3f7843d02a0047288a616def41455120f294927ddda04221453b56abd7095e08

Analysis

max time kernel
47s
max time network
145s
platform
android_x64
resource
android-x64-20240221-en
resource tags

androidarch:x64arch:x86image:android-x64-20240221-enlocale:en-usos:android-10-x64system
submitted
02-04-2024 10:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5bc930ea8c6d53a3f9d4081a99d604bde58b5503aaa937c969a26c01d0f86c05.apk
Size

3.4MB
MD5

0426f0f7d5c8ccac04f8e30077d7d1ea
SHA1

724612f75ec32a0bc96cb8a389044f3fd54bc39c
SHA256

5bc930ea8c6d53a3f9d4081a99d604bde58b5503aaa937c969a26c01d0f86c05
SHA512

b3cb2e070c2d85323b740774ea19acc9e701df12d35d61924cca9ab78fc61f843b864b5d977365c571b2e0f192917cff270653b9457fdd1dbee8bb44096511fa
SSDEEP

98304:Bl4wny2QuzEoTwr5qox+Jh8kVflKouoCxn:B3hQuz12OlEZ

Score

6^/10

discovery

Malware Config

Signatures

Acquires the wake lock 1 IoCs

Processes:

com.drnull.v5

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.drnull.v5

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes:

com.drnull.v5

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.drnull.v5

com.drnull.v5
1⤵
- Acquires the wake lock
- Uses Crypto APIs (Might try to encrypt user data)
PID:5028

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.drnull.v5/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
475b2532c3cdfe9b551dd64523cfd693

SHA1
fa02bdb8beb13a6b509aabcc95e49bd1e2657363

SHA256
c7ab02d9becf8416cb8641046de9126a0b19a958778772c624bf4243a2ef5951

SHA512
a7ca97f8c77eb3bd6ce8a247ee827c44061975910369ac9d469facc94c13660b0e7203d631214f3b404654918226d404e683ff796129d00cd5d14c643c7bcc9f

Download Submit
/data/data/com.drnull.v5/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
40788aa7860a9ebe92d93f4c08c216a4

SHA1
97dbe8ccb7c58605d43b4e4db145f9ee38f5b9d6

SHA256
4e6a0447af93ec11dd5d71a3abe72371ecc434d8332229bd75a846448449ac0a

SHA512
27c454177f39474f08c3109ea8bcb2a762bcebad8c63e0197ae06eebcaabc85972e844aaf1611a76492099a3b61c0c0e210edd5d97c2f238a3ddab2d1e5229b1

Download Submit
/data/data/com.drnull.v5/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
0d3094b8248025867134ca7ac07387a6

SHA1
2e2a6febe8d6f1105df6bd534be4c705fe740084

SHA256
c947b809632092ddaf830d0a110e1de3756cae8fd802003a60cb5981ac9b2db2

SHA512
230f8870b517b7b53bfefec6cd66782f56922aecc238fe369c7e642f821bf807f84b0924cd9a057a1e1a23256ed339aabc4a5ca8223b275561523db808195e71

Download Submit
/data/data/com.drnull.v5/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
fdca9b35ae78f3df0d55d3128e68b504

SHA1
68a98bfa47470a73687d2651c7106832fd496f29

SHA256
2143bd16c284252751956800ad7f9e84c274d25598ff77175533deaeb7da2a9a

SHA512
359bcb52d1b5e61b12829e22c184b75271930b855b4b0e1a80340d9ee869c3717501859f78679f7087849122224ba040624a1a3d96af1c1728c6fdf8e0b1dc58

Download Submit
/data/data/com.drnull.v5/files/PersistedInstallation36667351693814887tmp

Filesize
570B

MD5
3d444c0070e4008b4ad83a7ea875a24b

SHA1
4f4118a13764914833972d40d396c6194ef18da2

SHA256
2df5764e3b34456f6c5d88857cb9d0bbc8c440081d8130ce68ea91cfcb428c8b

SHA512
8f2c23a1559fa8d0e7592209dfdfe7ac99e3d3b28e5f69f84926b53987080bdb459a34e8d78c2f123aa112855acf1a2276bba9032bf390dffdfc2f2914df9c23

Download Submit
/data/data/com.drnull.v5/files/PersistedInstallation7016102065492942831tmp

Filesize
90B

MD5
406c148287b9987670c4e74ad2e9c9a2

SHA1
6071ed137fb9616549e97188208b552846188fee

SHA256
92005979190c2abb7a5f75bf25ffeddfb804ed89b15713c2f2303104902a4fa0

SHA512
967c86b6c7ee13b26defbe49681c1eafac0d287982712be4963fdab61817b0abdf68f86e1003b5e806ebdcb2610ea7346af0ef22a3c470d30356055b7783ea58

Download Submit
/data/data/com.drnull.v5/files/database.db

Filesize
102B

MD5
d2c090fa3b3b55c0620d8f50e50af975

SHA1
24f9c56064baaeecc6834b0778d1b57c1fac1a93

SHA256
b16fed232a9972a8d427973f86c8f954f6ac1e171925b8a4f02f57ce836dff90

SHA512
c60a1e528e56766ce0228a06efd5eb7144ab5779488bb61cff5e73842c0b1c29a646bd602b2bd01bcfd1f97ba8aac698e8d147a247e91d3008923163af4bf32d

Download Submit
/data/data/com.drnull.v5/files/database.db

Filesize
102B

MD5
e2eac0657a2e5e4f2a98b402ced5cfe1

SHA1
62415e0c7a31e10e9309ff2eae5d96b3dcd96175

SHA256
20865104ea421420b50a09183fce9436a9c4432c964d93430c096c37c1279770

SHA512
2d54b826f31eac1050d45d7e58a3812899d34e7c9deff1c5649256db32860a5ea4b7768dfe569767c45d209fe1033a84520c134349714247af8b7b777bdde7cc

Download Submit
/data/data/com.drnull.v5/files/database.db

Filesize
102B

MD5
6072bdb60b0e0557dfd7e30ae44562f2

SHA1
47ff14fcc8bd8c7593693c26b7d6fa262580864a

SHA256
d3f8d0100be0e3e512c2f3687769cfb97c4aab7099ba6728aab7e146eabce5c5

SHA512
c6e89d0aba8b2ee243deb57518dd73e7e7dc9509cad73ab3f3866213c9859be70b5e8fb6aee576dc7e12a97a7e802842d92acc28d5227ac38cf0fe9e136f48cd

Download Submit
/data/data/com.drnull.v5/files/database.db

Filesize
102B

MD5
c23e6a938daed232ebd7f16b5609bdad

SHA1
44cf03af203cd171ad76c3b666285d98ffdb28ca

SHA256
73ce23548eeb7b6a0f27acf54a9c26ec36233c6842f1ca3417d49c12cc81be05

SHA512
b2ea8c72bbb71eb57e7740c2e728eb79baf3c6081bed202bb9833719ec96952d0f2a0649d0630d9e959f749b4987f222ad0b87d2e864aa019c2cc2de0f256c71

Download Submit
/data/data/com.drnull.v5/files/profileInstalled

Filesize
24B

MD5
a1ad114d758114341e06f26f0a9e2674

SHA1
6b2911ffdda63be88d0ce3c32751394d8886c009

SHA256
144e442b10a162cf699b71accea9dbe27e5ab14cb26d2a9af7d213db08ab40cc

SHA512
63b98d719907502e5d33eba328e5ab1394f9d6268d416ed469fa16cc0225af746a10ebedc5209095222af2d62fb633a3f2d386109138a08e42543c0d17051b52

Download Submit
/data/data/com.drnull.v5/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
a9c6fd4be567d262b692651bbd262ad5

SHA1
9ba93e4adf5360cfb560868fe65ff33398609c4e

SHA256
a006569354897e9e4910994b889aa99b3357c5d842dc94782317b43fb229f7ea

SHA512
bb2a252f4ac168ab108af5ad4c051bc74cd674d1281bfa0995f4e9883a4da212adcb4699536f3143213a43ff5504a509527b0eae03910e05a8142f9b08147b27

Download Submit
/data/misc/profiles/cur/0/com.drnull.v5/primary.prof

Filesize
1KB

MD5
e73468902801114589f5c95a7422a74a

SHA1
e003863c86a297f02dd3720d02d840cc1d55a55f

SHA256
a2db0b849ed4dedd5bf1a55a374f86e8f13cb28ca688100df9012eaaf9f2559f

SHA512
ae4c1d4aad965f70ca97207d04873305265ac13c579d9c031318207b2799c3fbaef5868d459aa3df37a67359731f8af0475a7cc452212ba3a8b987ed7fbf5ca2

Download Submit
/data/misc/profiles/cur/0/com.drnull.v5/primary.prof

Filesize
3KB

MD5
7f49b25d2189e3700c33796a4022a8e9

SHA1
c3f4d173b7338c04c9d490e9155a9e54586e55d0

SHA256
2688d0618860447b21768e0657b912f9cb7789e811a7c152bff0abe10c223a51

SHA512
a5789d6aca691d9799cca86b4eb31b49c6697d8846372b14900588b59cff036ef8fa6e6efcc8da367e1affe7ec1a62676246f1acb023a20e02220b193bd1a9e1

Download Submit