Analysis

  • max time kernel
    74s
  • max time network
    145s
  • platform
    android_x64
  • resource
    android-x64-20240221-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240221-enlocale:en-usos:android-10-x64system
  • submitted
    16-03-2024 00:37

General

  • Target

    base.apk

  • Size

    3.4MB

  • MD5

    0426f0f7d5c8ccac04f8e30077d7d1ea

  • SHA1

    724612f75ec32a0bc96cb8a389044f3fd54bc39c

  • SHA256

    5bc930ea8c6d53a3f9d4081a99d604bde58b5503aaa937c969a26c01d0f86c05

  • SHA512

    b3cb2e070c2d85323b740774ea19acc9e701df12d35d61924cca9ab78fc61f843b864b5d977365c571b2e0f192917cff270653b9457fdd1dbee8bb44096511fa

  • SSDEEP

    98304:Bl4wny2QuzEoTwr5qox+Jh8kVflKouoCxn:B3hQuz12OlEZ

Score
6/10

Malware Config

Signatures

  • Acquires the wake lock 1 IoCs
  • Reads information about phone network operator. 1 TTPs
  • Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes

  • com.drnull.v5
    1⤵
    • Acquires the wake lock
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:5095

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.drnull.v5/databases/com.google.android.datatransport.events

    Filesize

    12KB

    MD5

    ea628e04765adaf4238a5dcdff4bbd51

    SHA1

    a801947619ea8c368efe9c006a324dc6339ac60b

    SHA256

    885e337c2156e4dbf2176a9677ade50418740532d222ccae5ad4aa371b54c6a4

    SHA512

    c0287b0e7b690a7231a37d1745c49f3d861b22aa65dd769ba6a8b5ab9da55443f749957781ee05a405019c39e1be45d37a971b821bffd62a1d5620bc39119abe

  • /data/data/com.drnull.v5/databases/com.google.android.datatransport.events-journal

    Filesize

    512B

    MD5

    ba7bb33672aabc75b0831803cc184699

    SHA1

    2b3916b9e676b617c6fda380721faa695376d6c5

    SHA256

    88547c8013057e3763848b9d4867894cdec74e646f399cba49fa5b4efbc70d09

    SHA512

    d892c5818cf7d81b02164abdbe09fed47d69b7e4da32a72a44e7719fee9cb40e1952c94279784d8420b929a0608a29b57007b3dd7888bb4497193c41ce7fc8ac

  • /data/data/com.drnull.v5/databases/com.google.android.datatransport.events-journal

    Filesize

    8KB

    MD5

    cac585c501e2438f733d2fe409dd6847

    SHA1

    73ba3c9cf4e1eddc26c7df24cd52bdbd0dc11e32

    SHA256

    e499fa3317a85f94cad839e488cb37a4810ea8514e93a08e4e7347dc89c4eadb

    SHA512

    8605c1334058663871c3261354589d1d32805ab01388d249167c1259704278b3382d986d9660f2977b76967e7c784433981da9545ca7427ca12f358a2f305faf

  • /data/data/com.drnull.v5/databases/com.google.android.datatransport.events-journal

    Filesize

    8KB

    MD5

    70a9de4751eb85f9246640eb3e85307f

    SHA1

    fb9f7b075af4e7a00ca8e5b7ef159a5ecc50d269

    SHA256

    a12fc7506a13f6f07edaf4d2b43ab8a009cea5a2879317a46b8207b74fba2dd3

    SHA512

    4fd9f0424740ac499446c78e1997314f1fdf98c1622d54dd1614da5c10bfff74045b682d4e8c3f70cd15f1bf9f1e098aa135648fa423b891db2b67601cddfc3b

  • /data/data/com.drnull.v5/files/PersistedInstallation3766581892127306234tmp

    Filesize

    570B

    MD5

    59745ee55df178d243965686669de905

    SHA1

    4655b8e02baddc09fd730d059ab8d4e080b173b4

    SHA256

    4d4624a63b319b5a6745ddc38192f715879ed51b5c29010e8deab6cef86ec1ff

    SHA512

    7d2e8c96a53763ea706ffb976d100aa55fa0048db27b2d8fc837705616bda0dcd13338620b33881c0e18fcf6aaa5e2b0f6ce9e7f724234dbc61c27d679792013

  • /data/data/com.drnull.v5/files/PersistedInstallation7708429879365096681tmp

    Filesize

    90B

    MD5

    03681c31d4a5f3682367db6a7dc5e2fb

    SHA1

    3e2d40f45c668e40b3473a98aee0e1474693aea3

    SHA256

    d835862e575f98877caa8ff34888707fc9ffdc08344853493f897af670e1bddb

    SHA512

    f56e5b0116c24a34a44727ce5c7a8234321796baec0682941990293500028b7bafc9611512c7877713adfaa4d7662972a0498599f913031aec75c1d9b932fa1a

  • /data/data/com.drnull.v5/files/database.db

    Filesize

    102B

    MD5

    71777c3ead245b5848747c2d6985681d

    SHA1

    59ff4b8cf5eb0b4a6efe8d3cf1aa8de606dc6ad0

    SHA256

    5c92e8a37a8e26d50699f33adfcee791f09c816810c480df247b08d691eacf4d

    SHA512

    848204edcf6576c886d94cc8161abf7ac13f8af5581c04e7b3531eb443cd246cf2391d7da1d6a26733abf64c537baf5bb014d6731c2417c6990caba0d0330e8e

  • /data/data/com.drnull.v5/files/database.db

    Filesize

    102B

    MD5

    283aea89c1fac25b29cee34a70fd2db2

    SHA1

    fa9246fb9f15cbc755f36bcf3b275436627a6821

    SHA256

    ad718505440d4ec096b5319b9e92f6e34574808267978580c55440d1c9d6ce79

    SHA512

    f9f6adb4a0f8ce5b0ff18a387ab54106edb94dfcd57aa7e067833e3c9bb76e6c594e0269162e773bf2e26d1e65bdf87d794e7134242be6a2e356b66345016b17

  • /data/data/com.drnull.v5/files/database.db

    Filesize

    102B

    MD5

    56599d9a6973e5717fc6f376b9adbbfd

    SHA1

    1be2af1c67c4b430f60d27394019e560bd9437bc

    SHA256

    0490ed2f2665cf99cc12ba5971e785203acc4606ec8afc8ed3407781057fcfab

    SHA512

    f68d588eb4a966bf59e0342d8180484ee36a43f4f321f28f68989c2acde17dddd8209671ac670fad0ac16c78aec383e740905aff65f532be3507a42bbe8e539e

  • /data/data/com.drnull.v5/files/database.db

    Filesize

    102B

    MD5

    fdc0a2437324eaab365f0842306e9ec1

    SHA1

    d49cd5fc0d89a7bb31dc51f3688d61244672b0ba

    SHA256

    1ba9c1c9195d96e9dbfed65126ffbff893db5604316f93c2478ef6c47376d5a1

    SHA512

    ac8122481c3679943373a8387b982d0f941e82eeb029dc470391f211fe3d0a3e9df6a0457ec02013b007dbb6aa6525ca158df2d6826358858ad3737cb0c0af55

  • /data/data/com.drnull.v5/files/profileInstalled

    Filesize

    24B

    MD5

    e2b05a2eee1e516879a340bcd6439132

    SHA1

    784f2da084a9bf2e6c1a4fe97050b0cd5c37d84f

    SHA256

    832108adef315f6d3fd257dc3446f3ec3d1394e7fe98c5644e04c53c87ab45d8

    SHA512

    ebdc9ad07bce7f60c75309b4995c446f236cd6b8619773e854df9a2fdafccf8c7cbd275f5a27e9a9e84845c17368be826c227bb9cbf2e1d3ac2c59282dc5dfcb

  • /data/data/com.drnull.v5/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

    Filesize

    8B

    MD5

    54bb24a712dff0cc8df07909fe081f5f

    SHA1

    e2f61b235e6485619dfc63bd7652ed7150536c8e

    SHA256

    95949f8a361e3c1c8b504ecab2eed0c238f25cd5b20f64a2b18aa0ffaffc5dd5

    SHA512

    747cec96c046c2e733433961d23e8a28e92f358dee84a699dfc9ab6b3545751a0253f91e0cb5f2333fcbd01386706203078e7be9c011a6ec848baa47321d14c0

  • /data/misc/profiles/cur/0/com.drnull.v5/primary.prof

    Filesize

    1KB

    MD5

    e73468902801114589f5c95a7422a74a

    SHA1

    e003863c86a297f02dd3720d02d840cc1d55a55f

    SHA256

    a2db0b849ed4dedd5bf1a55a374f86e8f13cb28ca688100df9012eaaf9f2559f

    SHA512

    ae4c1d4aad965f70ca97207d04873305265ac13c579d9c031318207b2799c3fbaef5868d459aa3df37a67359731f8af0475a7cc452212ba3a8b987ed7fbf5ca2

  • /data/misc/profiles/cur/0/com.drnull.v5/primary.prof

    Filesize

    3KB

    MD5

    440de5b92922e668583e4c983d67f1aa

    SHA1

    1e798cffa9bc082028e0444bc06440ddead107f7

    SHA256

    8baa34102ba77de1b0619bfbc58c6e5ee73838157b4fe1e59ecd4ceb8c8f7242

    SHA512

    8c794c0b77519b46ef5931799787d74ceb3b330fafa6c53d83a50e45ddc886a2acea9f024a16015abdbc12dfab5571bf15fc5432b1a8f88dd795492f624b8b04