3f7843d02a0047288a616def41455120f294927ddda04221453b56abd7095e08

Analysis

max time kernel
47s
max time network
138s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
02-04-2024 10:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5bc930ea8c6d53a3f9d4081a99d604bde58b5503aaa937c969a26c01d0f86c05.apk
Size

3.4MB
MD5

0426f0f7d5c8ccac04f8e30077d7d1ea
SHA1

724612f75ec32a0bc96cb8a389044f3fd54bc39c
SHA256

5bc930ea8c6d53a3f9d4081a99d604bde58b5503aaa937c969a26c01d0f86c05
SHA512

b3cb2e070c2d85323b740774ea19acc9e701df12d35d61924cca9ab78fc61f843b864b5d977365c571b2e0f192917cff270653b9457fdd1dbee8bb44096511fa
SSDEEP

98304:Bl4wny2QuzEoTwr5qox+Jh8kVflKouoCxn:B3hQuz12OlEZ

Score

6^/10

discovery

Malware Config

Signatures

Acquires the wake lock 1 IoCs

Processes:

com.drnull.v5

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.drnull.v5

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes:

com.drnull.v5

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.drnull.v5

com.drnull.v5
1⤵
- Acquires the wake lock
- Uses Crypto APIs (Might try to encrypt user data)
PID:4189

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.drnull.v5/databases/com.google.android.datatransport.events

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.drnull.v5/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
a814e745a4d313f98c760cf51137c1db

SHA1
af8dd9a4d9ead92eaedf4725930486519a475b03

SHA256
c63c363a95ed8b28c328b83dbd51eef1099cdae7e650aba3b94a69b104846f01

SHA512
bd83600a6e6e294f0c1b296b673f04ae9cc691f5f78862677a24f3190390b3d4d970d27c051625f6e82449611c18c025670e62cae42a58a782ead1644e2b7b72

Download Submit
/data/data/com.drnull.v5/databases/com.google.android.datatransport.events-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.drnull.v5/databases/com.google.android.datatransport.events-wal

Filesize
68KB

MD5
11b5d6881ec7dda065652e9699c3af33

SHA1
44241e7e7ba7e6e30382b72751be58c1e9cc7df9

SHA256
d52cb63e272f2bc3e4b2707a02e4c0b49dd98158d2835a008a88c09a90cee1f6

SHA512
be009db91c791c4c5b3e505f899efaff17220dd10d6e101f78af7858b297112dadf0a068618362be9b6f74c54a271867a5a8fa6aeda4cacd4f053a6ab74b6476

Download Submit
/data/data/com.drnull.v5/files/PersistedInstallation3810164248227378949tmp

Filesize
567B

MD5
a4cf3b0c4d83be269522156c048c79ca

SHA1
d8fcb0d28aa0cbc46f6242d0860247f2ea089c88

SHA256
498c349cf9f4b64c9795fa2fb3d3d64c0dc405dd54811a2dcd6dd9c0de1e03de

SHA512
8a847a765e3249e0199fb61c776e5ae9a1bf2d5734b05fc0840dde1abf3795620760d528bd818041acf2793b2459d1eb20e542bd2e7b2d21c24e1211f79b5f83

Download Submit
/data/data/com.drnull.v5/files/PersistedInstallation5734464043669077707tmp

Filesize
90B

MD5
fb3865d64c3bbe132b1ae2365b15fc6b

SHA1
cb0b3521039c42c34407ef491e40960d05918ab4

SHA256
4b4e8021eeecfb0bcc6504d3563eb2c3d0b32f80757c5afc4c7484139da5946c

SHA512
bfa4f5ec4dd9e6aaa02769b00012653f3ea7dd76ae972109cef7069741a481691b8083c26954a651f84cbdc111c59635fd44d793f82cf4d09eddd675175ebb85

Download Submit
/data/data/com.drnull.v5/files/database.db

Filesize
102B

MD5
99d9d59a73073400a61c31ee619e5bdf

SHA1
bbad9c3bc0acfe31c9df6ee807b5b4af26dc97dc

SHA256
707441992930c576a5759b42d9ae791a060c4271e529ed12a6a20a486f4bc4c0

SHA512
ce158fa9fc94981b84df10b12b1864d27c006cb43e1e43a1134281a6203fc887e502c7206150673c9e0e09ab1d1ea647d17a69dc16fefc14c8ebacc88f2f53e6

Download Submit
/data/data/com.drnull.v5/files/profileInstalled

Filesize
24B

MD5
08afdbc2e652e1aed2c62ec98ec35d1b

SHA1
67e8b09b3457c68300ebddc3dc8d836fa03612c2

SHA256
0eb59e3cd25d6842f679062611d418552107242e4f5e1248e50a312280efe326

SHA512
6b4dc5c96664dcc8f7ccb699ac69c76814cf45fe4ceb3aaa7921a185364c04f473f4b64cdee3e61fdfd31cf94860eb8c2b04d2ed2a90a7f13a73193c97f5daee

Download Submit
/data/data/com.drnull.v5/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
63d3bb67b8912bb875cdfb76d3d8d5c7

SHA1
1984a51fd21789f66144aacf039bc91466c6f640

SHA256
c7a4a6f9a748370c6cad7fc88982815b0fb2a59750da6f1e7410bc5acf96a39b

SHA512
f50fc7d62d0d86c33d4fb4279c4944fc541a06b3805836c8d39924b99632014e85e8a50c7e4f275220244a03ced0b0305a94c1796d39ea49cc448ffb16f204d8

Download Submit
/data/misc/profiles/cur/0/com.drnull.v5/primary.prof

Filesize
1KB

MD5
e73468902801114589f5c95a7422a74a

SHA1
e003863c86a297f02dd3720d02d840cc1d55a55f

SHA256
a2db0b849ed4dedd5bf1a55a374f86e8f13cb28ca688100df9012eaaf9f2559f

SHA512
ae4c1d4aad965f70ca97207d04873305265ac13c579d9c031318207b2799c3fbaef5868d459aa3df37a67359731f8af0475a7cc452212ba3a8b987ed7fbf5ca2

Download Submit
/data/misc/profiles/cur/0/com.drnull.v5/primary.prof

Filesize
3KB

MD5
6840c6b791225c759ee1c08ead35d97c

SHA1
fdc40959bfdcd836e9acdf8b58c996c195f0096b

SHA256
30c497864042208927959cfe1802d261007aecbf49f5b9a370a8930ed26e5570

SHA512
dce898d7a5ecb7db760ed44d13ab8297616093402c8f823e12a0ba8d302320e96fe7261f5fa8c917bd2f1d002beea8542c00af306fc02ac175c476f7ae09a087

Download Submit