45f956a3eef5517b7341c119f62cc970c7f2dee4e906481148a1f716891105c9

Analysis

max time kernel
149s
max time network
160s
platform
android_x64
resource
android-33-x64-arm64-20240229-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240229-enlocale:en-usos:android-13-x64system
submitted
02-04-2024 10:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5bf740d33b8654c1888b6ff6f2f2d32895cdfd9b205be5acb550e3d15cd705fd.apk
Size

3.4MB
MD5

185103d45cb5c8d59319e8488035e3b4
SHA1

dfbe249d9af8289ebe83f6c6436054498e9759d5
SHA256

5bf740d33b8654c1888b6ff6f2f2d32895cdfd9b205be5acb550e3d15cd705fd
SHA512

eb104556ef2cb685a0a8bca9b71d8bba9ecb857b34c29307a1b37834ae5cb029742e5576315ef0ce57421b698d90b2630e233247edd7d5b23b21184bef4a742a
SSDEEP

98304:css9Dft3aCrCMr1GoTwr5qUa8Eeu0XVvetu85W:DWDFrDRevmW

Score

7^/10

evasion persistence

Malware Config

Signatures

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

T1541

Processes:

com.drnull.v5

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	com.drnull.v5

Acquires the wake lock 1 IoCs

Processes:

com.drnull.v5

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.drnull.v5

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes:

com.drnull.v5

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.drnull.v5

com.drnull.v5
1⤵
- Makes use of the framework's foreground persistence service
- Acquires the wake lock
- Uses Crypto APIs (Might try to encrypt user data)
PID:4245

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Foreground Persistence

T1541

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.drnull.v5/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
59763f1a48606ebcd691340687c28ad1

SHA1
397e5496bf8437acf59720da01ac0e570ee5b399

SHA256
8fa65d6c4f128997af0e4431dabcb567a2ab4d4aac97fcbb14617b70fc87fed4

SHA512
69aa4b36fb07a3ce08cd72a2f17fd67fe6b104cdef304a4820e6d95f131c761ce506bfa739fef2525db20fa3b2742a8b78c0ed75215eaee7273e7cbed22524fc

Download Submit
/data/data/com.drnull.v5/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
0b72defb0a50a9e1e20e58bd848bf73a

SHA1
550c9b2d096ec2b471c43dbe447a123e785fdc60

SHA256
376e508285d9e5f595b1d4166d6240934a7a0e9dc89f733c259222879b7f46ae

SHA512
3abda90ed5adbf9f17805afe285b0527f09e1a5f6301782d3b6d61c38ca87152e26c2dbdba4cee391a6a78b8c4590329586d64e7a695af9c50ea5f1f9396130d

Download Submit
/data/data/com.drnull.v5/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
84c3ef7dfc553ca92b32b4986ab04b0c

SHA1
ac4213231e65301a0dd1642f5e6feb4e5d769706

SHA256
ced36dbd8c3413626af53adab26a27bdd058d14a817fae2b994101dc89206982

SHA512
bb7358ecb06daf9c2e0814dcab40c36a446226385b7dfc0c423b7fdfb1dc7dd7ce48e4976052ab00bf03169b06f1f0baa4d12bd894d427a183a62acdb9d8799b

Download Submit
/data/data/com.drnull.v5/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
dccb687ab25785690cac697f5f0f357f

SHA1
257a9d666638625a5d5a13dcb83801e7ac5ad50b

SHA256
abc2d2dfd167bd0763e3bdad6e624d0d4dd1bc95c545a2aec72e35364422dc11

SHA512
083c0458895af4f5520fb51a279a5ce771dd2678ea1ab55b210669a7f793b482deba0fbe65bdd58028410cd52138eca0fb2d73954c6352ce913f4cf62bcef783

Download Submit
/data/data/com.drnull.v5/files/PersistedInstallation3429380572420220838tmp

Filesize
90B

MD5
1bf1b1933b93245aaf3d3fc258bd93ac

SHA1
ba41b775baa0c7479641b12c7fb80105aa8dfce7

SHA256
796dbcf516f2d6d09e5a55a7a0ce8243a4d421ed0ae4d767c9f4d68827b3cc54

SHA512
a0bf266914916fe6015ad6031ccabfda6b05719d1b6ddf3f5f6d0b2a7fce3d1fb0d9537e7b5039e3e718b0826f64b4112503d07f511cfc80da8f7ddd41d2d392

Download Submit
/data/data/com.drnull.v5/files/PersistedInstallation8188976780099589498tmp

Filesize
567B

MD5
b5c0e3db430f0e674435c5ac0bee1473

SHA1
799f032a729d1611453710aa3817ef9203834d78

SHA256
f4e8be40485ae60742453b12deccd5adeb2ddc4d7c6dc8585d0fa900438f3faa

SHA512
f0c96f7dd3e8d992ada0dea12772ac99d3390d6ceab57b311509141dfcabcbaf3457cfed9f213c9a438deb99bec4b33ee7092b88dc8ecffa76ad936a548f26ca

Download Submit
/data/data/com.drnull.v5/files/database.db

Filesize
262B

MD5
2b5565f8343fd4bc2014f6c4835d40a1

SHA1
8142725b859921c36f37d6a7b37711e923bd2bac

SHA256
b8d5a4a379f9fabf06f4e786c6fdb563d4f929781ff261d91ddc4e6a675ab599

SHA512
5c202d5fcf166d8dbd700df000296a2d845f67429f76f0ae9ac75d4549b7723508d3b6e1593576e4dc6dfe29ae713b5df213aa152c544119e316e2398af0f223

Download Submit
/data/data/com.drnull.v5/files/profileInstalled

Filesize
24B

MD5
7dc9bc589435f05d0550e70365c3c00f

SHA1
3b4118458b3f64084feabd86571c760e9d151d66

SHA256
0875029a0d62577aac0b9f74df18378dc0f1345ddd910ee40fb33c890a6abffd

SHA512
a7376dfb0ab3c71489a5d0220b8caf4b49676983b94acf62fa01592611d0eff3a7574122d67635a07c0a27e89bb3e34a79a44a8955d9e8d0a8f6610b622f1d8e

Download Submit
/data/data/com.drnull.v5/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
49586eb0039d30a2913a7e15c0c02ccf

SHA1
131388bccbbddfd065814a37b83d47f09fc36e72

SHA256
1d33b6a60c0a73b74e8c8089c95b36d1ef0f0b4649b95d8f6861ff6cf67687e0

SHA512
23a6845f7516a370fc72e149b10c44c7b87fa65dbe8f17e4ba0ef41021da43b7f76fc5aca4193f7ad1e523f5d1ae6fdd841bc174a536e3b6a5fa9eec7a88cbd0

Download Submit
/data/misc/profiles/cur/0/com.drnull.v5/primary.prof

Filesize
1KB

MD5
8255f8b3887bc62c0428ba3433575605

SHA1
1700097464ae3df04be80fae140834d0cd212e62

SHA256
4e700878914faa5c93aba25c36957c9f61aea5258fd98d056adce2048c2877df

SHA512
cf56eb0605a59b54056c1149e0deeaa2d43a61f9e79d59fc40d96affe0f8b8ded02e7357c90fbdb67a17128c4cea8ad29b5d18519032cc0617e3b329e5382909

Download Submit
/data/misc/profiles/cur/0/com.drnull.v5/primary.prof

Filesize
2KB

MD5
1a9a25237b89c70e41d681bbb8f21671

SHA1
076db25c8dbf58ee7819d43edc6ad50372bfa1c8

SHA256
9eb55f8793ad17cae62858688c7ab3d4747323d1c85137e0cabc04d07e2761dd

SHA512
0f30ef542b56367088731a2a0bb9d432cc4d25d12a2d5af400880e3dbfbf3612352f216e329965083333b5335e68a52ab1a4a07a80ac0894e9bdc3518b1da671

Download Submit