1603409b5a0725977e7129b6df72bb9049b3a32e2e923b03b46821ebc90c263b

Analysis

max time kernel
127s
max time network
151s
platform
android_x64
resource
android-x64-arm64-20231215-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system
submitted
13/02/2024, 03:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1603409b5a0725977e7129b6df72bb9049b3a32e2e923b03b46821ebc90c263b.apk
Size

3.4MB
MD5

0d3198347aca8f11e2d90225079aff6a
SHA1

8369d08c4158e404537a8d6f854fdb487b700671
SHA256

1603409b5a0725977e7129b6df72bb9049b3a32e2e923b03b46821ebc90c263b
SHA512

d8e725c472c001d897902611abaac075fd8057b3d63e6dff9b97610e46d004a6274bdfc05f0d88cfac2c64baccf85f897e3c6f7d97bd425ada61e993adffa4bb
SSDEEP

98304:2A+u4Y1sNALlOUajv+oTwr5qXawoqi0vlvqV6Ihp:2Ak8OdjKWv+p

Score

8^/10

banker

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 IoCs

banker

description	ioc	Process
Framework service call	android.content.pm.IPackageManager.getInstalledApplications	com.drnull.v5

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.drnull.v5

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.drnull.v5

com.drnull.v5
1⤵
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
- Acquires the wake lock
- Uses Crypto APIs (Might try to encrypt user data)
PID:4467

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.drnull.v5/databases/com.google.android.datatransport.events

Filesize
20KB

MD5
1745a9ea4cbc774716375cc05202c529

SHA1
1ae8ad86bd3a95e56df996cb85384e0f33f73066

SHA256
0c9445b9e57996a87dbcd8e94c57871d9b3aceb4fe2821728b7136257234b8e4

SHA512
ec197c2dcd9b307902e385a13451a62697038c91950ebe13a97bf6638f8e5ac28eba069d6406b0d2770a92cf7b0c12e768c5e73a0043615fc3d3ca9937a2e46a

Download Submit
/data/data/com.drnull.v5/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
7ff177ef90d1394a1a1ac1845d4d2313

SHA1
aa102fa3ce634d8b0ea85903b6f8061e882234d4

SHA256
8df151046e9dcb724b4b0dfedb38c01e5703df0026c9d67defdc1ed6c0791d40

SHA512
23f49274d9ba6565777f32b47e85857c1783e528eb25b8f4464c2777852b91c542c62e4945fd6ad91c788f9c2ce7da35e503cfe6ecd8d1bca8f6c8389ada15ce

Download Submit
/data/data/com.drnull.v5/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
20b6071dd6015311ee1c4ffb914695c4

SHA1
e86025c5037b7abdb1dccf4afd71a747b97c2cb0

SHA256
3d35f1e95d335e2f6b51c5e5f4c198a52b3ce240fb6c71e35b47eb37f1d20e2d

SHA512
36175366a4643a633cea354db8d958079826c61f249ab160ac6a5bafd5c11389c17c20e23761bee8e8ef0714fb0827010678a5feb113c0e1269553df8aa1e696

Download Submit
/data/data/com.drnull.v5/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
a288d1b01050e83026a43471fc4f38ab

SHA1
62801a3656a485035408c1dd7853713d5e01a5eb

SHA256
dea250954601411b58b2476b0faa9c1cc4b8689505c874c1a0db57196ed77d0c

SHA512
11712d0ac1cc9e5f4f429b4ddab3e1311ea03dc65c61c797293fc443b6e8b61a8b9794f36f4666711f3d21b87c4b981d04daa22fd2c1b972eaae29e250b89b85

Download Submit
/data/data/com.drnull.v5/files/PersistedInstallation3283606399601088674tmp

Filesize
90B

MD5
59f83dbbea6bbcc3f38f7dec8f00c0a1

SHA1
c558740d8483a9049aad8c75879b7f08cacd7eed

SHA256
b9e06c4cf355ea64d38623c16ea3d48318d525e954000fbde575a0c2e65b9125

SHA512
d4e578d4c8a82d23e54971009709a748430c724256f98bc2c6556c683c7470dff86dbf9b576d7ea0ec4b802ac19d7f8cd992758876fc3202f3313734fadb7102

Download Submit
/data/data/com.drnull.v5/files/PersistedInstallation8648919092612695833tmp

Filesize
569B

MD5
b962d8944a6089f02d7e2c087a2b11a4

SHA1
5b7cd098ad4c794c8554b28f2df8842baed33c8e

SHA256
9e6b51465f1d8a69cad8d626cbc544d4581bd791b2b8aaf2d89b3de4dbaf1e86

SHA512
a20996f00a01193e25cd74ce24d902d48358f0e96f350b10c11d24047eb25d0d58701b89f6e2d68db6cd628a2fca8220473ff3fabf5373b42f0fe364b846694c

Download Submit
/data/data/com.drnull.v5/files/database.db

Filesize
102B

MD5
24841b7873bd87a2930e61d865a0e120

SHA1
5b9f3030ac6842d0958b8d5d976be8b52370c150

SHA256
9fc72b8072346f311c19dd960f10848ba685ac4c2d03b623156717f3d0131e03

SHA512
e4786b5f571efaea16778bd515bd9fc985ee7244cff147f7282ea4c535166632c01f7bbeb62bfe6e4cdd89028910c8b70f978e0e92907ddb744ce9c38ba20dea

Download Submit
/data/data/com.drnull.v5/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
390379673253ecb76adfee659b841d33

SHA1
1411d8479bba0a6056d588d54005fd344249464d

SHA256
8226583e32f20189583ab760ed987c40b00ce1b148fe1f8fd8967c80d848501d

SHA512
5e8d415387f5edeaf4c538755834f233eaa41c187fcdd16e940961df8345e9a67ffcd3bb223bd14553c8239194b0265609d19d3c543a643cf102a7801ab2abfb

Download Submit
/data/misc/profiles/cur/0/com.drnull.v5/primary.prof

Filesize
1KB

MD5
3bf4327df6b1fcec0de5399a885183ed

SHA1
4f2ceeb901b71d3f3c5d56ee9ac0430c94088308

SHA256
87964145ade7a79f223cadc1c48ed417d86ac1872b5f6d533814312da485e6ba

SHA512
5c3c3416af07cfa265043ee24909c59ea99d482f8e77f18a33b02cb0dfee6e48587341ee575dbd687fca82d249a00130c047b754994cfff9f9a4275724de4043

Download Submit