87bd5dca6830fa4e79f6be18b3ee94d32a304ebf96a4cff4a979ee051d392492

Analysis

max time kernel
20s
max time network
137s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
02-04-2024 10:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ad3e12c568548b28c0856586a92460150175344403a00f4f023ad229f3c14b9a.apk
Size

3.4MB
MD5

2e4bbafce56cce8563054c93f34c8f4e
SHA1

71f920d527af88bb1fa055ccf78199ed9bb47faf
SHA256

ad3e12c568548b28c0856586a92460150175344403a00f4f023ad229f3c14b9a
SHA512

da64fffbcabaaf48a0d5ee407f381680e1ffa804f7d3e189cfa0bbc9ee6dd3e8c38f3ecd696780953da90eea4641ace842747c035bf8abd5d8d59d3dd2598c9d
SSDEEP

98304:l3ndmZBa7LLP15oTwr5q8O0AaeMPNv2xWkVSKd:l3dmZBanLP12dev+pd

Score

6^/10

discovery

Malware Config

Signatures

Acquires the wake lock 1 IoCs

Processes:

com.drnull.v5

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.drnull.v5

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes:

com.drnull.v5

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.drnull.v5

com.drnull.v5
1⤵
- Acquires the wake lock
- Uses Crypto APIs (Might try to encrypt user data)
PID:4467

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.drnull.v5/databases/com.google.android.datatransport.events

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.drnull.v5/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
e05696493982489c83596bf5d572d698

SHA1
06278805d19cf43a82f4f0b177a1f0d5de69acb3

SHA256
6dcaf7eaf29447a8c0b1feb39d347a95696b26a30c36855bee5752a69f9972af

SHA512
9e64e3590e403b5027cd5851bfeb065b0195e8074adb3c9816eb59600ea31f8d6ad69d85fac0f706ee39d5f173abf1fc9be1ed9d20360b0e4b9a79be4abf14cf

Download Submit
/data/data/com.drnull.v5/databases/com.google.android.datatransport.events-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.drnull.v5/databases/com.google.android.datatransport.events-wal

Filesize
68KB

MD5
0cb1da819e07456eff6ce6de21c0b473

SHA1
1815fdde897691435cc2b27dbf972d8fab1c223b

SHA256
b23fd020a53fdfdfb40a868de498c54a128c65acccc41b19d11ce8290ddf03e0

SHA512
4acb58a23fd21ae227d0190c88f41680f8c258c040e636d658adc1407234d27df96b85adc3706c674870ea9546f743ecc148135aead35892cca2109a82f9fb4d

Download Submit
/data/data/com.drnull.v5/files/PersistedInstallation4678348019975339722tmp

Filesize
570B

MD5
32586a30ed2c5dada36f8088815b0e1f

SHA1
cc2d5f7dc71834d4dbe12ad6048857b869e70e2e

SHA256
2e49162268d250c62142a17c364bc5bbb0bc540f627e197c0c84e15d7f9e2b22

SHA512
c525912b4cb4206f8168a9fdd9990c23c4bd4afc320209c77c9eb63345206567dca82f4431a1f3b7217338557f63b2862d98912a3f21406a0becfc40414aae0e

Download Submit
/data/data/com.drnull.v5/files/PersistedInstallation8267500192395534968tmp

Filesize
90B

MD5
1ccfdbb7f400e806c03e5e99d8e5314a

SHA1
0dd2e70c97f71708b3b7e0f3db9bd30b82a151a3

SHA256
53c01acb90a75049ff3b56c868e92507603acf62ea1f7128ce9f53c5ebbcbcd3

SHA512
97012311ecde7850a444b01e26d518126b68d96aab19d6dd5a4a1b81bd82d9b478cc24b2c0e17fe3c1f2ef30975587764950ab3560d0887544c304f700154ae2

Download Submit
/data/data/com.drnull.v5/files/database.db

Filesize
102B

MD5
357ef681702a129157cc5aacf56aa8ee

SHA1
7fa285b1a84021680ba093a165db692cd6c5f781

SHA256
48cf3746b3d8f56db8063e24a4ba76ec3479cda33f2e26211685182e9ab23190

SHA512
ae31f1f6d610713559b3dd34333080b2925dd5f2b4d67b646ff009d27dfd7c88dc32792f8d329c3e5af09760e28488590698fe7061e9d2c47051542e38d3c98d

Download Submit
/data/data/com.drnull.v5/files/database.db

Filesize
102B

MD5
a1697cdd8a5da81b4862c07e189232d6

SHA1
aa5d73619b0519c07b81805d3221141a28712316

SHA256
3076691be929a5fb075832aa375566c6b18d716fc08aed68412cccf42a55e508

SHA512
c1a7ef7bb1c55cee49d3469b19b1941c94ccb3cbf871ea88537ea06e141130a225f89790f150134a51414e9000e44789c5ad14a0a1d19ba84baf9ea4455470d6

Download Submit
/data/data/com.drnull.v5/files/profileInstalled

Filesize
24B

MD5
43248ea1208390c3822b5848ad119556

SHA1
7326a744fc94001d41477daf8135937708e07a3c

SHA256
d7f4e5f9917a63db55f4e7a34d9c4661949abef81be57865898abe15f5edc6ff

SHA512
422009e6961c9f035b4ae4e3220cb1ee5600ffb3f301657127e948a50e1de091369557f32cf96d69cbb1b6da49992dd1450cde0700ecb2276c9cd3c0039e2138

Download Submit
/data/data/com.drnull.v5/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
42a8cea1a24c70ea29077859e00eccfb

SHA1
71f18929e3014e1d05a821ead046f01176f281ad

SHA256
c3a1c9c58b665718e7f064f9610bfcec29e9c38bea2ecec65f0957d0a2add20a

SHA512
0daeb9454ec7dca5553a3e0b7e09fbf445cb3688a916a3c194f998e89be34359c762ca140318fe0139f63b40d9c36462a87548a982a7e699ef398bd95b5271f6

Download Submit
/data/misc/profiles/cur/0/com.drnull.v5/primary.prof

Filesize
1KB

MD5
71a2513c209c8239600dba4a08f44e11

SHA1
5bbecfe2ceff2e85bf7e6f0dd4b446fd706a7588

SHA256
a9e27277be6cd2059f1fc3a57f92449d56ed7f6464381c3bd402d5bf541aea94

SHA512
d2d6e80c92f079312eb7e049736f93266a5506459b793937bbe191200ef01d1ab80949cd956147bf85c72523a9fc7e23bb1cdb0e1e843e41373d1a6483c013de

Download Submit