19a121a5d544cdd1d5a6839f81bf9dd005ae73fa3b9d6f56ea179fdb746c9547

Analysis

max time kernel
47s
max time network
157s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
02-04-2024 10:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9334d10838e3482cb33e6130ea8397c30cc9edacd9597f1c21aa321d736cd80f.apk
Size

3.4MB
MD5

fb469b2453333babf92789c8a05b7019
SHA1

eaa47b8dbc32ebb7d2d090f41ed6eac8793e6388
SHA256

9334d10838e3482cb33e6130ea8397c30cc9edacd9597f1c21aa321d736cd80f
SHA512

dea36e544d2529407a9334dc7e175eebe9f060d7926db0af1400e3cb3c7505cb6d200919c5043d58322bc12fae2d36a46e55f5dec1b86eeb40f9cb3905f12519
SSDEEP

98304:RA+u4Y1sNALlOUajvXoTwr5qr5+l9ks5TJGAK86j:RAk8OdgtuJgj

Score

8^/10

banker discovery

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs 1 IoCs

banker discovery

Security Software Discovery

T1418.001

Processes:

com.drnull.v5

description	ioc	Process
Framework service call	android.content.pm.IPackageManager.getInstalledApplications	com.drnull.v5

Acquires the wake lock 1 IoCs

Processes:

com.drnull.v5

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.drnull.v5

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes:

com.drnull.v5

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.drnull.v5

com.drnull.v5
1⤵
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
- Acquires the wake lock
- Uses Crypto APIs (Might try to encrypt user data)
PID:4179

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.drnull.v5/databases/com.google.android.datatransport.events

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.drnull.v5/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
f744ac7ab2ea57b7ad998132494c2752

SHA1
17a17aea18534d192caa320e86746310e6f3454d

SHA256
f89781d78827ad651f5bbe042346fd0b9e9f7d68fc5b3171805fe13ea373aa59

SHA512
8dd93868a670ddd2116818ddfbc9552be16cf658876811aa33e9ef9d70bb1c1dca57ce96a8611637b63b139206b4e8bc7bb7b5f78d445c9789f55c38e09ee39e

Download Submit
/data/data/com.drnull.v5/databases/com.google.android.datatransport.events-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.drnull.v5/databases/com.google.android.datatransport.events-wal

Filesize
68KB

MD5
aca1e0427d1a517cae172e2311b67ee7

SHA1
5a9773eb97709d183b5ee71984ff428b79fe1cc9

SHA256
7a58c4f0f5b299bcc655708780a2db43ad7b966dd75e66a0b75cf4645775b5a4

SHA512
60ab1bfad0a853a3baac24c7867033545aa452e781f41ccc47ab53f9b86d1c92f4f790cf4d3f31d8096928791b3aa22daf86e8f1e62eb3df5f09d1da53b52de1

Download Submit
/data/data/com.drnull.v5/files/PersistedInstallation1110346185455495822tmp

Filesize
90B

MD5
201f41c53768cd8d1cd521ca05abb7c9

SHA1
ec6f564bc89d5b9a3723590f2c8ea7e6dee73ce8

SHA256
a4fae8f051a65d7a06b159fac827500b024e06795f581361b52c80a34c7a084a

SHA512
5235ff7fcd594fd5ea67d807725802417afc67ef887603b399251a771e4a08303f2f40e41ea4f541d60305ecd1b7c4dce13b61bf78a2ddcad50fc4d136c61c6c

Download Submit
/data/data/com.drnull.v5/files/PersistedInstallation7711894318381623850tmp

Filesize
568B

MD5
01f38fa083d3fab66339769617bb1dc2

SHA1
54e47e36f3c685d28a2e997b3a1abc9e6907669a

SHA256
9c7b7ea73fa3620323eeea9dd8d4d462e57c90415d4b690291e7f2ffd119ea66

SHA512
d8eca07e54cdee7df0d0fdba16ab7fe223b29087512b20dab1056e99c27f852c342fdb4946b53a2033d42c4a7b150dcc615da0293677860f8d0bc26384363f51

Download Submit
/data/data/com.drnull.v5/files/database.db

Filesize
102B

MD5
9b4ae79099259604a9d8e77fe1223929

SHA1
b20b6f067bf72d05eb7f8f7405caa44b80c5c9b0

SHA256
0ccc8f0e8b9ac053cd55a9cb191ce2dd3a3a845df8715234e177c526cf6af162

SHA512
92a53feb91deeaf024062472e56bc950d2545d080bb9305ab7cc5af6fcb7ad3fa7bb762efdba248a6b08f19874c6f23897a0a50f27b9980e991d14afcaa2cef4

Download Submit
/data/data/com.drnull.v5/files/profileInstalled

Filesize
24B

MD5
44dd1f3ec4d23f6513d4bc082e3ab77b

SHA1
33f8b864343774da3a398c2e5d8dceead0d1afb8

SHA256
de012a48040a2b87143d184dfbe798ecb0ee30ad30b006928417634ef679658d

SHA512
dbd3ae3039108ee4557e0a9df87a04493c0dc56545f513ed40eba475ff033b0908350402da7d32426af46405877828021f5fb1dea950958926680db39f96f2ad

Download Submit
/data/data/com.drnull.v5/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
090b44019cc81b455da2510d419f84e6

SHA1
7b81013e0d440b5dbc4d1ccded8cc6a5ffd50af1

SHA256
359e7250f6737112d56518eb153c3fc1f833152532827e48f58568c45c82164b

SHA512
6155fb30bdafce7f0dfbb335d7166526ae05e170bd7a593c1517f5d80bb2eb968f8b85b75062fb674d3aa3a1f30261d3dce0ce33e89450b38e07629b74ac5a62

Download Submit
/data/misc/profiles/cur/0/com.drnull.v5/primary.prof

Filesize
1KB

MD5
3bf4327df6b1fcec0de5399a885183ed

SHA1
4f2ceeb901b71d3f3c5d56ee9ac0430c94088308

SHA256
87964145ade7a79f223cadc1c48ed417d86ac1872b5f6d533814312da485e6ba

SHA512
5c3c3416af07cfa265043ee24909c59ea99d482f8e77f18a33b02cb0dfee6e48587341ee575dbd687fca82d249a00130c047b754994cfff9f9a4275724de4043

Download Submit
/data/misc/profiles/cur/0/com.drnull.v5/primary.prof

Filesize
4KB

MD5
c06bfed114611dafd0eb0f46cc1d16b1

SHA1
37e9b5acae1ed6ca8ef94047f0147514d86fb4e1

SHA256
dbc6e5af4ca02ff2f254c88b30b423b5e65fb4fa9a1b0460562b4e2ad5c971f2

SHA512
fba4fcc5309b99d70719203d407d2115a82194faa787f8726f2b6855d51edbe751f42a2d61b0d72c4c68ccd69835922aec979c42519c2144f481d16e6a5552fd

Download Submit