Analysis

  • max time kernel
    21s
  • max time network
    130s
  • platform
    android_x86
  • resource
    android-x86-arm-20240221-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
  • submitted
    16-03-2024 02:15

General

  • Target

    3a91e5ace8cbd8a29968bd400c63f893d4300422a17db9d0df2162f49d1c0388.apk

  • Size

    3.4MB

  • MD5

    ecc3c4a1716431fe424770c1ae7aefe9

  • SHA1

    c87652ef7efdbe782798677d76d3ed7285f2d905

  • SHA256

    3a91e5ace8cbd8a29968bd400c63f893d4300422a17db9d0df2162f49d1c0388

  • SHA512

    863b6db3ac143cebd03d2ef0499f337599d29f4a5e34b2e9eeb0f5b32a801392b94b369f1560918244a002c750096d62078c2306af9100f463cebbe62e1fbc2f

  • SSDEEP

    98304:A3ndmZBa7LLP1yoTwr5qQpCFZg0h+Tmp6MBEx:A3dmZBanLP1PCXT6U

Score
6/10

Malware Config

Signatures

  • Acquires the wake lock 1 IoCs
  • Reads information about phone network operator. 1 TTPs
  • Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes

  • com.drnull.v5
    1⤵
    • Acquires the wake lock
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4478

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.drnull.v5/databases/com.google.android.datatransport.events

    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

  • /data/data/com.drnull.v5/databases/com.google.android.datatransport.events-journal

    Filesize

    512B

    MD5

    158551b2c1132fc91c46a78a8511d415

    SHA1

    f8ea09ede54e4b11419217233ae9b919451da002

    SHA256

    629c7dad71297965c96150a9f8c05b13af395b744c4f11dd6f29d69a1026051e

    SHA512

    91a113f51101434b7376372728e4dbf487ab4adff39cb693e166697f34e4b2668fb5593053b00ced1d68f419c1030134462b5d821f8c226da59025e1a1614297

  • /data/data/com.drnull.v5/databases/com.google.android.datatransport.events-shm

    Filesize

    28KB

    MD5

    cf845a781c107ec1346e849c9dd1b7e8

    SHA1

    b44ccc7f7d519352422e59ee8b0bdbac881768a7

    SHA256

    18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

    SHA512

    4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

  • /data/data/com.drnull.v5/databases/com.google.android.datatransport.events-wal

    Filesize

    16KB

    MD5

    d13697b6df2ec4cb39af582805589a8d

    SHA1

    f071d47c053bf762500a995aafb456f33158fb2c

    SHA256

    17f55eca2a3de6c063ce7174a8ebe2a2e664d1510033551a558d423a43d0b358

    SHA512

    2c0875a473c73d75a47149b0f5a66454421c6b4c6694b76607becd2afecbeb30122f96715e628e1d6ff3bd7561a2fbbd2ec3097311757f00eb11700bef19be3e

  • /data/data/com.drnull.v5/files/PersistedInstallation3679679221832999416tmp

    Filesize

    570B

    MD5

    a09cafa1f91b40a396b8b6fc02b2c2b1

    SHA1

    8f4bc859d4ed3cbe4bb52eba127b14656cc74c1f

    SHA256

    96b9fd1e082b6e1410b1f9395bf2fa64c23099cbc69e29e3b2bc3e171e12aaa8

    SHA512

    fc2cce749333b322a238d40192688f37ddc846b4b163933aeaa80592948792c4a7398fa7ea94dda588178e757a0a46e09b26b9d73eac5fd11688adbfe42cb6d2

  • /data/data/com.drnull.v5/files/database.db

    Filesize

    102B

    MD5

    87d48bbcb62507dec936c1c1c6738ff1

    SHA1

    9795fc60105d1430a85e0ea146f0ef82019a6832

    SHA256

    e1319239e029f091764e237582ba4cc849c8e2a132d9450f497febf750a128e3

    SHA512

    0a9f0297cfa6cab35f969307b4f627942efec1bb1db7920e4fff374f64b4b7f79f7727a84514fe8b2925b6db6a89af786d741b233914afcf5ee40556d76744fb

  • /data/data/com.drnull.v5/files/profileInstalled

    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

  • /data/data/com.drnull.v5/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

    Filesize

    8B

    MD5

    fbb8008f6385a463ea592d8b5b372e40

    SHA1

    98f2d05078aa9fc9c36dbaebbfb876ab1408425f

    SHA256

    6ec45cc12695af58fa8829e8cb5c26f6506721872e8b66f94e5529b66f84219d

    SHA512

    a6566cabec0dddbbc42e9eeaa26ee65c18101d95523e9a76355cf97cbfa54a04f21317e1268894cd3956d737499440441b488d4e3fae1324f61ff7498129928a

  • /data/misc/profiles/cur/0/com.drnull.v5/primary.prof

    Filesize

    1KB

    MD5

    71a2513c209c8239600dba4a08f44e11

    SHA1

    5bbecfe2ceff2e85bf7e6f0dd4b446fd706a7588

    SHA256

    a9e27277be6cd2059f1fc3a57f92449d56ed7f6464381c3bd402d5bf541aea94

    SHA512

    d2d6e80c92f079312eb7e049736f93266a5506459b793937bbe191200ef01d1ab80949cd956147bf85c72523a9fc7e23bb1cdb0e1e843e41373d1a6483c013de