c4da0509fbef795c266314381755225e50d537538d5be4530c0027875a84ad36

Analysis

max time kernel
5s
max time network
137s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
04/04/2024, 22:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c4da0509fbef795c266314381755225e50d537538d5be4530c0027875a84ad36.apk
Size

3.5MB
MD5

7d14bf30f874b69d10026b07abcec26a
SHA1

18b4fc2555f1051bd28ac21a3bb7e32e996c00a1
SHA256

c4da0509fbef795c266314381755225e50d537538d5be4530c0027875a84ad36
SHA512

5e21972564c885e08977b4bee56e83a1979a92b766e08c73dd1dd826be7bb8e65ba4494ae301013fa83601d21e4963ea4656b0d59e485760319bc8e993eb3ca6
SSDEEP

98304:41+hKSo6QcUiaLToTwr5Lxy6VSAOH4i4AHI0uuv9b:41WKSo6qioU6kpH/l

Score

7^/10

discovery evasion

Malware Config

Signatures

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.drnull.v5

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.drnull.v5

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.drnull.v5

com.drnull.v5
1⤵
- Checks memory information
- Acquires the wake lock
- Uses Crypto APIs (Might try to encrypt user data)
PID:4240

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.drnull.v5/databases/com.google.android.datatransport.events

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.drnull.v5/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
0969949ebc209fd57193bcfe42841ee2

SHA1
2d0dee54d723b47894e304895f5f42ac418fdb3b

SHA256
80fd77e495d4ed31e6091f16838b971e5ebf0acbb051e2b209ebe1b56449eb05

SHA512
4f509d0c8ae60bee91662cc4369b411a2fd5c2c48e1f6288addd7ef3a4d8ce239c75a2ff2e0b334506eff9a07d1fc5eff4a8eb44bc63ffff6ac327b21eab5d43

Download Submit
/data/data/com.drnull.v5/databases/com.google.android.datatransport.events-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.drnull.v5/databases/com.google.android.datatransport.events-wal

Filesize
68KB

MD5
3697e4a76a0672944aab529bf47a3e04

SHA1
1f3b23a41e46af9d2bae32266b50fd7bd47c7bd3

SHA256
f589bd8e6392631af59768ac613f6413dd8ff244ad2d4541c847fe36f4d6c7fe

SHA512
8327e6855a8d85331e5a84a6eb9e5c1c2edb09f0efed8c3384df3c113837ffb32333a4b5da3c6d54f5384afddc1792f0c5267bd9172539fb9a54aaa672a3701e

Download Submit
/data/data/com.drnull.v5/files/PersistedInstallation339078712241835259tmp

Filesize
570B

MD5
5e721b979df83639084fff271bd634d4

SHA1
387b09e7c6c2a7d59b2e3dbaed0b9afab80a7bff

SHA256
a78b3196cce57540d7be1614c04ec4ffd9349f73e974fae39a576151f331e3ae

SHA512
f2134264537f370626a13244147efb0dbbc09fc36d780ee3abff1e36e1a6b83b18f9632b53a88c6f5355426e76388ad1ebb7d74158fcdf85836b0b0659439f14

Download Submit
/data/data/com.drnull.v5/files/PersistedInstallation8633391638325795089tmp

Filesize
90B

MD5
12d49377235de23ae39c84580b289cbd

SHA1
62dbfe9cc6ccc28a7f72cdc9081fcb2e5cfe780c

SHA256
ded16b913756fcdc73c8589deb9e41c188ca243ca40202e10980a51b3248c47f

SHA512
7d244685237a7ad6cb16f3da2f755d8a1403f16b1bbda9cc35dc590fee6a5a0cd8649f3b337da2a52fe1f4628c437ccd9454ad239e15c4341bd7e833bcb3ddf9

Download Submit
/data/data/com.drnull.v5/files/database.db

Filesize
102B

MD5
d09c8942bc07cce02adbb1af4a41a06b

SHA1
4c57dd8acae3f24c9105ac14e3ea7d5db123b40b

SHA256
4ad29edf4672ff7f6bb11c8e5e760d26cc0079be74027d57026d6ef7c5b1581e

SHA512
b6bd505d8aa5aeffc2902cf00997335df77c65158eea80a9b3cfd4c29affbebfa893ae2d128f7e897f9f0054f8c7c062312a3e762a37274ec08027b6786ed4c1

Download Submit