8145d771c8622d18ca63ca6c746adb5f988b246f81f6c5ba9b1c5192242b1bb4

Analysis

max time kernel
47s
max time network
153s
platform
android_x64
resource
android-x64-20240221-en
resource tags

androidarch:x64arch:x86image:android-x64-20240221-enlocale:en-usos:android-10-x64system
submitted
02/03/2024, 19:18

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

590a24580b0e521e5a508b65ac5843e0724cf3d2ecac4356d2423116ba891e71.apk
Size

3.4MB
MD5

3e3edcccd847bd1f40bd0d7c71a8ef9b
SHA1

5b561522d91c42e5eca0bcbefa854fe83653d69d
SHA256

590a24580b0e521e5a508b65ac5843e0724cf3d2ecac4356d2423116ba891e71
SHA512

32c997698bfb07081e4c45337b402acd294f3211cf9df8bbc65a9f21f06b23d56d0172a2c1cfef9c92de2d762ea4fc8552e8fe5ae7382fcd302c7cc447a887f4
SSDEEP

98304:gA+u4Y1sNALlOUajvQoTwr5q7QASwW0bhX6rKATh:gAk8OdZM+XGh

Score

8^/10

banker discovery

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs 1 IoCs

banker discovery

Security Software Discovery

T1418.001

description	ioc	Process
Framework service call	android.content.pm.IPackageManager.getInstalledApplications	com.drnull.v5

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.drnull.v5

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.drnull.v5

com.drnull.v5
1⤵
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
- Acquires the wake lock
- Uses Crypto APIs (Might try to encrypt user data)
PID:5052

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.drnull.v5/databases/com.google.android.datatransport.events

Filesize
12KB

MD5
ea628e04765adaf4238a5dcdff4bbd51

SHA1
a801947619ea8c368efe9c006a324dc6339ac60b

SHA256
885e337c2156e4dbf2176a9677ade50418740532d222ccae5ad4aa371b54c6a4

SHA512
c0287b0e7b690a7231a37d1745c49f3d861b22aa65dd769ba6a8b5ab9da55443f749957781ee05a405019c39e1be45d37a971b821bffd62a1d5620bc39119abe

Download Submit
/data/data/com.drnull.v5/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
ca6d10b9c712462eae3cdc923575dd50

SHA1
31c1da0e2afeee6b8f7fae655e1da5c60a481bea

SHA256
223ac38786116e2b1a8a2dcd8dbc0933d639f1b2cdeac47c7216955b95e0d256

SHA512
80ec0578903d6200cdd8b59457636714b24c40a95e396cba91dce74dd97144b69866c2a00ebdda0a94550e16ba8c4e168e31ecd3f2f3652c29f4520da61ac6df

Download Submit
/data/data/com.drnull.v5/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
2071859254bf9f585d597c1cc01fafc9

SHA1
a30985e1fe103a3ade9ac0de99d68c9abd8e3ef8

SHA256
5484bcf4b27d7fe5b4b36c80269730b731b06aa077ffa3f2d84a7c4bab6f1d01

SHA512
f49ac1f813514fbeecd47435192631c68f5c525803c6a6eac4655a8f5b2217bcae9e5483b8bb3c5ab61b38e89f842633cb758979c480e6e0e61dad565248c81e

Download Submit
/data/data/com.drnull.v5/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
f974507bc9f9be38026c1caebebd11e3

SHA1
c2f040b8b2aaa01c7f315f7303b8f4cac21b2325

SHA256
3ce2e41d9371aaa87cd838a8772d8698eef06035d612b9bbdebf57a21a2ad2af

SHA512
617a4047eefd6eef5386da1f478bfaeea05ecef31709aa6e943913239cacd714e11042d2b98a6484f84edac46146ac6553ed4643a56575a54df5f8aace20e19a

Download Submit
/data/data/com.drnull.v5/files/PersistedInstallation3133076581493308692tmp

Filesize
90B

MD5
9f5577b03df688537b802289629899cb

SHA1
9842b9e4391b1eceff80ff5e7e9f67e241ab92cc

SHA256
004f8df0b65ffbc0221790a0b298f4d9b8927d9d4b2adaf7639d1fb991f81011

SHA512
e9419c6c4acf4af2fc2209b56cc4e6eeec23d064e8d53038ff6bb786b6c91953a247bc672063927306b2a80c53b0447db69d8136eb2126c8d522c9cbc552e84f

Download Submit
/data/data/com.drnull.v5/files/PersistedInstallation6933356368099130383tmp

Filesize
567B

MD5
d0825c912d146a31e92df491de254f24

SHA1
880241896d59b40ebe67978d20e387bb91acb192

SHA256
8506728d8d73e293db58d9e50f74a9104250303bde1ab3af0c03e9177d983f4a

SHA512
5cbded91687d017dd47da9ec4c089cbfd3010aa58811e29fdf3600a725afb6c2f48e3ac82f5a60649bebce71395eefe520bc5f0f93bf3ec79ede9882dc3bdbf9

Download Submit
/data/data/com.drnull.v5/files/database.db

Filesize
102B

MD5
afaeb1ed0fb8be73c17ceaf95cc6b3bb

SHA1
57763ac9a0975195921c745d9a3710d607b7e882

SHA256
f7a675950b736741cfebfdeba91738c32c17ba09892e5aba54e18cc95f67e6a6

SHA512
7593f16a045e975fbedc52883d60bcc7fc6d57bcf33ff2b27624eae60caf29a9515b6c4080e29851a462c5a8ed8af95920f58808d924863ef637ccb1a968ed8d

Download Submit
/data/data/com.drnull.v5/files/database.db

Filesize
102B

MD5
db8b1c8214c9d32ddb2f260ed88fb19c

SHA1
7a707a3e56492a9163d548e3465dcd3d47ef2f45

SHA256
e755ab4943438e2012f040b65926d2c2dd36fec8de6470d58b2d7f555c1097cc

SHA512
312c84ca427483e38f4b9fb9eabd6d9cb1b00e7225904e48eff77fbcbb970d023706db4e183bc4f4b5aa155ff9d76c763faa9c4a433ad8fc675a46be2bd1e838

Download Submit
/data/data/com.drnull.v5/files/profileInstalled

Filesize
24B

MD5
8b312340fc13cf714f0130d32d201ab3

SHA1
0d7fc40e250dc37650ea252040b3e359a45feeef

SHA256
68dc0f2d904181e2f5b25642c7444a29d8e8e183a05a59a385c7a362e4163f64

SHA512
4878d4274f3dd1be928e4a5364ecc21df67ed20590e53a435f65fa13748251c37a7375432429aabaac48a76a7bce0252438f02511864f290fdc6b10a9b2bc983

Download Submit
/data/data/com.drnull.v5/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
7339d8d71521126a17a2833807c9a04e

SHA1
77b3003a5e878fcf47852c1690b3946dafbd6959

SHA256
29ef989d00b35fb6261292a95e410c4f696b3849fc098f0e15939e7925503578

SHA512
cb2f381ca691a661b8074c14e909360e249b5d8b624fab62694a10b28e3a8320024b66af00a19e795174a857b7fc80277804d545d040257431fa853836bf19e9

Download Submit
/data/misc/profiles/cur/0/com.drnull.v5/primary.prof

Filesize
1KB

MD5
3bf4327df6b1fcec0de5399a885183ed

SHA1
4f2ceeb901b71d3f3c5d56ee9ac0430c94088308

SHA256
87964145ade7a79f223cadc1c48ed417d86ac1872b5f6d533814312da485e6ba

SHA512
5c3c3416af07cfa265043ee24909c59ea99d482f8e77f18a33b02cb0dfee6e48587341ee575dbd687fca82d249a00130c047b754994cfff9f9a4275724de4043

Download Submit
/data/misc/profiles/cur/0/com.drnull.v5/primary.prof

Filesize
4KB

MD5
1235eea81d83ca5f23e76ea64dd47c29

SHA1
c39e6edc51b85494639c5f2c0599f894e83bf38c

SHA256
a02818300b274ac5dcc7a328c75e17175be3cdd77a8893ea911978823bf4f7da

SHA512
6d553a49f24598b23884b2c32872a820d1051cfd0f2b5c3a65020b5e9244fdcfa99adb11bcc15b43604e6fea296be5cc0c83338d1188724d4aa1ef85c2333681

Download Submit