Analysis

  • max time kernel
    34s
  • max time network
    130s
  • platform
    android_x86
  • resource
    android-x86-arm-20240221-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
  • submitted
    19-03-2024 11:06

General

  • Target

    app.apk

  • Size

    3.4MB

  • MD5

    f2c6d87cdcccf037b8eda023365efe97

  • SHA1

    4044c41315054a0b50f7bf8f98a90cdd2e765f75

  • SHA256

    4035836dff03e5565a72b743deb1fd96b8f4eeef4554894a9777a1561a543e2a

  • SHA512

    65fd7ad4fe15a3e5e30fde89703514ef6781180f40353f68b33ac27d685973e93087a5c9213cbbc189823b124aaee23392acb689d4de32e6f2379607e54ba360

  • SSDEEP

    98304:gFttRPzDjoTwr5qCRbDrMomf9+/+c3BcAJwN:ctnDkAC9+zlwN

Score
6/10

Malware Config

Signatures

  • Acquires the wake lock 1 IoCs
  • Reads information about phone network operator. 1 TTPs
  • Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes

  • com.drnull.v5
    1⤵
    • Acquires the wake lock
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4267

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.drnull.v5/databases/com.google.android.datatransport.events

    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

  • /data/data/com.drnull.v5/databases/com.google.android.datatransport.events-journal

    Filesize

    512B

    MD5

    ba4dd873bdc2ef3c4e04db6c690d7c92

    SHA1

    36e543332eb0833bfaef720ae6e1cad12139d4ff

    SHA256

    44a3437c0b3ff53f9d5482c5edd7cd91bbc6160600690a9f8b196225e8aaff71

    SHA512

    278f229e40fec5ca8fdf786f025d30b290ce5d1e65071fa876d380f473de781556646f87bdda3e3fabf12b314b967de5311b8cc23cfbfb7bea300509f32f2733

  • /data/data/com.drnull.v5/databases/com.google.android.datatransport.events-wal

    Filesize

    16KB

    MD5

    cbb5ac71bb5012fe0325c914beb68331

    SHA1

    5569c4336965338be73ee80612cf45a73a47f03c

    SHA256

    772ea171a2afa7acc911b65da4ce0a424655363173623c611307308291c78c63

    SHA512

    22051d88126a9f4b8a99f197608be3d224b8019439408d2716511f74ce2244f7f897e9d2a24b4c9bf88f721a291a9cfd149f856bc9c20dabab6859f2307a5731

  • /data/data/com.drnull.v5/files/PersistedInstallation2260925419102188816tmp

    Filesize

    569B

    MD5

    6a9c1d6916640718280f04206466002f

    SHA1

    03295616c8d1e0c77a3b2c57c72690048f30060a

    SHA256

    a8e6ca548baf14a1e1d1bd9fdb5eec32c223eee9c002e8bccabff1a004e246ce

    SHA512

    01388bc7afe79ef62f1e1a55a47161fb3c8c3683893499d09e34e671307c4066e621bb5c642bb740b6ebbb5bcf87f43dc89cb0d894714223d181228027353706

  • /data/data/com.drnull.v5/files/PersistedInstallation2698149742762184105tmp

    Filesize

    90B

    MD5

    559e5f2511b2f248ed9f4c3c571b137d

    SHA1

    d1caa965875959ba23e30a5a2c09df9ef5e89192

    SHA256

    08d4cfd21a2bf911e01c2223cd631c05aedad342a2c0e191c8e2f035cd9f5edc

    SHA512

    a028856aad889d44b1b1e56ad471e9335ffa6c7b9940f88b07c956cf8e38b426c4be0be4220e49078489ba417a0afc462a046e444d2e583eaf21f56d3ad4a75b

  • /data/data/com.drnull.v5/files/database.db

    Filesize

    234B

    MD5

    d495749ec797d08e7f1cef6dccaa1cd4

    SHA1

    30f2da2805196372b34a222ad0b113ce78fdf847

    SHA256

    50561a49d60d1733b0d248b5067678b95f12fc63119bab0a09ab87bdbff48a70

    SHA512

    9bdf34bd63f02eacec8c36ea7ec24bfa35fa6b39fa1768e6fdf7da37d161dfb1b9c6106619c490809758a3af1eef1e453156255959e75618c912a4b91873666a

  • /data/data/com.drnull.v5/files/database.db

    Filesize

    375B

    MD5

    c8b4c1d49e07858a3fdfdf22717bde7e

    SHA1

    da48964a9f3d908f3979fc1078edb41684b0b92c

    SHA256

    2c6fe3ec55370fd80222b548c5a6fcf3fa9e5f3bf56ed25899db4478188b43a0

    SHA512

    60cabf72a62ef366ba29dc23c17f7726958a70e86f3cfd06851b8f9e19a8559da61e4b38b6d09d89d2a072f61733d133a7c95176d5eb58d596b8390d18c364da

  • /data/data/com.drnull.v5/files/profileInstalled

    Filesize

    24B

    MD5

    8e652d85a5d4352e3c2135098b330470

    SHA1

    13048ae6f53b6dd072d467a90b3117ccbf73b821

    SHA256

    b2063b4337893afcff1879d34eb288cf94d8ce4c9b40521755bc2805a4c6c8df

    SHA512

    aa3f8a3427ed198632ae0d696af3bf7fbe42fb5fa563547e9a6afe3bf604500950873ddad73decad33086ce46fd2da71cbc7d25da7161df7730066d3f43ed7a1

  • /data/data/com.drnull.v5/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

    Filesize

    8B

    MD5

    31b960b8584eecc818f9df3268362eb0

    SHA1

    c54fab0ff34ecdbec9ca862f0d63c80360fb6ab8

    SHA256

    5bb4845ffa68047104ae0df3cca116644ad5e33e9ba3f6a4e05bb10381ff9857

    SHA512

    7d06c267e2214a77f9fb3503016c061239073903ca08b340e5b00c782b23f8e896f9125460c1d90993329d899c24bc4759e0ac1e776010c268a80ad68fc3d368

  • /data/misc/profiles/cur/0/com.drnull.v5/primary.prof

    Filesize

    1KB

    MD5

    a59b0cb6683d371e99b7356cbb700027

    SHA1

    e8eb99edf1e93bf8741a73c95a3d9621517ab72e

    SHA256

    e0bcab712a7eb3b8880ad89f8d1098c67cd9435e0ab1f6ed46aada28cb72b732

    SHA512

    55adb5a1e0b143bc0af06dfa0515e123cfafbdd3646ab0188c9d9d2f6e9a7ebb8dc4fb53c787b618ccb4196ecab668f03693203ec59394a4032b88993e3bdb9c