19a121a5d544cdd1d5a6839f81bf9dd005ae73fa3b9d6f56ea179fdb746c9547

Analysis

max time kernel
21s
max time network
149s
platform
android_x64
resource
android-x64-arm64-20240221-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240221-enlocale:en-usos:android-11-x64system
submitted
02-04-2024 10:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9334d10838e3482cb33e6130ea8397c30cc9edacd9597f1c21aa321d736cd80f.apk
Size

3.4MB
MD5

fb469b2453333babf92789c8a05b7019
SHA1

eaa47b8dbc32ebb7d2d090f41ed6eac8793e6388
SHA256

9334d10838e3482cb33e6130ea8397c30cc9edacd9597f1c21aa321d736cd80f
SHA512

dea36e544d2529407a9334dc7e175eebe9f060d7926db0af1400e3cb3c7505cb6d200919c5043d58322bc12fae2d36a46e55f5dec1b86eeb40f9cb3905f12519
SSDEEP

98304:RA+u4Y1sNALlOUajvXoTwr5qr5+l9ks5TJGAK86j:RAk8OdgtuJgj

Score

8^/10

banker discovery

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs 1 IoCs

banker discovery

Security Software Discovery

T1418.001

Processes:

com.drnull.v5

description	ioc	Process
Framework service call	android.content.pm.IPackageManager.getInstalledApplications	com.drnull.v5

Acquires the wake lock 1 IoCs

Processes:

com.drnull.v5

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.drnull.v5

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes:

com.drnull.v5

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.drnull.v5

com.drnull.v5
1⤵
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
- Acquires the wake lock
- Uses Crypto APIs (Might try to encrypt user data)
PID:4428

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.drnull.v5/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
a0c4f56fc8f2f393bb45417a085dcf1a

SHA1
5413436ca5d9331a88ddcb4434ed4f34d0f22809

SHA256
41384cbf6db238918e615241d5ff15de0b53ea493634f3156f3d00e5e25ff0f7

SHA512
b63cd56a48da1ca7391221697d045237f508da961e0c249293080c30af99b83ce84e2dc63937b69a2086abe0ec2101238c4566198a812c81d2bbccc7ca435fed

Download Submit
/data/data/com.drnull.v5/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
8661259821087f1c27e0a81a4a8a05f5

SHA1
6a0f00f2b7fe41ace004a7fda0fc2c6d0cc201b2

SHA256
4e28661e5acb610dd30353c6ff159201c90cdb8f5866af557feff8de90723963

SHA512
c9985be4c81158eca37e66fd9e6af0234fa686040656a59bd346d6c6160dd1c1262b5bee827547fc08ced71279f447c302fe63146bcd6242aab4a24d735e279b

Download Submit
/data/data/com.drnull.v5/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
601c7892aea9fc14bbb5de5e710f1fb9

SHA1
edcf38006c31854793ff79751849fc645f8c0bc2

SHA256
95f715a9dc5c713f068e52912e061eedaf25c1f73e3cd024ab509bffd4fe8738

SHA512
0475c362802368c92e775da1296177563b194f6585ee1cf7a36d4b74f611d26ef840ebe304a878bf86ac10614827255a10a2befddd9ef6ba07c74d3b84889dd2

Download Submit
/data/data/com.drnull.v5/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
58e9b82a4ac7037614f8c755ca6fbfbf

SHA1
3b0df9d4f32d12fb8a06656d7e592e36725c1d8e

SHA256
99d7665058c5d61cfec333c76a4ea6eafb1422c70bfdad68affe8b78393b63e8

SHA512
7b6d29a1d65e59926e92313d90d57fa9e3820b4ec649f0aa3ee0bd6b6521c8914454922daefb6600540f69ef214f6e81dbfea4c87ffa6e2c33e8dc6445236f03

Download Submit
/data/data/com.drnull.v5/files/PersistedInstallation6945151358202307989tmp

Filesize
569B

MD5
3d50c195948d09a13acc28a6406aa4b2

SHA1
eff5b56369358b784f862cdbc1268e41e212b19d

SHA256
c08be325d657edc52fe79820dcb467481d9cffc529df25bb25c09bba74f4dfeb

SHA512
2bc02147c31a66afaf58a083439efa9f41befb3276c04b34ab5fe2d1c5cf15938ce141de877565a17267f904fb309094d47cc8d9002969de6c1a06dee7a46aa3

Download Submit
/data/data/com.drnull.v5/files/PersistedInstallation8796360870629065376tmp

Filesize
90B

MD5
90073e4273b2eec12c800c73d1adfd28

SHA1
67f3285581c9b35f44b1572cb6e95d9fed15e29d

SHA256
d3e76b98f7e5fffad275d98cded2b2a32eada86506de8db14b70c9d175074541

SHA512
eeb1e8d5218ae2e21e6b7a6bbfb800a1a6ba454df0122164bda9ad6f2ecdc246d52325902cfedda5edd86404522df296482a79738527eedfe89b0ffd87ec4d0b

Download Submit
/data/data/com.drnull.v5/files/database.db

Filesize
102B

MD5
cd2469850e19ed116352f29a617f7f82

SHA1
777ecf190df5cf0a0f7aa5afab86320cfa7795b5

SHA256
48adcc97a3ed023e43caaacc38bcd48db5142d1d8c83a09e5d597b5bbc4a8860

SHA512
e94b7369051e9462ed79726a4b85106d15c0e0bda3d6cce7a7ea32e768c62a68aea963844fe90a8b9d5e15c0fb514890d07c4adef0ca4d9f36f12d74b6ee106d

Download Submit
/data/data/com.drnull.v5/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
b6a7ad2fe9607677c4b598a94a522ed4

SHA1
cf1e3a282d5d4811329532dc156d584c26100520

SHA256
03a6c705af00f803044dbb60e999477c13eeac8af3c308b873bccda13755c96d

SHA512
8f9bb05491ad420bf2df1055b0929050f448e5b718d4b869b09b6d1fefbfbf934fd77fe7464d8ad78206d2e2c7ea35f0efb92c1af1e9f26ffca5c928b8ff2db0

Download Submit
/data/misc/profiles/cur/0/com.drnull.v5/primary.prof

Filesize
1KB

MD5
3bf4327df6b1fcec0de5399a885183ed

SHA1
4f2ceeb901b71d3f3c5d56ee9ac0430c94088308

SHA256
87964145ade7a79f223cadc1c48ed417d86ac1872b5f6d533814312da485e6ba

SHA512
5c3c3416af07cfa265043ee24909c59ea99d482f8e77f18a33b02cb0dfee6e48587341ee575dbd687fca82d249a00130c047b754994cfff9f9a4275724de4043

Download Submit