90d40e206c39f2f27eaa187e77bb88addcfdddd7cee8f64060bad70d61aad215

Analysis

max time kernel
22s
max time network
169s
platform
android_x64
resource
android-x64-arm64-20240221-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240221-enlocale:en-usos:android-11-x64system
submitted
02-04-2024 10:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

590a24580b0e521e5a508b65ac5843e0724cf3d2ecac4356d2423116ba891e71.apk
Size

3.4MB
MD5

3e3edcccd847bd1f40bd0d7c71a8ef9b
SHA1

5b561522d91c42e5eca0bcbefa854fe83653d69d
SHA256

590a24580b0e521e5a508b65ac5843e0724cf3d2ecac4356d2423116ba891e71
SHA512

32c997698bfb07081e4c45337b402acd294f3211cf9df8bbc65a9f21f06b23d56d0172a2c1cfef9c92de2d762ea4fc8552e8fe5ae7382fcd302c7cc447a887f4
SSDEEP

98304:gA+u4Y1sNALlOUajvQoTwr5q7QASwW0bhX6rKATh:gAk8OdZM+XGh

Score

8^/10

banker discovery

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs 1 IoCs

banker discovery

Security Software Discovery

T1418.001

Processes:

com.drnull.v5

description	ioc	Process
Framework service call	android.content.pm.IPackageManager.getInstalledApplications	com.drnull.v5

Acquires the wake lock 1 IoCs

Processes:

com.drnull.v5

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.drnull.v5

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes:

com.drnull.v5

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.drnull.v5

com.drnull.v5
1⤵
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
- Acquires the wake lock
- Uses Crypto APIs (Might try to encrypt user data)
PID:4456

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.drnull.v5/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
dffa5419e19cea13f055b5e4d294f3f2

SHA1
2d94f483c4f461b26ce56507fd43a3be4658b10f

SHA256
3026cf000880cedb26dbb71b235d6230b1d721467662404977a251a3aac2eba0

SHA512
84fb891a78b32b198da52f55d80b43ff5a2df2e6d6c7fa947b8990e78cf7c0bbf10c491d2b9e08c5573a99666563c355a8a3ea309c1430b14a7cf6a56b356a70

Download Submit
/data/data/com.drnull.v5/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
36a8daf7d0ed10f57b9a0c7c4650df2a

SHA1
edf6d483c9772b87d8aaa15caa0c4d9cc9dd0f11

SHA256
885163a8ebda4172fbc69fa41f2b8c0448deac2941a444d8166bdbb3fe23ec06

SHA512
9ce34140f9866026ab55491d106ea3caee97727954b689b98bb7a49b94ffceab0da96abf1b4c5b2bd4f45a6a12d4bc14ede2f4a9f180887c40c403d16ab7019a

Download Submit
/data/data/com.drnull.v5/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
ec6f993eb1f675ec732320fa1445bd51

SHA1
3a3a9f7a598878fe616d633cc45cb5f42c191931

SHA256
ba5e40e281b88e78ebbac0114f29b5f78de41e81965949f404ee16cbca3e115b

SHA512
60bee8acff160390db67dfb477542949d3e996a634cfdffecd0659f5a776fd8d5b6d65bc154b68f4f5016ad20c81a0a52b1b5ee476513d17b01f08c12551462d

Download Submit
/data/data/com.drnull.v5/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
dc7c18f8d76facf587f781262b58d083

SHA1
0dac46003f5f28714e1a5db91a4c862f5e5558e0

SHA256
cdb138ac81fdb2737afe3c6acaa9fc7189a5b89b2f30d1441ed45a6a6365a792

SHA512
2f1fb1f2a34173d981d68820647e505cbd528b71242b5c42fa2ab4014ce9377bfe14231deb3adf0b2e5b11a0349556330169933443691ed62b7c64fc46749f61

Download Submit
/data/data/com.drnull.v5/files/PersistedInstallation2679139945809069859tmp

Filesize
567B

MD5
b5761ef8cb9802462e77f30df94fd159

SHA1
cc9e2cc19e3a31d9c905ec71580c5a3846ed105b

SHA256
95a6d377d2b9f1e12eafe8537a9753110732eb00b9380337f81e6325dfc1442f

SHA512
5455ce88caa82828bdcaf1c509cf651831fb41309bc5cfb71e7dc6766f274d42a185b550174b7b99b2e4015c0c694925eacdcf7f99bcbe914d3f419e80460f97

Download Submit
/data/data/com.drnull.v5/files/PersistedInstallation6393805134888853627tmp

Filesize
90B

MD5
72e111c4a9debaff99f54c266d98c293

SHA1
fa192da426340b0ef94a4bc897cf537a3a4d8457

SHA256
84f4de3e73d858468df80d2fca47c0189d860636a8c31353b064a58bd581aee1

SHA512
cb47ed2aacd2d5f1f828cff3ce323a9f6d68509d025784a4a016d70e3724f29c3c738eff7b17e633172355650d7adbcbd2bfbc7cb0cba504181d4e620888814c

Download Submit
/data/data/com.drnull.v5/files/database.db

Filesize
102B

MD5
d906d00aa0b5846744a2c7cedc81f05e

SHA1
5f07cd30c4e762265bac0e2791d94e4bf4c2b9be

SHA256
a3212fec1e0729e799454741a21236f213e0c930791fc7a5a685b913053d173d

SHA512
f1834e68ceef42283ff0467221e22ae35f132a8805a355e73170c057fbb89ff75c009a5734cc27d8ea7af91164e4a96398677b824a04551907b29b47c22c98b9

Download Submit
/data/data/com.drnull.v5/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
9a1f8d92463cf96d078b84178cc2c900

SHA1
071c2eadf117107a6962014481d4c98ad18b15dc

SHA256
0082d3ba5c9a4d9f26507dd5e3e87bfaac1039ca4e38805c5f67aa06423fc86b

SHA512
aa2226935ee00c707b12b40c5b3086c2bac21ebaa59097a27f087df55f2a6e6482fef1d7c51580a1dab65cbe254e0eeb15eb6705bae0bd8a18fe048e9964eb25

Download Submit
/data/misc/profiles/cur/0/com.drnull.v5/primary.prof

Filesize
1KB

MD5
3bf4327df6b1fcec0de5399a885183ed

SHA1
4f2ceeb901b71d3f3c5d56ee9ac0430c94088308

SHA256
87964145ade7a79f223cadc1c48ed417d86ac1872b5f6d533814312da485e6ba

SHA512
5c3c3416af07cfa265043ee24909c59ea99d482f8e77f18a33b02cb0dfee6e48587341ee575dbd687fca82d249a00130c047b754994cfff9f9a4275724de4043

Download Submit