5bf740d33b8654c1888b6ff6f2f2d32895cdfd9b205be5acb550e3d15cd705fd

Analysis

max time kernel
27s
max time network
130s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
10/03/2024, 18:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

apk.apk
Size

3.4MB
MD5

185103d45cb5c8d59319e8488035e3b4
SHA1

dfbe249d9af8289ebe83f6c6436054498e9759d5
SHA256

5bf740d33b8654c1888b6ff6f2f2d32895cdfd9b205be5acb550e3d15cd705fd
SHA512

eb104556ef2cb685a0a8bca9b71d8bba9ecb857b34c29307a1b37834ae5cb029742e5576315ef0ce57421b698d90b2630e233247edd7d5b23b21184bef4a742a
SSDEEP

98304:css9Dft3aCrCMr1GoTwr5qUa8Eeu0XVvetu85W:DWDFrDRevmW

Score

6^/10

discovery

Malware Config

Signatures

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.drnull.v5

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.drnull.v5

com.drnull.v5
1⤵
- Acquires the wake lock
- Uses Crypto APIs (Might try to encrypt user data)
PID:4476

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.drnull.v5/databases/com.google.android.datatransport.events

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.drnull.v5/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
e83e6e9b33eac5d1026e60042dd0b6dd

SHA1
cbdf431b09346d02d394704ac2566748f674bede

SHA256
5a6e8ee5a37f6b22ce8189e05ad1a13331d49e1f25635797c364ae9d4ac4f619

SHA512
d3fe1d9af2d94da6133241feb539348ab71b9925a172954fc0932c547293fdbeae2f16f5f029587505d133e6e115e08fea5e731248e7513b071366c898ee7ae1

Download Submit
/data/data/com.drnull.v5/databases/com.google.android.datatransport.events-wal

Filesize
16KB

MD5
4f46494ea56a6bb386dfc073452107df

SHA1
8793523f7d482e2bc49713919fc50f35f409c7ea

SHA256
e5b002e93f82695f5de9f58d7e0eeffc6d1a89265c1f03fd71d83f7e8daa3e0c

SHA512
b2cde71813470626badabe2183758104b8d6518d8ee341d669eb050bb3103c0783f686617d300319520b97c49930d9a5ca40815f0974ef1aea291238346f1ef3

Download Submit
/data/data/com.drnull.v5/files/PersistedInstallation2602643877331304759tmp

Filesize
90B

MD5
8d170112c585693845f1d1c5d18337e9

SHA1
ee580c4bb70d47aae1251219c41551af515df450

SHA256
d11aec477923684353af99d64f852cd51ebc7e2f51be2cfee4d76ca3d68b2bcd

SHA512
4385ae22ecada28a2e910fd945e5db88414ff6713fe36e6a36fe090a6121932f7c33bb0aa97ed96193f2504d1e02fd90ccfca5ac0d626654e40d39815f08d31c

Download Submit
/data/data/com.drnull.v5/files/PersistedInstallation2885319630664878246tmp

Filesize
568B

MD5
0b493382f9d467a431cb52008a15025e

SHA1
970a9cc6288148138da827010fdcce16968fe6d0

SHA256
f98acd40531b305cc5fb3e98ec9dff79a7b1e15bb2993654622bcb80338c157b

SHA512
c6dadc70f7b497b6b0d67a6730a45fbf01acc068d460a90f680f3b4977d2d516627f43f13c86bba83210d48589e28a39bf7303d11de820f3bde2296a35a777de

Download Submit
/data/data/com.drnull.v5/files/database.db

Filesize
365B

MD5
85a1ff53c5b33ff8e998618ed1905fc3

SHA1
fb0e8c84c2bf0d194e4c85e278f23542d0299083

SHA256
aa7daaf7dd41d58c46246a04a71ecdfd1a724bbc59c21c1a9897f88e5299d203

SHA512
0950387b442239d9e4ab39f15b215d060da767a73b4c8afc9d01ef4c1cbe1b240b6293399530deda8dd51d0beb3d301a4c930d82cee77f548b58b37c3e718ba6

Download Submit