cfa83a8a73df1bb5c1cc81d8528695529ac8004e9076d1677876226fab67bbf9

Analysis

max time kernel
47s
max time network
146s
platform
android_x64
resource
android-x64-20240221-en
resource tags

androidarch:x64arch:x86image:android-x64-20240221-enlocale:en-usos:android-10-x64system
submitted
02-04-2024 10:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

418a4f1832bb257443f24395ffa33f7ab17c308cee40843fb08cf708181f2f34.apk
Size

3.7MB
MD5

d51b1a442498b0cb27be21f174fa534a
SHA1

7dec82f84efd643c6b9aa7a536d21f1ae1a0a96d
SHA256

418a4f1832bb257443f24395ffa33f7ab17c308cee40843fb08cf708181f2f34
SHA512

ffe077b06c555794b96ebb5cd38e23b961e61845e5f0a08095bd9d0d71cc50c1c43da6d39ba983855fff6e8140f05cf3678c174f1aa72666b6090883ac9b47d5
SSDEEP

98304:du/c4rvTwEbl4RoTwr5qcY8ROfjfShYe4LhLuXZF1Iw9eGnLeVI:duU0blDHBL8

Score

8^/10

banker discovery

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs 1 IoCs

banker discovery

Security Software Discovery

T1418.001

Processes:

com.drnull.v5

description	ioc	Process
Framework service call	android.content.pm.IPackageManager.getInstalledApplications	com.drnull.v5

Acquires the wake lock 1 IoCs

Processes:

com.drnull.v5

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.drnull.v5

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes:

com.drnull.v5

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.drnull.v5

com.drnull.v5
1⤵
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
- Acquires the wake lock
- Uses Crypto APIs (Might try to encrypt user data)
PID:5087

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.drnull.v5/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
d086b575cdb0a1e76f7198f698a44ed8

SHA1
ac6c643a0ab963d14f589cbad55a653a1f03168b

SHA256
69a2fbd7c813698f1801fb1c2ad3ab92e7eee9919d6df15dc0308a36da9177f3

SHA512
431428a07d26d53ef8f1b56c06ea1104b6a16eb94be23da4eca020fc6e6851a0aa348a69d3efdc5c8fc14cd727e228450e3bd7af6304d47f7021a456d9b3e7df

Download Submit
/data/data/com.drnull.v5/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
9ba5b1b21ef2661466f9226ea5c41b7d

SHA1
d284f6fe0cdf530257d3889c9f042ef0f598f1bc

SHA256
ef8df2563ac93ca269a5fd965a6ec44849f7e94d1627b6b76749c18c29bf8b09

SHA512
8ac8f57c92d0c9e262aad86c959c559573e81a4a6adabfb0da7e35282bb34eb0c044828df1ab1d01445ebbe09514bb1cb5945131ee0ff7f8877266a3c4818d1f

Download Submit
/data/data/com.drnull.v5/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
237265f77e7f1a6dc21de556c4585e38

SHA1
b510eba4b12e01cd3e52866bd46067210c96b10d

SHA256
c5ef35dc270c1fef2e7f4b68593778a60343d48e883a6ed4cfbf11c0c3d97c3a

SHA512
d2650b0216e00d931cb64e8df4f733759df402315d21bc2c9438b1384416fe086fb44e6188b5751a88dc3be1a0ce615d9954d9193af44ff1ba9f99dc542ce9be

Download Submit
/data/data/com.drnull.v5/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
409691c8561068e32b5b382383b0f37d

SHA1
55638a9806e248a9b71efe64140a7e0ec93434d1

SHA256
3e6d2697bb59d72b9d79d74dd7f539b3ab6a2c05379f88fb38f1d0f013562a04

SHA512
0048ccf9ce2f7b4e934b2ba06a5dd6972efb984f16ed5ed2b059fa38501de6314672de39736ce72fab22d5f67c8051239d198b3cc1fdcf6b77b8f6a80e8f7b35

Download Submit
/data/data/com.drnull.v5/files/PersistedInstallation4113969988993647735tmp

Filesize
569B

MD5
49e289a5624878c01e0d0f6c7e87ccc0

SHA1
75f6937310d0df837afd57c8bbbed595c7cf0913

SHA256
47b7318dc99b7386a8eae310d08bccae76c27d842210f2a59334f1c88a82c971

SHA512
9997215a1837ac43643ace4bee6859db12d41344896a4de7b4bdb6cf4eb49f98b7ad1219f09315ac88be687a62fd64c575e902c0632640f7e261c4354d8eafc6

Download Submit
/data/data/com.drnull.v5/files/PersistedInstallation6055784034184445019tmp

Filesize
90B

MD5
641e05cb141ebfcbe61a7bfc224dd8e7

SHA1
70f40da97c54a53284e7fc4ec7dd96620006ed2f

SHA256
c8cf2b0d0a28d9278eb87db9d3af88d7e5f0bc0038d0053ced16d0bdd2017a75

SHA512
b0097f5ed369004a051e55416b6d8229ca4c42299b829b22ddee24e37a9c62cef815e6552c3e65fba8722b073a7d65e2f0430a22019f19c329e9b8cf0b006034

Download Submit
/data/data/com.drnull.v5/files/database.db

Filesize
102B

MD5
d5c16fdc793905eddffc148899d01c0f

SHA1
37de39759e3bff99ace82033d0bc6a85fd5fd72c

SHA256
ae70ba0c776494703b5994068fd737a23fc7db1c6e755a50800c3068d91eb49b

SHA512
75d71bdf474d238a1f01ff4a9468d5c34e53b7872d65aa90041a92fd05e6a0a360cfefaa1d75f2956c955fdb1f7610e768f8011d8a9a188a7e87f273ccfada13

Download Submit
/data/data/com.drnull.v5/files/database.db

Filesize
102B

MD5
cdea8e3ba79b209c954b7618e2f2a0cc

SHA1
34b023f217c5d55ca75edf84fc66a015f77bb3f2

SHA256
c55c8212e289c707974164a053da4b4127167165380d862c0c9bca0ba6639e73

SHA512
96cc2636398f3071fae3f412c9fa3e5756996b1782551659c8a64b4ee487f98616e276ac90bb11cde8dbe98bb79777162aa1a95d90ccd1b795f39ed7fdf61e74

Download Submit
/data/data/com.drnull.v5/files/database.db

Filesize
102B

MD5
5bf35db451d960c08a0b15cb0065f3ed

SHA1
de546b4d758e7ea0671f42171bfeae4970c78965

SHA256
a7b7e3ec7ffaa267d759541ff5803397fd2afd0d6ec2dd7ff20bf6e7079ceba8

SHA512
d4d702fec83f61866ea9e6e0119eb20d6e99af6074a36d4089201e7f00ca10913bd4889292fe169c0c770698fef409aa71d6855d3923b5b541d83a875f3e0e83

Download Submit
/data/data/com.drnull.v5/files/profileInstalled

Filesize
24B

MD5
e31832d1bd69477088c47bf9c3f1e159

SHA1
56a25f7b43a1aa72405df5ca32bee4f8f947e945

SHA256
c0744ac4835648f12d71bad4eecfcbdefe2f79fb42cffb6c6eeb5cbdd89ecc5a

SHA512
32067bff7d16f0868814e34b07743feac64d9aa6f6c45bb63535c6d5d3c5390e9149432e4d6806126d4328035771a892ffd8cb3e9d625dadd562d86958f8d4c7

Download Submit
/data/data/com.drnull.v5/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
602286109c31c21f0ae4d418b591cd55

SHA1
e028343cf1759277e2a9db689ace80cf921ee597

SHA256
24ac348248f50680bda95553ad3abda14e2b9b24d8eb529e50b0d06413a96c58

SHA512
18caaa8d9d51fe8f4066f33c2ef060edb22a030ee0e517bbde0eb8d6acb520cc8cf6c25d055e85d207d72c553737ff00a414f89f17c60dba327cf94ff18ee551

Download Submit
/data/misc/profiles/cur/0/com.drnull.v5/primary.prof

Filesize
1KB

MD5
f70519e5e968727485de5380d97031e0

SHA1
b8a382fb9299ae2204882f96623d3ede40f4cdc3

SHA256
44707b381268dc9c7cbcc33173cc5edb90e0b989e97e30b5ad94e1c95e541d26

SHA512
88290f75c80871a5752aa3c593f27484c6ff5fff20123e19eb9104801f7f626a9246b43c86c34b6b88978f2d103584a5800b2d4ce5ccfa706ad5bb765eb62cd2

Download Submit
/data/misc/profiles/cur/0/com.drnull.v5/primary.prof

Filesize
4KB

MD5
ee12ff02b8ff934addfca7eca02d3d97

SHA1
cc13c46c12b8155fde3ab5c69f042e34a2cabb58

SHA256
fb70a01af42661b632af1e2959e404af1594d4d324a029b5923f162ebb4c97f3

SHA512
5a74bcb211e784f41bb319a04dbc5c67604b23124403e0b42b72bc159803f092cac2b74529a4b47335f6fb667b77ca83974d70f7637b1821f4f6285bf872b0e5

Download Submit