5bf740d33b8654c1888b6ff6f2f2d32895cdfd9b205be5acb550e3d15cd705fd

Analysis

max time kernel
149s
max time network
161s
platform
android_x64
resource
android-33-x64-arm64-20240229-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240229-enlocale:en-usos:android-13-x64system
submitted
10/03/2024, 18:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

apk.apk
Size

3.4MB
MD5

185103d45cb5c8d59319e8488035e3b4
SHA1

dfbe249d9af8289ebe83f6c6436054498e9759d5
SHA256

5bf740d33b8654c1888b6ff6f2f2d32895cdfd9b205be5acb550e3d15cd705fd
SHA512

eb104556ef2cb685a0a8bca9b71d8bba9ecb857b34c29307a1b37834ae5cb029742e5576315ef0ce57421b698d90b2630e233247edd7d5b23b21184bef4a742a
SSDEEP

98304:css9Dft3aCrCMr1GoTwr5qUa8Eeu0XVvetu85W:DWDFrDRevmW

Score

7^/10

collection discovery

Malware Config

Signatures

Reads the contacts stored on the device. 1 TTPs 1 IoCs

collection

Contact List

T1636.003

description	ioc	Process
URI accessed for read	content://com.android.contacts/contacts	com.drnull.v5

Reads the content of SMS inbox messages. 1 TTPs 1 IoCs

collection

SMS Messages

T1636.004

description	ioc	Process
URI accessed for read	content://sms/inbox	com.drnull.v5

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.drnull.v5

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.drnull.v5

com.drnull.v5
1⤵
- Reads the contacts stored on the device.
- Reads the content of SMS inbox messages.
- Acquires the wake lock
- Uses Crypto APIs (Might try to encrypt user data)
PID:4293

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Protected User Data

T1636

Contact List

T1636.003

SMS Messages

T1636.004

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.drnull.v5/databases/com.google.android.datatransport.events

Filesize
12KB

MD5
edb655088d1ed9f33f9d0d499b7a3ef5

SHA1
565c4f4e43179dbfc285cd6331dc8ac75a901af8

SHA256
bb9e45aad35b43e895393e7a66e4ead6a5f728f90b7627e3c741d391bf65d4f9

SHA512
98cbf923880de82921c38973fbc6d711dc39884428d1eb4ead33658a5a7f163734e5121823d5b043ca44554d19c5b6f966674ac7291513944a94cec97d5be599

Download Submit
/data/data/com.drnull.v5/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
a083db1af13573b5d203ceb8881f7746

SHA1
e5a9f98cc247159f5e4cf9f4823266f842d495f9

SHA256
87f5cede682e3d77798ea28dfbea5ef1cb759053268fce9591369a29f82d1833

SHA512
3f34c5d379ee3702f62b7902e6bb2462ec7c444564364bdf9c9343ae37a00dfd02f61a686dba64e4b3c94e52b99aba07baed1904ba3e71a79aa91c970ea45de9

Download Submit
/data/data/com.drnull.v5/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
bd13bd58d98ec6a20dcfec406af47636

SHA1
5a754dac9b7838b1970c28dad9ac95c3ae42dda7

SHA256
f7d5a2c94330182835157dd9a0fb174b7443e6e5ac51f8dc6ab3680983636238

SHA512
819709b64d911d15c5e35b044d0cb0035bbee9a9d9f6469ed71bcdb688c09461bbe87a68dea7a8fc45ae077638935cdfdcfc500f3fd5392d1392187f8351b20a

Download Submit
/data/data/com.drnull.v5/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
e95c2e73a565ecde8af58590b8100039

SHA1
aaa82fd2bda234e052c56a8749506731c66cb4f4

SHA256
99102aa6a0ee8f7dbb4845e6deaf27e6d108a266c88f1ae1d430128a3e4d30f7

SHA512
4a5437d2059a89ce5ab2bc867974c6a2b9a28393a6732f7fa1566c967e6162bd3245689d6f315c55334feeed149c494d3e192b5dbe40721283f8df686fdab53c

Download Submit
/data/data/com.drnull.v5/files/PersistedInstallation2696806313775560146tmp

Filesize
90B

MD5
cf1e74c24bbfd247deff53e2b60179f0

SHA1
5e2ea07ad52f3113a1cb188651ac2d43903d7b49

SHA256
291aea9118511dd4182721df7c441116d32de0a67a298cce786fd9726abfd864

SHA512
a4fd9c13bc4f8f722b79371156fc4d92af93c423f79accd7728bd6a84312a175d4a4a751a75b2f49279eae7b20ff3f6ed9d8f2f9f86ca651f2f89d97773c9c9a

Download Submit
/data/data/com.drnull.v5/files/PersistedInstallation9050194048548716554tmp

Filesize
570B

MD5
e1bc9bcf0a1b15495258c51065c473e0

SHA1
c85a2db50b8177d29dc435a737d3068d7556eca6

SHA256
df4daf64412c4bdc54cef54d9debdf115f42f26b5b992fda808dea19b14aa7bc

SHA512
43e59d5189b34b9dd8553d8d046489b608a9e71fa64eccb1b39199b6d3c05e5f4fd354841e66f8e3438c01296ab707ee33ac0e5a0327f1436b084802a52fc402

Download Submit
/data/data/com.drnull.v5/files/database.db

Filesize
102B

MD5
a89bde17aa32bf73b6bfef14e7788a14

SHA1
19f7b89d4d643e7b3777dcfdbbe7e610519d2de8

SHA256
108c2fb1434bace52cf6187c3d1a5d084830ff8009759546256e4c36695b79c4

SHA512
45cda55e004fc3a93d5f00fddb100c5411df274d8b43edf54f5d710f09c94c8314e6325d7b98441279258950fadfa547ae44658654f7e15a65c3a0feed00bc81

Download Submit
/data/data/com.drnull.v5/files/profileInstalled

Filesize
24B

MD5
16880e59c48819a62fa8df70d8e72db8

SHA1
63276512185089093d999ffd70b5d40c9e77a10a

SHA256
d0bc9262dc2e24ff5aff9106b0ceeba2a70a448164fa814deb2d7c6c5b558492

SHA512
d7b83c145bb45040c021d2a2df11222e60efdeb01a9e27277d7d46f4660f03682b5f43bd86012305b55f9960e01189cbe2e5b188ef8f82b780383d56b0ea4633

Download Submit
/data/data/com.drnull.v5/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
712ac81fdf4cdec2b83694362cb41c2e

SHA1
0ae49a371f8430b4260fa8240a1add1ba48ad729

SHA256
2e740b1cf2c7e8927c1911d6d3b76cbaab167da55fb93c6d6b1634e1b2c57a24

SHA512
a8a4a786057aec60477c325abf736503746f7bb04768a66612a9e218b94599f72fb8d44d9fcf6fbfc374aef6ce80781d82aad7bcb82416eebb5fcc070d9a464f

Download Submit
/data/misc/profiles/cur/0/com.drnull.v5/primary.prof

Filesize
1KB

MD5
8255f8b3887bc62c0428ba3433575605

SHA1
1700097464ae3df04be80fae140834d0cd212e62

SHA256
4e700878914faa5c93aba25c36957c9f61aea5258fd98d056adce2048c2877df

SHA512
cf56eb0605a59b54056c1149e0deeaa2d43a61f9e79d59fc40d96affe0f8b8ded02e7357c90fbdb67a17128c4cea8ad29b5d18519032cc0617e3b329e5382909

Download Submit