2be78d0d

SHA512
0ecc674febe5384556890e26cf1b444f03e9fd94ab199bbff254a44e1a5f31fdcab3702b2aeaa0fe95425037914d3d434e29379c07fbbdc65d473f2de40224ff

Download Submit
/data/data/com.drnull.v5/files/database.db

Filesize
403B

MD5
4431dd76e2316cef9f3525ae06460a57

SHA1
06eef0068e41c96bf6519f7bab4e4287168262c5

SHA256
6865b106ac1cb974ae9d9498311995430a4aff5ac00f3356cedf7550c770b12d

SHA512
3f017b91dba68af0ab909bd27e51ad6478c4c3f2973d692b1e0ecd519625b972bd0c41cf61a41da18de0788208eddd7b26106afdd7aacb3dac7b363d6761ed6b

Download Submit
/data/data/com.drnull.v5/files/profileInstalled

Filesize
24B

MD5
ed298dd26d98b778d40e4509745f9c73

SHA1
890b9f7d3327c293af649712e679554ecb497157

SHA256
3a54d241d0033578330f9e86c439401aa17993c5156788cf71984189b6b5124f

SHA512
540ec4e0bdd134c4a24e0f9766957fc8dd3cbb5110517fbbfaf001cbf3c524a084f8eda6d55eed2007e2e2b2632fdc0efcf794aaf95f8bbd5a1f9e27f278d6be

Download Submit
/data/data/com.drnull.v5/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
6bd5f50eecbd8d7ad903941c12a79a85

SHA1
89f8f8ad468190d15b3c8487006cb1453bbac1a2

SHA256
dea1c016c12455452d70cd0c6dcb51c6ced2c1224199806c2633eaee72de8f8b

SHA512
67687d11fc49d121aad813ed62582bb0f4c463001b88c41022ba15f1d15f448563e9808fdbe359753cb5eb378ef40e7316d7b9e8131dc0332a21d8759fdee2e0

Download Submit
/data/misc/profiles/cur/0/com.drnull.v5/primary.prof

Filesize
1KB

MD5
3bf4327df6b1fcec0de5399a885183ed

SHA1
4f2ceeb901b71d3f3c5d56ee9ac0430c94088308

SHA256
87964145ade7a79f223cadc1c48ed417d86ac1872b5f6d533814312da485e6ba

SHA512
5c3c3416af07cfa265043ee24909c59ea99d482f8e77f18a33b02cb0dfee6e48587341ee575dbd687fca82d249a00130c047b754994cfff9f9a4275724de4043

Download Submit