d6869d0862ba76d4562761732b984d87584e64ac11f0688e40a71b356be4ecec

Analysis

max time kernel
20s
max time network
146s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
02-04-2024 10:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3a91e5ace8cbd8a29968bd400c63f893d4300422a17db9d0df2162f49d1c0388.apk
Size

3.4MB
MD5

ecc3c4a1716431fe424770c1ae7aefe9
SHA1

c87652ef7efdbe782798677d76d3ed7285f2d905
SHA256

3a91e5ace8cbd8a29968bd400c63f893d4300422a17db9d0df2162f49d1c0388
SHA512

863b6db3ac143cebd03d2ef0499f337599d29f4a5e34b2e9eeb0f5b32a801392b94b369f1560918244a002c750096d62078c2306af9100f463cebbe62e1fbc2f
SSDEEP

98304:A3ndmZBa7LLP1yoTwr5qQpCFZg0h+Tmp6MBEx:A3dmZBanLP1PCXT6U

Score

6^/10

discovery

Malware Config

Signatures

Acquires the wake lock 1 IoCs

Processes:

com.drnull.v5

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.drnull.v5

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes:

com.drnull.v5

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.drnull.v5

com.drnull.v5
1⤵
- Acquires the wake lock
- Uses Crypto APIs (Might try to encrypt user data)
PID:4320

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.drnull.v5/databases/com.google.android.datatransport.events

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.drnull.v5/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
af756bb0c71c7225ae84ec0e82534371

SHA1
f28bfc7219c909b2399f9542363064146d7bed80

SHA256
17cfce8e55ee563f1ab0a118d13e5a98816c8469c5d1510b48c4873b310820c5

SHA512
fae59d43b5c1e4a37297a0e44969de0b15104da65993f981e8233c51dcab6688f204db2dac8fb4d8b2ab2f0f48ce477f26c5e05a87948e8ac86c04fbf74ea9bd

Download Submit
/data/data/com.drnull.v5/databases/com.google.android.datatransport.events-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.drnull.v5/databases/com.google.android.datatransport.events-wal

Filesize
68KB

MD5
81b3f6da713b37b0cd9e4827ddca136b

SHA1
92412276e4f9d86754095ba95eef378280bdb8bf

SHA256
7301fae01880cc5fa82e27c459383df9aa6d99f721a7bac6c55341b1233ea8e8

SHA512
2e16979f7251937c21763b5df8a626745d8ee05e049f30d5fc7cd71231d7e5b13f608226a328c96b7339628184b7323541291e462faa07bf5acf0f4fcf4fb4f3

Download Submit
/data/data/com.drnull.v5/files/PersistedInstallation5795272756152313100tmp

Filesize
568B

MD5
87a7788f5f7a4711a955685259ecd63b

SHA1
ee4f10817d41fa1cbb0ab10f4dd3ad4dfa531952

SHA256
a24a003922ba12be544a0d2a4b0d604a2ca9e24becda7d09efc9495ab951a592

SHA512
dfe25cd9f4f227df3f76336ccf23338fe3d3994fb52a19f8de30c85167cd026b6024fc483ded71d147c2d097f906bee3d8a51c48382cb30254c6964cd4f07161

Download Submit
/data/data/com.drnull.v5/files/PersistedInstallation935546441675840111tmp

Filesize
90B

MD5
e53f374604a8c2ea8bc56910625e5168

SHA1
2716221750a1f52f5cd7ea38c4a58802b78dd3f7

SHA256
1cda211f8207bfe319c2781d708c06deebd3d32fc196fc533387a5feb2c49bef

SHA512
e88c5236d7e8eaaae59dfac2ea1fde1939051159b408ab8dc99a4efe199719ce4fe7573d58b94b663a3433427f764efc7c84eefff9a6d39b1a45e23a179ff80a

Download Submit
/data/data/com.drnull.v5/files/database.db

Filesize
102B

MD5
f28069bb5ddbccda5b68e4c0386c7b43

SHA1
271f4f5cae97fa168bb466856d99c964713e77a7

SHA256
01a21955ef8f404843d9522c320c4ec45dd942e6ed2be53233abf8924e38803e

SHA512
8edc563b3c46d2d3328c69a196a5ebd3e3fca09a19b7a16f9121c089e3b597bbd01f232437e883f69412f82eba71e77e3ad78947bd0e846c4a8a43a82bca1158

Download Submit
/data/data/com.drnull.v5/files/database.db

Filesize
102B

MD5
90513f73643e631f2b0c324a6acaa673

SHA1
5bb6b81bfeef1c1b70a541d1b56ff2779758fa6c

SHA256
bb2da634e5828d9452897ad58f01833989806ca517af099fca1b4ed2275f8071

SHA512
fadc259b5754aeb33341368a7c9426ae71a0b384311d4fab8f10f9754a8fb2d5079493bedfcf549241f02f4960476ad67484d43bcaf8389b63df491901401ca2

Download Submit
/data/data/com.drnull.v5/files/profileInstalled

Filesize
24B

MD5
467863decdf17868074fa1ce82395207

SHA1
59e6c90e0abd05c70c278a7bb0c96127289803dd

SHA256
9ce4980e9e527b99153eb6930b301bdacf928f45bda9da81f0430681857511a6

SHA512
fa3b2e312fc39a3c735d06052d0e99d6e038c3a56a3e58d8450eabd157f0e726fde24eaf839221c88c586759e25adbc11d08e5c6ae4d16b952c3af4ed7280dad

Download Submit
/data/data/com.drnull.v5/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
f0ed6333c3271c75c239f3c3465ae7aa

SHA1
d8af6a3bf38a9290f7797997899d4a6d607555d6

SHA256
3729761244ac95ea39d8eb2120ef7eda211a893402a0ae6e67a243f6b2f36732

SHA512
48ad4bc60154d14ccabf248b8079f060039dcdeaec151e3df55ff896e5df6022d896f56b5b6b499b05ecb70264c3f64b9bfa4d1ff522cb0867610b3ed73a954a

Download Submit
/data/misc/profiles/cur/0/com.drnull.v5/primary.prof

Filesize
1KB

MD5
71a2513c209c8239600dba4a08f44e11

SHA1
5bbecfe2ceff2e85bf7e6f0dd4b446fd706a7588

SHA256
a9e27277be6cd2059f1fc3a57f92449d56ed7f6464381c3bd402d5bf541aea94

SHA512
d2d6e80c92f079312eb7e049736f93266a5506459b793937bbe191200ef01d1ab80949cd956147bf85c72523a9fc7e23bb1cdb0e1e843e41373d1a6483c013de

Download Submit