cfa83a8a73df1bb5c1cc81d8528695529ac8004e9076d1677876226fab67bbf9

Analysis

max time kernel
19s
max time network
136s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
02-04-2024 10:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

418a4f1832bb257443f24395ffa33f7ab17c308cee40843fb08cf708181f2f34.apk
Size

3.7MB
MD5

d51b1a442498b0cb27be21f174fa534a
SHA1

7dec82f84efd643c6b9aa7a536d21f1ae1a0a96d
SHA256

418a4f1832bb257443f24395ffa33f7ab17c308cee40843fb08cf708181f2f34
SHA512

ffe077b06c555794b96ebb5cd38e23b961e61845e5f0a08095bd9d0d71cc50c1c43da6d39ba983855fff6e8140f05cf3678c174f1aa72666b6090883ac9b47d5
SSDEEP

98304:du/c4rvTwEbl4RoTwr5qcY8ROfjfShYe4LhLuXZF1Iw9eGnLeVI:duU0blDHBL8

Score

8^/10

banker discovery

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs 1 IoCs

banker discovery

Security Software Discovery

T1418.001

Processes:

com.drnull.v5

description	ioc	Process
Framework service call	android.content.pm.IPackageManager.getInstalledApplications	com.drnull.v5

Acquires the wake lock 1 IoCs

Processes:

com.drnull.v5

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.drnull.v5

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes:

com.drnull.v5

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.drnull.v5

com.drnull.v5
1⤵
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
- Acquires the wake lock
- Uses Crypto APIs (Might try to encrypt user data)
PID:4244

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.drnull.v5/databases/com.google.android.datatransport.events

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.drnull.v5/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
e1f419133306aeb8f5937fc2f1f5254f

SHA1
9fc7c83a560d4d62dca8fd02d570cb92597d5c03

SHA256
aa9286eb9ac8f5dbe83d515533dfedbc098f7c535a080579fb807ffa35dcf87f

SHA512
81575ff1321fa7906a0d18cc354877d9700e540c0614375d449d311efc6d86bc1af54f473285d8099c586ac1c81015ebf9365d6fc878d5e3f50c664550a3a406

Download Submit
/data/data/com.drnull.v5/databases/com.google.android.datatransport.events-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.drnull.v5/databases/com.google.android.datatransport.events-wal

Filesize
68KB

MD5
76dcc56c594fb2e9a854da31d0c41879

SHA1
a4dc8cc1cfb87253822b482400aa55c9e320d75c

SHA256
13f5f0f65f28637c7c5537bb7100428b92854da581e8674fe302c1220fe9846c

SHA512
c8d358eee46589e0bb0e0c4344a9128c417bba1c68127dbfffa5a48341011954a56c9eda0f8a9279c9a3b7946813d20c050ffaf23d4a8d376a7930e7b9ab349b

Download Submit
/data/data/com.drnull.v5/files/PersistedInstallation3243934875063097940tmp

Filesize
90B

MD5
cd88e9e4c9e258bc86c9fd1f98b5ce43

SHA1
47cfaf897837d0867c9875f25b0264fc993fa3a6

SHA256
c644de3be4b35f34ac2ef196e4e16c437df27c3b44baf6002e4dd3aed0c0091e

SHA512
d4d8e5c8e143db71796b48a1743989725194d1950b894324dd6ae9d00515dd1e83a3bfdc10148945b0c951e2fcef87611987fa787a90aa0c297b555e2da7e02d

Download Submit
/data/data/com.drnull.v5/files/PersistedInstallation3919001112905101785tmp

Filesize
569B

MD5
27a8f0d349d7bd84cab0eb0bc77532db

SHA1
4cd0393a8f4b1486db4d393479956bddb8ba4d81

SHA256
5b39cc9cc042a206b2c5659cd9e31eb557ffb09a6acacdd4c678f2bffda3d013

SHA512
0c5639d1bcd868aefe6476c8ac96dcef41474f448e60b11dddded11d05d0f6c390d18db1cd47a672feb8bbef672a2755fe36a0b1a3b1e9ae368b61cd32647b49

Download Submit
/data/data/com.drnull.v5/files/database.db

Filesize
102B

MD5
0ea4a459130898b5361cd7771e1e8ab8

SHA1
6aa2bf32f64bae24974516c9a656fb347c592b61

SHA256
e2d655fa47f7b7dcb764e90e6709d9901f3688ec41d8c857a21ef59ea2006527

SHA512
64711ae6737fe6dbc8a57d50c850f8ff6a15cacbc40b93dcc8d50e1aeabf9d8bd731e7e4601d98120f61d23025996afb6a3b2ab751c471e9b5784c7636a65551

Download Submit
/data/data/com.drnull.v5/files/database.db

Filesize
102B

MD5
8b7620105b6c3983f84cdfeb4fa5184d

SHA1
1836c5fa9726b7c04a031bb554f59c6b2df9918d

SHA256
95f8cea00e784e65ba0a0fe47f2e66f4b616e3e5adfb6951925cc599e1fcffa4

SHA512
f5ce43144e6707668a9470006fc4fb24e928afd77ac4dbd932a77d895aa2f72730ee85fff9fb78996c9e59eec4ae54da36910fab7c636b9066f2cfd0870d3e36

Download Submit
/data/data/com.drnull.v5/files/profileInstalled

Filesize
24B

MD5
60cf68bb7bab975412e8bf0fbf8a88cd

SHA1
2ed527ec5a1aac4ef48663fff42dcc5d40bf3b52

SHA256
f9db3a9d8a9590d5bd1a3f64a38066f6fed0d1508a07ffca3448eb262b903ce2

SHA512
5d860dc0d22b85ad4ded9fe9ee56a6f863d29f66b9989e481c345728d1401b6e61de04e15427240e99b0c7e7217b2c9886210d12eb864b9656c1427d79f47d9a

Download Submit
/data/data/com.drnull.v5/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
3ecc5a0320afd270a0daa0134182161a

SHA1
47d62fc4648add9cc3fca8622ece19ff31cc8a4e

SHA256
6c5b8da980944aa54f381908024b0c17c662842ee72313d394fdfb8367c0ba05

SHA512
b26ba30776bdd214fcb5f6ba6ebfcef90e8cfbeeccfbce4ed8bcdfbb4cf843fc729a3a383d6326a58220da5e161cbf5d37a22fe0b4f0ed6a835d7c4425cc7752

Download Submit
/data/misc/profiles/cur/0/com.drnull.v5/primary.prof

Filesize
1KB

MD5
f70519e5e968727485de5380d97031e0

SHA1
b8a382fb9299ae2204882f96623d3ede40f4cdc3

SHA256
44707b381268dc9c7cbcc33173cc5edb90e0b989e97e30b5ad94e1c95e541d26

SHA512
88290f75c80871a5752aa3c593f27484c6ff5fff20123e19eb9104801f7f626a9246b43c86c34b6b88978f2d103584a5800b2d4ce5ccfa706ad5bb765eb62cd2

Download Submit